last executing test programs: 9.615185647s ago: executing program 0 (id=946): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) ioctl$auto_TIOCGDEV2(r0, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x0, 0x8, 0x0, 0x4000006) readv$auto(0x3, 0x0, 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x52) write$auto(0x3, 0x0, 0x5c8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) statmount$auto(0x0, 0x0, 0x1fe, 0xf) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008004) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto(r0, 0x10000000084, 0x8, 0x0, 0x1) getpgid(0xffffffffffffffff) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x414041, 0x0) 8.871536351s ago: executing program 2 (id=949): close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4800}, 0x4001) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="00032cbd7000fedbdf250200000005003500060000000800130001000100263ad17de8cd0c3eb99a1ba0640965e875832e719dc4ea983a11103768d6768447697ffe6997812eb4c01c32c437452f8fefb693c2ca81c1f98fe12d291e9b61414f8054f7eda0124bbf2b3359ea2346949ed510df2f63e640b4fb23853a294e4dbf049b42c3ff23dc6cbb17ec83f23b76b33d1475effd1f1ef4ae19ff45b84bb433251aff170d8158b701fdb17fe55e83e43c1f9bdef006d3d43c2dea28881b6750bcf56bb10b198ca60f0000000000000000f8e8c6d3d25098cd51026a137947332b741f318dabc7e6e71a80c3500ffaf17b02d35c20aefc8c7c59ff8e5efcdffa39f1e9654f31720d6dea770791974a3df78757a6168958cb9711361fbb7341d9a1496b56eb304552fffcf9c5a47ebcffbe17e55122b946e00d12930e08e10cbc2eb63b19636a755c308452631b9d122046465ed5fff49c1f000000000000000000d4decaf638d16997319081119888281996f474a75e07a43eeb13b5cd7b7f37fa148850e3a248a67aaeb4033c2b06ad8ae4bc"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x404c840) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101c40, 0x0) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto_force_devcoredump_fops_hci_vhci(r0, 0x0, 0x0) read$auto_ocfs2_control_fops_stack_user(r0, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) landlock_restrict_self$auto(0xffffffffffffffff, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x890d, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r1, 0x5425, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) socket(0xa, 0x1, 0x84) pwrite64$auto(0xc8, 0x0, 0xedef, 0x3) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000080)='/dev/\x0e?^\xd8[\xa1~\xf5\xdfaudio1\x00\x11I\x9f\xabA\a\x1c\xc4\x06\xde@z\xe0\xf9\xc3R\"\x06a\xa7\xe5\x03\x00\x00', 0x100000a3d9) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f0000000000)={[0x1ff, 0x105, 0x8, 0x29, 0x948b, 0x80009, 0x0, 0x2, 0x67910a5e, 0x1, 0x80000023, 0xfff, 0xb, 0x7, 0x2, 0xd8]}, 0x0) 8.57938659s ago: executing program 0 (id=950): r0 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="020027bd7000fddbdf2525000000050019009a000000060004000000000005002300080000003566ca2e7ce8e02b4f3aac6302c7fa3e483c90375aeb3d70008f14bae39cb08ee304e1ac864f6b96459a56356ead3f8f5d1b9f71288edad8ffe347074d3c703c0de2438c331b417fcdd06fb38aaac50b2505b4816590884e9cc67c2ce29515ca2b79c6b803bf98c6a1101619adeff3ae9226caa0e561e9d33b0d345f8e32c4f625926c97ca1c4075ac17714a09dbfbd8313ca91658e5bccad54b17d4803824f501943b540792e0363f7c2f08f2ee76834f08eea9d7a36a0c08c7e6216fbe48c0713d37478aa304fe0531be7c061c7f6e163e5041be29927f80ad0a764b"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec10\x00', 0x101901, 0x0) r2 = openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) fsconfig$auto_FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000000)='#-$@(,\'H.]&]-[$\x00', &(0x7f0000000080), 0x7fff) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000480)={'\x00', 0x8, 0x4, 0x10, 0x0, 0x20000001, "0573830014ae6d1c64f0c9cfc40a01", "354d40de", ' \x00', "0bea5a5a", ["8844f3d239ba5a2b00d1d4f1", "39eb04fad47fb285746e614c", '\x00', "19c57f7fee8d089a10cdd8c3"]}) write$auto(0x3, 0x0, 0x400000000000050) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x0, 0x53, 0x0, 0x0) mmap$auto(0xea88, 0x810004, 0xd, 0x10, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) socket(0x29, 0x2, 0x0) socket(0xa, 0x1, 0x84) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x800000005, &(0x7f0000000500)={&(0x7f0000000080), 0x1ffffffff}, 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r6 = waitid$auto_P_PIDFD(0x3, r5, &(0x7f0000000000)={@_si_pad}, 0x6, &(0x7f0000000080)={{0xda, 0x1}, {0x69, 0x4b}, 0x4, 0x4ae, 0x200, 0x2, 0x8001, 0x80000000, 0x7, 0x7fffffff, 0x2, 0x3, 0x4, 0x2, 0x7, 0x7}) capset$auto(&(0x7f0000000140)={0x2, 0xffffffffffffffff}, &(0x7f0000000180)={0x0, 0xfff, 0xf}) rt_tgsigqueueinfo$auto_SIGCONT(r6, r7, 0x12, &(0x7f00000001c0)={@_si_pad}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xc2082, 0x0) 6.677549421s ago: executing program 2 (id=954): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) ioctl$auto_TIOCGDEV2(r0, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x0, 0x8, 0x0, 0x4000006) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8}, 0x1) connect$auto(0x3, 0x0, 0x52) write$auto(0x3, 0x0, 0x5c8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) statmount$auto(0x0, 0x0, 0x1fe, 0xf) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008004) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto(r0, 0x10000000084, 0x8, 0x0, 0x1) getpgid(0xffffffffffffffff) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x414041, 0x0) 6.223558854s ago: executing program 0 (id=955): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x4, 0x9f, 0x8000000008012, r1, 0x8000) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0x0, 0x202000a, 0x5, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x2) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, r0, 0x300000000000) r2 = openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x80400, 0x0) io_uring_setup$auto(0x5, &(0x7f00000001c0)={0x400, 0x6, 0xc564, 0x3, 0xd, 0x200, r2, [0x3, 0x1, 0x6], {0x14d0, 0x2, 0x1868, 0x1, 0x6e, 0x6568, 0x6, 0x5, 0x5}, {0x9, 0x10000000, 0x8, 0x100, 0x0, 0xc52, 0x5, 0x4, 0x9}}) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) getsockopt$auto_SO_RCVBUF(r0, 0x9, 0x8, &(0x7f0000000080)='/dev/nullb0\x00', &(0x7f00000000c0)=0x9) mmap$auto(0xf5f, 0x2020001, 0x2, 0x4fa, 0xfffffffffffffffa, 0x7ffb) socket(0x15, 0x5, 0x0) rt_sigsuspend$auto(0x0, 0x8) r3 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_genetlink_get_family_id$auto_mac802154_hwsim(0x0, r3) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) rt_sigpending$auto(0x0, 0x7ffffffff000) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000140)='/dev/media11\x00', 0x40, 0x0) r4 = socket(0x25, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@qipcrtr={0x2a, 0x4, 0x7fff}, 0x6c) msgctl$auto_IPC_SET(0x3e54, 0x1, &(0x7f0000000300)={{0x4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5c, 0x0, 0x3ff}, 0x0, &(0x7f00000002c0)=0x76, 0x1, 0x85d, 0x3, 0x1, 0x8, 0x5, 0x3, 0xb, @inferred=0xffffffffffffffff, @raw=0x3}) keyctl$auto_KEY_SPEC_THREAD_KEYRING(0x20003, 0xffffffffffffffff, r5, r6, 0xffffffffffffffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x165000, 0x0) close_range$auto(0x2, r4, 0x7) 5.017975066s ago: executing program 2 (id=959): r0 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x170) execveat$auto(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x11000) mmap$auto(0x0, 0x20000000000007, 0xffffffffffffffff, 0xeb5, r0, 0x8002) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card0\x00', 0x121000, 0x0) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) r1 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r1, &(0x7f00000002c0)=""/190, 0xfffffe39) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) inotify_init1$auto(0x3000000000000) unshare$auto(0x40000080) ioperm$auto(0x5, 0x1, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) rseq$auto(0x0, 0x8000, 0x0, 0x8000006) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xebe, 0xffffffffffffffff, 0x7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="110b27f27200fbdbdf250c00000008000300", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) adjtimex$auto(0x0) ioctl$auto(0x3, 0x4020aed2, r2) 3.710394561s ago: executing program 0 (id=962): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40000, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000100)='%U{\fb\x00aU\xca\xc9:\xcfZ', 0xffffffff) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1b0026bd7000fddbdf2503000000040008000c00038008000c000400070012000100898771f1c19f17790485908286dd0000"], 0x40}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, r6, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @fd}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "016a76f37bf001ca2200000100"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r7 = prctl$auto_PR_SET_MM_START_CODE(0x732, 0x1, 0x0, 0x3, 0x54) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYRES32=r4, @ANYRESOCT=r4], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(r4, 0xa, 0xfffffffe) 3.632147008s ago: executing program 2 (id=963): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x2, 0x2a7610b, 0x5, 0x80000011, 0x7, 0x28003) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) write$auto(0xffffffffffffffff, &(0x7f0000000540)='\x00', 0xbe) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim0/ports/1/pp_hold\x00', 0x204041, 0x0) socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x4, 0xdf, 0x80000000000eb1, 0x3, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty1\x00', 0x40, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/mountinfo\x00', 0x28c40, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptywd\x00', 0x7a101, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7, 0x0) socketpair$auto(0x1, 0x5, 0x100000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002080)='/dev/ptyd8\x00', 0x480, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(0x3, 0x80000541b, r0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) 3.596735356s ago: executing program 3 (id=964): r0 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="020027bd7000fddbdf2525000000050019009a000000060004000000000005002300080000003566ca2e7ce8e02b4f3aac6302c7fa3e483c90375aeb3d70008f14bae39cb08ee304e1ac864f6b96459a56356ead3f8f5d1b9f71288edad8ffe347074d3c703c0de2438c331b417fcdd06fb38aaac50b2505b4816590884e9cc67c2ce29515ca2b79c6b803bf98c6a1101619adeff3ae9226caa0e561e9d33b0d345f8e32c4f625926c97ca1c4075ac17714a09dbfbd8313ca91658e5bccad54b17d4803824f501943b540792e0363f7c2f08f2ee76834f08eea9d7a36a0c08c7e6216fbe48c0713d37478aa304fe0531be7c061c7f6e163e5041be29927f80ad0a764b"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec10\x00', 0x101901, 0x0) r2 = openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) fsconfig$auto_FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000000)='#-$@(,\'H.]&]-[$\x00', &(0x7f0000000080), 0x7fff) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000480)={'\x00', 0x8, 0x4, 0x10, 0x0, 0x20000001, "0573830014ae6d1c64f0c9cfc40a01", "354d40de", ' \x00', "0bea5a5a", ["8844f3d239ba5a2b00d1d4f1", "39eb04fad47fb285746e614c", '\x00', "19c57f7fee8d089a10cdd8c3"]}) write$auto(0x3, 0x0, 0x400000000000050) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x0, 0x53, 0x0, 0x0) mmap$auto(0xea88, 0x810004, 0xd, 0x10, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) socket(0x29, 0x2, 0x0) socket(0xa, 0x1, 0x84) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x800000005, &(0x7f0000000500)={&(0x7f0000000080), 0x1ffffffff}, 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r6 = waitid$auto_P_PIDFD(0x3, r5, &(0x7f0000000000)={@_si_pad}, 0x6, &(0x7f0000000080)={{0xda, 0x1}, {0x69, 0x4b}, 0x4, 0x4ae, 0x200, 0x2, 0x8001, 0x80000000, 0x7, 0x7fffffff, 0x2, 0x3, 0x4, 0x2, 0x7, 0x7}) capset$auto(&(0x7f0000000140)={0x2, 0xffffffffffffffff}, &(0x7f0000000180)={0x0, 0xfff, 0xf}) rt_tgsigqueueinfo$auto_SIGCONT(r6, r7, 0x12, &(0x7f00000001c0)={@_si_pad}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xc2082, 0x0) 3.26983095s ago: executing program 1 (id=965): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80202, 0x0) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000340), 0xffffffffffffffff) pread64$auto(r0, 0x0, 0x4, 0xc9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/sound/ctl-led/speaker/card2/reset\x00', 0xa001, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/packets_per_slave\x00', 0x182b02, 0x0) r1 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x103103, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/sys/fs/inode-state\x00', 0x0, 0x0) r3 = socket(0x2a, 0x2, 0x1) connect$auto(r3, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x2711}, 0x53) read$auto_proc_sys_file_operations_proc_sysctl(r2, 0x0, 0x0) ioctl$auto(r1, 0x6f2d, r1) r4 = openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/setgroups\x00', 0x2, 0x0) epoll_pwait2$auto(0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000100)={0x0, 0x7f}, &(0x7f0000000140), 0x8) mprotect$auto(0x110c230000, 0xa588, 0x6) mremap$auto(0x110c231000, 0x0, 0x101, 0x3, 0x0) r5 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(r5, 0x0, 0x18) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYBLOB="040006"], 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x800) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r6) r7 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000005c0), r6) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001d40)={0x14, r7, 0x8ff972b65c311bf5, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20008090}, 0x4000) writev$auto(r4, &(0x7f0000003600)={0x0, 0x2}, 0x8) 3.064224812s ago: executing program 1 (id=966): add_key$auto_KEY_SPEC_SESSION_KEYRING(&(0x7f0000000440)='keyring\x00', 0x0, &(0x7f00000004c0), 0xff, 0xfffffffffffffffd) r0 = prctl$auto_PR_SYS_DISPATCH_ON(0x1000, 0x1, 0xffffffffffffffff, 0x4, 0x7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xd561, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) setregid$auto(0xffffffffffffffff, 0x0) setsockopt$auto(0xffffffffffffffff, 0x6, 0x22, 0x0, 0x6) r2 = openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/comm\x00', 0x303400, 0x0) sendfile$auto(r0, r2, &(0x7f0000000080)=0x8, 0xd) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/diskstats\x00', 0x141100, 0x0) read$auto(r3, &(0x7f0000000000)='vdpa\x00', 0x8000) 2.772064367s ago: executing program 0 (id=967): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card0\x00', 0x121000, 0x0) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r0, &(0x7f00000002c0)=""/190, 0xfffffe39) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) inotify_init1$auto(0x3000000000000) unshare$auto(0x40000080) ioperm$auto(0x5, 0x1, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0xff) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x4) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20c002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x109401, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x2, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/input/event1\x00', 0x0, 0x0) 2.729166602s ago: executing program 3 (id=968): r0 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$auto(r0, 0x8048ae66, 0xffffffffffffffff) 2.617405536s ago: executing program 3 (id=969): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) write$auto(r0, &(0x7f0000000040)='0\x00\\9(\xba\xea\x99\xfc|U\x1c\xc7k', 0x81) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nbd4/trace/start_lba\x00', 0x22062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0x10, 0x2, 0x0) read$auto(0x3, 0x0, 0x80) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x0, 0x0) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002180)=ANY=[@ANYBLOB="e0020000", @ANYRES16=r7, @ANYBLOB="01002ebd5100fbcbdf250100000004000180c802018004000680bd020480fc921cf096b39f43034e2db36a74c0ade1e6a4dafab35aa84881d05d1662bd8a8f48943ea4276b7e1465958d17dd9c9706336d0f4a94c7de9fa79cb659b67f43fa331b6f98fa8ad43a943eac1b528ba83992018ecb03ba5dba6660c32c87b1dc86b69a7f6e747504f11d7688a74c47a4ba4802228004003b0040028b80080026", @ANYRES32=r6, @ANYBLOB="08006e00ac1414aa2c02bc8028029880220242804b8ef4dea62052d4391e1b7fcd2429f7195770e4ca6f21844850ff750ce04caf301dc66838e61817fb1f807d53f524a2ac569f0f1c754ec84650d22b883479398e9d766ecc3fa8de0f83e8f703cb19a0826ec7c4949c87bab590c6305dc6f742accc66d7f2c47d87ec1d7fde707f710037006af15d7fa2ec9194354a1069b7c806492e043fa1fdad718d351a10ddade114048ff1302faa59a651c349c5ec3cede0e3949d48b97b2bd1d493852ed30d3a7c2cead7511ef0c8d71cb13b68fb7475ceac2b9816379110f6b4d10d69aea84f032ee4c179ba7929c5d06329cbdf05000000040034804d001f800400f18004006c800d7112532deb3ef76f18436c6041ed69a31df55778585e94b7244ba30fca32a34652fd3f440a97d881a3e6c962f72b82c506b0f9531ca4e8321faaa8982bbdfd85000000e5007d800800e400", @ANYRES32=0x0, @ANYBLOB="0400af80cee0bd49dab2a617b70e1a2e040e6ba448f301800a8999cec0bec67eb0617ad3f9a0977d09fa35f0e26b923a2713f1104ff7a5b18a2629bbee5de69b17f06e13870462f79e9deb527b97fd65fc8b156b0f525dfca9340f14dc75ef0881c14f5b87a6c615ee754d72289dcac3c322002b00", @ANYRES32=0x0, @ANYBLOB="6000f68004004880f6c5cccd25852c755b4331229a68ba8457bb2c5bc855fc277901cc018a78610faf86906cfd8f50da20a3cfe74a23710a32b0bd28cfddfe8fbcc03a4f9178ec9a0400de8004004380040078800c00a700feffffffffffffff0000000000000000"], 0x2e0}, 0x1, 0x0, 0x0, 0x40}, 0x4) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000480)={{&(0x7f00000001c0)="8d10a50b60e1380b545f89c54bab4fbfb3e0feda7edd7e46ae550aa997ff56be56fea27cb83751daf5f24ad06844d84862e0d8ddb179f76038831d67eaac8ab77003e5fc4eaf9d788521bd99b2729d94e367eabcdce535dd22dee07e455f0d28213b56b89d026239a1a68f51487800b3643829c256b36302e01c43618a797b05025b5feebfc59d59d2d916fd4248245863a0fd01593abab17301a9c36f0ec8bcbd4d8e6757f5b19d5092696e8e3e7ae1179791a4d12d4b6e213364b1f45cbae151889a10e446fe3ddc6e35545780a45518a4", 0x3, &(0x7f00000003c0)={&(0x7f00000002c0)="a05773e17fc3f097c1dda9674cdda8495227c3f6143b1c9dae28868eb2521113ee53fe55139a6cafe81097998f467936029d7cc2a59bd8df4aac7fbffdb54dfbc4dabe4693db529a457b072d24a74a8cc4064a179611df8dbc3eb7d0d68f653f5c970fe5e8039b309bf88b2d95319ac03fe3fed98f97feb30230ed7bc44c009694c3a27e9526df2fdf2b2d30adf6f4e00f90211708f37043fdc4153b871250e305e2c21184eaa67cb94b2d8e79f89ec13959f9918ffa08e8a519c2ad073327cf5ae99cbd9397b8187ea2e9c37e5535d88c6ce6ca1e247930b3585aa92c14", 0x100}, 0x1, &(0x7f0000000400)="2491e2f933b13df8b9767a34918374d206e5f3c766ee0baae721e41d7b28fc255fc9387e8c68e335e84ca7720ac49cdfdff203042b32ffe2ddf3fee62aa25966f135af5acda0f5ee35af2663f7f69d40ea81d8bce8fc80c0add9", 0x1, 0x1}, 0x401}, 0x5, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r8 = open(&(0x7f00000001c0)='./file0\x00', 0x161342, 0x13d) write$auto(r8, 0x0, 0x0) 1.649401776s ago: executing program 2 (id=970): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) preadv2$auto(0xffffffffffffffff, 0x0, 0x6, 0x3, 0x4, 0x2e) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/event0\x00', 0x2000, 0x0) r1 = timerfd_create$auto(0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.prio.class\x00', 0x183042, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0xb, 0x0) r3 = socket(0x2, 0x5, 0x0) bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x4e24, @private=0xa010101}, 0x631) sendmmsg$auto(r3, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x181441, 0x0) socket(0xa, 0x1, 0x84) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000) bpf$auto(0x8000000, &(0x7f00000001c0)=@test={r4, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac5, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x1c00000000000000, 0xffff, 0x6, 0x81, 0x68198}, 0x6) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x4080) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x1, &(0x7f0000000180)={@siginfo_0_0={0x80000000, 0x4007, 0x8000}}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Y%y'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x2, 0x2, 0x0) socket(0x23, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendfile$auto(r2, r2, 0x0, 0x8000) timerfd_gettime$auto(r1, &(0x7f0000000040)={{0x2, 0xd21}, {0x29e2, 0x3ff}}) ioctl$auto_EVIOCGMASK(r0, 0x80104592, 0x0) 1.602722703s ago: executing program 1 (id=971): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0xf2) ioctl$auto(0x3, 0x89e1, 0x91) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) finit_module$auto(0xffffffffffffffff, 0x0, 0x800) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vhci_hcd.10/usb29/29-0:1.0/authorized\x00', 0x2b183, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) unshare$auto(0x3) syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) fanotify_init$auto(0x5, 0x2000000000002) fsetxattr$auto(0x1, &(0x7f0000000000)='%\x175\xc0\x8d\xbb\x04\xb3\x97\xd8\xf4\xf6', 0x0, 0x0, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20100, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) pwritev$auto(r1, &(0x7f0000000100)={&(0x7f0000000040)="c4f8be0a2bdb4cd12d4d02cbddacb10e7e648068b438c338491cee01b7a18490b2ec52b9f8192608b3023b30163d5c8e7cc78561abaa6daafff08ef21fd3f9ede37c5edc36681e1567520154fdf23e7429f8b61ec0f9cd294781fc585570b0d0a885a6101de5eadfc122b9a1833c8845cb5ec356c0310ef05ae0f49be8b4d84903abdb221059987d1bca77628833bb"}, 0x6, 0x8c, 0x200000000003) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x6, 0x0) sendfile$auto(r0, r0, 0x0, 0xffffffff) r2 = socket(0xa, 0x1, 0x84) mmap$auto(0x3, 0x40009, 0xdf, 0x9972, 0x7, 0x28000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/pci0000:00/0000:00:00.0/subsystem_device\x00', 0x400, 0x0) preadv$auto(r3, &(0x7f0000001e00)={&(0x7f0000001d40), 0x401}, 0x1, 0x5, 0x4) capset$auto(0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) open(0x0, 0x22240, 0x154) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, 0x0, 0x1, 0x0, 0x0, 0x19cc75c20d27ecb8}, 0x24048084) bpf$auto(0x0, &(0x7f0000000400)=@link_update={r2, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) 1.548482814s ago: executing program 3 (id=972): keyctl$auto_KEYCTL_INSTANTIATE(0xc, 0x4, 0x6, 0x2, 0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x0, 0x5, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) socket(0x10, 0x2, 0x0) openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2202, 0x0) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bdi/1:7/wb_stats\x00', 0x2080, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xc048aec8, r1) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000005ec0), r0) r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r4, 0x1, &(0x7f0000000000)="14040000000000001b") r5 = socketcall$auto(0xa, 0x0) sendmmsg$auto(r5, &(0x7f0000000440)={{&(0x7f0000000240)="7ef60afc46fb044bb50fd7111a07b2389d28f74d0283322da843369044022163519ed9f42f1b3725ac7123d9cf1a7c3b5ec96aaa76223a1b415754f17dbe142fc7548bd384e7d368d59ba0424e0e9f61c6f680438019e74465952e20a7befee2c5fb646a0ac9720ff85cc7bcdbb519a16e589c69a737707cd40bce9e21b578a3094e6ee27db3e9106137c05245d4ad293dfbb970d6440e5df3b1d31bbcea73d98b19c366a92ba171fa286cf3a0a1c5", 0x8, &(0x7f0000000340)={&(0x7f0000000300)="c8af12a7eedb7f52e5832530f178472189bf80da9f2758c7ac8f7e6fac39e5f617fef6299ef98281ac56", 0x4}, 0x9, &(0x7f0000000380)="187c241cc99d99f53aebbe8b3fc8d84468c5cdf6c089e06c157174769100000083bd0926651ef11b83a3330b1dcb77672306ac65632503bd777fbc50091c16460fd40ca2a633a6bd9494cf7810c47f828b95a860d0995142810e9111c29a2c5f5a5f288c269545bf3417dcee67fd6c8dc21038e48b89dc1c2d8fcebcc8d31a8663ece9", 0xe9a, 0x8}, 0x101}, 0x800, 0x200) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c0090000", @ANYRES16=r6, @ANYBLOB="131f2cbd700023723a", @ANYRES32=r8], 0x9c0}, 0x1, 0x0, 0x0, 0x2400c884}, 0x20040894) shmctl$auto(0x7f, 0x8, &(0x7f0000000500)={{0x2, 0xee01, 0xee00, 0x7, 0x3, 0xb, 0xb17}, 0x2, 0x1000000, 0xf, 0x4, @raw=0x6, @inferred, 0x0, 0x0, &(0x7f0000000180)="3085295dd934a95d57caf3e975fb7d5276f16f5b801b5f2d280b4775906b3f36c9a0c6f14ce2aa0c91", &(0x7f0000000480)="849c9cde68ac6d2db2cb9df4c305dc7565b5b094e025306d6117c4137c314f512e63a4822c55b2e1af5582d24f2034f4019b7953f8c600df4a6bf182a77ee4fb35d1a1f7af41e805c0a201632f4c6fd1232ce2ca2210ffd6fb36a4f4309aa79019318b84f1750551d2526f0edee48fe5de2cd9"}) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000580)={0x56c, r6, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x29, 0xc5, "9d5762f3812d9430a096faae6264fe45c53e5ce256525511896607a85e045aaca0c51c71fd"}, @NL80211_ATTR_SCHED_SCAN_MATCH={0xe8, 0x84, 0x0, 0x1, [@nested={0xd9, 0x34, 0x0, 0x1, [@nested={0x4, 0xbb}, @generic="41de9441c457c184a5e9cb9c6fa676af926e834354ff4353db67e6f838b9b22c7320fe80d20c8553b409016a966d945fa15964f6c9f1bef478473d0764dff5232b9ba3643aabaf7717443b10e2dd5482151673ae2dfa1b0fd640bf9e7f75653457fbe8e66c48b11f89a604e7e9b8018648b482b0b49fba1f16ad6534d6ded648dafc2ef5dace83c363bd2f146d86615dbd6945bb97e163d7c47098e7d9f00bfb99d791a8903f1bfe957a5db0457992fac3b54b4787208514b3aebd5afb492c6c01477e64a8f9304d11", @typed={0x8, 0x11e, 0x0, 0x0, @uid=r9}]}, @typed={0x8, 0x127, 0x0, 0x0, @fd=r2}]}, @NL80211_ATTR_IE_RIC={0x432, 0xb2, "a1b566dd2475137bd8f9035d97afc93a029870a214a87a74a04912a64698f313c90aa8cc9d5871381ee0a31e1ffe9934b44f1fffb17cba69afd23c18878509b2e30693243b09b6b723f6dccab2938679a79eefb896821abe7a9b3d5efeeb3bec0bb840367f233c418dde02f6cbf29cac4f9c75d4be1b9eb098ffabfe0f1e2c9032469121ef9271add7c32060fd951c69d23f5674a50d286237d2400ce83e17d5b48bda131c997191c2c48daa05e76594e321fbb6882939859f5ebfd126d9a367cb687e83c1805645d0ee78a387ace3ce2086c3e702e1d07533add90cedcf2dc89c6ae7b54fe7afa519bf58b4cdcc47294a7cbf90b17255cdd1cba5cda6a87813d24e0707f7d12f2a4d7257dd0f066eda4f28d6ebf1d824d1d6d4432fca99f6489faa91a1ef26044bb710bf7012a226ed51db2b7841e6c5de658e2fd8052ab41e1c6019c8408a8ec5806abff6d5f2d0e12db7608b91c8c72587875cee3d8aa19dbdb582f79c1173016c229c1012b5d2ef4283431041b198bfe051515fcae235ee679333a4fa3b7be602baadc9f544db851dea95fb3d4584e51c448e5814b0bb5059ae3d939dd59251bf1007ea6940080bbf2a875766938ae0ec42dfedd82df3ad0a748c3bed52c90077ec416addb88c16eb67045ceb6dee84f89b8c6d668d885934d63657c727113dd64a72ec881f1f7ef7000f69e1a49991546f422b03ee013b2ae6f51289777334173dbc2775258d7449a4effeb739b935eaf073bb0d5c7640fd7b0ba10d02d7fbcc0c79375f64418761d0361593642b561d0a7fcd4ef7310bcb7eb5da5e76cfb79327393e79885472e60859557e0d27bca3cb7f02af64fa719793948501a544a01e8be4f49e06c4a4362e57979f1686134b7ec9e3a906c99bf9eb4fe069b2eab6a0836f705d6416ea3d8792e521b5a42ab93ed2344ffef6be8bb10fd005f4fca7dbf90f40eb9a2a63ef4867d315b8940decfd6e05d5a52c14c40061077aa2d417bfee39abdf74d9424a80484b578b0262ff22ea51880a48bf5d7d89f4ef5d1ac54818fb890383f75b998b4adb65ef89491017565b2ba0f4d30ad1132c0352355c56e21947126982e45c269c7e3bc2fc1393d70ee301188c58dcc728b17e0d7e89246393fb67f12b96c6c0630d82dd770ba8a51966068c2cddf2498585fd4209441576be4d9a95207c878b0e674db343a18338f5e0e6f19c27c0ed105026ae38742ffba98f081e3e4a9a6d7e865e25761a7561baae8d944f634ec7cf46bea4623e230aeedb86cff41a77246491c72e914f45cf5c759b1182334a5750d36fb07b25947834a82720e02476ec3da099cd19842e37e74cca8d38e818723f03e589ba002f890e81baa7946f970810a2b81362b568104d048d156241d67d254386d272041cacece095648f66a9f278c63a7343370ad6710f3abed35009d61ee8b1f74149591802c09b34acb3fd912979bf8d33219f36cff27506178d58e9628ad105c373ffd541ec9b8d"}, @NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_DISABLE_VHT={0x4}]}, 0x56c}, 0x1, 0x0, 0x0, 0x4840}, 0x8000) sendmsg$auto_OVS_VPORT_CMD_GET(r0, &(0x7f0000006580)={0x0, 0x0, &(0x7f0000006540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000d33fa0e2a2dfb16f", @ANYRES16=r4, @ANYBLOB="010009000000fddbdf250300000004000a800e0003006f76735f76706f7274000000", @ANYRES32=r0, @ANYRES64=0x0, @ANYRES32=r5], 0x28}, 0x1, 0x0, 0x0, 0x4000810}, 0x6040) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty46\x00', 0x800100, 0x0) mmap$auto(0x5, 0x8, 0x9, 0x14, r5, 0x1012) 1.379462752s ago: executing program 0 (id=973): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, 0x0, 0x200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) setxattrat$auto(0xffffffffffffffff, 0x0, 0x1000, 0x0, 0x0, 0xa7) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/reg-dummy/power/runtime_status\x00', 0x500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/213, 0xd5) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x1) r1 = socket(0x2b, 0x1, 0x1) r2 = io_uring_setup$auto(0x40000002c55, 0x0) setsockopt$auto(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x8004) socketpair$auto(0xfffffffe, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) syslog$auto(0x4, 0xfffffffffffffffc, 0x3) ioctl$auto(r1, 0x89a0, 0x4) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) write$auto(0xffffffffffffffff, 0x0, 0x98c7) writev$auto(0xffffffffffffffff, 0x0, 0xb) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000180)='/dev/etherd/revalidate\x00', 0x2000, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r2, 0x3, 0xa2c5, 0x0) madvise$auto(0x0, 0x2003f2, 0x215) 1.226636639s ago: executing program 1 (id=974): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) unshare$auto(0x40000080) sendmmsg$auto(r0, &(0x7f00000000c0)={{0x0, 0x6, &(0x7f0000000080)={0x0, 0xffffffff80000000}, 0x5, 0x0, 0x3, 0x9}, 0x7}, 0xffffffff, 0x6) r1 = socket(0x200000000000011, 0x2, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram5\x00', 0xa0380, 0x0) fadvise64$auto(r2, 0x7a, 0x6, 0x918) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x40800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vhci_hcd.9/usb28/28-0:1.0/usb28-port7/power/control\x00', 0x1e700, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x89b0, &(0x7f0000000040)={'dvmrp1\x00'}) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x4001, 0x2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, r0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x80002, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) timerfd_create$auto(0x8, 0x0) timerfd_settime$auto(r4, 0x3, 0x0, 0x0) (fail_nth: 3) timerfd_settime$auto(r3, 0x1, 0x0, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xa4181, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) 1.128137583s ago: executing program 3 (id=975): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card0\x00', 0x121000, 0x0) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r0, &(0x7f00000002c0)=""/190, 0xfffffe39) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) inotify_init1$auto(0x3000000000000) unshare$auto(0x40000080) ioperm$auto(0x5, 0x1, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) rseq$auto(0x0, 0x8000, 0x0, 0x8000006) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xebe, 0xffffffffffffffff, 0x7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x700, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) adjtimex$auto(0x0) ioctl$auto(0x3, 0x4020aed2, r1) 543.53381ms ago: executing program 2 (id=976): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40000, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000100)='%U{\fb\x00aU\xca\xc9:\xcfZ', 0xffffffff) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1b0026bd7000fddbdf2503000000040008000c00038008000c000400070012000100898771f1c19f17790485908286dd0000"], 0x40}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, r6, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @fd}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "016a76f37bf001ca2200000100"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r7 = prctl$auto_PR_SET_MM_START_CODE(0x732, 0x1, 0x0, 0x3, 0x54) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYRES32=r4, @ANYRESOCT=r4], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(r4, 0xa, 0xfffffffe) 316.296036ms ago: executing program 1 (id=977): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80202, 0x0) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000340), 0xffffffffffffffff) pread64$auto(r0, 0x0, 0x4, 0xc9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/sound/ctl-led/speaker/card2/reset\x00', 0xa001, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/packets_per_slave\x00', 0x182b02, 0x0) write$auto(r1, &(0x7f0000000440)='1\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\x03\x00\x00\x00\x00\x00\x00\x00*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d\xbcs!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xc4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xf7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85C /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\x9bA\xac\x9c\x8e\r(\x1d\x98\x84\x98\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) r2 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x103103, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/sys/fs/inode-state\x00', 0x0, 0x0) r4 = socket(0x2a, 0x2, 0x1) connect$auto(r4, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x2711}, 0x53) read$auto_proc_sys_file_operations_proc_sysctl(r3, 0x0, 0x0) ioctl$auto(r2, 0x6f2d, r2) r5 = openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/setgroups\x00', 0x2, 0x0) epoll_pwait2$auto(0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000100)={0x0, 0x7f}, &(0x7f0000000140), 0x8) readv$auto(0x3, &(0x7f0000003080)={&(0x7f0000003040), 0x4}, 0x9) mprotect$auto(0x110c230000, 0xa588, 0x6) mremap$auto(0x110c231000, 0x0, 0x101, 0x3, 0x0) r6 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(r6, 0x0, 0x18) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYBLOB="040006"], 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x800) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r7) r8 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000005c0), r7) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r7, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001d40)={0x14, r8, 0x8ff972b65c311bf5, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20008090}, 0x4000) writev$auto(r5, &(0x7f0000003600)={0x0, 0x2}, 0x8) 156.028535ms ago: executing program 1 (id=978): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) (async) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/consoles\x00', 0x800, 0x0) mmap$auto(0x9, 0xffffffffffffffff, 0x8, 0xeb1, r0, 0x8000) (async) pread64$auto(r0, 0x0, 0xd00, 0x2) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async, rerun: 64) r1 = fcntl$auto(0x3, 0x4, 0xa553) (rerun: 64) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x1a3) (async) socket(0x1a, 0x800, 0x1) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:04.0/resource0\x00', 0xc0082, 0x0) write$auto(r2, &(0x7f0000000080)='/dev/i2c-0\x00', 0x1) (async, rerun: 32) syz_clone3(&(0x7f00000013c0)={0x200, &(0x7f0000000000), &(0x7f0000000140)=0x0, &(0x7f00000001c0), {0x9}, &(0x7f0000000200)=""/207, 0xcf, &(0x7f0000000380)=""/4096, &(0x7f0000001380)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6, {r1}}, 0x58) (async, rerun: 32) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r4 = socket(0x29, 0x0, 0x3ff) (async) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) recvmmsg$auto(r5, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) (async) ioctl$auto(r4, 0x891d, 0x24) (async) r6 = socket(0x29, 0x2, 0x0) ioctl$auto(r6, 0x89f2, r4) prctl$auto(0x203d, 0x5, r3, 0x0, 0x80) (async, rerun: 64) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (rerun: 64) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto(0xffffffffffffffff, 0xc0405626, 0xffffffffffffffff) (async, rerun: 64) unshare$auto(0x40000080) (async, rerun: 64) r7 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) readv$auto(r7, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) (async) modify_ldt$auto(0x1, 0x0, 0x26a4acc7) (async, rerun: 32) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0) (async, rerun: 32) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000300), 0x101c82, 0x0) 0s ago: executing program 3 (id=979): unshare$auto(0x6c000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x7fff, 0x2) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/maps\x00', 0x80101, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000300)={0x68, 0x3b, 0x9, 0x1e4, 0x5, 0x8001, 0x7d6, 0x9a, 0x1, 0xbfae, 0x7, 0x1, 0x10d9b, 0x8000000000, 0x2}) kernel console output (not intermixed with test programs): '. [ 114.703112][ T6078] vivid-007: ================= START STATUS ================= [ 114.725382][ T6078] vivid-007: Generate PTS: true [ 114.745453][ T6078] vivid-007: Generate SCR: true [ 114.776544][ T6078] tpg source WxH: 320x240 (Y'CbCr) [ 114.800269][ T6078] tpg field: 1 [ 114.811706][ T6078] tpg crop: (0,0)/320x240 [ 114.826699][ T6078] tpg compose: (0,0)/320x240 [ 114.887834][ T6083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.46'. [ 114.928453][ T6078] tpg colorspace: 8 [ 114.969326][ T6078] tpg transfer function: 0/0 [ 115.001302][ T6078] tpg Y'CbCr encoding: 0/0 [ 115.060538][ T6078] tpg quantization: 0/0 [ 115.103271][ T6078] tpg RGB range: 0/2 [ 115.124754][ T6083] netlink: ct family unspecified [ 115.159113][ T6078] vivid-007: ================== END STATUS ================== [ 115.458807][ T6094] vivid-007: ================= START STATUS ================= [ 115.470082][ T6094] vivid-007: Generate PTS: true [ 115.488615][ T6094] vivid-007: Generate SCR: true [ 115.499743][ T6094] tpg source WxH: 320x240 (Y'CbCr) [ 115.523877][ T6094] tpg field: 1 [ 115.551622][ T6094] tpg crop: (0,0)/320x240 [ 115.578486][ T6094] tpg compose: (0,0)/320x240 [ 115.591478][ T6094] tpg colorspace: 8 [ 115.645821][ T6094] tpg transfer function: 0/0 [ 115.667229][ T6097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.50'. [ 115.709378][ T6094] tpg Y'CbCr encoding: 0/0 [ 115.728766][ T6094] tpg quantization: 0/0 [ 115.750741][ T6094] tpg RGB range: 0/2 [ 115.766093][ T6097] netlink: ct family unspecified [ 115.778298][ T6094] vivid-007: ================== END STATUS ================== [ 116.637738][ T6110] vivid-007: ================= START STATUS ================= [ 116.688507][ T6110] vivid-007: Generate PTS: true [ 116.703676][ T6110] vivid-007: Generate SCR: true [ 116.728192][ T6110] tpg source WxH: 320x240 (Y'CbCr) [ 116.750452][ T6110] tpg field: 1 [ 116.770274][ T6110] tpg crop: (0,0)/320x240 [ 116.796491][ T6110] tpg compose: (0,0)/320x240 [ 116.810915][ T6110] tpg colorspace: 8 [ 116.823439][ T6113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.52'. [ 116.835729][ T6110] tpg transfer function: 0/0 [ 116.858353][ T6110] tpg Y'CbCr encoding: 0/0 [ 116.876225][ T6113] netlink: ct family unspecified [ 116.880081][ T6110] tpg quantization: 0/0 [ 116.905439][ T6110] tpg RGB range: 0/2 [ 116.920986][ T6110] vivid-007: ================== END STATUS ================== [ 118.463430][ T6135] program syz.3.57 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 119.358854][ T6146] vivid-007: ================= START STATUS ================= [ 119.392333][ T6146] vivid-007: Generate PTS: true [ 119.428374][ T6146] vivid-007: Generate SCR: true [ 119.472112][ T6146] tpg source WxH: 320x240 (Y'CbCr) [ 119.520989][ T6146] tpg field: 1 [ 119.565807][ T6146] tpg crop: (0,0)/320x240 [ 119.582465][ T30] audit: type=1800 audit(1779325051.049:4): pid=6143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.59" name="file0" dev="tmpfs" ino=91 res=0 errno=0 [ 119.625333][ T6146] tpg compose: (0,0)/320x240 [ 119.656111][ T6148] netlink: ct family unspecified [ 119.669486][ T6146] tpg colorspace: 8 [ 119.686353][ T6146] tpg transfer function: 0/0 [ 119.696315][ T6152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.61'. [ 119.744308][ T6146] tpg Y'CbCr encoding: 0/0 [ 119.780338][ T6152] netlink: ct family unspecified [ 119.785443][ T6146] tpg quantization: 0/0 [ 119.817801][ T6146] tpg RGB range: 0/2 [ 119.832442][ T6146] vivid-007: ================== END STATUS ================== [ 119.878289][ T6150] vivid-007: ================= START STATUS ================= [ 119.888504][ T6150] vivid-007: Generate PTS: true [ 119.893601][ T6150] vivid-007: Generate SCR: true [ 119.899651][ T6150] tpg source WxH: 320x240 (Y'CbCr) [ 119.904850][ T6150] tpg field: 1 [ 119.910203][ T6150] tpg crop: (0,0)/320x240 [ 119.914815][ T6150] tpg compose: (0,0)/320x240 [ 119.919740][ T6150] tpg colorspace: 8 [ 119.924049][ T6150] tpg transfer function: 0/0 [ 119.929231][ T6150] tpg Y'CbCr encoding: 0/0 [ 119.933746][ T6150] tpg quantization: 0/0 [ 119.939867][ T6150] tpg RGB range: 0/2 [ 119.943868][ T6150] vivid-007: ================== END STATUS ================== [ 120.457742][ T6158] program syz.2.62 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 120.731139][ T6162] program syz.0.64 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 120.971982][ T30] audit: type=1800 audit(1779325052.439:5): pid=6160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.63" name="file0" dev="tmpfs" ino=80 res=0 errno=0 [ 122.552514][ T6188] netlink: 28 bytes leftover after parsing attributes in process `syz.3.67'. [ 122.744382][ T6190] netlink: zone id is out of range [ 122.761183][ T6190] netlink: zone id is out of range [ 122.775104][ T6190] netlink: zone id is out of range [ 122.799496][ T6190] netlink: zone id is out of range [ 122.812046][ T6190] netlink: zone id is out of range [ 122.836616][ T6190] netlink: zone id is out of range [ 122.845908][ T6190] netlink: zone id is out of range [ 122.852308][ T6190] netlink: zone id is out of range [ 122.861683][ T6190] netlink: zone id is out of range [ 122.910558][ T6190] netlink: zone id is out of range [ 123.734894][ T6206] vivid-007: ================= START STATUS ================= [ 123.820082][ T6206] vivid-007: Generate PTS: true [ 123.869187][ T6206] vivid-007: Generate SCR: true [ 123.906345][ T6206] tpg source WxH: 320x240 (Y'CbCr) [ 123.949582][ T6206] tpg field: 1 [ 123.967632][ T6206] tpg crop: (0,0)/320x240 [ 123.995825][ T6206] tpg compose: (0,0)/320x240 [ 124.038478][ T6206] tpg colorspace: 8 [ 124.062458][ T6206] tpg transfer function: 0/0 [ 124.079913][ T30] audit: type=1800 audit(1779325055.549:6): pid=6204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.70" name="file0" dev="tmpfs" ino=113 res=0 errno=0 [ 124.137613][ T6206] tpg Y'CbCr encoding: 0/0 [ 124.156082][ T6206] tpg quantization: 0/0 [ 124.170295][ T6206] tpg RGB range: 0/2 [ 124.185644][ T6206] vivid-007: ================== END STATUS ================== [ 125.049806][ T6229] netlink: 28 bytes leftover after parsing attributes in process `syz.3.74'. [ 126.778993][ T6250] vivid-007: ================= START STATUS ================= [ 126.792916][ T6250] vivid-007: Generate PTS: true [ 126.804656][ T6250] vivid-007: Generate SCR: true [ 126.818352][ T6250] tpg source WxH: 320x240 (Y'CbCr) [ 126.866131][ T6250] tpg field: 1 [ 126.870140][ T6250] tpg crop: (0,0)/320x240 [ 126.903786][ T6250] tpg compose: (0,0)/320x240 [ 126.938217][ T6252] netlink: 4 bytes leftover after parsing attributes in process `syz.2.78'. [ 126.954730][ T6250] tpg colorspace: 8 [ 126.961646][ T6250] tpg transfer function: 0/0 [ 126.970130][ T6250] tpg Y'CbCr encoding: 0/0 [ 126.983658][ T6250] tpg quantization: 0/0 [ 127.010876][ T6250] tpg RGB range: 0/2 [ 127.034180][ T6250] vivid-007: ================== END STATUS ================== [ 128.970533][ T6290] netlink: 28 bytes leftover after parsing attributes in process `syz.3.85'. [ 129.724024][ T6300] vivid-007: ================= START STATUS ================= [ 129.769387][ T6300] vivid-007: Generate PTS: true [ 129.793296][ T6300] vivid-007: Generate SCR: true [ 129.821093][ T6300] tpg source WxH: 320x240 (Y'CbCr) [ 129.869367][ T6300] tpg field: 1 [ 129.900548][ T6300] tpg crop: (0,0)/320x240 [ 129.928672][ T6300] tpg compose: (0,0)/320x240 [ 129.953891][ T6303] net_ratelimit: 159 callbacks suppressed [ 129.953913][ T6303] netlink: ct family unspecified [ 129.989614][ T6300] tpg colorspace: 8 [ 130.004163][ T6300] tpg transfer function: 0/0 [ 130.034540][ T6300] tpg Y'CbCr encoding: 0/0 [ 130.066538][ T6300] tpg quantization: 0/0 [ 130.101920][ T6300] tpg RGB range: 0/2 [ 130.137644][ T6300] vivid-007: ================== END STATUS ================== [ 130.863106][ T30] audit: type=1800 audit(1779325062.329:7): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.89" name="file0" dev="tmpfs" ino=129 res=0 errno=0 [ 131.295440][ T6316] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(8.0.4294967291), cmd(3) [ 131.423190][ T30] audit: type=1800 audit(1779325062.889:8): pid=6320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.92" name="file0" dev="tmpfs" ino=157 res=0 errno=0 [ 132.708620][ T6338] netlink: 28 bytes leftover after parsing attributes in process `syz.1.95'. [ 133.108409][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.115895][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.848957][ T6346] netlink: zone id is out of range [ 133.862584][ T6346] netlink: zone id is out of range [ 133.880808][ T6346] netlink: zone id is out of range [ 133.888509][ T6346] netlink: zone id is out of range [ 133.898472][ T6346] netlink: zone id is out of range [ 133.911918][ T6346] netlink: zone id is out of range [ 133.934472][ T6346] netlink: zone id is out of range [ 133.956656][ T6346] netlink: zone id is out of range [ 133.965096][ T6346] netlink: zone id is out of range [ 134.648064][ T6356] vivid-007: ================= START STATUS ================= [ 134.672497][ T6356] vivid-007: Generate PTS: true [ 134.688179][ T6356] vivid-007: Generate SCR: true [ 134.702736][ T6356] tpg source WxH: 320x240 (Y'CbCr) [ 134.730531][ T6356] tpg field: 1 [ 134.758893][ T6356] tpg crop: (0,0)/320x240 [ 134.785949][ T6356] tpg compose: (0,0)/320x240 [ 134.824205][ T6356] tpg colorspace: 8 [ 134.856028][ T6356] tpg transfer function: 0/0 [ 134.900971][ T6356] tpg Y'CbCr encoding: 0/0 [ 134.929153][ T6356] tpg quantization: 0/0 [ 134.936118][ T6356] tpg RGB range: 0/2 [ 134.948324][ T6356] vivid-007: ================== END STATUS ================== [ 136.327224][ T30] audit: type=1800 audit(1779325067.799:9): pid=6377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.103" name="file0" dev="tmpfs" ino=150 res=0 errno=0 [ 137.804934][ T30] audit: type=1800 audit(1779325069.269:10): pid=6385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.105" name="file0" dev="tmpfs" ino=155 res=0 errno=0 [ 138.640705][ T6398] vivid-007: ================= START STATUS ================= [ 138.660328][ T6398] vivid-007: Generate PTS: true [ 138.665346][ T6398] vivid-007: Generate SCR: true [ 138.675544][ T6398] tpg source WxH: 320x240 (Y'CbCr) [ 138.689372][ T6398] tpg field: 1 [ 138.698123][ T6398] tpg crop: (0,0)/320x240 [ 138.707198][ T6398] tpg compose: (0,0)/320x240 [ 138.723603][ T6398] tpg colorspace: 8 [ 138.729557][ T6398] tpg transfer function: 0/0 [ 138.736272][ T6398] tpg Y'CbCr encoding: 0/0 [ 138.744307][ T6398] tpg quantization: 0/0 [ 138.751657][ T6398] tpg RGB range: 0/2 [ 138.757142][ T6398] vivid-007: ================== END STATUS ================== [ 138.808962][ T6398] net_ratelimit: 49 callbacks suppressed [ 138.808990][ T6398] netlink: ct family unspecified [ 139.543242][ T6406] program syz.1.110 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 140.318034][ T6426] vivid-007: ================= START STATUS ================= [ 140.349373][ T6426] vivid-007: Generate PTS: true [ 140.372734][ T6426] vivid-007: Generate SCR: true [ 140.399924][ T6426] tpg source WxH: 320x240 (Y'CbCr) [ 140.452205][ T6426] tpg field: 1 [ 140.467461][ T6426] tpg crop: (0,0)/320x240 [ 140.489301][ T6430] netlink: ct family unspecified [ 140.508725][ T6426] tpg compose: (0,0)/320x240 [ 140.534298][ T6427] program syz.1.114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 140.545338][ T6426] tpg colorspace: 8 [ 140.570086][ T6426] tpg transfer function: 0/0 [ 140.603641][ T6426] tpg Y'CbCr encoding: 0/0 [ 140.616082][ T6426] tpg quantization: 0/0 [ 140.624012][ T6426] tpg RGB range: 0/2 [ 140.631123][ T6426] vivid-007: ================== END STATUS ================== [ 142.661768][ T6452] netlink: 28 bytes leftover after parsing attributes in process `syz.1.119'. [ 143.094657][ T30] audit: type=1800 audit(1779325074.559:11): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.120" name="file0" dev="tmpfs" ino=188 res=0 errno=0 [ 143.448719][ T30] audit: type=1800 audit(1779325074.919:12): pid=6457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.121" name="file0" dev="tmpfs" ino=166 res=0 errno=0 [ 144.814704][ T6466] netlink: 28 bytes leftover after parsing attributes in process `syz.1.122'. [ 145.423302][ T6471] vivid-007: ================= START STATUS ================= [ 145.472414][ T6471] vivid-007: Generate PTS: true [ 145.503438][ T6471] vivid-007: Generate SCR: true [ 145.524797][ T6472] netlink: 4 bytes leftover after parsing attributes in process `syz.2.123'. [ 145.554353][ T6471] tpg source WxH: 320x240 (Y'CbCr) [ 145.574141][ T6471] tpg field: 1 [ 145.586097][ T6471] tpg crop: (0,0)/320x240 [ 145.616897][ T6471] tpg compose: (0,0)/320x240 [ 145.634379][ T6471] tpg colorspace: 8 [ 145.644527][ T6471] tpg transfer function: 0/0 [ 145.674830][ T6471] tpg Y'CbCr encoding: 0/0 [ 145.689350][ T6471] tpg quantization: 0/0 [ 145.732100][ T6471] tpg RGB range: 0/2 [ 145.743482][ T6471] vivid-007: ================== END STATUS ================== [ 145.784131][ T6471] netlink: ct family unspecified [ 146.898871][ T6495] netlink: 334 bytes leftover after parsing attributes in process `syz.1.127'. [ 147.685115][ T6492] kexec: Could not allocate control_code_buffer [ 147.965735][ T6509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.128'. [ 148.066852][ T6509] netlink: ct family unspecified [ 148.219965][ T30] audit: type=1800 audit(1779325079.689:13): pid=6513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.129" name="file0" dev="tmpfs" ino=182 res=0 errno=0 [ 149.408097][ T30] audit: type=1800 audit(1779325080.859:14): pid=6526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.132" name="file0" dev="tmpfs" ino=184 res=0 errno=0 [ 151.218936][ T6549] vivid-007: ================= START STATUS ================= [ 151.238608][ T6549] vivid-007: Generate PTS: true [ 151.256562][ T6549] vivid-007: Generate SCR: true [ 151.269729][ T6549] tpg source WxH: 320x240 (Y'CbCr) [ 151.284482][ T6549] tpg field: 1 [ 151.298164][ T6549] tpg crop: (0,0)/320x240 [ 151.309124][ T6549] tpg compose: (0,0)/320x240 [ 151.321713][ T6549] tpg colorspace: 8 [ 151.331870][ T6549] tpg transfer function: 0/0 [ 151.340045][ T6549] tpg Y'CbCr encoding: 0/0 [ 151.363703][ T6549] tpg quantization: 0/0 [ 151.383149][ T6549] tpg RGB range: 0/2 [ 151.398233][ T6549] vivid-007: ================== END STATUS ================== [ 151.428237][ T6553] netlink: ct family unspecified [ 151.520508][ T30] audit: type=1800 audit(1779325082.989:15): pid=6550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.136" name="file0" dev="tmpfs" ino=187 res=0 errno=0 [ 156.352556][ T6621] program syz.1.147 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 157.585417][ T6643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.152'. [ 157.624816][ T6643] netlink: ct family unspecified [ 158.535549][ T30] audit: type=1800 audit(1779325089.999:16): pid=6652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.153" name="file0" dev="tmpfs" ino=230 res=0 errno=0 [ 160.181479][ T6682] program syz.3.160 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 160.970385][ T6695] netlink: 28 bytes leftover after parsing attributes in process `syz.3.161'. [ 161.214306][ T6702] vivid-007: ================= START STATUS ================= [ 161.254952][ T6702] vivid-007: Generate PTS: true [ 161.280424][ T6702] vivid-007: Generate SCR: true [ 161.307065][ T6702] tpg source WxH: 320x240 (Y'CbCr) [ 161.338804][ T6706] netlink: 4 bytes leftover after parsing attributes in process `syz.2.164'. [ 161.360737][ T6702] tpg field: 1 [ 161.385554][ T6702] tpg crop: (0,0)/320x240 [ 161.414470][ T6706] netlink: ct family unspecified [ 161.424296][ T6702] tpg compose: (0,0)/320x240 [ 161.466209][ T6702] tpg colorspace: 8 [ 161.488600][ T30] audit: type=1800 audit(1779325092.959:17): pid=6704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.162" name="file0" dev="tmpfs" ino=236 res=0 errno=0 [ 161.521894][ T6702] tpg transfer function: 0/0 [ 161.571446][ T6702] tpg Y'CbCr encoding: 0/0 [ 161.593351][ T6702] tpg quantization: 0/0 [ 161.607540][ T6702] tpg RGB range: 0/2 [ 161.618380][ T6702] vivid-007: ================== END STATUS ================== [ 161.660061][ T30] audit: type=1800 audit(1779325093.129:18): pid=6703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.163" name="file0" dev="tmpfs" ino=226 res=0 errno=0 [ 162.533737][ T6720] vivid-007: ================= START STATUS ================= [ 162.558673][ T6720] vivid-007: Generate PTS: true [ 162.566029][ T6720] vivid-007: Generate SCR: true [ 162.577723][ T6720] tpg source WxH: 320x240 (Y'CbCr) [ 162.585511][ T6720] tpg field: 1 [ 162.593891][ T6720] tpg crop: (0,0)/320x240 [ 162.606047][ T6720] tpg compose: (0,0)/320x240 [ 162.622459][ T6720] tpg colorspace: 8 [ 162.631970][ T6720] tpg transfer function: 0/0 [ 162.641845][ T6720] tpg Y'CbCr encoding: 0/0 [ 162.658127][ T6720] tpg quantization: 0/0 [ 162.664062][ T6720] tpg RGB range: 0/2 [ 162.670222][ T6720] vivid-007: ================== END STATUS ================== [ 162.705889][ T6720] netlink: ct family unspecified [ 164.075023][ T6734] netlink: 28 bytes leftover after parsing attributes in process `syz.0.168'. [ 164.363487][ T6750] FAULT_INJECTION: forcing a failure. [ 164.363487][ T6750] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 164.384180][ T6750] CPU: 1 UID: 0 PID: 6750 Comm: syz.3.171 Not tainted syzkaller #0 PREEMPT(full) [ 164.384222][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 164.384248][ T6750] Call Trace: [ 164.384258][ T6750] [ 164.384270][ T6750] dump_stack_lvl+0x100/0x190 [ 164.384329][ T6750] should_fail_ex.cold+0x5/0xa [ 164.384363][ T6750] ? prepare_alloc_pages+0x16d/0x5f0 [ 164.384424][ T6750] should_fail_alloc_page+0xeb/0x140 [ 164.384465][ T6750] prepare_alloc_pages+0x1f0/0x5f0 [ 164.384507][ T6750] ? rcu_is_watching+0x12/0xc0 [ 164.384559][ T6750] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 164.384616][ T6750] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 164.384691][ T6750] ? find_held_lock+0x2b/0x80 [ 164.384733][ T6750] ? rcu_read_unlock+0x17/0x60 [ 164.384776][ T6750] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 164.384829][ T6750] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 164.384887][ T6750] ? rcu_is_watching+0x12/0xc0 [ 164.384928][ T6750] ? trace_mm_page_alloc+0x163/0x1d0 [ 164.384974][ T6750] ? __lock_acquire+0x4a5/0x2630 [ 164.385004][ T6750] ? css_rstat_updated+0x1ce/0x5a0 [ 164.385060][ T6750] ? __lock_acquire+0x4a5/0x2630 [ 164.385089][ T6750] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 164.385139][ T6750] ? policy_nodemask+0xed/0x4f0 [ 164.385181][ T6750] alloc_pages_mpol+0x1fb/0x540 [ 164.385222][ T6750] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 164.385261][ T6750] ? find_held_lock+0x2b/0x80 [ 164.385301][ T6750] ? __pud_alloc+0x4f6/0x690 [ 164.385342][ T6750] ? __pud_alloc+0x4f6/0x690 [ 164.385386][ T6750] alloc_pages_noprof+0x1a/0x160 [ 164.385432][ T6750] __pmd_alloc+0x3b/0x950 [ 164.385475][ T6750] ? __pud_alloc+0x4fb/0x690 [ 164.385520][ T6750] walk_to_pmd+0x3a3/0x4c0 [ 164.385575][ T6750] get_locked_pte+0x25/0xc0 [ 164.385622][ T6750] map_ldt_struct+0x3c1/0xa70 [ 164.385675][ T6750] ? __pfx_map_ldt_struct+0x10/0x10 [ 164.385721][ T6750] ? alloc_pages_noprof+0xf9/0x160 [ 164.385771][ T6750] write_ldt+0x6d3/0xd40 [ 164.385819][ T6750] ? __pfx_write_ldt+0x10/0x10 [ 164.385863][ T6750] ? xfd_validate_state+0x129/0x190 [ 164.385895][ T6750] ? ksys_write+0x1ac/0x250 [ 164.385944][ T6750] __x64_sys_modify_ldt+0xb1/0x170 [ 164.385988][ T6750] do_syscall_64+0x10b/0xf80 [ 164.386039][ T6750] ? clear_bhb_loop+0x40/0x90 [ 164.386080][ T6750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.386114][ T6750] RIP: 0033:0x7fda86d9ce59 [ 164.386147][ T6750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.386184][ T6750] RSP: 002b:00007fda87bed028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 164.386215][ T6750] RAX: ffffffffffffffda RBX: 00007fda87015fa0 RCX: 00007fda86d9ce59 [ 164.386237][ T6750] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000001 [ 164.386257][ T6750] RBP: 00007fda86e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 164.386276][ T6750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.386301][ T6750] R13: 00007fda87016038 R14: 00007fda87015fa0 R15: 00007ffeb6dbb378 [ 164.386345][ T6750] [ 165.692914][ T30] audit: type=1800 audit(1779325097.159:19): pid=6760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.172" name="file0" dev="tmpfs" ino=244 res=0 errno=0 [ 167.783717][ T6796] netlink: 28 bytes leftover after parsing attributes in process `syz.0.177'. [ 167.917205][ T30] audit: type=1800 audit(1779325099.389:20): pid=6791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.178" name="file0" dev="tmpfs" ino=249 res=0 errno=0 [ 169.963333][ T30] audit: type=1800 audit(1779325101.429:21): pid=6819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.180" name="file0" dev="tmpfs" ino=255 res=0 errno=0 [ 170.194703][ T6837] vivid-007: ================= START STATUS ================= [ 170.235831][ T6837] vivid-007: Generate PTS: true [ 170.258416][ T6837] vivid-007: Generate SCR: true [ 170.271885][ T6830] netlink: zone id is out of range [ 170.296470][ T6830] netlink: zone id is out of range [ 170.309076][ T6830] netlink: zone id is out of range [ 170.316060][ T6840] netlink: 4 bytes leftover after parsing attributes in process `syz.2.183'. [ 170.329933][ T6830] netlink: zone id is out of range [ 170.346651][ T6837] tpg source WxH: 320x240 (Y'CbCr) [ 170.352008][ T6837] tpg field: 1 [ 170.356488][ T6830] netlink: zone id is out of range [ 170.365326][ T6837] tpg crop: (0,0)/320x240 [ 170.371689][ T6837] tpg compose: (0,0)/320x240 [ 170.376885][ T6830] netlink: zone id is out of range [ 170.382202][ T6837] tpg colorspace: 8 [ 170.399119][ T6830] netlink: zone id is out of range [ 170.414109][ T6830] netlink: zone id is out of range [ 170.419777][ T6837] tpg transfer function: 0/0 [ 170.426803][ T6830] netlink: zone id is out of range [ 170.432382][ T6840] netlink: ct family unspecified [ 170.458552][ T6837] tpg Y'CbCr encoding: 0/0 [ 170.485701][ T6837] tpg quantization: 0/0 [ 170.515901][ T6837] tpg RGB range: 0/2 [ 170.548201][ T6837] vivid-007: ================== END STATUS ================== [ 171.793945][ T30] audit: type=1800 audit(1779325103.259:22): pid=6859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.185" name="file0" dev="tmpfs" ino=249 res=0 errno=0 [ 172.933375][ T6883] netlink: 28 bytes leftover after parsing attributes in process `syz.2.187'. [ 174.820302][ T6910] program syz.3.191 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 175.311121][ T6920] vivid-007: ================= START STATUS ================= [ 175.360730][ T6920] vivid-007: Generate PTS: true [ 175.379124][ T6920] vivid-007: Generate SCR: true [ 175.396822][ T6920] tpg source WxH: 320x240 (Y'CbCr) [ 175.413617][ T6920] tpg field: 1 [ 175.460041][ T6924] netlink: 4 bytes leftover after parsing attributes in process `syz.3.193'. [ 175.492560][ T6920] tpg crop: (0,0)/320x240 [ 175.515313][ T6920] tpg compose: (0,0)/320x240 [ 175.565069][ T6920] tpg colorspace: 8 [ 175.591563][ T6920] tpg transfer function: 0/0 [ 175.620282][ T6924] net_ratelimit: 96 callbacks suppressed [ 175.620310][ T6924] netlink: ct family unspecified [ 175.673376][ T6920] tpg Y'CbCr encoding: 0/0 [ 175.696192][ T6920] tpg quantization: 0/0 [ 175.721100][ T6928] netlink: 28 bytes leftover after parsing attributes in process `syz.0.192'. [ 175.724392][ T6920] tpg RGB range: 0/2 [ 175.763818][ T6920] vivid-007: ================== END STATUS ================== [ 176.007302][ T6938] random: crng reseeded on system resumption [ 176.072655][ T6938] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 177.201163][ T30] audit: type=1800 audit(1779325108.669:23): pid=6952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.197" name="file0" dev="tmpfs" ino=277 res=0 errno=0 [ 177.705658][ T6958] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 177.769667][ T6958] process 'syz.2.199' launched ':,' with NULL argv: empty string added [ 178.209655][ T30] audit: type=1800 audit(1779325109.679:24): pid=6969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.200" name="file0" dev="tmpfs" ino=280 res=0 errno=0 [ 180.645385][ T7006] program syz.2.206 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 180.783178][ T7011] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 181.896455][ T30] audit: type=1800 audit(1779325113.359:25): pid=7022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.211" name="file0" dev="tmpfs" ino=293 res=0 errno=0 [ 182.739440][ T7040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.214'. [ 182.762180][ T7040] netlink: ct family unspecified [ 183.434525][ T7048] program syz.1.215 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.559764][ T7050] program syz.3.216 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.958828][ T7065] netlink: zone id is out of range [ 183.970889][ T7065] netlink: zone id is out of range [ 183.976969][ T7065] netlink: zone id is out of range [ 183.982288][ T7065] netlink: zone id is out of range [ 183.992814][ T7065] netlink: zone id is out of range [ 184.010481][ T7065] netlink: zone id is out of range [ 184.022426][ T7065] netlink: zone id is out of range [ 184.044344][ T7071] netlink: 28 bytes leftover after parsing attributes in process `syz.1.218'. [ 184.055683][ T7065] netlink: zone id is out of range [ 184.069474][ T7065] netlink: zone id is out of range [ 185.403798][ T30] audit: type=1800 audit(1779325116.869:26): pid=7082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.222" name="file0" dev="tmpfs" ino=306 res=0 errno=0 [ 185.749086][ T30] audit: type=1800 audit(1779325117.219:27): pid=7085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.223" name="file0" dev="tmpfs" ino=315 res=0 errno=0 [ 186.410227][ T30] audit: type=1800 audit(1779325117.879:28): pid=7098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.225" name="file0" dev="tmpfs" ino=322 res=0 errno=0 [ 191.212270][ T7172] vivid-007: ================= START STATUS ================= [ 191.220259][ T7172] vivid-007: Generate PTS: true [ 191.225283][ T7172] vivid-007: Generate SCR: true [ 191.236552][ T7172] tpg source WxH: 320x240 (Y'CbCr) [ 191.241783][ T7172] tpg field: 1 [ 191.245321][ T7172] tpg crop: (0,0)/320x240 [ 191.251518][ T7172] tpg compose: (0,0)/320x240 [ 191.256271][ T7172] tpg colorspace: 8 [ 191.290415][ T7172] tpg transfer function: 0/0 [ 191.311363][ T7172] tpg Y'CbCr encoding: 0/0 [ 191.323961][ T7172] tpg quantization: 0/0 [ 191.366190][ T7173] netlink: 4 bytes leftover after parsing attributes in process `syz.1.238'. [ 191.394601][ T7172] tpg RGB range: 0/2 [ 191.424760][ T7172] vivid-007: ================== END STATUS ================== [ 191.546442][ T7172] net_ratelimit: 43 callbacks suppressed [ 191.546466][ T7172] netlink: ct family unspecified [ 191.873392][ T30] audit: type=1800 audit(1779325123.339:29): pid=7179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.240" name="file0" dev="tmpfs" ino=333 res=0 errno=0 [ 192.860011][ T7194] netlink: 342 bytes leftover after parsing attributes in process `syz.3.242'. [ 192.919450][ T30] audit: type=1800 audit(1779325124.389:30): pid=7192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.241" name="file0" dev="tmpfs" ino=319 res=0 errno=0 [ 194.024691][ T7209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.245'. [ 194.057500][ T7209] netlink: ct family unspecified [ 194.554899][ T7216] netlink: 28 bytes leftover after parsing attributes in process `syz.3.246'. [ 194.573603][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.582087][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.287580][ T7224] netlink: 32 bytes leftover after parsing attributes in process `syz.2.250'. [ 195.689094][ T7229] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 195.896780][ T30] audit: type=1800 audit(1779325127.369:31): pid=7239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.252" name="file0" dev="tmpfs" ino=353 res=0 errno=0 [ 196.519842][ T7250] random: crng reseeded on system resumption [ 197.092514][ T7263] FAULT_INJECTION: forcing a failure. [ 197.092514][ T7263] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 197.109382][ T7263] CPU: 0 UID: 0 PID: 7263 Comm: syz.2.259 Not tainted syzkaller #0 PREEMPT(full) [ 197.109428][ T7263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 197.109444][ T7263] Call Trace: [ 197.109453][ T7263] [ 197.109464][ T7263] dump_stack_lvl+0x100/0x190 [ 197.109499][ T7263] should_fail_ex.cold+0x5/0xa [ 197.109529][ T7263] ? prepare_alloc_pages+0x16d/0x5f0 [ 197.109566][ T7263] should_fail_alloc_page+0xeb/0x140 [ 197.109604][ T7263] prepare_alloc_pages+0x1f0/0x5f0 [ 197.109643][ T7263] ? process_measurement+0x4c8/0x2350 [ 197.109695][ T7263] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 197.109749][ T7263] ? up_write+0x28c/0x4f0 [ 197.109789][ T7263] ? process_measurement+0x1f4/0x2350 [ 197.109842][ T7263] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 197.109877][ T7263] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 197.109914][ T7263] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 197.109970][ T7263] ? __lock_acquire+0x4a5/0x2630 [ 197.110008][ T7263] ? __lock_acquire+0x4a5/0x2630 [ 197.110042][ T7263] ? vma_is_special_huge+0x23f/0x2d0 [ 197.110078][ T7263] ? __pfx_vma_is_special_huge+0x10/0x10 [ 197.110116][ T7263] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 197.110165][ T7263] ? policy_nodemask+0xed/0x4f0 [ 197.110211][ T7263] alloc_pages_mpol+0x1fb/0x540 [ 197.110251][ T7263] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 197.110289][ T7263] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 197.110336][ T7263] ? __pfx___thp_vma_allowable_orders+0x10/0x10 [ 197.110383][ T7263] alloc_pages_noprof+0x1a/0x160 [ 197.110433][ T7263] __pmd_alloc+0x3b/0x950 [ 197.110479][ T7263] __handle_mm_fault+0xa9c/0x2a00 [ 197.110554][ T7263] ? mt_find+0x45e/0x8e0 [ 197.110587][ T7263] ? __pfx___handle_mm_fault+0x10/0x10 [ 197.110634][ T7263] ? __pfx_mt_find+0x10/0x10 [ 197.110688][ T7263] ? find_vma+0xbf/0x140 [ 197.110723][ T7263] ? __pfx_find_vma+0x10/0x10 [ 197.110763][ T7263] handle_mm_fault+0x36d/0xa20 [ 197.110820][ T7263] do_user_addr_fault+0x74c/0x12f0 [ 197.110866][ T7263] ? trace_page_fault_kernel+0x7a/0x200 [ 197.110909][ T7263] exc_page_fault+0x6f/0xd0 [ 197.110959][ T7263] asm_exc_page_fault+0x26/0x30 [ 197.110992][ T7263] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 197.111033][ T7263] Code: 9b 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 197.111063][ T7263] RSP: 0018:ffffc9000322fd48 EFLAGS: 00050206 [ 197.111091][ T7263] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000000000d0 [ 197.111109][ T7263] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc9000322fda8 [ 197.111127][ T7263] RBP: 00000000000000d0 R08: 0000000000000001 R09: fffff52000645fce [ 197.111145][ T7263] R10: ffffc9000322fe77 R11: 0000000000000000 R12: 0000000000000000 [ 197.111163][ T7263] R13: ffffc9000322fda8 R14: 0000000000000000 R15: 0000000000000131 [ 197.111202][ T7263] _copy_from_user+0x98/0xd0 [ 197.111237][ T7263] __do_sys_clock_adjtime+0x98/0x290 [ 197.111275][ T7263] ? __pfx___do_sys_clock_adjtime+0x10/0x10 [ 197.111312][ T7263] ? __pfx_do_sys_openat2+0x10/0x10 [ 197.111377][ T7263] ? __pfx_ksys_write+0x10/0x10 [ 197.111418][ T7263] ? rcu_is_watching+0x12/0xc0 [ 197.111462][ T7263] do_syscall_64+0x10b/0xf80 [ 197.111509][ T7263] ? clear_bhb_loop+0x40/0x90 [ 197.111547][ T7263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.111578][ T7263] RIP: 0033:0x7fa837d9ce59 [ 197.111604][ T7263] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 197.111634][ T7263] RSP: 002b:00007fa838c4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000131 [ 197.111662][ T7263] RAX: ffffffffffffffda RBX: 00007fa838015fa0 RCX: 00007fa837d9ce59 [ 197.111695][ T7263] RDX: 0000000000000000 RSI: 0000000000000000 RDI: fffffffffffffffb [ 197.111713][ T7263] RBP: 00007fa838c4f090 R08: 0000000000000000 R09: 0000000000000000 [ 197.111732][ T7263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.111749][ T7263] R13: 00007fa838016038 R14: 00007fa838015fa0 R15: 00007ffc77786b58 [ 197.111790][ T7263] [ 198.642576][ T30] audit: type=1800 audit(1779325130.109:32): pid=7286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.262" name="file0" dev="tmpfs" ino=350 res=0 errno=0 [ 199.646059][ T7308] vivid-007: ================= START STATUS ================= [ 199.686815][ T7308] vivid-007: Generate PTS: true [ 199.706451][ T7308] vivid-007: Generate SCR: true [ 199.736824][ T7308] tpg source WxH: 320x240 (Y'CbCr) [ 199.759910][ T7312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.267'. [ 199.768782][ T7308] tpg field: 1 [ 199.768802][ T7308] tpg crop: (0,0)/320x240 [ 199.768824][ T7308] tpg compose: (0,0)/320x240 [ 199.768845][ T7308] tpg colorspace: 8 [ 199.768858][ T7308] tpg transfer function: 0/0 [ 199.768873][ T7308] tpg Y'CbCr encoding: 0/0 [ 199.768888][ T7308] tpg quantization: 0/0 [ 199.768909][ T7308] tpg RGB range: 0/2 [ 199.768925][ T7308] vivid-007: ================== END STATUS ================== [ 199.882069][ T7308] netlink: ct family unspecified [ 201.299964][ T30] audit: type=1800 audit(1779325132.759:33): pid=7330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.270" name="file0" dev="tmpfs" ino=391 res=0 errno=0 [ 201.970009][ T7337] Invalid ELF header magic: != ELF [ 202.242033][ T7343] syz.3.274 uses obsolete (PF_INET,SOCK_PACKET) [ 205.145760][ T7377] netlink: zone id is out of range [ 205.169371][ T7377] netlink: zone id is out of range [ 205.184314][ T7377] netlink: zone id is out of range [ 205.203872][ T7377] netlink: zone id is out of range [ 205.253453][ T7377] netlink: zone id is out of range [ 205.259147][ T7377] netlink: zone id is out of range [ 205.265950][ T7377] netlink: zone id is out of range [ 205.285868][ T7377] netlink: zone id is out of range [ 205.305809][ T7377] netlink: zone id is out of range [ 205.320483][ T7377] netlink: zone id is out of range [ 205.473260][ T30] audit: type=1800 audit(1779325136.939:34): pid=7384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.281" name="file0" dev="tmpfs" ino=387 res=0 errno=0 [ 205.859564][ T7388] netlink: 4 bytes leftover after parsing attributes in process `syz.1.282'. [ 207.370276][ T7412] program syz.0.287 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 208.279414][ T30] audit: type=1800 audit(1779325139.749:35): pid=7417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.288" name="file0" dev="tmpfs" ino=393 res=0 errno=0 [ 209.171413][ T7433] vivid-007: ================= START STATUS ================= [ 209.179532][ T7433] vivid-007: Generate PTS: true [ 209.206635][ T7433] vivid-007: Generate SCR: true [ 209.206673][ T7433] tpg source WxH: 320x240 (Y'CbCr) [ 209.277955][ T7433] tpg field: 1 [ 209.299372][ T7433] tpg crop: (0,0)/320x240 [ 209.321061][ T7433] tpg compose: (0,0)/320x240 [ 209.346565][ T7433] tpg colorspace: 8 [ 209.378259][ T7433] tpg transfer function: 0/0 [ 209.401831][ T7433] tpg Y'CbCr encoding: 0/0 [ 209.433336][ T7433] tpg quantization: 0/0 [ 209.507255][ T7433] tpg RGB range: 0/2 [ 209.559746][ T7433] vivid-007: ================== END STATUS ================== [ 211.988699][ T5637] Bluetooth: hci3: command 0x0406 tx timeout [ 211.996998][ T5632] Bluetooth: hci1: command 0x0406 tx timeout [ 211.997928][ T5644] Bluetooth: hci2: command 0x0406 tx timeout [ 212.007743][ T5637] Bluetooth: hci0: command 0x0406 tx timeout [ 212.074136][ T7452] netlink: 'syz.3.295': attribute type 23 has an invalid length. [ 212.462490][ T7471] vivid-007: ================= START STATUS ================= [ 212.520162][ T7471] vivid-007: Generate PTS: true [ 212.537264][ T7471] vivid-007: Generate SCR: true [ 212.578173][ T7471] tpg source WxH: 320x240 (Y'CbCr) [ 212.616535][ T7471] tpg field: 1 [ 212.625982][ T7471] tpg crop: (0,0)/320x240 [ 212.638846][ T7471] tpg compose: (0,0)/320x240 [ 212.669875][ T7471] tpg colorspace: 8 [ 212.684458][ T7471] tpg transfer function: 0/0 [ 212.713650][ T7471] tpg Y'CbCr encoding: 0/0 [ 212.744130][ T7471] tpg quantization: 0/0 [ 212.769876][ T7471] tpg RGB range: 0/2 [ 212.801331][ T7474] net_ratelimit: 108 callbacks suppressed [ 212.801357][ T7474] netlink: ct family unspecified [ 212.844271][ T7471] vivid-007: ================== END STATUS ================== [ 213.129672][ T7484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.301'. [ 213.171537][ T7484] netlink: ct family unspecified [ 213.515096][ T7492] netlink: zone id is out of range [ 213.533036][ T7492] netlink: zone id is out of range [ 213.550842][ T7492] netlink: zone id is out of range [ 213.566294][ T7492] netlink: zone id is out of range [ 213.572752][ T7492] netlink: zone id is out of range [ 213.580606][ T7492] netlink: zone id is out of range [ 213.589505][ T7492] netlink: zone id is out of range [ 213.640011][ T7492] netlink: zone id is out of range [ 214.405198][ T7502] program syz.0.304 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.660474][ T7504] NFSD: Failed to start, no listeners configured. [ 214.719736][ T7510] vivid-007: ================= START STATUS ================= [ 214.732612][ T7510] vivid-007: Generate PTS: true [ 214.739126][ T7510] vivid-007: Generate SCR: true [ 214.744576][ T7510] tpg source WxH: 320x240 (Y'CbCr) [ 214.751759][ T7510] tpg field: 1 [ 214.756175][ T7510] tpg crop: (0,0)/320x240 [ 214.807466][ T7510] tpg compose: (0,0)/320x240 [ 214.819299][ T7510] tpg colorspace: 8 [ 214.823468][ T7510] tpg transfer function: 0/0 [ 214.828784][ T7510] tpg Y'CbCr encoding: 0/0 [ 214.833438][ T7510] tpg quantization: 0/0 [ 214.847991][ T7510] tpg RGB range: 0/2 [ 214.852200][ T7510] vivid-007: ================== END STATUS ================== [ 217.778860][ T5634] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 219.827979][ T5634] Bluetooth: hci1: command 0x0406 tx timeout [ 220.324506][ T30] audit: type=1800 audit(1779325151.789:36): pid=7588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.321" name="file0" dev="tmpfs" ino=423 res=0 errno=0 [ 221.492973][ T7609] FAULT_INJECTION: forcing a failure. [ 221.492973][ T7609] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 221.552317][ T7609] CPU: 1 UID: 0 PID: 7609 Comm: syz.3.325 Not tainted syzkaller #0 PREEMPT(full) [ 221.552357][ T7609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 221.552375][ T7609] Call Trace: [ 221.552385][ T7609] [ 221.552397][ T7609] dump_stack_lvl+0x100/0x190 [ 221.552438][ T7609] should_fail_ex.cold+0x5/0xa [ 221.552479][ T7609] _copy_to_user+0x32/0xd0 [ 221.552521][ T7609] simple_read_from_buffer+0xcb/0x170 [ 221.552563][ T7609] proc_fail_nth_read+0x1af/0x230 [ 221.552615][ T7609] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 221.552678][ T7609] ? rw_verify_area+0xce/0x6d0 [ 221.552711][ T7609] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 221.552763][ T7609] vfs_read+0x1e4/0xb30 [ 221.552806][ T7609] ? __pfx_vfs_read+0x10/0x10 [ 221.552841][ T7609] ? __fget_files+0x215/0x3d0 [ 221.552890][ T7609] ? __fget_files+0x21f/0x3d0 [ 221.552940][ T7609] ksys_read+0x12a/0x250 [ 221.552977][ T7609] ? __pfx_ksys_read+0x10/0x10 [ 221.553018][ T7609] ? rcu_is_watching+0x12/0xc0 [ 221.553063][ T7609] do_syscall_64+0x10b/0xf80 [ 221.553114][ T7609] ? clear_bhb_loop+0x40/0x90 [ 221.553154][ T7609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.553187][ T7609] RIP: 0033:0x7fda86d5d68e [ 221.553212][ T7609] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 221.553242][ T7609] RSP: 002b:00007fda87b89fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 221.553272][ T7609] RAX: ffffffffffffffda RBX: 00007fda87b8a6c0 RCX: 00007fda86d5d68e [ 221.553294][ T7609] RDX: 000000000000000f RSI: 00007fda87b8a0a0 RDI: 0000000000000006 [ 221.553312][ T7609] RBP: 00007fda87b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 221.553331][ T7609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.553349][ T7609] R13: 00007fda87016308 R14: 00007fda87016270 R15: 00007ffeb6dbb378 [ 221.553392][ T7609] [ 221.908234][ T4945] Bluetooth: hci1: command 0x0406 tx timeout [ 221.979751][ T5634] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 222.576673][ T7621] net_ratelimit: 50 callbacks suppressed [ 222.576692][ T7621] netlink: zone id is out of range [ 222.624577][ T7621] netlink: zone id is out of range [ 222.632172][ T7621] netlink: zone id is out of range [ 222.640359][ T7621] netlink: zone id is out of range [ 222.647726][ T7621] netlink: zone id is out of range [ 222.656819][ T7621] netlink: zone id is out of range [ 222.665503][ T7621] netlink: zone id is out of range [ 222.680889][ T7621] netlink: zone id is out of range [ 222.695833][ T7621] netlink: zone id is out of range [ 222.713919][ T7621] netlink: zone id is out of range [ 222.833443][ T7631] FAULT_INJECTION: forcing a failure. [ 222.833443][ T7631] name failslab, interval 1, probability 0, space 0, times 1 [ 222.858311][ T7631] CPU: 0 UID: 0 PID: 7631 Comm: syz.2.329 Not tainted syzkaller #0 PREEMPT(full) [ 222.858355][ T7631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 222.858375][ T7631] Call Trace: [ 222.858386][ T7631] [ 222.858398][ T7631] dump_stack_lvl+0x100/0x190 [ 222.858440][ T7631] should_fail_ex.cold+0x5/0xa [ 222.858483][ T7631] ? memcg_list_lru_alloc+0x4ec/0x740 [ 222.858525][ T7631] should_failslab+0xc2/0x120 [ 222.858567][ T7631] __kmalloc_noprof+0xe0/0x850 [ 222.858600][ T7631] ? __lock_acquire+0x4a5/0x2630 [ 222.858640][ T7631] memcg_list_lru_alloc+0x4ec/0x740 [ 222.858684][ T7631] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 222.858739][ T7631] __memcg_slab_post_alloc_hook+0x27e/0xff0 [ 222.858798][ T7631] ? kasan_save_track+0x14/0x30 [ 222.858838][ T7631] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 222.858893][ T7631] ? __d_alloc+0x34/0xa40 [ 222.858946][ T7631] __d_alloc+0x34/0xa40 [ 222.858999][ T7631] d_alloc_pseudo+0x1c/0xc0 [ 222.859031][ T7631] alloc_file_pseudo_noaccount+0xcf/0x230 [ 222.859088][ T7631] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 222.859149][ T7631] ? iput+0x3a/0x40 [ 222.859202][ T7631] bdev_file_open_by_dev+0x13a/0x210 [ 222.859246][ T7631] blkdev_bszset+0x170/0x240 [ 222.859287][ T7631] ? __pfx_blkdev_bszset+0x10/0x10 [ 222.859329][ T7631] ? find_held_lock+0x2b/0x80 [ 222.859373][ T7631] ? __fget_files+0x215/0x3d0 [ 222.859409][ T7631] ? hook_file_ioctl_common+0x149/0x410 [ 222.859453][ T7631] blkdev_ioctl+0x513/0x6f0 [ 222.859503][ T7631] ? __pfx_blkdev_ioctl+0x10/0x10 [ 222.859552][ T7631] ? __pfx_blkdev_ioctl+0x10/0x10 [ 222.859600][ T7631] __x64_sys_ioctl+0x18e/0x210 [ 222.859639][ T7631] do_syscall_64+0x10b/0xf80 [ 222.859693][ T7631] ? clear_bhb_loop+0x40/0x90 [ 222.859735][ T7631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.859770][ T7631] RIP: 0033:0x7fa837d9ce59 [ 222.859798][ T7631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 222.859829][ T7631] RSP: 002b:00007fa838c4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.859860][ T7631] RAX: ffffffffffffffda RBX: 00007fa838015fa0 RCX: 00007fa837d9ce59 [ 222.859883][ T7631] RDX: 00002000000000c0 RSI: 0000000040081271 RDI: 0000000000000003 [ 222.859905][ T7631] RBP: 00007fa837e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 222.859925][ T7631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.859944][ T7631] R13: 00007fa838016038 R14: 00007fa838015fa0 R15: 00007ffc77786b58 [ 222.859988][ T7631] [ 223.362871][ T7615] random: crng reseeded on system resumption [ 224.067218][ T5634] Bluetooth: hci2: command 0x0406 tx timeout [ 225.445777][ T7641] kexec: Could not allocate control_code_buffer [ 226.156567][ T5634] Bluetooth: hci2: command 0x0406 tx timeout [ 226.577582][ T30] audit: type=1800 audit(1779325158.039:37): pid=7665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.335" name="file0" dev="tmpfs" ino=464 res=0 errno=0 [ 227.126873][ T30] audit: type=1800 audit(1779325158.599:38): pid=7674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.338" name="file0" dev="tmpfs" ino=446 res=0 errno=0 [ 228.457549][ T7685] vivid-007: ================= START STATUS ================= [ 228.508918][ T7685] vivid-007: Generate PTS: true [ 228.558980][ T7685] vivid-007: Generate SCR: true [ 228.612838][ T7685] tpg source WxH: 320x240 (Y'CbCr) [ 228.643485][ T7685] tpg field: 1 [ 228.656490][ T7685] tpg crop: (0,0)/320x240 [ 228.693538][ T7685] tpg compose: (0,0)/320x240 [ 228.744664][ T7685] tpg colorspace: 8 [ 228.771274][ T7685] tpg transfer function: 0/0 [ 228.793566][ T7685] tpg Y'CbCr encoding: 0/0 [ 228.826668][ T7687] net_ratelimit: 107 callbacks suppressed [ 228.826688][ T7687] netlink: ct family unspecified [ 228.861942][ T7685] tpg quantization: 0/0 [ 228.889242][ T7685] tpg RGB range: 0/2 [ 228.929374][ T7685] vivid-007: ================== END STATUS ================== [ 231.098061][ T30] audit: type=1800 audit(1779325162.579:39): pid=7709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.343" name="file0" dev="tmpfs" ino=470 res=0 errno=0 [ 232.883390][ T7729] netlink: 252 bytes leftover after parsing attributes in process `syz.1.348'. [ 233.311873][ T30] audit: type=1800 audit(1779325164.779:40): pid=7732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.349" name="file0" dev="tmpfs" ino=494 res=0 errno=0 [ 235.207512][ T30] audit: type=1800 audit(1779325166.669:41): pid=7751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.352" name="file0" dev="tmpfs" ino=468 res=0 errno=0 [ 236.201722][ T7760] program syz.0.354 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 236.673111][ T7763] netlink: 334 bytes leftover after parsing attributes in process `syz.0.355'. [ 238.446320][ T7776] FAULT_INJECTION: forcing a failure. [ 238.446320][ T7776] name fail_futex, interval 1, probability 0, space 0, times 1 [ 238.486280][ T7776] CPU: 1 UID: 0 PID: 7776 Comm: syz.2.357 Not tainted syzkaller #0 PREEMPT(full) [ 238.486320][ T7776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 238.486337][ T7776] Call Trace: [ 238.486347][ T7776] [ 238.486362][ T7776] dump_stack_lvl+0x100/0x190 [ 238.486402][ T7776] should_fail_ex.cold+0x5/0xa [ 238.486440][ T7776] get_futex_key+0x1d2/0x1510 [ 238.486474][ T7776] ? __pfx_get_futex_key+0x10/0x10 [ 238.486503][ T7776] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 238.486541][ T7776] ? __pfx_filemap_map_pages+0x10/0x10 [ 238.486589][ T7776] ? do_fault+0x644/0x1750 [ 238.486634][ T7776] futex_wake+0xea/0x530 [ 238.486670][ T7776] ? __handle_mm_fault+0x4ef/0x2a00 [ 238.486720][ T7776] ? __pfx_futex_wake+0x10/0x10 [ 238.486760][ T7776] ? __lock_acquire+0x4a5/0x2630 [ 238.486790][ T7776] ? __pfx___handle_mm_fault+0x10/0x10 [ 238.486836][ T7776] ? __pfx_css_rstat_updated+0x10/0x10 [ 238.486893][ T7776] do_futex+0x32b/0x350 [ 238.486927][ T7776] ? __pfx_do_futex+0x10/0x10 [ 238.486957][ T7776] ? find_held_lock+0x2b/0x80 [ 238.486996][ T7776] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 238.487096][ T7776] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 238.487195][ T7776] __x64_sys_futex+0x34f/0x4d0 [ 238.487237][ T7776] ? __pfx___x64_sys_futex+0x10/0x10 [ 238.487282][ T7776] ? rcu_is_watching+0x12/0xc0 [ 238.487327][ T7776] do_syscall_64+0x10b/0xf80 [ 238.487378][ T7776] ? clear_bhb_loop+0x40/0x90 [ 238.487418][ T7776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.487451][ T7776] RIP: 0033:0x7fa837d9ce59 [ 238.487477][ T7776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.487508][ T7776] RSP: 002b:00007ffc77786cb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 238.487538][ T7776] RAX: ffffffffffffffda RBX: 00000000000001e0 RCX: 00007fa837d9ce59 [ 238.487558][ T7776] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa838016188 [ 238.487577][ T7776] RBP: 0000000000001d85 R08: 0000000000000001 R09: 0000000000000000 [ 238.487595][ T7776] R10: 00007fa838015fa0 R11: 0000000000000246 R12: 0000000000000002 [ 238.487612][ T7776] R13: 00007fa83801618c R14: 00007fa838016188 R15: 00007fa838016180 [ 238.487653][ T7776] [ 239.686223][ T7785] netlink: zone id is out of range [ 239.745973][ T7785] netlink: zone id is out of range [ 239.776635][ T7785] netlink: zone id is out of range [ 239.805968][ T7785] netlink: zone id is out of range [ 239.842078][ T7785] netlink: zone id is out of range [ 239.855781][ T7785] netlink: zone id is out of range [ 239.873066][ T7785] netlink: zone id is out of range [ 239.894681][ T7785] netlink: zone id is out of range [ 239.909847][ T7785] netlink: zone id is out of range [ 239.929757][ T7785] netlink: zone id is out of range [ 241.337638][ T7808] random: crng reseeded on system resumption [ 241.859728][ T7810] hub 1-0:1.0: USB hub found [ 241.872951][ T7810] hub 1-0:1.0: 1 port detected [ 244.302977][ T7843] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 245.171187][ T30] audit: type=1800 audit(1779325176.639:42): pid=7848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.368" name="file0" dev="tmpfs" ino=525 res=0 errno=0 [ 247.056299][ T30] audit: type=1800 audit(1779325178.519:43): pid=7869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.372" name="file0" dev="tmpfs" ino=484 res=0 errno=0 [ 247.855259][ T30] audit: type=1800 audit(1779325179.319:44): pid=7888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.374" name="file0" dev="tmpfs" ino=501 res=0 errno=0 [ 248.791503][ T7894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.375'. [ 248.850073][ T7895] binder: 7893:7895 ioctl c018620c 200000000440 returned -22 [ 249.127915][ T7895] netlink: 326 bytes leftover after parsing attributes in process `syz.0.375'. [ 250.233824][ T7909] vivid-007: ================= START STATUS ================= [ 250.255442][ T7909] vivid-007: Generate PTS: true [ 250.273918][ T7909] vivid-007: Generate SCR: true [ 250.311058][ T7909] tpg source WxH: 320x240 (Y'CbCr) [ 250.334767][ T7909] tpg field: 1 [ 250.342138][ T7909] tpg crop: (0,0)/320x240 [ 250.349213][ T7909] tpg compose: (0,0)/320x240 [ 250.358261][ T7909] tpg colorspace: 8 [ 250.395795][ T7909] tpg transfer function: 0/0 [ 250.426657][ T7909] tpg Y'CbCr encoding: 0/0 [ 250.436898][ T7909] tpg quantization: 0/0 [ 250.444353][ T7909] tpg RGB range: 0/2 [ 250.454444][ T7909] vivid-007: ================== END STATUS ================== [ 250.520778][ T7913] net_ratelimit: 107 callbacks suppressed [ 250.520818][ T7913] netlink: ct family unspecified [ 250.644855][ T7916] netlink: zone id is out of range [ 250.667547][ T7916] netlink: zone id is out of range [ 250.698946][ T7916] netlink: zone id is out of range [ 250.717660][ T7916] netlink: zone id is out of range [ 250.743670][ T7916] netlink: zone id is out of range [ 250.756623][ T7916] netlink: zone id is out of range [ 250.772448][ T7916] netlink: zone id is out of range [ 250.787815][ T7916] netlink: zone id is out of range [ 250.799845][ T7916] netlink: zone id is out of range [ 251.574949][ T7935] vivid-007: ================= START STATUS ================= [ 251.604626][ T7935] vivid-007: Generate PTS: true [ 251.618933][ T7935] vivid-007: Generate SCR: true [ 251.632815][ T7935] tpg source WxH: 320x240 (Y'CbCr) [ 251.646139][ T7935] tpg field: 1 [ 251.655445][ T7935] tpg crop: (0,0)/320x240 [ 251.665953][ T7935] tpg compose: (0,0)/320x240 [ 251.677536][ T7935] tpg colorspace: 8 [ 251.686008][ T7935] tpg transfer function: 0/0 [ 251.700217][ T7935] tpg Y'CbCr encoding: 0/0 [ 251.713516][ T7935] tpg quantization: 0/0 [ 251.725701][ T7935] tpg RGB range: 0/2 [ 251.736994][ T7935] vivid-007: ================== END STATUS ================== [ 252.909990][ T7963] vivid-007: ================= START STATUS ================= [ 252.931391][ T7963] vivid-007: Generate PTS: true [ 252.944404][ T7963] vivid-007: Generate SCR: true [ 252.976249][ T7963] tpg source WxH: 320x240 (Y'CbCr) [ 253.008201][ T7963] tpg field: 1 [ 253.022580][ T7963] tpg crop: (0,0)/320x240 [ 253.037457][ T7963] tpg compose: (0,0)/320x240 [ 253.049979][ T7963] tpg colorspace: 8 [ 253.065882][ T7963] tpg transfer function: 0/0 [ 253.095356][ T7968] netlink: 4 bytes leftover after parsing attributes in process `syz.0.391'. [ 253.106811][ T7963] tpg Y'CbCr encoding: 0/0 [ 253.118127][ T7963] tpg quantization: 0/0 [ 253.141642][ T7963] tpg RGB range: 0/2 [ 253.169920][ T7963] vivid-007: ================== END STATUS ================== [ 254.778840][ T7986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.393'. [ 255.140443][ T7984] HfR: entered promiscuous mode [ 255.401612][ T7986] HfR: left promiscuous mode [ 255.988436][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.995588][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.299645][ T8013] program syz.3.399 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 256.668487][ T30] audit: type=1800 audit(1779325188.139:45): pid=8014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.398" name="file0" dev="tmpfs" ino=551 res=0 errno=0 [ 257.622238][ T8033] net_ratelimit: 112 callbacks suppressed [ 257.622271][ T8033] netlink: zone id is out of range [ 257.660898][ T8033] netlink: zone id is out of range [ 257.681652][ T8033] netlink: zone id is out of range [ 257.700920][ T8033] netlink: zone id is out of range [ 257.719086][ T8033] netlink: zone id is out of range [ 257.730779][ T8033] netlink: zone id is out of range [ 257.753309][ T8033] netlink: zone id is out of range [ 257.772073][ T8033] netlink: zone id is out of range [ 257.793006][ T8033] netlink: zone id is out of range [ 257.803588][ T8033] netlink: zone id is out of range [ 259.575250][ T8066] vivid-007: ================= START STATUS ================= [ 259.608742][ T8066] vivid-007: Generate PTS: true [ 259.651791][ T8066] vivid-007: Generate SCR: true [ 259.678584][ T8066] tpg source WxH: 320x240 (Y'CbCr) [ 259.710113][ T8066] tpg field: 1 [ 259.724111][ T8066] tpg crop: (0,0)/320x240 [ 259.744648][ T8066] tpg compose: (0,0)/320x240 [ 259.790025][ T8066] tpg colorspace: 8 [ 259.820035][ T8066] tpg transfer function: 0/0 [ 259.850204][ T8072] program syz.2.409 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 259.869376][ T8066] tpg Y'CbCr encoding: 0/0 [ 259.894259][ T8066] tpg quantization: 0/0 [ 259.911794][ T8066] tpg RGB range: 0/2 [ 259.922563][ T8066] vivid-007: ================== END STATUS ================== [ 260.847393][ T8082] program syz.0.412 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.710056][ T30] audit: type=1800 audit(1779325193.179:46): pid=8090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.414" name="file0" dev="tmpfs" ino=587 res=0 errno=0 [ 262.189181][ T30] audit: type=1800 audit(1779325193.659:47): pid=8099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.416" name="file0" dev="tmpfs" ino=554 res=0 errno=0 [ 267.554529][ T8170] vivid-007: ================= START STATUS ================= [ 267.597897][ T8170] vivid-007: Generate PTS: true [ 267.618852][ T8170] vivid-007: Generate SCR: true [ 267.657604][ T8170] tpg source WxH: 320x240 (Y'CbCr) [ 267.773057][ T8170] tpg field: 1 [ 267.821096][ T8170] tpg crop: (0,0)/320x240 [ 267.881992][ T8175] net_ratelimit: 52 callbacks suppressed [ 267.882049][ T8175] netlink: ct family unspecified [ 267.940175][ T8170] tpg compose: (0,0)/320x240 [ 267.956434][ T8170] tpg colorspace: 8 [ 267.978422][ T8170] tpg transfer function: 0/0 [ 268.057817][ T8170] tpg Y'CbCr encoding: 0/0 [ 268.108286][ T8170] tpg quantization: 0/0 [ 268.147672][ T8170] tpg RGB range: 0/2 [ 268.194841][ T8170] vivid-007: ================== END STATUS ================== [ 269.534113][ T8195] netlink: ct family unspecified [ 270.421478][ T8213] vivid-007: ================= START STATUS ================= [ 270.449246][ T8213] vivid-007: Generate PTS: true [ 270.466597][ T8213] vivid-007: Generate SCR: true [ 270.478052][ T8213] tpg source WxH: 320x240 (Y'CbCr) [ 270.493049][ T8213] tpg field: 1 [ 270.509847][ T8213] tpg crop: (0,0)/320x240 [ 270.524300][ T8213] tpg compose: (0,0)/320x240 [ 270.584733][ T8213] tpg colorspace: 8 [ 270.603543][ T8213] tpg transfer function: 0/0 [ 270.623272][ T8217] netlink: 28 bytes leftover after parsing attributes in process `syz.0.444'. [ 270.664695][ T8213] tpg Y'CbCr encoding: 0/0 [ 270.698301][ T8213] tpg quantization: 0/0 [ 270.704640][ T8217] netlink: ct family unspecified [ 270.739664][ T8213] tpg RGB range: 0/2 [ 270.758407][ T8213] vivid-007: ================== END STATUS ================== [ 271.447094][ T30] audit: type=1800 audit(1779325202.909:48): pid=8225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.437" name="file0" dev="tmpfs" ino=567 res=0 errno=0 [ 275.603255][ T8277] vivid-007: ================= START STATUS ================= [ 275.611279][ T8277] vivid-007: Generate PTS: true [ 275.616266][ T8277] vivid-007: Generate SCR: true [ 275.621613][ T8277] tpg source WxH: 320x240 (Y'CbCr) [ 275.626905][ T8277] tpg field: 1 [ 275.630440][ T8277] tpg crop: (0,0)/320x240 [ 275.634815][ T8277] tpg compose: (0,0)/320x240 [ 275.639953][ T8277] tpg colorspace: 8 [ 275.644150][ T8277] tpg transfer function: 0/0 [ 275.648963][ T8277] tpg Y'CbCr encoding: 0/0 [ 275.653443][ T8277] tpg quantization: 0/0 [ 275.657748][ T8277] tpg RGB range: 0/2 [ 275.710053][ T8277] vivid-007: ================== END STATUS ================== [ 275.764465][ T8277] netlink: 28 bytes leftover after parsing attributes in process `syz.3.448'. [ 275.825365][ T8277] netlink: ct family unspecified [ 276.562760][ T8297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.454'. [ 276.656797][ T8299] binder: 8295:8299 ioctl c018620c 200000000440 returned -22 [ 276.794002][ T8302] program syz.0.457 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 276.981178][ T8305] netlink: ct family unspecified [ 277.098980][ T8309] HfR: entered promiscuous mode [ 277.139527][ T8309] netlink: 12 bytes leftover after parsing attributes in process `syz.0.459'. [ 277.244625][ T8309] HfR: left promiscuous mode [ 278.069119][ T30] audit: type=1800 audit(1779325209.539:49): pid=8318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.461" name="file0" dev="tmpfs" ino=655 res=0 errno=0 [ 278.139194][ T8324] netlink: zone id is out of range [ 278.161342][ T8324] netlink: zone id is out of range [ 278.176609][ T8324] netlink: zone id is out of range [ 278.198717][ T8324] netlink: zone id is out of range [ 278.220577][ T8324] netlink: zone id is out of range [ 278.255352][ T8324] netlink: zone id is out of range [ 278.264126][ T8324] netlink: zone id is out of range [ 278.278107][ T8332] vivid-007: ================= START STATUS ================= [ 278.307986][ T8324] netlink: zone id is out of range [ 278.316637][ T8332] vivid-007: Generate PTS: true [ 278.334666][ T8332] vivid-007: Generate SCR: true [ 278.352008][ T8332] tpg source WxH: 320x240 (Y'CbCr) [ 278.368256][ T8332] tpg field: 1 [ 278.371948][ T8332] tpg crop: (0,0)/320x240 [ 278.385003][ T8332] tpg compose: (0,0)/320x240 [ 278.417246][ T8332] tpg colorspace: 8 [ 278.433678][ T8336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.465'. [ 278.448270][ T8332] tpg transfer function: 0/0 [ 278.466007][ T8332] tpg Y'CbCr encoding: 0/0 [ 278.481452][ T8332] tpg quantization: 0/0 [ 278.506287][ T8332] tpg RGB range: 0/2 [ 278.529879][ T8332] vivid-007: ================== END STATUS ================== [ 278.699488][ T30] audit: type=1800 audit(1779325210.169:50): pid=8334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.463" name="file0" dev="tmpfs" ino=598 res=0 errno=0 [ 278.906314][ T8341] netlink: 8 bytes leftover after parsing attributes in process `syz.3.466'. [ 278.974686][ T8342] binder: 8340:8342 ioctl c018620c 200000000440 returned -22 [ 281.370591][ T30] audit: type=1800 audit(1779325212.839:51): pid=8372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.471" name="file0" dev="tmpfs" ino=604 res=0 errno=0 [ 281.761630][ T8381] netlink: 4 bytes leftover after parsing attributes in process `syz.3.473'. [ 281.775363][ T8379] netlink: 8 bytes leftover after parsing attributes in process `syz.2.481'. [ 281.805637][ T8381] net_ratelimit: 43 callbacks suppressed [ 281.805668][ T8381] netlink: ct family unspecified [ 281.830289][ T8383] binder: 8378:8383 ioctl c018620c 200000000440 returned -22 [ 282.750156][ T8395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.475'. [ 282.825812][ T8395] binder: 8392:8395 ioctl c018620c 200000000440 returned -22 [ 282.857042][ T8397] vivid-007: ================= START STATUS ================= [ 282.901089][ T8397] vivid-007: Generate PTS: true [ 282.937752][ T8397] vivid-007: Generate SCR: true [ 283.006732][ T8397] tpg source WxH: 320x240 (Y'CbCr) [ 283.050934][ T8402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.476'. [ 283.082091][ T8397] tpg field: 1 [ 283.092059][ T8397] tpg crop: (0,0)/320x240 [ 283.134802][ T8397] tpg compose: (0,0)/320x240 [ 283.182527][ T8397] tpg colorspace: 8 [ 283.217530][ T8397] tpg transfer function: 0/0 [ 283.241976][ T8402] netlink: ct family unspecified [ 283.257493][ T8397] tpg Y'CbCr encoding: 0/0 [ 283.300402][ T8397] tpg quantization: 0/0 [ 283.318222][ T8397] tpg RGB range: 0/2 [ 283.328343][ T8397] vivid-007: ================== END STATUS ================== [ 283.426644][ T30] audit: type=1800 audit(1779325214.899:52): pid=8404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.477" name="file0" dev="tmpfs" ino=610 res=0 errno=0 [ 283.681675][ T30] audit: type=1800 audit(1779325215.149:53): pid=8412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.479" name="file0" dev="tmpfs" ino=653 res=0 errno=0 [ 283.905262][ T8415] netlink: ct family unspecified [ 284.930493][ T8427] HfR: entered promiscuous mode [ 284.957630][ T8427] netlink: 12 bytes leftover after parsing attributes in process `syz.3.483'. [ 285.004639][ T8427] HfR: left promiscuous mode [ 285.892824][ T8446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.487'. [ 285.940589][ T8446] binder: 8442:8446 ioctl c018620c 200000000440 returned -22 [ 286.004428][ T30] audit: type=1800 audit(1779325217.469:54): pid=8444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.486" name="file0" dev="tmpfs" ino=681 res=0 errno=0 [ 286.522899][ T8458] vivid-007: ================= START STATUS ================= [ 286.558007][ T8458] vivid-007: Generate PTS: true [ 286.574501][ T8458] vivid-007: Generate SCR: true [ 286.590876][ T8458] tpg source WxH: 320x240 (Y'CbCr) [ 286.608139][ T8458] tpg field: 1 [ 286.626899][ T8458] tpg crop: (0,0)/320x240 [ 286.648069][ T8458] tpg compose: (0,0)/320x240 [ 286.665177][ T8458] tpg colorspace: 8 [ 286.674520][ T8458] tpg transfer function: 0/0 [ 286.684584][ T8458] tpg Y'CbCr encoding: 0/0 [ 286.701757][ T8458] tpg quantization: 0/0 [ 286.706095][ T8458] tpg RGB range: 0/2 [ 286.710639][ T8458] vivid-007: ================== END STATUS ================== [ 286.719096][ T8462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.489'. [ 286.776289][ T8458] netlink: ct family unspecified [ 286.996091][ T8468] HfR: entered promiscuous mode [ 287.038626][ T8468] netlink: 12 bytes leftover after parsing attributes in process `syz.3.490'. [ 287.076797][ T8468] HfR: left promiscuous mode [ 287.722776][ T8481] netlink: 28 bytes leftover after parsing attributes in process `syz.3.492'. [ 287.744938][ T8480] HfR: entered promiscuous mode [ 287.785427][ T8480] netlink: 12 bytes leftover after parsing attributes in process `syz.1.494'. [ 287.806993][ T8480] HfR: left promiscuous mode [ 288.699315][ T30] audit: type=1800 audit(1779325220.179:55): pid=8489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.495" name="file0" dev="tmpfs" ino=687 res=0 errno=0 [ 289.043141][ T30] audit: type=1800 audit(1779325220.509:56): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.498" name="file0" dev="tmpfs" ino=641 res=0 errno=0 [ 289.153633][ T8493] netlink: 28 bytes leftover after parsing attributes in process `syz.3.497'. [ 289.259642][ T8500] random: crng reseeded on system resumption [ 290.904534][ T8514] program syz.2.501 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 291.115053][ T8517] vivid-007: ================= START STATUS ================= [ 291.124104][ T8517] vivid-007: Generate PTS: true [ 291.130385][ T8517] vivid-007: Generate SCR: true [ 291.135725][ T8517] tpg source WxH: 320x240 (Y'CbCr) [ 291.141340][ T8517] tpg field: 1 [ 291.144790][ T8517] tpg crop: (0,0)/320x240 [ 291.149853][ T8517] tpg compose: (0,0)/320x240 [ 291.154610][ T8517] tpg colorspace: 8 [ 291.160097][ T8517] tpg transfer function: 0/0 [ 291.164787][ T8517] tpg Y'CbCr encoding: 0/0 [ 291.169736][ T8517] tpg quantization: 0/0 [ 291.174205][ T8517] tpg RGB range: 0/2 [ 291.180783][ T8517] vivid-007: ================== END STATUS ================== [ 291.209919][ T8517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.502'. [ 291.242910][ T8517] netlink: ct family unspecified [ 291.734627][ T30] audit: type=1800 audit(1779325223.209:57): pid=8529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.503" name="file0" dev="tmpfs" ino=693 res=0 errno=0 [ 292.596302][ T8538] HfR: entered promiscuous mode [ 292.644933][ T8538] netlink: 12 bytes leftover after parsing attributes in process `syz.3.507'. [ 292.670580][ T8538] HfR: left promiscuous mode [ 293.631321][ T8559] netlink: 12 bytes leftover after parsing attributes in process `syz.3.510'. [ 293.673008][ T8560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.511'. [ 293.771998][ T8556] HfR: entered promiscuous mode [ 293.818436][ T8558] HfR: entered promiscuous mode [ 293.858374][ T8559] HfR: left promiscuous mode [ 293.940930][ T8560] HfR: left promiscuous mode [ 293.999260][ T30] audit: type=1800 audit(1779325225.469:58): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.512" name="file0" dev="tmpfs" ino=699 res=0 errno=0 [ 294.296175][ T8575] vivid-007: ================= START STATUS ================= [ 294.341526][ T8575] vivid-007: Generate PTS: true [ 294.368821][ T8575] vivid-007: Generate SCR: true [ 294.379828][ T8575] tpg source WxH: 320x240 (Y'CbCr) [ 294.399930][ T8575] tpg field: 1 [ 294.408377][ T8575] tpg crop: (0,0)/320x240 [ 294.424211][ T8575] tpg compose: (0,0)/320x240 [ 294.444648][ T8575] tpg colorspace: 8 [ 294.467635][ T8575] tpg transfer function: 0/0 [ 294.472406][ T8575] tpg Y'CbCr encoding: 0/0 [ 294.478445][ T8575] tpg quantization: 0/0 [ 294.478807][ T8580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.514'. [ 294.482719][ T8575] tpg RGB range: 0/2 [ 294.497197][ T8575] vivid-007: ================== END STATUS ================== [ 294.597659][ T8575] netlink: ct family unspecified [ 295.379313][ T8597] HfR: entered promiscuous mode [ 295.404418][ T8597] netlink: 12 bytes leftover after parsing attributes in process `syz.1.518'. [ 295.431794][ T8597] HfR: left promiscuous mode [ 295.859015][ T8600] netlink: zone id is out of range [ 295.872701][ T8600] netlink: zone id is out of range [ 295.903146][ T8600] netlink: zone id is out of range [ 295.930847][ T8600] netlink: zone id is out of range [ 295.941135][ T8600] netlink: zone id is out of range [ 295.977540][ T8600] netlink: zone id is out of range [ 295.993328][ T8600] netlink: zone id is out of range [ 296.003485][ T8600] netlink: zone id is out of range [ 296.264939][ T30] audit: type=1800 audit(1779325227.729:59): pid=8608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.520" name="file0" dev="tmpfs" ino=672 res=0 errno=0 [ 296.600121][ T8618] HfR: entered promiscuous mode [ 296.625492][ T8618] netlink: 12 bytes leftover after parsing attributes in process `syz.0.523'. [ 296.647771][ T8618] HfR: left promiscuous mode [ 297.017753][ T8629] netlink: 8 bytes leftover after parsing attributes in process `syz.2.526'. [ 297.064049][ T8629] binder: 8626:8629 ioctl c018620c 200000000440 returned -22 [ 297.598718][ T8638] netlink: 28 bytes leftover after parsing attributes in process `syz.0.527'. [ 298.409193][ T8647] HfR: entered promiscuous mode [ 298.450107][ T8647] netlink: 12 bytes leftover after parsing attributes in process `syz.3.529'. [ 298.459447][ T8647] HfR: left promiscuous mode [ 299.167041][ T30] audit: type=1800 audit(1779325230.629:60): pid=8653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.530" name="file0" dev="tmpfs" ino=716 res=0 errno=0 [ 299.396684][ T30] audit: type=1800 audit(1779325230.859:61): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.532" name="file0" dev="tmpfs" ino=729 res=0 errno=0 [ 300.013195][ T30] audit: type=1800 audit(1779325231.479:62): pid=8669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.535" name="file0" dev="tmpfs" ino=688 res=0 errno=0 [ 301.636174][ T8683] net_ratelimit: 46 callbacks suppressed [ 301.636192][ T8683] netlink: zone id is out of range [ 301.697010][ T8683] netlink: zone id is out of range [ 301.702550][ T8683] netlink: zone id is out of range [ 301.708489][ T8683] netlink: zone id is out of range [ 301.718718][ T8683] netlink: zone id is out of range [ 301.752371][ T8683] netlink: zone id is out of range [ 301.762949][ T8683] netlink: zone id is out of range [ 301.772711][ T8683] netlink: zone id is out of range [ 301.779770][ T8683] netlink: zone id is out of range [ 301.793236][ T8683] netlink: zone id is out of range [ 302.408827][ T30] audit: type=1800 audit(1779325233.879:63): pid=8691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.538" name="file0" dev="tmpfs" ino=722 res=0 errno=0 [ 303.218503][ T8709] HfR: entered promiscuous mode [ 303.267804][ T8709] netlink: 12 bytes leftover after parsing attributes in process `syz.3.545'. [ 303.309447][ T8709] HfR: left promiscuous mode [ 303.424582][ T8716] netlink: 12 bytes leftover after parsing attributes in process `syz.1.546'. [ 303.475485][ T8712] HfR: entered promiscuous mode [ 303.486939][ T8716] HfR: left promiscuous mode [ 304.182737][ T30] audit: type=1800 audit(1779325235.649:64): pid=8719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.548" name="file0" dev="tmpfs" ino=766 res=0 errno=0 [ 304.230065][ T30] audit: type=1800 audit(1779325235.699:65): pid=8729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.550" name="file0" dev="tmpfs" ino=709 res=0 errno=0 [ 305.097724][ T8743] HfR: entered promiscuous mode [ 305.134152][ T8743] netlink: 12 bytes leftover after parsing attributes in process `syz.0.554'. [ 305.163203][ T8743] HfR: left promiscuous mode [ 307.293484][ T8775] program syz.0.562 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 307.721813][ T8783] HfR: entered promiscuous mode [ 307.802149][ T8783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.564'. [ 307.811328][ T8783] HfR: left promiscuous mode [ 308.988574][ T30] audit: type=1800 audit(1779325240.459:66): pid=8800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.567" name="file0" dev="tmpfs" ino=782 res=0 errno=0 [ 309.240503][ T30] audit: type=1800 audit(1779325240.699:67): pid=8807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.569" name="file0" dev="tmpfs" ino=764 res=0 errno=0 [ 310.349251][ T8816] HfR: entered promiscuous mode [ 310.364186][ T8816] netlink: 12 bytes leftover after parsing attributes in process `syz.3.570'. [ 310.406695][ T8816] HfR: left promiscuous mode [ 310.682654][ T8822] net_ratelimit: 100 callbacks suppressed [ 310.682688][ T8822] netlink: ct family unspecified [ 310.825352][ T8826] program syz.1.573 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 310.994129][ T8832] HfR: entered promiscuous mode [ 311.025367][ T8832] netlink: 12 bytes leftover after parsing attributes in process `syz.2.574'. [ 311.041135][ T8832] HfR: left promiscuous mode [ 311.341519][ T8837] netlink: 28 bytes leftover after parsing attributes in process `syz.1.576'. [ 312.316275][ T8864] netlink: 12 bytes leftover after parsing attributes in process `syz.1.580'. [ 312.567795][ T8861] HfR: entered promiscuous mode [ 312.580740][ T8871] netlink: 12 bytes leftover after parsing attributes in process `syz.0.582'. [ 312.638999][ T8864] HfR: left promiscuous mode [ 312.815359][ T8870] HfR: entered promiscuous mode [ 312.889592][ T8871] HfR: left promiscuous mode [ 313.112033][ T30] audit: type=1800 audit(1779325244.579:68): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.583" name="file0" dev="tmpfs" ino=751 res=0 errno=0 [ 313.393449][ T8885] HfR: entered promiscuous mode [ 313.416144][ T8885] netlink: 12 bytes leftover after parsing attributes in process `syz.2.586'. [ 313.451816][ T8885] HfR: left promiscuous mode [ 313.582149][ T8889] netlink: ct family unspecified [ 315.428841][ T8916] netlink: 12 bytes leftover after parsing attributes in process `syz.1.591'. [ 315.518173][ T8915] HfR: entered promiscuous mode [ 315.588468][ T8916] HfR: left promiscuous mode [ 316.749776][ T8938] netlink: 28 bytes leftover after parsing attributes in process `syz.3.596'. [ 317.435325][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.446480][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.587179][ T30] audit: type=1800 audit(1779325250.059:69): pid=8961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.599" name="file0" dev="tmpfs" ino=813 res=0 errno=0 [ 319.620829][ T8977] netlink: zone id is out of range [ 319.641163][ T8977] netlink: zone id is out of range [ 319.689081][ T8977] netlink: zone id is out of range [ 319.716519][ T8977] netlink: zone id is out of range [ 319.724442][ T8977] netlink: zone id is out of range [ 319.769938][ T8977] netlink: zone id is out of range [ 319.794103][ T8977] netlink: zone id is out of range [ 319.815520][ T8977] netlink: zone id is out of range [ 319.842319][ T8977] netlink: zone id is out of range [ 319.871803][ T8977] netlink: zone id is out of range [ 320.216406][ T8984] vivid-007: ================= START STATUS ================= [ 320.244506][ T8984] vivid-007: Generate PTS: true [ 320.258577][ T8984] vivid-007: Generate SCR: true [ 320.274072][ T8984] tpg source WxH: 320x240 (Y'CbCr) [ 320.288834][ T8984] tpg field: 1 [ 320.294581][ T8986] HfR: entered promiscuous mode [ 320.302260][ T8984] tpg crop: (0,0)/320x240 [ 320.311494][ T8984] tpg compose: (0,0)/320x240 [ 320.327972][ T8984] tpg colorspace: 8 [ 320.337070][ T8986] netlink: 12 bytes leftover after parsing attributes in process `syz.3.604'. [ 320.348110][ T8984] tpg transfer function: 0/0 [ 320.358649][ T8984] tpg Y'CbCr encoding: 0/0 [ 320.363340][ T8986] HfR: left promiscuous mode [ 320.397514][ T8988] netlink: 8 bytes leftover after parsing attributes in process `syz.0.603'. [ 320.405826][ T8984] tpg quantization: 0/0 [ 320.427107][ T8984] tpg RGB range: 0/2 [ 320.438300][ T8984] vivid-007: ================== END STATUS ================== [ 320.580694][ T8994] HfR: entered promiscuous mode [ 320.596930][ T8994] netlink: 12 bytes leftover after parsing attributes in process `syz.1.606'. [ 320.606235][ T8994] HfR: left promiscuous mode [ 320.744446][ T8997] HfR: entered promiscuous mode [ 320.769238][ T8997] netlink: 12 bytes leftover after parsing attributes in process `syz.3.607'. [ 320.779961][ T8997] HfR: left promiscuous mode [ 323.043916][ T30] audit: type=1800 audit(1779325254.509:70): pid=9033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.615" name="file0" dev="tmpfs" ino=839 res=0 errno=0 [ 323.709993][ T9046] vivid-007: ================= START STATUS ================= [ 323.745058][ T9046] vivid-007: Generate PTS: true [ 323.759180][ T9046] vivid-007: Generate SCR: true [ 323.776418][ T9046] tpg source WxH: 320x240 (Y'CbCr) [ 323.806784][ T9046] tpg field: 1 [ 323.822293][ T9046] tpg crop: (0,0)/320x240 [ 323.836516][ T9046] tpg compose: (0,0)/320x240 [ 323.841326][ T9046] tpg colorspace: 8 [ 323.845247][ T9046] tpg transfer function: 0/0 [ 323.861692][ T9046] tpg Y'CbCr encoding: 0/0 [ 323.883645][ T9046] tpg quantization: 0/0 [ 323.934290][ T9046] tpg RGB range: 0/2 [ 323.970034][ T9046] vivid-007: ================== END STATUS ================== [ 324.009821][ T9051] HfR: entered promiscuous mode [ 324.064307][ T9051] netlink: 12 bytes leftover after parsing attributes in process `syz.3.620'. [ 324.094122][ T9051] HfR: left promiscuous mode [ 324.465631][ T9061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.622'. [ 324.501975][ T9062] HfR: entered promiscuous mode [ 324.525492][ T9062] netlink: 12 bytes leftover after parsing attributes in process `syz.1.623'. [ 324.536546][ T9062] HfR: left promiscuous mode [ 325.636219][ T9086] netlink: 8 bytes leftover after parsing attributes in process `syz.2.628'. [ 325.754621][ T9086] binder: 9083:9086 ioctl c018620c 200000000440 returned -22 [ 325.827906][ T9086] netlink: 334 bytes leftover after parsing attributes in process `syz.2.628'. [ 325.916276][ T9088] net_ratelimit: 106 callbacks suppressed [ 325.916297][ T9088] netlink: zone id is out of range [ 325.960090][ T9088] netlink: zone id is out of range [ 325.989032][ T9088] netlink: zone id is out of range [ 326.011626][ T9088] netlink: zone id is out of range [ 326.064236][ T9088] netlink: zone id is out of range [ 326.092992][ T9088] netlink: zone id is out of range [ 326.115104][ T9088] netlink: zone id is out of range [ 326.131488][ T9088] netlink: zone id is out of range [ 326.155546][ T9088] netlink: zone id is out of range [ 326.177479][ T9098] program syz.2.631 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 326.196961][ T9088] netlink: zone id is out of range [ 326.640252][ T9104] vivid-007: ================= START STATUS ================= [ 326.676963][ T9104] vivid-007: Generate PTS: true [ 326.690232][ T9104] vivid-007: Generate SCR: true [ 326.706662][ T9104] tpg source WxH: 320x240 (Y'CbCr) [ 326.715933][ T9104] tpg field: 1 [ 326.726020][ T9104] tpg crop: (0,0)/320x240 [ 326.733799][ T9104] tpg compose: (0,0)/320x240 [ 326.742515][ T9104] tpg colorspace: 8 [ 326.755768][ T9104] tpg transfer function: 0/0 [ 326.766472][ T9104] tpg Y'CbCr encoding: 0/0 [ 326.776839][ T9104] tpg quantization: 0/0 [ 326.786049][ T30] audit: type=1800 audit(1779325258.249:71): pid=9105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.632" name="file0" dev="tmpfs" ino=850 res=0 errno=0 [ 326.788190][ T9104] tpg RGB range: 0/2 [ 326.840489][ T9104] vivid-007: ================== END STATUS ================== [ 327.074450][ T9114] netlink: 28 bytes leftover after parsing attributes in process `syz.1.635'. [ 327.647588][ T9120] netlink: 8 bytes leftover after parsing attributes in process `syz.2.636'. [ 328.738646][ T9131] HfR: entered promiscuous mode [ 328.817305][ T9131] netlink: 12 bytes leftover after parsing attributes in process `syz.2.640'. [ 328.827689][ T9133] HfR: entered promiscuous mode [ 328.837362][ T9131] HfR: left promiscuous mode [ 328.876562][ T9133] netlink: 12 bytes leftover after parsing attributes in process `syz.0.638'. [ 328.967506][ T9133] HfR: left promiscuous mode [ 329.126227][ T9138] program syz.1.641 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 329.275911][ T9141] HfR: entered promiscuous mode [ 329.314831][ T9141] netlink: 12 bytes leftover after parsing attributes in process `syz.0.643'. [ 329.333968][ T9141] HfR: left promiscuous mode [ 329.763556][ T9154] netlink: 8 bytes leftover after parsing attributes in process `syz.0.647'. [ 329.904530][ T30] audit: type=1800 audit(1779325261.369:72): pid=9156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.646" name="file0" dev="tmpfs" ino=838 res=0 errno=0 [ 330.224892][ T30] audit: type=1800 audit(1779325261.689:73): pid=9160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.648" name="file0" dev="tmpfs" ino=886 res=0 errno=0 [ 331.042530][ T9170] netlink: 28 bytes leftover after parsing attributes in process `syz.0.649'. [ 332.275512][ T30] audit: type=1800 audit(1779325263.739:74): pid=9182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.652" name="file0" dev="tmpfs" ino=872 res=0 errno=0 [ 333.151319][ T9198] HfR: entered promiscuous mode [ 333.217474][ T9198] netlink: 12 bytes leftover after parsing attributes in process `syz.0.657'. [ 333.226600][ T9198] HfR: left promiscuous mode [ 333.412558][ T9188] kexec: Could not allocate control_code_buffer [ 333.608566][ T9201] vivid-007: ================= START STATUS ================= [ 333.650198][ T9201] vivid-007: Generate PTS: true [ 333.676438][ T9201] vivid-007: Generate SCR: true [ 333.688063][ T9201] tpg source WxH: 320x240 (Y'CbCr) [ 333.707954][ T9201] tpg field: 1 [ 333.727143][ T9201] tpg crop: (0,0)/320x240 [ 333.742441][ T9201] tpg compose: (0,0)/320x240 [ 333.762700][ T9201] tpg colorspace: 8 [ 333.774185][ T9201] tpg transfer function: 0/0 [ 333.785317][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.658'. [ 333.802323][ T9201] tpg Y'CbCr encoding: 0/0 [ 333.827710][ T9201] tpg quantization: 0/0 [ 333.849729][ T9201] tpg RGB range: 0/2 [ 333.869135][ T9201] vivid-007: ================== END STATUS ================== [ 333.897741][ T9201] net_ratelimit: 52 callbacks suppressed [ 333.897770][ T9201] netlink: ct family unspecified [ 334.166947][ T30] audit: type=1800 audit(1779325265.639:75): pid=9210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.659" name="file0" dev="tmpfs" ino=902 res=0 errno=0 [ 335.124749][ T30] audit: type=1800 audit(1779325266.589:76): pid=9221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.662" name="file0" dev="tmpfs" ino=892 res=0 errno=0 [ 335.982705][ T9236] netlink: 28 bytes leftover after parsing attributes in process `syz.3.665'. [ 336.015895][ T9239] netlink: zone id is out of range [ 336.040901][ T9239] netlink: zone id is out of range [ 336.067808][ T9239] netlink: zone id is out of range [ 336.081177][ T9239] netlink: zone id is out of range [ 336.095217][ T9239] netlink: zone id is out of range [ 336.165862][ T9239] netlink: zone id is out of range [ 336.181186][ T9239] netlink: zone id is out of range [ 336.206457][ T9239] netlink: zone id is out of range [ 336.219977][ T9239] netlink: zone id is out of range [ 337.017421][ T9259] HfR: entered promiscuous mode [ 337.043506][ T9259] netlink: 12 bytes leftover after parsing attributes in process `syz.0.670'. [ 337.084543][ T9259] HfR: left promiscuous mode [ 337.446112][ T9267] HfR: entered promiscuous mode [ 337.503947][ T9267] netlink: 12 bytes leftover after parsing attributes in process `syz.3.673'. [ 337.527455][ T9267] HfR: left promiscuous mode [ 337.862207][ T9277] HfR: entered promiscuous mode [ 337.894981][ T9277] netlink: 12 bytes leftover after parsing attributes in process `syz.3.675'. [ 337.938955][ T9277] HfR: left promiscuous mode [ 338.225728][ T9287] netlink: 8 bytes leftover after parsing attributes in process `syz.1.677'. [ 338.272403][ T9287] netlink: 334 bytes leftover after parsing attributes in process `syz.1.677'. [ 338.836476][ T30] audit: type=1800 audit(1779325270.299:77): pid=9292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.678" name="file0" dev="tmpfs" ino=893 res=0 errno=0 [ 339.090011][ T9298] net_ratelimit: 107 callbacks suppressed [ 339.090030][ T9298] netlink: zone id is out of range [ 339.110160][ T9298] netlink: zone id is out of range [ 339.133297][ T9298] netlink: zone id is out of range [ 339.155120][ T9298] netlink: zone id is out of range [ 339.169139][ T9298] netlink: zone id is out of range [ 339.175588][ T9298] netlink: zone id is out of range [ 339.187462][ T9298] netlink: zone id is out of range [ 339.198126][ T9298] netlink: zone id is out of range [ 339.232906][ T9298] netlink: zone id is out of range [ 339.251702][ T9298] netlink: zone id is out of range [ 341.564636][ T9333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.686'. [ 341.634081][ T9333] netlink: 334 bytes leftover after parsing attributes in process `syz.3.686'. [ 342.273167][ T9344] netlink: 8 bytes leftover after parsing attributes in process `syz.1.688'. [ 342.486981][ T9346] netlink: 334 bytes leftover after parsing attributes in process `syz.1.688'. [ 342.745085][ T9349] HfR: entered promiscuous mode [ 342.748981][ T9352] netlink: 12 bytes leftover after parsing attributes in process `syz.2.689'. [ 342.792691][ T9352] HfR: left promiscuous mode [ 343.294867][ T30] audit: type=1800 audit(1779325274.759:78): pid=9360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.692" name="file0" dev="tmpfs" ino=915 res=0 errno=0 [ 343.316530][ T9368] vivid-007: ================= START STATUS ================= [ 343.342081][ T9368] vivid-007: Generate PTS: true [ 343.358111][ T9368] vivid-007: Generate SCR: true [ 343.371398][ T9368] tpg source WxH: 320x240 (Y'CbCr) [ 343.390413][ T9368] tpg field: 1 [ 343.407228][ T9368] tpg crop: (0,0)/320x240 [ 343.418064][ T9368] tpg compose: (0,0)/320x240 [ 343.434552][ T9368] tpg colorspace: 8 [ 343.450087][ T9368] tpg transfer function: 0/0 [ 343.467844][ T9368] tpg Y'CbCr encoding: 0/0 [ 343.497521][ T9368] tpg quantization: 0/0 [ 343.513964][ T9368] tpg RGB range: 0/2 [ 343.532266][ T30] audit: type=1800 audit(1779325274.999:79): pid=9369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.693" name="file0" dev="tmpfs" ino=929 res=0 errno=0 [ 343.555231][ T9368] vivid-007: ================== END STATUS ================== [ 344.170666][ T9376] netlink: 28 bytes leftover after parsing attributes in process `syz.3.695'. [ 345.606095][ T9398] program syz.2.700 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 345.742895][ T9401] HfR: entered promiscuous mode [ 345.783224][ T9401] netlink: 12 bytes leftover after parsing attributes in process `syz.1.701'. [ 345.816760][ T9401] HfR: left promiscuous mode [ 345.924927][ T9406] netlink: 12 bytes leftover after parsing attributes in process `syz.2.702'. [ 345.985295][ T9404] HfR: entered promiscuous mode [ 346.197252][ T9415] netlink: 12 bytes leftover after parsing attributes in process `syz.3.704'. [ 346.209386][ T9416] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'. [ 346.219222][ T9406] HfR: left promiscuous mode [ 346.253225][ T9416] netlink: 334 bytes leftover after parsing attributes in process `syz.0.703'. [ 346.322425][ T9410] HfR: entered promiscuous mode [ 346.328042][ T9415] HfR: left promiscuous mode [ 346.481684][ T9422] HfR: entered promiscuous mode [ 346.499213][ T9422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.707'. [ 346.509036][ T9422] HfR: left promiscuous mode [ 346.908872][ T9432] vivid-007: ================= START STATUS ================= [ 346.940144][ T9432] vivid-007: Generate PTS: true [ 346.965645][ T9432] vivid-007: Generate SCR: true [ 346.984639][ T9432] tpg source WxH: 320x240 (Y'CbCr) [ 347.013564][ T9432] tpg field: 1 [ 347.017973][ T9432] tpg crop: (0,0)/320x240 [ 347.024077][ T9432] tpg compose: (0,0)/320x240 [ 347.030731][ T9432] tpg colorspace: 8 [ 347.041091][ T30] audit: type=1800 audit(1779325278.499:80): pid=9433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.708" name="file0" dev="tmpfs" ino=936 res=0 errno=0 [ 347.062015][ T9432] tpg transfer function: 0/0 [ 347.072414][ T9432] tpg Y'CbCr encoding: 0/0 [ 347.081537][ T9432] tpg quantization: 0/0 [ 347.095816][ T9432] tpg RGB range: 0/2 [ 347.103809][ T9432] vivid-007: ================== END STATUS ================== [ 347.160454][ T9432] net_ratelimit: 49 callbacks suppressed [ 347.160481][ T9432] netlink: ct family unspecified [ 348.418308][ T9453] __nla_validate_parse: 1 callbacks suppressed [ 348.418335][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.713'. [ 348.485350][ T9453] netlink: ct family unspecified [ 348.902015][ T9465] netlink: 334 bytes leftover after parsing attributes in process `syz.0.715'. [ 349.463265][ T9478] netlink: 12 bytes leftover after parsing attributes in process `syz.2.718'. [ 349.541857][ T9477] HfR: entered promiscuous mode [ 349.555753][ T9478] HfR: left promiscuous mode [ 349.841112][ T9485] HfR: entered promiscuous mode [ 349.855825][ T9485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.720'. [ 349.871078][ T9485] HfR: left promiscuous mode [ 350.339077][ T9496] netlink: 28 bytes leftover after parsing attributes in process `syz.3.721'. [ 351.047983][ T9510] netlink: 334 bytes leftover after parsing attributes in process `syz.0.724'. [ 351.567824][ T9516] program syz.0.726 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 352.376542][ T30] audit: type=1800 audit(1779325283.839:81): pid=9526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.728" name="file0" dev="tmpfs" ino=984 res=0 errno=0 [ 353.014678][ T9533] HfR: entered promiscuous mode [ 353.059239][ T9533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.731'. [ 353.076544][ T9533] HfR: left promiscuous mode [ 353.585593][ T9542] netlink: 12 bytes leftover after parsing attributes in process `syz.2.733'. [ 353.751721][ T9541] HfR: entered promiscuous mode [ 353.790138][ T9542] HfR: left promiscuous mode [ 354.011520][ T9547] HfR: entered promiscuous mode [ 354.062540][ T9547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.734'. [ 354.117685][ T9547] HfR: left promiscuous mode [ 354.590532][ T30] audit: type=1800 audit(1779325286.059:82): pid=9551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.735" name="file0" dev="tmpfs" ino=977 res=0 errno=0 [ 355.274172][ T9564] netlink: ct family unspecified [ 355.859392][ T9572] HfR: entered promiscuous mode [ 355.895082][ T9572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.740'. [ 355.918861][ T9572] HfR: left promiscuous mode [ 357.350714][ T9599] Unable to find swap-space signature [ 359.231382][ T9621] FAULT_INJECTION: forcing a failure. [ 359.231382][ T9621] name failslab, interval 1, probability 0, space 0, times 0 [ 359.256216][ T9621] CPU: 0 UID: 0 PID: 9621 Comm: syz.3.749 Not tainted syzkaller #0 PREEMPT(full) [ 359.256257][ T9621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 359.256289][ T9621] Call Trace: [ 359.256299][ T9621] [ 359.256314][ T9621] dump_stack_lvl+0x100/0x190 [ 359.256355][ T9621] should_fail_ex.cold+0x5/0xa [ 359.256396][ T9621] should_failslab+0xc2/0x120 [ 359.256435][ T9621] __kvmalloc_node_noprof+0xfa/0xa00 [ 359.256468][ T9621] ? proc_sys_call_handler+0x2c7/0x5a0 [ 359.256508][ T9621] ? proc_sys_call_handler+0x169/0x5a0 [ 359.256560][ T9621] proc_sys_call_handler+0x2c7/0x5a0 [ 359.256606][ T9621] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 359.256661][ T9621] vfs_write+0x6ac/0x1070 [ 359.256700][ T9621] ? __pfx_proc_sys_write+0x10/0x10 [ 359.256743][ T9621] ? __pfx_vfs_write+0x10/0x10 [ 359.256803][ T9621] ksys_write+0x12a/0x250 [ 359.256834][ T9621] ? __pfx_ksys_write+0x10/0x10 [ 359.256870][ T9621] ? rcu_is_watching+0x12/0xc0 [ 359.256914][ T9621] do_syscall_64+0x10b/0xf80 [ 359.256962][ T9621] ? clear_bhb_loop+0x40/0x90 [ 359.257001][ T9621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.257033][ T9621] RIP: 0033:0x7fda86d9ce59 [ 359.257059][ T9621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 359.257090][ T9621] RSP: 002b:00007fda87bcc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 359.257131][ T9621] RAX: ffffffffffffffda RBX: 00007fda87016090 RCX: 00007fda86d9ce59 [ 359.257151][ T9621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 359.257168][ T9621] RBP: 00007fda87bcc090 R08: 0000000000000000 R09: 0000000000000000 [ 359.257186][ T9621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 359.257205][ T9621] R13: 00007fda87016128 R14: 00007fda87016090 R15: 00007ffeb6dbb378 [ 359.257246][ T9621] [ 360.251044][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 360.559548][ T9638] program syz.0.754 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 362.895874][ T9673] ovs_: entered promiscuous mode [ 362.938810][ T9675] netlink: zone id is out of range [ 362.938828][ T9675] netlink: zone id is out of range [ 362.938837][ T9675] netlink: zone id is out of range [ 362.938846][ T9675] netlink: zone id is out of range [ 362.938854][ T9675] netlink: zone id is out of range [ 362.938863][ T9675] netlink: zone id is out of range [ 362.938872][ T9675] netlink: zone id is out of range [ 362.938881][ T9675] netlink: zone id is out of range [ 362.938889][ T9675] netlink: zone id is out of range [ 362.938898][ T9675] netlink: zone id is out of range [ 363.520908][ T9690] netlink: 12 bytes leftover after parsing attributes in process `syz.3.763'. [ 363.734976][ T9689] HfR: entered promiscuous mode [ 363.761698][ T9690] HfR: left promiscuous mode [ 365.054612][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 365.144244][ T9718] FAULT_INJECTION: forcing a failure. [ 365.144244][ T9718] name failslab, interval 1, probability 0, space 0, times 0 [ 365.179782][ T9718] CPU: 0 UID: 0 PID: 9718 Comm: syz.1.772 Not tainted syzkaller #0 PREEMPT(full) [ 365.179824][ T9718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 365.179843][ T9718] Call Trace: [ 365.179854][ T9718] [ 365.179867][ T9718] dump_stack_lvl+0x100/0x190 [ 365.179908][ T9718] should_fail_ex.cold+0x5/0xa [ 365.179946][ T9718] should_failslab+0xc2/0x120 [ 365.179982][ T9718] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 365.180029][ T9718] ? alloc_empty_file+0x5b/0x1c0 [ 365.180080][ T9718] alloc_empty_file+0x5b/0x1c0 [ 365.180124][ T9718] alloc_file_pseudo+0x13a/0x230 [ 365.180171][ T9718] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 365.180219][ T9718] ? security_inode_init_security_anon+0x7b/0x230 [ 365.180265][ T9718] __anon_inode_getfile+0xe8/0x280 [ 365.180315][ T9718] ? _copy_to_user+0xaf/0xd0 [ 365.180350][ T9718] io_uring_setup.cold+0x1951/0x1c6e [ 365.180409][ T9718] ? __pfx_io_uring_setup+0x10/0x10 [ 365.180459][ T9718] ? __pfx_do_futex+0x10/0x10 [ 365.180516][ T9718] ? xfd_validate_state+0x129/0x190 [ 365.180562][ T9718] __x64_sys_io_uring_setup+0xc2/0x170 [ 365.180634][ T9718] do_syscall_64+0x10b/0xf80 [ 365.180698][ T9718] ? clear_bhb_loop+0x40/0x90 [ 365.180744][ T9718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.180774][ T9718] RIP: 0033:0x7f503319ce59 [ 365.180799][ T9718] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 365.180829][ T9718] RSP: 002b:00007f5034099028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 365.180857][ T9718] RAX: ffffffffffffffda RBX: 00007f5033415fa0 RCX: 00007f503319ce59 [ 365.180878][ T9718] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 365.180894][ T9718] RBP: 00007f5033232d6f R08: 0000000000000000 R09: 0000000000000000 [ 365.180912][ T9718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 365.180928][ T9718] R13: 00007f5033416038 R14: 00007f5033415fa0 R15: 00007ffc62ea0608 [ 365.180967][ T9718] [ 365.728433][ T9733] program syz.2.776 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.129757][ T9744] HfR: entered promiscuous mode [ 366.209038][ T9744] netlink: 12 bytes leftover after parsing attributes in process `syz.2.779'. [ 366.225630][ T9744] HfR: left promiscuous mode [ 366.337295][ T30] audit: type=1800 audit(1779325297.809:83): pid=9742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.778" name="file0" dev="tmpfs" ino=1004 res=0 errno=0 [ 366.491803][ T9748] netlink: 28 bytes leftover after parsing attributes in process `syz.0.780'. [ 367.106834][ T5634] Bluetooth: hci1: command 0x0406 tx timeout [ 368.403997][ T9781] FAULT_INJECTION: forcing a failure. [ 368.403997][ T9781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 368.459076][ T9781] CPU: 1 UID: 0 PID: 9781 Comm: syz.0.787 Not tainted syzkaller #0 PREEMPT(full) [ 368.459119][ T9781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 368.459138][ T9781] Call Trace: [ 368.459148][ T9781] [ 368.459160][ T9781] dump_stack_lvl+0x100/0x190 [ 368.459200][ T9781] should_fail_ex.cold+0x5/0xa [ 368.459242][ T9781] _copy_to_user+0x32/0xd0 [ 368.459280][ T9781] simple_read_from_buffer+0xcb/0x170 [ 368.459322][ T9781] proc_fail_nth_read+0x1af/0x230 [ 368.459376][ T9781] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 368.459441][ T9781] ? rw_verify_area+0xce/0x6d0 [ 368.459473][ T9781] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 368.459526][ T9781] vfs_read+0x1e4/0xb30 [ 368.459576][ T9781] ? __pfx_vfs_read+0x10/0x10 [ 368.459613][ T9781] ? __fget_files+0x215/0x3d0 [ 368.459660][ T9781] ? __fget_files+0x21f/0x3d0 [ 368.459709][ T9781] ksys_read+0x12a/0x250 [ 368.459747][ T9781] ? __pfx_ksys_read+0x10/0x10 [ 368.459788][ T9781] ? rcu_is_watching+0x12/0xc0 [ 368.459834][ T9781] do_syscall_64+0x10b/0xf80 [ 368.459882][ T9781] ? clear_bhb_loop+0x40/0x90 [ 368.459923][ T9781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.459957][ T9781] RIP: 0033:0x7f133515d68e [ 368.459983][ T9781] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 368.460015][ T9781] RSP: 002b:00007f1335f88fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 368.460045][ T9781] RAX: ffffffffffffffda RBX: 00007f1335f896c0 RCX: 00007f133515d68e [ 368.460067][ T9781] RDX: 000000000000000f RSI: 00007f1335f890a0 RDI: 0000000000000006 [ 368.460086][ T9781] RBP: 00007f1335f89090 R08: 0000000000000000 R09: 0000000000000000 [ 368.460105][ T9781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 368.460124][ T9781] R13: 00007f1335416038 R14: 00007f1335415fa0 R15: 00007ffdc52b3898 [ 368.460167][ T9781] [ 369.101706][ T9792] netlink: 12 bytes leftover after parsing attributes in process `syz.0.790'. [ 369.187884][ T4945] Bluetooth: hci1: command 0x0406 tx timeout [ 369.259502][ T30] audit: type=1800 audit(1779325300.719:84): pid=9791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.789" name="file0" dev="tmpfs" ino=1071 res=0 errno=0 [ 369.332675][ T9790] HfR: entered promiscuous mode [ 369.361985][ T9792] HfR: left promiscuous mode [ 369.398587][ T9797] netlink: 12 bytes leftover after parsing attributes in process `syz.3.791'. [ 369.471784][ T9795] HfR: entered promiscuous mode [ 369.508711][ T9797] HfR: left promiscuous mode [ 370.158303][ T9808] net_ratelimit: 94 callbacks suppressed [ 370.158328][ T9808] netlink: ct family unspecified [ 370.961873][ T9824] netlink: 28 bytes leftover after parsing attributes in process `syz.3.797'. [ 371.303463][ T9831] netlink: 334 bytes leftover after parsing attributes in process `syz.2.801'. [ 371.976283][ T9842] vivid-007: ================= START STATUS ================= [ 372.015398][ T9842] vivid-007: Generate PTS: true [ 372.031991][ T9842] vivid-007: Generate SCR: true [ 372.076772][ T9842] tpg source WxH: 320x240 (Y'CbCr) [ 372.097557][ T9842] tpg field: 1 [ 372.110350][ T9842] tpg crop: (0,0)/320x240 [ 372.126241][ T9842] tpg compose: (0,0)/320x240 [ 372.131340][ T9842] tpg colorspace: 8 [ 372.139383][ T9842] tpg transfer function: 0/0 [ 372.158689][ T9844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.804'. [ 372.172844][ T9842] tpg Y'CbCr encoding: 0/0 [ 372.210245][ T9842] tpg quantization: 0/0 [ 372.220808][ T9842] tpg RGB range: 0/2 [ 372.230436][ T9842] vivid-007: ================== END STATUS ================== [ 372.339154][ T9842] netlink: ct family unspecified [ 373.148581][ T9854] program syz.2.807 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 373.164097][ T9856] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 373.214273][ T9860] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 373.275829][ T9865] netlink: 12 bytes leftover after parsing attributes in process `syz.1.809'. [ 373.464941][ T9858] HfR: entered promiscuous mode [ 373.665810][ T9865] HfR: left promiscuous mode [ 373.944700][ T9878] HfR: entered promiscuous mode [ 373.964441][ T9878] netlink: 12 bytes leftover after parsing attributes in process `syz.3.813'. [ 373.994549][ T9878] HfR: left promiscuous mode [ 374.543304][ T30] audit: type=1800 audit(1779326329.017:85): pid=9885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.814" name="file0" dev="tmpfs" ino=1030 res=0 errno=0 [ 375.842168][ T9911] netlink: 28 bytes leftover after parsing attributes in process `syz.3.818'. [ 375.890617][ T30] audit: type=1800 audit(1779326330.366:86): pid=9909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.819" name="file0" dev="tmpfs" ino=1118 res=0 errno=0 [ 376.335548][ T30] audit: type=1800 audit(1779326330.806:87): pid=9908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.816" name="file0" dev="tmpfs" ino=1087 res=0 errno=0 [ 377.389773][ T9924] netlink: 28 bytes leftover after parsing attributes in process `syz.3.820'. [ 377.706315][ T30] audit: type=1800 audit(1779326332.176:88): pid=9925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.821" name="file0" dev="tmpfs" ino=1036 res=0 errno=0 [ 378.879015][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.885911][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.527224][ T9947] netlink: ct family unspecified [ 380.987289][ T9972] netlink: 28 bytes leftover after parsing attributes in process `syz.2.829'. [ 381.445894][ T30] audit: type=1800 audit(1779326335.914:89): pid=9955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.827" name="file0" dev="tmpfs" ino=1093 res=0 errno=0 [ 382.413203][ T30] audit: type=1800 audit(1779326336.873:90): pid=9983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.831" name="file0" dev="tmpfs" ino=1052 res=0 errno=0 [ 384.425659][ T9994] nfs4: Unknown parameter 'ECH];^YىZL`~^g ' [ 384.913622][ T30] audit: type=1800 audit(1779326339.372:91): pid=10029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.836" name="file0" dev="tmpfs" ino=1104 res=0 errno=0 [ 385.543755][T10051] futex_wake_op: syz.3.838 tries to shift op by -2048; fix this program [ 385.955989][T10060] FAULT_INJECTION: forcing a failure. [ 385.955989][T10060] name failslab, interval 1, probability 0, space 0, times 0 [ 385.970833][T10060] CPU: 0 UID: 0 PID: 10060 Comm: syz.1.839 Not tainted syzkaller #0 PREEMPT(full) [ 385.970875][T10060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 385.970893][T10060] Call Trace: [ 385.970903][T10060] [ 385.970915][T10060] dump_stack_lvl+0x100/0x190 [ 385.970954][T10060] should_fail_ex.cold+0x5/0xa [ 385.970992][T10060] ? tomoyo_encode2+0xfb/0x3c0 [ 385.971030][T10060] should_failslab+0xc2/0x120 [ 385.971069][T10060] __kmalloc_noprof+0xe0/0x850 [ 385.971105][T10060] tomoyo_encode2+0xfb/0x3c0 [ 385.971160][T10060] tomoyo_encode+0x29/0x50 [ 385.971201][T10060] tomoyo_realpath_from_path+0x18c/0x690 [ 385.971256][T10060] tomoyo_path_number_perm+0x23c/0x580 [ 385.971291][T10060] ? tomoyo_path_number_perm+0x22e/0x580 [ 385.971329][T10060] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 385.971406][T10060] ? find_held_lock+0x2b/0x80 [ 385.971448][T10060] ? __fget_files+0x215/0x3d0 [ 385.971484][T10060] ? hook_file_ioctl_common+0x149/0x410 [ 385.971519][T10060] ? __fget_files+0x215/0x3d0 [ 385.971564][T10060] ? __fget_files+0x21f/0x3d0 [ 385.971610][T10060] security_file_ioctl+0xd3/0x230 [ 385.971648][T10060] __x64_sys_ioctl+0xb7/0x210 [ 385.971683][T10060] do_syscall_64+0x10b/0xf80 [ 385.971731][T10060] ? clear_bhb_loop+0x40/0x90 [ 385.971771][T10060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.971804][T10060] RIP: 0033:0x7f503319ce59 [ 385.971829][T10060] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 385.971861][T10060] RSP: 002b:00007f5034057028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 385.971891][T10060] RAX: ffffffffffffffda RBX: 00007f5033416180 RCX: 00007f503319ce59 [ 385.971913][T10060] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000006 [ 385.971933][T10060] RBP: 00007f5034057090 R08: 0000000000000000 R09: 0000000000000000 [ 385.971952][T10060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 385.971971][T10060] R13: 00007f5033416218 R14: 00007f5033416180 R15: 00007ffc62ea0608 [ 385.972015][T10060] [ 386.410936][T10060] ERROR: Out of memory at tomoyo_realpath_from_path. [ 387.670108][T10076] netlink: 20 bytes leftover after parsing attributes in process `syz.0.843'. [ 387.748691][T10082] HfR: entered promiscuous mode [ 387.987637][T10088] netlink: 334 bytes leftover after parsing attributes in process `syz.0.847'. [ 388.120698][T10091] netlink: ct family unspecified [ 389.473513][ T30] audit: type=1800 audit(1779326343.930:92): pid=10107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.851" name="file0" dev="tmpfs" ino=1083 res=0 errno=0 [ 389.801548][T10125] HfR: entered promiscuous mode [ 389.829982][T10125] netlink: 12 bytes leftover after parsing attributes in process `syz.0.856'. [ 389.848645][T10125] HfR: left promiscuous mode [ 390.361895][T10131] netlink: 334 bytes leftover after parsing attributes in process `syz.0.857'. [ 390.546237][ T30] audit: type=1800 audit(1779326345.019:93): pid=10127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.855" name="file0" dev="tmpfs" ino=1167 res=0 errno=0 [ 390.838221][ T30] audit: type=1800 audit(1779326345.309:94): pid=10133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.858" name="file0" dev="tmpfs" ino=1159 res=0 errno=0 [ 391.068958][ T30] audit: type=1800 audit(1779326345.539:95): pid=10138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.859" name="file0" dev="tmpfs" ino=1145 res=0 errno=0 [ 391.430444][T10143] vivid-007: ================= START STATUS ================= [ 391.451707][T10143] vivid-007: Generate PTS: true [ 391.463597][T10143] vivid-007: Generate SCR: true [ 391.476409][T10143] tpg source WxH: 320x240 (Y'CbCr) [ 391.489694][T10143] tpg field: 1 [ 391.498009][T10143] tpg crop: (0,0)/320x240 [ 391.516440][T10143] tpg compose: (0,0)/320x240 [ 391.537884][T10143] tpg colorspace: 8 [ 391.543285][T10143] tpg transfer function: 0/0 [ 391.563165][T10143] tpg Y'CbCr encoding: 0/0 [ 391.584579][T10147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.860'. [ 391.616609][T10143] tpg quantization: 0/0 [ 391.626862][T10143] tpg RGB range: 0/2 [ 391.636406][T10143] vivid-007: ================== END STATUS ================== [ 391.746214][T10143] netlink: ct family unspecified [ 392.813969][T10159] openvswitch: HfR: Dropping previously announced user features [ 392.978100][T10162] netlink: 28 bytes leftover after parsing attributes in process `syz.3.863'. [ 393.420245][T10169] netlink: 334 bytes leftover after parsing attributes in process `syz.2.867'. [ 393.667638][T10171] vivid-007: ================= START STATUS ================= [ 393.703152][T10171] vivid-007: Generate PTS: true [ 393.717625][T10171] vivid-007: Generate SCR: true [ 393.737050][T10171] tpg source WxH: 320x240 (Y'CbCr) [ 393.747937][T10171] tpg field: 1 [ 393.760187][T10171] tpg crop: (0,0)/320x240 [ 393.788104][T10171] tpg compose: (0,0)/320x240 [ 393.801016][T10171] tpg colorspace: 8 [ 393.820348][T10171] tpg transfer function: 0/0 [ 393.829593][T10171] tpg Y'CbCr encoding: 0/0 [ 393.834888][T10171] tpg quantization: 0/0 [ 393.847551][T10171] tpg RGB range: 0/2 [ 393.857153][T10177] netlink: 4 bytes leftover after parsing attributes in process `syz.2.868'. [ 393.874980][T10171] vivid-007: ================== END STATUS ================== [ 395.032141][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 395.039689][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 395.171107][T10202] netlink: 32 bytes leftover after parsing attributes in process `syz.2.873'. [ 395.354599][T10203] netlink: 28 bytes leftover after parsing attributes in process `syz.3.872'. [ 396.526652][T10223] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 396.853588][T10234] netlink: 'syz.3.879': attribute type 4 has an invalid length. [ 396.873822][T10234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.879'. [ 396.886680][T10235] netlink: ct family unspecified [ 397.165655][T10238] can0: slcan on ptm0. [ 397.495249][T10249] openvswitch: HfR: Dropping previously announced user features [ 397.542303][T10249] netlink: 12 bytes leftover after parsing attributes in process `syz.1.881'. [ 397.567355][T10249] HfR: left promiscuous mode [ 397.817118][T10232] can0 (unregistered): slcan off ptm0. [ 398.115547][T10266] vivid-007: ================= START STATUS ================= [ 398.140685][T10266] vivid-007: Generate PTS: true [ 398.162574][T10266] vivid-007: Generate SCR: true [ 398.177129][T10266] tpg source WxH: 320x240 (Y'CbCr) [ 398.188959][T10266] tpg field: 1 [ 398.206910][T10266] tpg crop: (0,0)/320x240 [ 398.223958][T10266] tpg compose: (0,0)/320x240 [ 398.238423][T10266] tpg colorspace: 8 [ 398.249186][T10266] tpg transfer function: 0/0 [ 398.276375][T10271] netlink: 4 bytes leftover after parsing attributes in process `syz.3.884'. [ 398.305762][T10266] tpg Y'CbCr encoding: 0/0 [ 398.326379][T10266] tpg quantization: 0/0 [ 398.345164][T10266] tpg RGB range: 0/2 [ 398.361301][T10266] vivid-007: ================== END STATUS ================== [ 398.382968][ T30] audit: type=1800 audit(1779326352.835:96): pid=10261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.882" name="file0" dev="tmpfs" ino=1181 res=0 errno=0 [ 399.687065][ T30] audit: type=1800 audit(1779326354.145:97): pid=10292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.886" name="file0" dev="tmpfs" ino=1193 res=0 errno=0 [ 401.096571][ T30] audit: type=1800 audit(1779326355.554:98): pid=10307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.887" name="file0" dev="tmpfs" ino=1187 res=0 errno=0 [ 404.034529][T10349] vivid-007: ================= START STATUS ================= [ 404.058703][T10349] vivid-007: Generate PTS: true [ 404.074172][T10349] vivid-007: Generate SCR: true [ 404.089331][T10349] tpg source WxH: 320x240 (Y'CbCr) [ 404.113248][T10349] tpg field: 1 [ 404.140640][T10349] tpg crop: (0,0)/320x240 [ 404.182982][T10349] tpg compose: (0,0)/320x240 [ 404.203330][T10351] netlink: 4 bytes leftover after parsing attributes in process `syz.0.895'. [ 404.252842][T10349] tpg colorspace: 8 [ 404.269642][T10349] tpg transfer function: 0/0 [ 404.321035][T10349] tpg Y'CbCr encoding: 0/0 [ 404.370408][T10349] tpg quantization: 0/0 [ 404.385907][T10349] tpg RGB range: 0/2 [ 404.436428][T10349] vivid-007: ================== END STATUS ================== [ 404.723311][ T30] audit: type=1800 audit(1779326359.172:99): pid=10357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.896" name="file0" dev="tmpfs" ino=1149 res=0 errno=0 [ 404.763401][ T30] audit: type=1800 audit(1779326359.212:100): pid=10359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.897" name="file0" dev="tmpfs" ino=1216 res=0 errno=0 [ 404.798372][T10362] netlink: ct family unspecified [ 405.028251][T10368] netlink: ct family unspecified [ 406.085196][T10378] HfR: entered promiscuous mode [ 406.225856][T10383] vivid-007: ================= START STATUS ================= [ 406.254365][T10383] vivid-007: Generate PTS: true [ 406.266787][T10383] vivid-007: Generate SCR: true [ 406.283839][T10383] tpg source WxH: 320x240 (Y'CbCr) [ 406.298282][T10383] tpg field: 1 [ 406.307786][T10383] tpg crop: (0,0)/320x240 [ 406.316792][T10383] tpg compose: (0,0)/320x240 [ 406.322014][T10383] tpg colorspace: 8 [ 406.348261][T10383] tpg transfer function: 0/0 [ 406.362896][T10383] tpg Y'CbCr encoding: 0/0 [ 406.367888][T10383] tpg quantization: 0/0 [ 406.374106][T10383] tpg RGB range: 0/2 [ 406.394127][T10383] vivid-007: ================== END STATUS ================== [ 406.423290][T10388] netlink: 4 bytes leftover after parsing attributes in process `syz.1.902'. [ 406.459431][T10387] program syz.2.904 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 406.629221][ T30] audit: type=1800 audit(1779326361.081:101): pid=10384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.903" name="file0" dev="tmpfs" ino=1214 res=0 errno=0 [ 408.852626][T10426] netlink: zone id is out of range [ 408.882434][T10426] netlink: zone id is out of range [ 408.914487][T10426] netlink: zone id is out of range [ 408.942497][T10426] netlink: zone id is out of range [ 408.953466][T10426] netlink: zone id is out of range [ 409.014805][T10426] netlink: zone id is out of range [ 409.040265][T10426] netlink: zone id is out of range [ 409.066795][T10426] netlink: zone id is out of range [ 410.020688][T10443] Invalid ELF header magic: != ELF [ 410.727587][ T30] audit: type=1800 audit(1779326365.179:102): pid=10460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.917" name="file0" dev="tmpfs" ino=1218 res=0 errno=0 [ 411.350044][T10473] HfR: entered promiscuous mode [ 411.668229][T10478] HfR: entered promiscuous mode [ 411.820986][T10480] program syz.2.925 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 412.240231][T10485] net_ratelimit: 51 callbacks suppressed [ 412.240251][T10485] netlink: zone id is out of range [ 412.264849][T10485] netlink: zone id is out of range [ 412.284887][T10485] netlink: zone id is out of range [ 412.300945][T10485] netlink: zone id is out of range [ 412.309257][T10485] netlink: zone id is out of range [ 412.352138][T10485] netlink: zone id is out of range [ 412.417027][T10485] netlink: zone id is out of range [ 412.431213][T10485] netlink: zone id is out of range [ 412.471320][T10485] netlink: zone id is out of range [ 412.503307][T10485] netlink: zone id is out of range [ 412.591977][T10495] netlink: 28 bytes leftover after parsing attributes in process `syz.1.928'. [ 413.125015][T10505] netlink: 12 bytes leftover after parsing attributes in process `syz.2.930'. [ 413.171971][T10505] HfR: left promiscuous mode [ 413.801781][T10518] netlink: 8 bytes leftover after parsing attributes in process `syz.3.935'. [ 414.123722][ T30] audit: type=1800 audit(1779326368.577:103): pid=10528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.937" name="file0" dev="tmpfs" ino=1196 res=0 errno=0 [ 414.575304][ T30] audit: type=1800 audit(1779326369.027:104): pid=10538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.940" name="file0" dev="tmpfs" ino=1304 res=0 errno=0 [ 416.297877][T10567] netlink: 28 bytes leftover after parsing attributes in process `syz.0.946'. [ 416.662354][T10570] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 416.679542][T10570] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 416.789984][T10570] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 416.808247][T10570] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 416.854309][T10570] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 416.865340][T10570] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 416.904330][T10570] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 416.915333][T10570] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 417.374711][ T30] audit: type=1800 audit(1779326371.826:105): pid=10581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.950" name="file0" dev="tmpfs" ino=1250 res=0 errno=0 [ 418.653049][T10598] netlink: 326 bytes leftover after parsing attributes in process `syz.1.952'. [ 418.730256][T10340] Bluetooth: hci1: command 0x0406 tx timeout [ 418.826981][T10340] Bluetooth: hci2: command 0x0406 tx timeout [ 418.890245][T10340] Bluetooth: hci0: command 0x0406 tx timeout [ 418.925459][T10609] netlink: 8 bytes leftover after parsing attributes in process `syz.3.953'. [ 418.970094][T10340] Bluetooth: hci3: command 0x0406 tx timeout [ 419.475275][T10625] netlink: 28 bytes leftover after parsing attributes in process `syz.2.954'. [ 420.016922][T10640] program syz.1.957 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 420.812199][T10340] Bluetooth: hci1: command 0x0406 tx timeout [ 420.891684][T10340] Bluetooth: hci2: command 0x0406 tx timeout [ 420.971239][T10340] Bluetooth: hci0: command 0x0406 tx timeout [ 421.051197][T10340] Bluetooth: hci3: command 0x0406 tx timeout [ 421.175299][T10650] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 421.499478][T10666] vivid-007: ================= START STATUS ================= [ 421.510509][T10666] vivid-007: Generate PTS: true [ 421.515915][T10666] vivid-007: Generate SCR: true [ 421.520845][T10666] tpg source WxH: 320x240 (Y'CbCr) [ 421.526110][T10666] tpg field: 1 [ 421.529557][T10666] tpg crop: (0,0)/320x240 [ 421.536531][T10666] tpg compose: (0,0)/320x240 [ 421.541215][T10666] tpg colorspace: 8 [ 421.545932][T10666] tpg transfer function: 0/0 [ 421.550589][T10666] tpg Y'CbCr encoding: 0/0 [ 421.555132][T10666] tpg quantization: 0/0 [ 421.559320][T10666] tpg RGB range: 0/2 [ 421.564809][T10666] vivid-007: ================== END STATUS ================== [ 421.579155][T10666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.960'. [ 421.917047][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.3.961'. [ 421.926498][T10670] HfR: left promiscuous mode [ 421.995418][T10673] netlink: 8 bytes leftover after parsing attributes in process `syz.0.962'. [ 422.010971][T10673] net_ratelimit: 49 callbacks suppressed [ 422.010996][T10673] netlink: ct family unspecified [ 422.194567][ T30] audit: type=1800 audit(1779326376.643:106): pid=10678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.964" name="file0" dev="tmpfs" ino=1296 res=0 errno=0 [ 423.249246][T10699] netlink: zone id is out of range [ 423.270197][T10699] netlink: zone id is out of range [ 423.284823][T10699] netlink: zone id is out of range [ 423.301323][T10699] netlink: zone id is out of range [ 423.313648][T10699] netlink: zone id is out of range [ 423.325315][T10699] netlink: zone id is out of range [ 423.336342][T10699] netlink: zone id is out of range [ 423.435515][T10699] netlink: zone id is out of range [ 423.440813][T10699] netlink: zone id is out of range [ 424.322889][T10712] program syz.3.972 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 424.790706][T10721] FAULT_INJECTION: forcing a failure. [ 424.790706][T10721] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 424.852519][T10721] CPU: 0 UID: 0 PID: 10721 Comm: syz.1.974 Not tainted syzkaller #0 PREEMPT(full) [ 424.852562][T10721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 424.852580][T10721] Call Trace: [ 424.852591][T10721] [ 424.852603][T10721] dump_stack_lvl+0x100/0x190 [ 424.852645][T10721] should_fail_ex.cold+0x5/0xa [ 424.852686][T10721] _copy_to_user+0x32/0xd0 [ 424.852723][T10721] simple_read_from_buffer+0xcb/0x170 [ 424.852766][T10721] proc_fail_nth_read+0x1af/0x230 [ 424.852820][T10721] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 424.852876][T10721] ? rw_verify_area+0xce/0x6d0 [ 424.852909][T10721] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 424.852965][T10721] vfs_read+0x1e4/0xb30 [ 424.853004][T10721] ? _raw_spin_unlock_irq+0x2e/0x50 [ 424.853050][T10721] ? __pfx_vfs_read+0x10/0x10 [ 424.853098][T10721] ? __x64_sys_timerfd_settime+0x1dd/0x280 [ 424.853135][T10721] ? __pfx___x64_sys_timerfd_settime+0x10/0x10 [ 424.853176][T10721] ksys_read+0x12a/0x250 [ 424.853232][T10721] ? __pfx_ksys_read+0x10/0x10 [ 424.853275][T10721] ? rcu_is_watching+0x12/0xc0 [ 424.853320][T10721] do_syscall_64+0x10b/0xf80 [ 424.853372][T10721] ? clear_bhb_loop+0x40/0x90 [ 424.853413][T10721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.853447][T10721] RIP: 0033:0x7f503315d68e [ 424.853473][T10721] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 424.853505][T10721] RSP: 002b:00007f5034077fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 424.853537][T10721] RAX: ffffffffffffffda RBX: 00007f50340786c0 RCX: 00007f503315d68e [ 424.853558][T10721] RDX: 000000000000000f RSI: 00007f50340780a0 RDI: 0000000000000003 [ 424.853578][T10721] RBP: 00007f5034078090 R08: 0000000000000000 R09: 0000000000000000 [ 424.853598][T10721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 424.853617][T10721] R13: 00007f5033416128 R14: 00007f5033416090 R15: 00007ffc62ea0608 [ 424.853659][T10721] [ 425.277461][T10733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.976'. [ 426.695051][T10762] netlink: 32 bytes leftover after parsing attributes in process `syz.3.982'. [ 426.738133][T10764] netlink: 338 bytes leftover after parsing attributes in process `syz.0.983'. [ 427.037961][T10771] ecryptfs_miscdev_write: Error while inspecting packet size [ 427.624573][ T30] audit: type=1800 audit(1779326382.061:107): pid=10781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.987" name="file0" dev="tmpfs" ino=1348 res=0 errno=0 [ 431.439671][ T5289] ------------[ cut here ]------------ [ 431.445405][ T5289] kernel BUG at arch/x86/mm/physaddr.c:28! [ 431.451385][ T5289] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 431.457690][ T5289] CPU: 1 UID: 101 PID: 5289 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) [ 431.466833][ T5289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 431.476895][ T5289] RIP: 0010:__phys_addr+0x99/0x100 [ 431.482037][ T5289] Code: 84 d2 75 28 0f b6 0d 57 a9 1e 0f 80 f9 3f 0f 87 a7 ed 67 ff 48 89 e8 48 d3 e8 48 85 c0 75 0a 48 89 e8 5b 5d c3 cc cc cc cc 90 <0f> 0b 48 c7 c7 e1 ed d7 90 e8 39 8f bb 00 eb ca 48 c7 c0 10 f0 5b [ 431.501654][ T5289] RSP: 0018:ffffc9000366f538 EFLAGS: 00010287 [ 431.507743][ T5289] RAX: 840077090033186c RBX: 83ffff890033186c RCX: 000000080020001a [ 431.515720][ T5289] RDX: dffffc0000000000 RSI: 000000000020001a RDI: 83ffff888033186c [ 431.523701][ T5289] RBP: 840077088033186c R08: ffff88802d950001 R09: 000000080020001a [ 431.531682][ T5289] R10: 0000000000000001 R11: 0000000000000000 R12: 83ffff888033186c [ 431.539672][ T5289] R13: 0000000000000000 R14: ffffc9000366f580 R15: ffff8880b85439b0 [ 431.547702][ T5289] FS: 00007f66bbcd2780(0000) GS:ffff888124474000(0000) knlGS:0000000000000000 [ 431.556676][ T5289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 431.563294][ T5289] CR2: 0000555588f66a38 CR3: 000000007ac58000 CR4: 00000000003526f0 [ 431.571293][ T5289] Call Trace: [ 431.574592][ T5289] [ 431.577560][ T5289] qlist_free_all+0x5f/0xf0 [ 431.582097][ T5289] kasan_quarantine_reduce+0x1a0/0x1f0 [ 431.587597][ T5289] __kasan_slab_alloc+0x69/0x90 [ 431.592476][ T5289] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 431.598412][ T5289] ? __alloc_skb+0x140/0x710 [ 431.603117][ T5289] ? __alloc_skb+0x4d0/0x710 [ 431.607732][ T5289] __alloc_skb+0x140/0x710 [ 431.612170][ T5289] ? __alloc_skb+0x5b7/0x710 [ 431.616793][ T5289] ? __pfx___alloc_skb+0x10/0x10 [ 431.621774][ T5289] alloc_skb_with_frags+0xdd/0x760 [ 431.626930][ T5289] sock_alloc_send_pskb+0x801/0x980 [ 431.632167][ T5289] ? is_bpf_text_address+0x8a/0x1a0 [ 431.637408][ T5289] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 431.643162][ T5289] ? is_bpf_text_address+0x94/0x1a0 [ 431.648400][ T5289] ? kernel_text_address+0x8d/0x100 [ 431.653634][ T5289] ? __pfx_widen_string+0x10/0x10 [ 431.658695][ T5289] ? __kernel_text_address+0xd/0x30 [ 431.663927][ T5289] ? unwind_get_return_address+0x59/0xa0 [ 431.669601][ T5289] ? arch_stack_walk+0xa6/0xf0 [ 431.674401][ T5289] unix_dgram_sendmsg+0x3c7/0x1810 [ 431.679542][ T5289] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 431.685481][ T5289] ? tomoyo_socket_sendmsg_permission+0x14e/0x3c0 [ 431.691932][ T5289] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 431.697518][ T5289] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 431.704328][ T5289] unix_seqpacket_sendmsg+0x12a/0x1d0 [ 431.709737][ T5289] sock_write_iter+0x524/0x5a0 [ 431.714551][ T5289] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 431.720474][ T5289] ? __pfx_sock_write_iter+0x10/0x10 [ 431.725914][ T5289] do_iter_readv_writev+0x6ee/0x920 [ 431.731143][ T5289] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 431.736896][ T5289] ? bpf_lsm_file_permission+0x9/0x10 [ 431.742302][ T5289] ? security_file_permission+0x76/0x210 [ 431.747973][ T5289] ? rw_verify_area+0xce/0x6d0 [ 431.752768][ T5289] vfs_writev+0x360/0xe10 [ 431.757134][ T5289] ? _copy_to_user+0xaf/0xd0 [ 431.761763][ T5289] ? __pfx_vfs_writev+0x10/0x10 [ 431.766645][ T5289] ? __pfx___do_sys_newuname+0x10/0x10 [ 431.772143][ T5289] ? __pfx_sock_do_ioctl+0x10/0x10 [ 431.777307][ T5289] ? do_writev+0x28a/0x340 [ 431.781764][ T5289] do_writev+0x28a/0x340 [ 431.786033][ T5289] ? __pfx_do_writev+0x10/0x10 [ 431.790831][ T5289] do_syscall_64+0x10b/0xf80 [ 431.795464][ T5289] ? clear_bhb_loop+0x40/0x90 [ 431.800175][ T5289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.806107][ T5289] RIP: 0033:0x7f66bbd5c407 [ 431.810574][ T5289] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 431.830216][ T5289] RSP: 002b:00007ffd60c66880 EFLAGS: 00000202 ORIG_RAX: 0000000000000014 [ 431.838659][ T5289] RAX: ffffffffffffffda RBX: 00007f66bbcd2780 RCX: 00007f66bbd5c407 [ 431.846660][ T5289] RDX: 0000000000000005 RSI: 00007ffd60c668e0 RDI: 000000000000000a [ 431.854656][ T5289] RBP: 000056120f92f400 R08: 0000000000000000 R09: 0000000000000000 [ 431.862648][ T5289] R10: 0000000000000000 R11: 0000000000000202 R12: 000056120f92f400 [ 431.870646][ T5289] R13: 000000000000012c R14: 00000000ffffffff R15: 0000000000000000 [ 431.878653][ T5289] [ 431.881709][ T5289] Modules linked in: [ 431.886315][ T5289] ---[ end trace 0000000000000000 ]--- [ 431.892580][ T5289] RIP: 0010:__phys_addr+0x99/0x100 [ 431.897843][ T5289] Code: 84 d2 75 28 0f b6 0d 57 a9 1e 0f 80 f9 3f 0f 87 a7 ed 67 ff 48 89 e8 48 d3 e8 48 85 c0 75 0a 48 89 e8 5b 5d c3 cc cc cc cc 90 <0f> 0b 48 c7 c7 e1 ed d7 90 e8 39 8f bb 00 eb ca 48 c7 c0 10 f0 5b [ 431.917535][ T5289] RSP: 0018:ffffc9000366f538 EFLAGS: 00010287 [ 431.923860][ T5289] RAX: 840077090033186c RBX: 83ffff890033186c RCX: 000000080020001a [ 431.931920][ T5289] RDX: dffffc0000000000 RSI: 000000000020001a RDI: 83ffff888033186c [ 431.940108][ T5289] RBP: 840077088033186c R08: ffff88802d950001 R09: 000000080020001a [ 431.948176][ T5289] R10: 0000000000000001 R11: 0000000000000000 R12: 83ffff888033186c [ 431.956478][ T5289] R13: 0000000000000000 R14: ffffc9000366f580 R15: ffff8880b85439b0 [ 431.977646][ T5289] FS: 00007f66bbcd2780(0000) GS:ffff888124374000(0000) knlGS:0000000000000000 [ 431.992399][ T5289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 431.999108][ T5289] CR2: 00007fdd954c9e80 CR3: 000000007ac58000 CR4: 00000000003526f0 [ 432.007232][ T5289] Kernel panic - not syncing: Fatal exception [ 432.014011][ T5289] Kernel Offset: disabled [ 432.018357][ T5289] Rebooting in 86400 seconds..