last executing test programs: 9.365747192s ago: executing program 1 (id=1007): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0) r2 = socket(0x22, 0x3, 0x0) bind$auto(r2, &(0x7f0000000040)=@l2tp={0x2, 0x0, @multicast2}, 0x5) ioctl$auto(r1, 0x40104d01, r1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000640), 0x401, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r3, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:448/power/autosuspend_delay_ms\x00', 0x200, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x1) 8.215821533s ago: executing program 1 (id=1011): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x43, &(0x7f0000000040)='\xa1\x00', 0x4) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r1, 0x400454a4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x9f, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0) preadv2$auto(r2, &(0x7f0000000080)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x400, 0x2f) mmap$auto(0x0, 0x4120008, 0x46, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, 0x0, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) 8.159517721s ago: executing program 2 (id=1012): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x3, 0x3b83, 0x38) bpf$auto_BPF_LINK_GET_NEXT_ID(0x1f, &(0x7f0000000140)=@iter_create={0xffffffffffffffff, 0x2c}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x40000085, 0x400, 0x718c1257}]}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) mmap$auto(0x0, 0x9, 0x40, 0x8000000008012, 0x3, 0x8000) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000105, 0x400, 0x2}]}) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000880)='/dev/input/event0\x00', 0x40100, 0x0) ioctl$auto_EVIOCGMASK(r3, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x9}) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.853876389s ago: executing program 3 (id=1013): mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = socket(0x2, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x76, 0x0, &(0x7f00000000c0)=0x10008) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x20401bf, 0x7352, 0x34, 0x400000000065f, 0x1ffde, 0x40007, 0x7f, 0x20000005, 0x9, 0x3, 0x6, 0x400000004, 0xb4, 0x4, 0x6, 0x2, 0x1, 0xfff, 0xfffffff7, 0x7, 0x1fff, 0x203, 0x838c, 0x84, 0x2, 0x8, 0x5, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x1, 0xffffffffffffffff, 0x0, 0x1, 0x400, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10007, 0x0, 0x81, 0xa2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x251, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x400000000000002, 0x1, 0x0, 0x1, 0x9, 0x9, 0x8, 0x1ffd]}, 0x201, 0x80000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r2 = socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) poll$auto(&(0x7f0000000040)={0x3, 0x0, 0xa}, 0x5, 0x108) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r2, 0x0, 0x20044025) mmap$auto(0x2, 0x4e, 0xffffffff, 0x40000000000eb1, r1, 0x90000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/workqueue/iscsi_conn_cleanup/per_cpu\x00', 0x40880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)=""/244, 0xf4) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x4) close_range$auto(0x2, 0x8, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, 0x0) 6.845148571s ago: executing program 0 (id=1014): ioctl$auto_FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) write$auto(0xffffffffffffffff, 0x0, 0x5) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) select$auto(0xe, 0x0, 0x0, &(0x7f0000000000)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x100, 0xd08, 0xc, 0x200000000000c, 0x0, 0x6d2f, 0xffffffffffffff00, 0x2, 0x4000000000000d]}, 0x0) socket(0x2c, 0x1, 0x4004) setregid$auto(0xee01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) fanotify_init$auto(0x5, 0x0) mmap$auto(0x0, 0x853, 0x2000000000000002, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x201, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/conf/ip6gretap0/accept_source_route\x00', 0x20140, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 6.271502203s ago: executing program 2 (id=1015): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x1, 0x401) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x540a, 0x0) unshare$auto(0x40000080) open(&(0x7f00000000c0)='./file0\x00', 0x4020c0, 0x140) r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/statistics/dot11RTSSuccessCount\x00', 0x800, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r3, 0x0, 0x0) semctl$auto(0x201, 0x2, 0x13, 0x1) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x5, 0x20000084) init_module$auto(0x0, 0xffff9, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setgroups$auto(0x1, 0x0) 6.164575433s ago: executing program 3 (id=1016): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x1, 0x401) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x540a, 0x0) unshare$auto(0x40000080) open(&(0x7f00000000c0)='./file0\x00', 0x4020c0, 0x140) r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/statistics/dot11RTSSuccessCount\x00', 0x800, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r3, 0x0, 0x0) semctl$auto(0x201, 0x2, 0x13, 0x1) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x5, 0x20000084) init_module$auto(0x0, 0xffff9, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 5.375216037s ago: executing program 0 (id=1017): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f00000002c0)={0x0, 0x8}, 0x6, 0x3, 0xc3, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendto$auto(0xffffffffffffffff, 0x0, 0x1, 0xacf8, &(0x7f0000000040)=@generic={0xa, "e2fdffffffffffffff00"}, 0x1c) capset$auto(0x0, &(0x7f0000000000)={0xb213, 0x2c, 0x800}) listen$auto(r0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="0000000081dc62fa55651c38c007693fc46e0c79cb48e1765fd620a0e756cd8b3ff526b07bca74ecb1f4b4ee66617411b5e33fc8048d5b6804836a43a114b981bfa602ae7c0c469be54672f86dea26ab58863f221a3d66b1bf1f305774fc81a59693558473", @ANYRES16=0x0, @ANYBLOB="000425bd7000fcdbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r2, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r2, 0x80204d01, 0x0) r3 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) getsockopt$auto_SO_SNDBUF(r3, 0x73, 0x7, &(0x7f0000000100)='SEG\x85\x00', &(0x7f0000000140)=0x9d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x1bfffe, 0x800097, 0x1, 0x0, 0x3, 0x1) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) mmap$auto(0x3, 0x2020009, 0x6e2, 0xeb1, 0xfffffffffffffffa, 0x8000) 5.368586177s ago: executing program 3 (id=1018): mmap$auto(0x2, 0x0, 0xdf, 0x9b72, 0x2, 0xc000) unshare$auto(0x40000080) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) r0 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/per_cpu/cpu1/buffer_size_kb\x00', 0x300, 0x0) read$auto_tracing_entries_fops_trace(r0, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x1ff, 0x1001, 0x5, 0x717e, 0x0, 0x7, 0x200000000000003, 0xd, 0x2, 0x80003, 0x4, 0x1ffffffffffd, 0xb5, 0xfffffffffffffffe, 0x7, 0x10002, 0x7f, 0x2a2, 0x5, 0xa, 0x22000, 0x200, 0x4, 0x84, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, [0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8000000, 0x0, 0xffffffffffffffff, 0x3]}, 0x1fe, 0xd) r2 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r2, 0xfffffffffffffd03, &(0x7f00000001c0)) connect$auto(0x3, &(0x7f00000018c0)=@ethernet={0x1, @remote}, 0x8) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000040), r1) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x800, 0x0) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000440)=""/82, 0x52) ioctl$auto_TIOCSWINSZ2(r3, 0x5414, &(0x7f00000001c0)) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/36u\x00', 0x26040, 0x0) 4.420891493s ago: executing program 1 (id=1019): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, 0x0) pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) 4.059161611s ago: executing program 0 (id=1020): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0) r2 = socket(0x22, 0x3, 0x0) bind$auto(r2, &(0x7f0000000040)=@l2tp={0x2, 0x0, @multicast2}, 0x5) ioctl$auto(r1, 0x40104d01, r1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xff) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r3, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:448/power/autosuspend_delay_ms\x00', 0x200, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x1) 3.817608976s ago: executing program 2 (id=1021): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, 0x0) pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) 3.236826626s ago: executing program 0 (id=1022): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103200, 0x0) close_range$auto(0x2, r0, 0xffefff94) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) timer_create$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/sit0/ifindex\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x202, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x2) prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) 3.042301251s ago: executing program 1 (id=1023): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(0xffffffffffffffff) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r0, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r1, 0xffffffffffdffe00, 0x0) pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) 2.340657874s ago: executing program 0 (id=1024): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x3, 0x3b83, 0x38) bpf$auto_BPF_LINK_GET_NEXT_ID(0x1f, &(0x7f0000000140)=@iter_create={0xffffffffffffffff, 0x2c}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x40000085, 0x400, 0x718c1257}]}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) mmap$auto(0x0, 0x9, 0x40, 0x8000000008012, 0x3, 0x8000) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000105, 0x400, 0x2}]}) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000880)='/dev/input/event0\x00', 0x40100, 0x0) ioctl$auto_EVIOCGMASK(r3, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x9}) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.340478355s ago: executing program 2 (id=1025): r0 = bpf$auto(0x9, 0x0, 0x9) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fb\x00', 0x101000, 0x0) mount_setattr$auto(r0, &(0x7f0000000000)='./file0\x00', 0x3, &(0x7f00000000c0)={0x8, 0x2b, 0xad4d, @inferred=r1}, 0x7fffffff) shutdown$auto(0x200000003, 0x2) unshare$auto(0x40000080) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0x2, 0x5, 0x0) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) clone$auto(0x0, 0x5, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x9) r2 = socket(0x1d, 0x2, 0x7) getsockopt$auto(r2, 0x6b, 0x3, 0xfffffffffffffffe, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) semctl$auto_SETVAL(0xb134, 0x9, 0x10, 0x3) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x311200, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv$auto(0x40000000000003, 0x0, 0x6, 0x7fffffff, 0x3ef) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) fstat$auto(0xffffffffffffffff, &(0x7f0000000300)={0xff, 0x7, 0x45, 0x4, 0x0, 0x0, 0x0, 0x0, 0xe, 0x803, 0x4, 0x2006, 0x0, 0x7ff, 0x1, 0x100, 0x8}) 2.278283995s ago: executing program 3 (id=1026): ioctl$auto_FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) write$auto(0xffffffffffffffff, 0x0, 0x5) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) select$auto(0xe, 0x0, 0x0, &(0x7f0000000000)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x100, 0xd08, 0xc, 0x200000000000c, 0x0, 0x6d2f, 0xffffffffffffff00, 0x2, 0x4000000000000d]}, 0x0) socket(0x2c, 0x1, 0x4004) setregid$auto(0xee01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) fanotify_init$auto(0x5, 0x0) mmap$auto(0x0, 0x853, 0x2000000000000002, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x201, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/conf/ip6gretap0/accept_source_route\x00', 0x20140, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 1.39413571s ago: executing program 0 (id=1027): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4bfa, 0x1) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0x20, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000850}, 0xc08c) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r3 = socket$nl_generic(0x10, 0x3, 0x10) acct$auto(&(0x7f0000000000)='/dev/tty\x00`Mx\x9d\xfa\xb3\x1f\xc6k\x01\x13\x9b\x15[\xf7\xaan\x1fOgo\xbb(\xcbx\x9bJ\x91*\xa5a\x02\xf3\x1b\x9d\xddy\xef\xee\xe4h\xd5\nH\x80\x8a\xd7Y\xb8\xcb\x90') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="a001ee", @ANYRES16=r2, @ANYBLOB], 0x1a0}, 0x1, 0x0, 0x0, 0x4040004}, 0x24048000) r5 = syz_genetlink_get_family_id$auto_ipvs(0x0, r3) sendmsg$auto_IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0xc8, r5, 0xb09, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0xb2, 0x2, 0x0, 0x1, [@typed={0x6d, 0xdd, 0x0, 0x0, @binary="c7e037f9bdd1d3b7c41af88f2a838cec5ba30911b07c06ed837d13d1c165fbd9b06a51171b57bc357fafa4c373d127ff36780a438e3840e63b0674ac5770aabf3bbe5ac696511cb995415bbb2bddbf1c3df385810c218a3cd1ac0573a14fd8ca299abbc437cff9709f"}, @typed={0x8, 0x3, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @generic, @generic="f22ce64a324d7a1a1b7b8d17bd299a6cacf584ddf1b47506f2274b63d8e6ce7bfca88904097269", @generic="72bd3b32b88467843cb1b3ad4504b6"]}]}, 0xc8}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) 1.267979722s ago: executing program 2 (id=1028): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) timer_create$auto(0x9, 0x0, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(0xffffffffffffffff, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x4}, {0x0, 0x83}}, 0x0) timer_gettime$auto(0x0, &(0x7f0000000080)={{0x5, 0x8}, {0x7f, 0x10000}}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x4a42, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r0, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0x1cb842, 0x0) landlock_restrict_self$auto(r1, 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@ethernet={0x1, @link_local}, 0x6a) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x2000000000006, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0xffffffffffffffff, 0x2, 0x8000000000000006]}, 0x0) 968.566902ms ago: executing program 1 (id=1029): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77eeb07c, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x22, 0x3, 0x0) socket(0xa, 0x5, 0x0) clone$auto(0x7fff, 0xff, 0x0, 0x0, 0x7) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth1_macvtap/ioam6_id_wide\x00', 0x169002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 871.474786ms ago: executing program 3 (id=1030): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0) r2 = socket(0x22, 0x3, 0x0) bind$auto(r2, &(0x7f0000000040)=@l2tp={0x2, 0x0, @multicast2}, 0x5) ioctl$auto(r1, 0x40104d01, r1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xff) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r3, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:448/power/autosuspend_delay_ms\x00', 0x200, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x1) 269.20043ms ago: executing program 2 (id=1031): connect$auto(0xffffffffffffffff, 0x0, 0x8) io_uring_setup$auto(0x59, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, 0x0, 0x410c01, 0x0) preadv2$auto(r0, 0x0, 0x20000006, 0xffffffffffffffff, 0x4000c1ac, 0x3) close_range$auto(0xffffffffffffffff, 0xa, 0x0) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_MEMGETINFO(r1, 0x80204d01, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x9, 0x600, 0x0, 0x75) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r2, 0x1269, 0x0) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x12002, 0x0) ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(r3, 0x4048587b, &(0x7f0000000340)={{r3, &(0x7f0000000000)="5963a72e0fb3c20ad7e273ed7d0362", 0x4, &(0x7f0000000040), 0x2, &(0x7f0000000140)="d0507ce69fcd1afb0741a14185a8f73dd4675eff4ab883c8f980910ebeb49589d4047d206b3ae75b330f72eb", &(0x7f0000000180)=0x1ff}, 0x2, &(0x7f0000000300)={0x6, 0x7fff, &(0x7f00000001c0)="6811c59cddb917fd127970567b4ec6412b0a5cd26381a1c6239527f23c4ac289f64d4f509b80d03a20cb83111d41fe80c66a4015eba0c626f9c7a9fb22622f9cf29e1e341a53bdeaea4ae49ae531e23d52e36c89933d9cd7c9ccf76047b9652530dfc5a68a7db7f9bea64d78aeb670f3bc07a6ab937cee7bc141e094b86bd54db005e61ecbff562379ba564982c1a4d0f3267f4b15cdd47338d18855e0142d751da75d19645d116fdec716f5e68daaaa13a9344ce72cb22bdcfb5b3a828bab6c9d7d613eef5c021ba7618b490b6cfd70b23bcd55f71c38d2753854660e319134940963", &(0x7f00000002c0)="3fe90cafe87c27db66de6e568623cc7e1ffffbf70f7a00", 0xce, 0x8}}) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket(0x2, 0x1, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x6e602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000cf, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) 7.917038ms ago: executing program 3 (id=1032): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, 0x0) pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) 0s ago: executing program 1 (id=1033): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x1, 0x401) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x540a, 0x0) unshare$auto(0x40000080) open(&(0x7f00000000c0)='./file0\x00', 0x4020c0, 0x140) r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/statistics/dot11RTSSuccessCount\x00', 0x800, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r3, 0x0, 0x0) semctl$auto(0x201, 0x2, 0x13, 0x1) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x5, 0x20000084) init_module$auto(0x0, 0xffff9, 0x0) close_range$auto(0x2, 0xa, 0x0) r4 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r4, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setgroups$auto(0x1, 0x0) kernel console output (not intermixed with test programs): 91.916571][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.934305][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.958700][ T5834] veth0_vlan: entered promiscuous mode [ 91.969039][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.988336][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.011037][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.041653][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.046435][ T5824] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.053399][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.074604][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.092606][ T5834] veth1_vlan: entered promiscuous mode [ 92.101954][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.114410][ T796] cfg80211: failed to load regulatory.db [ 92.123317][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.192694][ T1026] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.202727][ T1026] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.229976][ T1026] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.239213][ T1026] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.384747][ T5834] veth0_macvtap: entered promiscuous mode [ 92.435141][ T5834] veth1_macvtap: entered promiscuous mode [ 92.486245][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.494304][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.542640][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.545944][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.551941][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.600447][ T3019] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.610445][ T3019] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.639267][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.709986][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.719460][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.769928][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.790594][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.810226][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.822354][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.992338][ T5835] Bluetooth: hci0: command tx timeout [ 93.060502][ T51] Bluetooth: hci2: command tx timeout [ 93.062154][ T5832] Bluetooth: hci1: command tx timeout [ 93.066001][ T5835] Bluetooth: hci3: command tx timeout [ 93.296581][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.335171][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.456468][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.478406][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.560850][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 94.586233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.945533][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.956249][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.060284][ T5835] Bluetooth: hci0: command tx timeout [ 95.112281][ T5960] process 'syz.1.9' launched ':,' with NULL argv: empty string added [ 95.153069][ T5835] Bluetooth: hci3: command tx timeout [ 95.158091][ T5832] Bluetooth: hci2: command tx timeout [ 95.159689][ T5835] Bluetooth: hci1: command tx timeout [ 95.211607][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.224058][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.235138][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.247116][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.257720][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.267802][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.144302][ T5968] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 96.223271][ T30] audit: type=1804 audit(1773649151.453:2): pid=5968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.11" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 96.760993][ T5977] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 96.984018][ T5972] bridge0: port 3(team0) entered blocking state [ 96.992282][ T5972] bridge0: port 3(team0) entered disabled state [ 96.998750][ T5972] team0: entered allmulticast mode [ 97.010909][ T5972] team_slave_0: entered allmulticast mode [ 97.030267][ T5972] team_slave_1: entered allmulticast mode [ 97.091424][ T5972] team0: entered promiscuous mode [ 97.146560][ T5972] team_slave_0: entered promiscuous mode [ 97.187949][ T5972] team_slave_1: entered promiscuous mode [ 97.239709][ T5972] bridge0: port 3(team0) entered blocking state [ 97.246461][ T5972] bridge0: port 3(team0) entered forwarding state [ 99.665579][ T6011] Invalid ELF header magic: != ELF [ 100.662040][ T6022] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 102.265674][ T6044] block2mtd: illegal erase size [ 102.714936][ T6039] input: f as /devices/virtual/input/input5 [ 106.566061][ T6105] Zero length message leads to an empty skb [ 107.121425][ T6108] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 107.144088][ T6108] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 107.239961][ T6108] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 107.241910][ T6108] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 107.241959][ T6108] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 107.246824][ T6108] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 107.283972][ T6108] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 107.284149][ T6108] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 107.285294][ T6108] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 107.286235][ T6108] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 107.286407][ T6108] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 107.292188][ T6108] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 109.146698][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 109.300915][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 109.301120][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 109.314534][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 110.994940][ T6144] FAULT_INJECTION: forcing a failure. [ 110.994940][ T6144] name failslab, interval 1, probability 0, space 0, times 1 [ 111.071587][ T6144] CPU: 0 UID: 0 PID: 6144 Comm: syz.2.43 Not tainted syzkaller #0 PREEMPT(full) [ 111.071632][ T6144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 111.071651][ T6144] Call Trace: [ 111.071661][ T6144] [ 111.071673][ T6144] dump_stack_lvl+0x100/0x190 [ 111.071725][ T6144] should_fail_ex.cold+0x5/0xa [ 111.071759][ T6144] ? memcg_list_lru_alloc+0x4ec/0x740 [ 111.071805][ T6144] should_failslab+0xc2/0x120 [ 111.071847][ T6144] __kmalloc_noprof+0xe0/0x850 [ 111.071893][ T6144] ? path_openat+0xf95/0x31a0 [ 111.071929][ T6144] memcg_list_lru_alloc+0x4ec/0x740 [ 111.071986][ T6144] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 111.072030][ T6144] ? rcu_read_unlock+0x17/0x60 [ 111.072073][ T6144] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 111.072123][ T6144] __memcg_slab_post_alloc_hook+0x130/0x990 [ 111.072167][ T6144] ? kasan_save_track+0x14/0x30 [ 111.072219][ T6144] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 111.072265][ T6144] ? alloc_inode+0x183/0x250 [ 111.072314][ T6144] alloc_inode+0x183/0x250 [ 111.072355][ T6144] path_from_stashed+0x25b/0x750 [ 111.072386][ T6144] ? do_raw_spin_unlock+0x145/0x1e0 [ 111.072440][ T6144] ns_get_path+0x60/0x80 [ 111.072472][ T6144] proc_ns_get_link+0x121/0x230 [ 111.072515][ T6144] ? __pfx_proc_ns_get_link+0x10/0x10 [ 111.072561][ T6144] ? atime_needs_update+0x8b/0x6b0 [ 111.072608][ T6144] pick_link+0xd17/0x13c0 [ 111.072652][ T6144] ? __pfx_proc_ns_get_link+0x10/0x10 [ 111.072699][ T6144] step_into_slowpath+0x9ba/0xf90 [ 111.072752][ T6144] ? __pfx_step_into_slowpath+0x10/0x10 [ 111.072797][ T6144] ? find_held_lock+0x2b/0x80 [ 111.072849][ T6144] path_openat+0xf95/0x31a0 [ 111.072894][ T6144] ? __pfx_path_openat+0x10/0x10 [ 111.072938][ T6144] do_file_open+0x20e/0x430 [ 111.072972][ T6144] ? __pfx_do_file_open+0x10/0x10 [ 111.073033][ T6144] ? alloc_fd+0x476/0x790 [ 111.073066][ T6144] ? do_getname+0x191/0x390 [ 111.073108][ T6144] do_sys_openat2+0x10d/0x1e0 [ 111.073148][ T6144] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.073191][ T6144] ? __fget_files+0x21f/0x3d0 [ 111.073227][ T6144] __x64_sys_openat+0x12d/0x210 [ 111.073270][ T6144] ? __pfx___x64_sys_openat+0x10/0x10 [ 111.073320][ T6144] do_syscall_64+0x106/0xf80 [ 111.073362][ T6144] ? clear_bhb_loop+0x40/0x90 [ 111.073399][ T6144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.073431][ T6144] RIP: 0033:0x7f18be35cfce [ 111.073458][ T6144] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 111.073486][ T6144] RSP: 002b:00007f18bf2f3ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 111.073516][ T6144] RAX: ffffffffffffffda RBX: 00007f18bf2f46c0 RCX: 00007f18be35cfce [ 111.073535][ T6144] RDX: 0000000000000002 RSI: 00007f18bf2f3f90 RDI: ffffffffffffff9c [ 111.073553][ T6144] RBP: 00007f18be432c99 R08: 0000000000000000 R09: 0000000000000000 [ 111.073569][ T6144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.073587][ T6144] R13: 00007f18be616038 R14: 00007f18be615fa0 R15: 00007ffd8259df18 [ 111.073627][ T6144] [ 111.456329][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 111.460135][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 111.463583][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 111.474672][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 113.545856][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 113.552122][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 113.558159][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 113.564331][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 113.728316][ T6179] Invalid ELF header magic: != ELF [ 115.637889][ T5835] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 115.990003][ T6205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.53'. [ 118.986626][ T6236] netlink: 8 bytes leftover after parsing attributes in process `syz.1.59'. [ 119.174693][ T6244] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 119.371801][ T30] audit: type=1804 audit(1773649174.633:3): pid=6249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.60" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=19 res=1 errno=0 [ 119.756300][ T6247] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 119.826066][ T6254] FAULT_INJECTION: forcing a failure. [ 119.826066][ T6254] name failslab, interval 1, probability 0, space 0, times 0 [ 120.009934][ T6254] CPU: 0 UID: 0 PID: 6254 Comm: syz.3.61 Not tainted syzkaller #0 PREEMPT(full) [ 120.009978][ T6254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 120.009996][ T6254] Call Trace: [ 120.010006][ T6254] [ 120.010018][ T6254] dump_stack_lvl+0x100/0x190 [ 120.010073][ T6254] should_fail_ex.cold+0x5/0xa [ 120.010108][ T6254] should_failslab+0xc2/0x120 [ 120.010141][ T6254] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 120.010184][ T6254] ? alloc_inode+0x183/0x250 [ 120.010222][ T6254] ? ioctx_alloc+0x427/0x21d0 [ 120.010259][ T6254] alloc_inode+0x183/0x250 [ 120.010297][ T6254] alloc_anon_inode+0x2a/0x3e0 [ 120.010332][ T6254] ioctx_alloc+0x4dc/0x21d0 [ 120.010379][ T6254] ? find_held_lock+0x2b/0x80 [ 120.010409][ T6254] ? __pfx_ioctx_alloc+0x10/0x10 [ 120.010455][ T6254] __x64_sys_io_setup+0xc9/0x220 [ 120.010493][ T6254] do_syscall_64+0x106/0xf80 [ 120.010536][ T6254] ? clear_bhb_loop+0x40/0x90 [ 120.010575][ T6254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.010616][ T6254] RIP: 0033:0x7f99bfd9c799 [ 120.010641][ T6254] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 120.010670][ T6254] RSP: 002b:00007f99c0c37028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 120.010700][ T6254] RAX: ffffffffffffffda RBX: 00007f99c0016450 RCX: 00007f99bfd9c799 [ 120.010719][ T6254] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000e [ 120.010737][ T6254] RBP: 00007f99bfe32c99 R08: 0000000000000000 R09: 0000000000000000 [ 120.010754][ T6254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.010771][ T6254] R13: 00007f99c00164e8 R14: 00007f99c0016450 R15: 00007ffca7e3dbe8 [ 120.010814][ T6254] [ 121.471986][ T6268] ======================================================= [ 121.471986][ T6268] WARNING: The mand mount option has been deprecated and [ 121.471986][ T6268] and is ignored by this kernel. Remove the mand [ 121.471986][ T6268] option from the mount to silence this warning. [ 121.471986][ T6268] ======================================================= [ 122.524077][ T6283] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 123.365601][ T6290] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 124.512201][ T6311] syz.2.71 uses obsolete (PF_INET,SOCK_PACKET) [ 126.001427][ T6295] futex_wake_op: syz.0.68 tries to shift op by -2048; fix this program [ 126.792758][ T6335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7880e [ 126.842882][ T6335] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 126.930832][ T6335] memcg:ffff88807880e111 [ 126.935155][ T6335] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 126.980579][ T6335] page_type: f5(slab) [ 126.984647][ T6335] raw: 00fff00000000040 ffff88813fe54000 dead000000000100 dead000000000122 [ 127.031571][ T6335] raw: 0000000000000000 0000020000100010 00000000f5000000 ffff88807880e111 [ 127.118457][ T6335] head: 00fff00000000040 ffff88813fe54000 dead000000000100 dead000000000122 [ 127.191842][ T6335] head: 0000000000000000 0000020000100010 00000000f5000000 ffff88807880e111 [ 127.291047][ T6335] head: 00fff00000000001 ffffea0001e20381 00000000ffffffff 00000000ffffffff [ 127.355379][ T6335] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 127.416084][ T6335] page dumped because: unmovable page [ 127.435962][ T6335] page_owner tracks the page as allocated [ 127.459720][ T6335] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6007, tgid 6006 (syz.1.20), ts 99516793665, free_ts 99468673666 [ 127.532278][ T6335] post_alloc_hook+0x153/0x170 [ 127.609739][ T6335] get_page_from_freelist+0x111d/0x3140 [ 127.650236][ T6335] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 127.656276][ T6335] new_slab+0xa6/0x6b0 [ 127.680201][ T6335] refill_objects+0x26b/0x400 [ 127.685109][ T6335] __pcs_replace_empty_main+0x1ab/0x660 [ 127.727993][ T6335] __kmalloc_cache_noprof+0x493/0x6f0 [ 127.749219][ T6335] alloc_netdev_mqs+0xd95/0x14f0 [ 127.767970][ T6335] vti6_init_net+0x12d/0x440 [ 127.785889][ T6335] ops_init+0x1e2/0x5f0 [ 127.802495][ T6335] setup_net+0x118/0x3a0 [ 127.815789][ T6335] copy_net_ns+0x46f/0x7c0 [ 127.830674][ T6335] create_new_namespaces+0x3ea/0xac0 [ 127.847599][ T6335] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 127.871542][ T6335] ksys_unshare+0x473/0xad0 [ 127.885236][ T6335] __x64_sys_unshare+0x31/0x40 [ 127.914692][ T6335] page last free pid 6007 tgid 6006 stack trace: [ 127.940822][ T6335] __free_frozen_pages+0x7e1/0x10d0 [ 127.950495][ T6335] qlist_free_all+0x47/0xe0 [ 127.960463][ T6335] kasan_quarantine_reduce+0x1a0/0x1f0 [ 127.977004][ T6335] __kasan_slab_alloc+0x69/0x90 [ 127.997347][ T6335] __kmalloc_cache_noprof+0x243/0x6f0 [ 128.007690][ T6335] ref_tracker_alloc+0x190/0x590 [ 128.027618][ T6335] netdev_queue_update_kobjects+0x2db/0x6f0 [ 128.047848][ T6335] netdev_register_kobject+0x2b3/0x3d0 [ 128.068459][ T6335] register_netdevice+0x12e0/0x2210 [ 128.080120][ T6335] __ip_tunnel_create+0x52b/0x670 [ 128.085238][ T6335] ip_tunnel_init_net+0x230/0x780 [ 128.120099][ T6335] ops_init+0x1e2/0x5f0 [ 128.124456][ T6335] setup_net+0x118/0x3a0 [ 128.128932][ T6335] copy_net_ns+0x46f/0x7c0 [ 128.150196][ T6335] create_new_namespaces+0x3ea/0xac0 [ 128.160421][ T6335] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 129.100720][ T6357] netlink: 4 bytes leftover after parsing attributes in process `syz.0.78'. [ 129.241166][ T6359] netlink: 'syz.0.78': attribute type 1 has an invalid length. [ 129.248952][ T6359] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.78'. [ 130.020314][ T6373] netlink: 'syz.0.83': attribute type 64 has an invalid length. [ 130.059888][ T6373] netlink: 74 bytes leftover after parsing attributes in process `syz.0.83'. [ 131.909538][ T6396] Invalid ELF header magic: != ELF [ 133.067004][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.073549][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.867897][ T6433] netlink: 186 bytes leftover after parsing attributes in process `syz.2.93'. [ 136.507777][ T6443] Invalid ELF header magic: != ELF [ 137.879033][ T6472] netlink: 12 bytes leftover after parsing attributes in process `syz.0.101'. [ 137.924086][ T6475] input: jJǸ-9%vJ86 as /devices/virtual/input/input8 [ 138.325504][ T6474] FAULT_INJECTION: forcing a failure. [ 138.325504][ T6474] name failslab, interval 1, probability 0, space 0, times 0 [ 138.339145][ T6474] CPU: 0 UID: 0 PID: 6474 Comm: syz.1.102 Not tainted syzkaller #0 PREEMPT(full) [ 138.339170][ T6474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 138.339181][ T6474] Call Trace: [ 138.339188][ T6474] [ 138.339195][ T6474] dump_stack_lvl+0x100/0x190 [ 138.339226][ T6474] should_fail_ex.cold+0x5/0xa [ 138.339247][ T6474] should_failslab+0xc2/0x120 [ 138.339275][ T6474] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 138.339317][ T6474] ? acpi_ps_alloc_op+0x29d/0x360 [ 138.339362][ T6474] acpi_ps_alloc_op+0x29d/0x360 [ 138.339390][ T6474] ? acpi_ut_status_exit+0x111/0x1c0 [ 138.339413][ T6474] acpi_ps_create_op+0x4b3/0xd10 [ 138.339434][ T6474] ? __pfx_acpi_ps_create_op+0x10/0x10 [ 138.339454][ T6474] ? __pfx_acpi_ut_trace_ptr+0x10/0x10 [ 138.339476][ T6474] ? acpi_ut_value_exit+0x10d/0x190 [ 138.339501][ T6474] acpi_ps_parse_loop+0xa65/0x24a0 [ 138.339523][ T6474] ? __kmalloc_noprof+0x320/0x850 [ 138.339554][ T6474] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 138.339581][ T6474] ? acpi_ut_status_exit+0x111/0x1c0 [ 138.339604][ T6474] ? acpi_ds_call_control_method+0x435/0xab0 [ 138.339636][ T6474] acpi_ps_parse_aml+0x81e/0x1120 [ 138.339661][ T6474] acpi_ps_execute_method+0x5c4/0xe90 [ 138.339689][ T6474] acpi_ns_evaluate+0x640/0x1670 [ 138.339718][ T6474] acpi_evaluate_object+0x420/0xe00 [ 138.339735][ T6474] ? kasan_save_stack+0x30/0x50 [ 138.339762][ T6474] ? kasan_save_track+0x14/0x30 [ 138.339793][ T6474] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 138.339821][ T6474] acpi_evaluate_integer+0xdf/0x220 [ 138.339848][ T6474] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 138.339883][ T6474] ? __pfx_status_show+0x10/0x10 [ 138.339899][ T6474] status_show+0xa0/0x120 [ 138.339916][ T6474] ? __pfx_status_show+0x10/0x10 [ 138.339938][ T6474] dev_attr_show+0x52/0xa0 [ 138.339959][ T6474] ? __pfx_dev_attr_show+0x10/0x10 [ 138.339979][ T6474] sysfs_kf_seq_show+0x217/0x3a0 [ 138.340007][ T6474] seq_read_iter+0x32f/0x1270 [ 138.340063][ T6474] kernfs_fop_read_iter+0x46c/0x610 [ 138.340096][ T6474] ? rw_verify_area+0xce/0x6d0 [ 138.340133][ T6474] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 138.340166][ T6474] vfs_read+0x825/0xb30 [ 138.340213][ T6474] ? __pfx_vfs_read+0x10/0x10 [ 138.340286][ T6474] ksys_read+0x12a/0x250 [ 138.340311][ T6474] ? __pfx_ksys_read+0x10/0x10 [ 138.340349][ T6474] do_syscall_64+0x106/0xf80 [ 138.340391][ T6474] ? clear_bhb_loop+0x40/0x90 [ 138.340430][ T6474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.340462][ T6474] RIP: 0033:0x7f8c5ed9c799 [ 138.340487][ T6474] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.340515][ T6474] RSP: 002b:00007f8c5fbfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 138.340542][ T6474] RAX: ffffffffffffffda RBX: 00007f8c5f015fa0 RCX: 00007f8c5ed9c799 [ 138.340571][ T6474] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000008 [ 138.340587][ T6474] RBP: 00007f8c5ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 138.340605][ T6474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.340621][ T6474] R13: 00007f8c5f016038 R14: 00007f8c5f015fa0 R15: 00007ffcb2f0e518 [ 138.340665][ T6474] [ 138.750217][ T6474] ACPI Error: Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 139.031433][ T6474] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 139.614037][ T6486] Invalid ELF header magic: != ELF [ 139.669690][ T6493] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 140.042699][ T30] audit: type=1800 audit(1773649195.303:4): pid=6503 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.103" name="lu_gp_id" dev="configfs" ino=10664 res=0 errno=0 [ 140.062371][ T6493] zswap: compressor not available [ 141.754855][ T6524] Invalid ELF header magic: != ELF [ 141.771338][ T6523] Invalid ELF header magic: != ELF [ 142.303496][ T6529] Invalid ELF header magic: != ELF [ 143.017958][ T5835] Bluetooth: hci2: unexpected event 0x18 length: 440 > 23 [ 144.545583][ T6554] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 144.590421][ T6554] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 144.598504][ T6554] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 144.626335][ T6554] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 145.077345][ T30] audit: type=1804 audit(1773649200.333:5): pid=6569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.117" name="/newroot/33/file0" dev="tmpfs" ino=190 res=1 errno=0 [ 145.109197][ T30] audit: type=1804 audit(1773649200.363:6): pid=6573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.117" name="/newroot/33/file0" dev="tmpfs" ino=190 res=1 errno=0 [ 145.213558][ T6575] Invalid ELF header magic: != ELF [ 146.203176][ T6592] binder: 6591:6592 ioctl c018620c 0 returned -1 [ 146.501661][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 146.662072][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 146.662092][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 146.662133][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 147.799028][ T6617] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 148.327973][ T6622] smpboot: CPU 1 is now offline [ 148.641195][ T6611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.125'. [ 150.241848][ T30] audit: type=1800 audit(1773649205.503:7): pid=6648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.133" name="dbroot" dev="configfs" ino=12052 res=0 errno=0 [ 150.345639][ T6646] Invalid ELF header magic: != ELF [ 150.629273][ T6648] tipc: Started in network mode [ 150.656426][ T6648] tipc: Node identity ffffffff, cluster identity 4711 [ 150.754375][ T6648] tipc: Node number set to 4294967295 [ 151.269154][ T6656] futex_wake_op: syz.3.135 tries to shift op by -2048; fix this program [ 151.333183][ T6656] futex_wake_op: syz.3.135 tries to shift op by -2048; fix this program [ 151.533829][ T6659] Invalid ELF header magic: != ELF [ 152.040980][ T6667] Invalid ELF header magic: != ELF [ 152.321414][ T6674] FAULT_INJECTION: forcing a failure. [ 152.321414][ T6674] name failslab, interval 1, probability 0, space 0, times 0 [ 152.422424][ T6674] CPU: 0 UID: 0 PID: 6674 Comm: syz.1.139 Not tainted syzkaller #0 PREEMPT(full) [ 152.422453][ T6674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 152.422463][ T6674] Call Trace: [ 152.422470][ T6674] [ 152.422477][ T6674] dump_stack_lvl+0x100/0x190 [ 152.422509][ T6674] should_fail_ex.cold+0x5/0xa [ 152.422529][ T6674] should_failslab+0xc2/0x120 [ 152.422549][ T6674] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 152.422576][ T6674] ? do_getname+0x35/0x390 [ 152.422614][ T6674] do_getname+0x35/0x390 [ 152.422638][ T6674] do_sys_openat2+0xc5/0x1e0 [ 152.422662][ T6674] ? __pfx_do_sys_openat2+0x10/0x10 [ 152.422694][ T6674] __x64_sys_openat+0x12d/0x210 [ 152.422718][ T6674] ? __pfx___x64_sys_openat+0x10/0x10 [ 152.422752][ T6674] do_syscall_64+0x106/0xf80 [ 152.422778][ T6674] ? clear_bhb_loop+0x40/0x90 [ 152.422800][ T6674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.422818][ T6674] RIP: 0033:0x7f8c5ed5cfce [ 152.422833][ T6674] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 152.422849][ T6674] RSP: 002b:00007f8c5fbdbec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 152.422867][ T6674] RAX: ffffffffffffffda RBX: 00007f8c5fbdc6c0 RCX: 00007f8c5ed5cfce [ 152.422879][ T6674] RDX: 0000000000000002 RSI: 00007f8c5fbdbf90 RDI: ffffffffffffff9c [ 152.422889][ T6674] RBP: 00007f8c5ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 152.422899][ T6674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.422909][ T6674] R13: 00007f8c5f016128 R14: 00007f8c5f016090 R15: 00007ffcb2f0e518 [ 152.422931][ T6674] [ 155.093595][ T6713] zswap: compressor not available [ 155.353157][ T5832] block nbd0: Receive control failed (result -32) [ 155.841002][ T6730] bond0: invalid ARP target specified [ 155.893950][ T6730] capability: warning: `syz.1.150' uses 32-bit capabilities (legacy support in use) [ 157.454899][ T6749] FAULT_INJECTION: forcing a failure. [ 157.454899][ T6749] name failslab, interval 1, probability 0, space 0, times 0 [ 157.529198][ T6749] CPU: 0 UID: 0 PID: 6749 Comm: syz.0.154 Not tainted syzkaller #0 PREEMPT(full) [ 157.529226][ T6749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 157.529237][ T6749] Call Trace: [ 157.529245][ T6749] [ 157.529253][ T6749] dump_stack_lvl+0x100/0x190 [ 157.529285][ T6749] should_fail_ex.cold+0x5/0xa [ 157.529306][ T6749] should_failslab+0xc2/0x120 [ 157.529325][ T6749] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 157.529351][ T6749] ? security_inode_alloc+0x3b/0x2c0 [ 157.529369][ T6749] ? lockdep_init_map_type+0x5c/0x250 [ 157.529396][ T6749] security_inode_alloc+0x3b/0x2c0 [ 157.529414][ T6749] inode_init_always_gfp+0xced/0x1040 [ 157.529438][ T6749] alloc_inode+0x8e/0x250 [ 157.529462][ T6749] new_inode+0x22/0x1c0 [ 157.529495][ T6749] tracefs_get_inode+0x19/0x80 [ 157.529514][ T6749] eventfs_get_inode+0x53/0x520 [ 157.529536][ T6749] eventfs_root_lookup+0x6f2/0xa50 [ 157.529557][ T6749] ? __pfx_eventfs_root_lookup+0x10/0x10 [ 157.529581][ T6749] ? __d_lookup+0x266/0x4a0 [ 157.529611][ T6749] lookup_open.isra.0+0x631/0x11b0 [ 157.529645][ T6749] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 157.529684][ T6749] ? mnt_get_write_access+0x1e9/0x2f0 [ 157.529711][ T6749] path_openat+0xa98/0x31a0 [ 157.529737][ T6749] ? __pfx_path_openat+0x10/0x10 [ 157.529763][ T6749] do_file_open+0x20e/0x430 [ 157.529783][ T6749] ? __pfx_do_file_open+0x10/0x10 [ 157.529818][ T6749] ? alloc_fd+0x476/0x790 [ 157.529837][ T6749] ? do_getname+0x191/0x390 [ 157.529861][ T6749] do_sys_openat2+0x10d/0x1e0 [ 157.529884][ T6749] ? __pfx_do_sys_openat2+0x10/0x10 [ 157.529909][ T6749] ? __pfx_idempotent_init_module+0x10/0x10 [ 157.529937][ T6749] __x64_sys_openat+0x12d/0x210 [ 157.529961][ T6749] ? __pfx___x64_sys_openat+0x10/0x10 [ 157.529994][ T6749] do_syscall_64+0x106/0xf80 [ 157.530023][ T6749] ? clear_bhb_loop+0x40/0x90 [ 157.530045][ T6749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.530063][ T6749] RIP: 0033:0x7fbec739c799 [ 157.530079][ T6749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.530095][ T6749] RSP: 002b:00007fbec82f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 157.530113][ T6749] RAX: ffffffffffffffda RBX: 00007fbec7616090 RCX: 00007fbec739c799 [ 157.530125][ T6749] RDX: 0000000000000002 RSI: 0000200000001a80 RDI: ffffffffffffff9c [ 157.530137][ T6749] RBP: 00007fbec7432c99 R08: 0000000000000000 R09: 0000000000000000 [ 157.530147][ T6749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.530156][ T6749] R13: 00007fbec7616128 R14: 00007fbec7616090 R15: 00007ffe922b2d48 [ 157.530179][ T6749] [ 158.350278][ T6752] netlink: 28 bytes leftover after parsing attributes in process `syz.2.155'. [ 158.421928][ T6756] netlink: 'syz.1.156': attribute type 1 has an invalid length. [ 158.865419][ T6748] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 158.872568][ T6748] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 158.893427][ T6748] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 158.920928][ T6748] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 159.460259][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 159.531867][ T6773] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 159.672794][ T6773] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 159.672942][ T6773] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 159.673044][ T6773] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 159.699642][ T6769] Invalid ELF header magic: != ELF [ 160.928778][ T6784] Invalid ELF header magic: != ELF [ 161.540476][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 161.660817][ T6799] FAULT_INJECTION: forcing a failure. [ 161.660817][ T6799] name failslab, interval 1, probability 0, space 0, times 0 [ 161.700575][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 161.706652][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 161.712713][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 161.740174][ T6799] CPU: 0 UID: 0 PID: 6799 Comm: syz.0.163 Not tainted syzkaller #0 PREEMPT(full) [ 161.740201][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 161.740211][ T6799] Call Trace: [ 161.740218][ T6799] [ 161.740225][ T6799] dump_stack_lvl+0x100/0x190 [ 161.740256][ T6799] should_fail_ex.cold+0x5/0xa [ 161.740278][ T6799] should_failslab+0xc2/0x120 [ 161.740298][ T6799] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 161.740325][ T6799] ? __d_alloc+0x34/0xa80 [ 161.740353][ T6799] ? lockdep_hardirqs_on+0x78/0x100 [ 161.740379][ T6799] ? ktime_get_coarse_real_ts64_mg+0x249/0x300 [ 161.740406][ T6799] __d_alloc+0x34/0xa80 [ 161.740428][ T6799] d_alloc_pseudo+0x1c/0xc0 [ 161.740454][ T6799] alloc_file_pseudo+0xcf/0x230 [ 161.740478][ T6799] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 161.740499][ T6799] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 161.740538][ T6799] create_pipe_files+0x360/0x970 [ 161.740560][ T6799] do_pipe2+0xbd/0x1e0 [ 161.740578][ T6799] ? __pfx_do_pipe2+0x10/0x10 [ 161.740604][ T6799] __x64_sys_pipe+0x33/0x50 [ 161.740622][ T6799] do_syscall_64+0x106/0xf80 [ 161.740645][ T6799] ? clear_bhb_loop+0x40/0x90 [ 161.740667][ T6799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.740685][ T6799] RIP: 0033:0x7fbec739c799 [ 161.740700][ T6799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.740717][ T6799] RSP: 002b:00007fbec82d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 161.740735][ T6799] RAX: ffffffffffffffda RBX: 00007fbec7616180 RCX: 00007fbec739c799 [ 161.740745][ T6799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 161.740755][ T6799] RBP: 00007fbec7432c99 R08: 0000000000000000 R09: 0000000000000000 [ 161.740765][ T6799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.740775][ T6799] R13: 00007fbec7616218 R14: 00007fbec7616180 R15: 00007ffe922b2d48 [ 161.740797][ T6799] [ 164.415051][ T6834] Invalid ELF header magic: != ELF [ 164.865412][ T6835] FAULT_INJECTION: forcing a failure. [ 164.865412][ T6835] name fail_futex, interval 1, probability 0, space 0, times 1 [ 165.041088][ T6835] CPU: 0 UID: 0 PID: 6835 Comm: syz.3.169 Not tainted syzkaller #0 PREEMPT(full) [ 165.041113][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 165.041124][ T6835] Call Trace: [ 165.041129][ T6835] [ 165.041137][ T6835] dump_stack_lvl+0x100/0x190 [ 165.041168][ T6835] should_fail_ex.cold+0x5/0xa [ 165.041188][ T6835] get_futex_key+0x1d2/0x1620 [ 165.041213][ T6835] ? __pfx_get_futex_key+0x10/0x10 [ 165.041234][ T6835] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 165.041258][ T6835] ? lockdep_hardirqs_on+0x78/0x100 [ 165.041284][ T6835] ? iput+0x3a/0x40 [ 165.041305][ T6835] ? hugetlb_file_setup+0x2c8/0x5b0 [ 165.041327][ T6835] futex_wake+0xea/0x530 [ 165.041357][ T6835] ? __pfx_futex_wake+0x10/0x10 [ 165.041388][ T6835] ? up_write+0x290/0x4f0 [ 165.041416][ T6835] do_futex+0x32b/0x350 [ 165.041439][ T6835] ? __pfx_do_futex+0x10/0x10 [ 165.041468][ T6835] __x64_sys_futex+0x34f/0x4d0 [ 165.041502][ T6835] ? __pfx___x64_sys_futex+0x10/0x10 [ 165.041526][ T6835] ? __pfx___x64_sys_shmget+0x10/0x10 [ 165.041555][ T6835] do_syscall_64+0x106/0xf80 [ 165.041579][ T6835] ? clear_bhb_loop+0x40/0x90 [ 165.041600][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.041618][ T6835] RIP: 0033:0x7f99bfd9c799 [ 165.041634][ T6835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 165.041651][ T6835] RSP: 002b:00007f99c0c790e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 165.041669][ T6835] RAX: ffffffffffffffda RBX: 00007f99c0016278 RCX: 00007f99bfd9c799 [ 165.041680][ T6835] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f99c001627c [ 165.041690][ T6835] RBP: 00007f99c0016270 R08: 0000000000000000 R09: 0000000000000000 [ 165.041701][ T6835] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 165.041715][ T6835] R13: 00007f99c0016308 R14: 00007ffca7e3db00 R15: 00007ffca7e3dbe8 [ 165.041737][ T6835] [ 166.556070][ T6843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.171'. [ 168.475598][ C0] vcan0: j1939_tp_rxtimer: 0xffff888034126000: rx timeout, send abort [ 168.497495][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888034126000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 169.544408][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805cf3cc00: rx timeout, send abort [ 169.552773][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805cf3f000: rx timeout, send abort [ 169.561108][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cf3cc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 169.575513][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cf3f000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 170.259316][ T6870] Invalid ELF header magic: != ELF [ 172.195636][ T6893] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 172.236403][ T6893] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 172.593248][ T6900] bridge_slave_1: left allmulticast mode [ 172.624299][ T6900] bridge_slave_1: left promiscuous mode [ 172.653225][ T6902] netlink: 'syz.1.182': attribute type 1 has an invalid length. [ 172.661532][ T6900] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.685915][ T6902] netlink: 9 bytes leftover after parsing attributes in process `syz.1.182'. [ 172.751894][ T6897] netlink: 28 bytes leftover after parsing attributes in process `syz.2.180'. [ 172.849699][ T6897] ipvlan1: entered promiscuous mode [ 172.887936][ T6897] ipvlan1: entered allmulticast mode [ 172.908132][ T6897] veth0_vlan: entered allmulticast mode [ 173.607034][ T6916] Invalid ELF header magic: != ELF [ 173.689396][ T6919] zswap: compressor not available [ 173.865741][ T6910] netlink: 12 bytes leftover after parsing attributes in process `syz.0.185'. [ 175.674514][ T6945] netlink: 28 bytes leftover after parsing attributes in process `syz.0.189'. [ 175.690985][ T5832] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 176.144801][ T6955] random: crng reseeded on system resumption [ 176.541030][ T6963] Console: switching to colour VGA+ 80x25 [ 176.664970][ T6961] Invalid ELF header magic: != ELF [ 177.195387][ T6960] kvm: kvm [6959]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2 [ 177.354780][ T6971] futex_wake_op: syz.1.196 tries to shift op by -2048; fix this program [ 177.447183][ T6971] futex_wake_op: syz.1.196 tries to shift op by -2048; fix this program [ 177.509333][ T6972] 0x000000000001-0x000000020000 : "" [ 177.643789][ T6972] ftl_cs: FTL header corrupt! [ 177.782696][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 179.866466][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 180.561393][ T6999] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 180.605352][ T6999] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 180.633912][ T6999] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 180.664274][ T6999] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 180.948927][ T7017] netlink: 28 bytes leftover after parsing attributes in process `syz.2.204'. [ 182.180146][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 182.381462][ T7038] mkiss: ax0: crc mode is auto. [ 182.660408][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 182.667201][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 182.673608][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 183.573368][ T7051] Invalid ELF header magic: != ELF [ 184.866360][ T7069] netlink: 'syz.3.212': attribute type 1 has an invalid length. [ 184.888975][ T7069] netlink: 9 bytes leftover after parsing attributes in process `syz.3.212'. [ 185.479454][ T7078] misc userio: Invalid payload size [ 186.268360][ T7089] random: crng reseeded on system resumption [ 186.740407][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 188.208948][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805f115000: rx timeout, send abort [ 188.217434][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f115000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 189.289516][ C0] vcan0: j1939_tp_rxtimer: 0xffff88803415bc00: rx timeout, send abort [ 189.297869][ C0] vcan0: j1939_tp_rxtimer: 0xffff88803415ac00: rx timeout, send abort [ 189.306334][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88803415bc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 189.320740][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88803415ac00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 189.525185][ T5835] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 189.953685][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 189.961725][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 189.976925][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 189.976963][ T5835] Bluetooth: hci0: adv larger than maximum supported [ 189.985148][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 189.992051][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7a [ 189.999087][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d [ 192.445177][ T7146] Invalid ELF header magic: != ELF [ 193.391628][ T7152] FAULT_INJECTION: forcing a failure. [ 193.391628][ T7152] name failslab, interval 1, probability 0, space 0, times 0 [ 193.447896][ T7152] CPU: 0 UID: 0 PID: 7152 Comm: syz.0.226 Not tainted syzkaller #0 PREEMPT(full) [ 193.447924][ T7152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 193.447935][ T7152] Call Trace: [ 193.447941][ T7152] [ 193.447948][ T7152] dump_stack_lvl+0x100/0x190 [ 193.447979][ T7152] should_fail_ex.cold+0x5/0xa [ 193.448000][ T7152] should_failslab+0xc2/0x120 [ 193.448021][ T7152] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 193.448049][ T7152] ? mem_cgroup_css_alloc+0xab4/0x1e00 [ 193.448076][ T7152] mem_cgroup_css_alloc+0xab4/0x1e00 [ 193.448104][ T7152] cgroup_apply_control_enable+0x4c3/0xbd0 [ 193.448141][ T7152] cgroup_mkdir+0x57f/0x1330 [ 193.448173][ T7152] ? __pfx_cgroup_mkdir+0x10/0x10 [ 193.448203][ T7152] kernfs_iop_mkdir+0x111/0x190 [ 193.448231][ T7152] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 193.448257][ T7152] vfs_mkdir+0x361/0x850 [ 193.448284][ T7152] filename_mkdirat+0x48b/0x5e0 [ 193.448306][ T7152] ? __pfx_filename_mkdirat+0x10/0x10 [ 193.448325][ T7152] ? strncpy_from_user+0x19d/0x2d0 [ 193.448348][ T7152] ? do_getname+0x191/0x390 [ 193.448372][ T7152] __x64_sys_mkdir+0x6b/0x90 [ 193.448392][ T7152] do_syscall_64+0x106/0xf80 [ 193.448415][ T7152] ? clear_bhb_loop+0x40/0x90 [ 193.448437][ T7152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.448463][ T7152] RIP: 0033:0x7fbec739c799 [ 193.448478][ T7152] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.448495][ T7152] RSP: 002b:00007fbec831a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 193.448513][ T7152] RAX: ffffffffffffffda RBX: 00007fbec7615fa0 RCX: 00007fbec739c799 [ 193.448524][ T7152] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 193.448534][ T7152] RBP: 00007fbec7432c99 R08: 0000000000000000 R09: 0000000000000000 [ 193.448544][ T7152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.448554][ T7152] R13: 00007fbec7616038 R14: 00007fbec7615fa0 R15: 00007ffe922b2d48 [ 193.448576][ T7152] [ 194.108332][ T7158] block2mtd: illegal erase size [ 194.133779][ T7158] netlink: 'syz.1.227': attribute type 1 has an invalid length. [ 194.438588][ T7165] netlink: 28 bytes leftover after parsing attributes in process `syz.3.229'. [ 194.503346][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.510455][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.684581][ T7179] Invalid ELF header magic: != ELF [ 196.913568][ T7182] FAULT_INJECTION: forcing a failure. [ 196.913568][ T7182] name failslab, interval 1, probability 0, space 0, times 0 [ 197.100257][ T7182] CPU: 0 UID: 0 PID: 7182 Comm: syz.0.231 Not tainted syzkaller #0 PREEMPT(full) [ 197.100284][ T7182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 197.100295][ T7182] Call Trace: [ 197.100301][ T7182] [ 197.100308][ T7182] dump_stack_lvl+0x100/0x190 [ 197.100340][ T7182] should_fail_ex.cold+0x5/0xa [ 197.100361][ T7182] should_failslab+0xc2/0x120 [ 197.100380][ T7182] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 197.100407][ T7182] ? security_inode_alloc+0x3b/0x2c0 [ 197.100425][ T7182] ? lockdep_init_map_type+0x5c/0x250 [ 197.100452][ T7182] security_inode_alloc+0x3b/0x2c0 [ 197.100471][ T7182] inode_init_always_gfp+0xced/0x1040 [ 197.100493][ T7182] alloc_inode+0x8e/0x250 [ 197.100526][ T7182] new_inode+0x22/0x1c0 [ 197.100552][ T7182] hugetlbfs_get_inode+0x313/0x750 [ 197.100575][ T7182] hugetlb_file_setup+0x3cc/0x5b0 [ 197.100598][ T7182] newseg+0xabb/0xed0 [ 197.100624][ T7182] ? __pfx_newseg+0x10/0x10 [ 197.100646][ T7182] ? down_write+0x146/0x1f0 [ 197.100675][ T7182] ? ksys_write+0x190/0x250 [ 197.100690][ T7182] ? ksys_write+0x190/0x250 [ 197.100708][ T7182] ipcget+0xee/0xf50 [ 197.100730][ T7182] ? do_futex+0x192/0x350 [ 197.100753][ T7182] ? __pfx_do_futex+0x10/0x10 [ 197.100781][ T7182] ? __pfx_ipcget+0x10/0x10 [ 197.100805][ T7182] ? __x64_sys_futex+0x34f/0x4d0 [ 197.100826][ T7182] ? __x64_sys_futex+0x358/0x4d0 [ 197.100853][ T7182] __x64_sys_shmget+0x13b/0x1b0 [ 197.100877][ T7182] ? __pfx___x64_sys_shmget+0x10/0x10 [ 197.100906][ T7182] do_syscall_64+0x106/0xf80 [ 197.100930][ T7182] ? clear_bhb_loop+0x40/0x90 [ 197.100952][ T7182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.100971][ T7182] RIP: 0033:0x7fbec739c799 [ 197.100986][ T7182] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 197.101003][ T7182] RSP: 002b:00007fbec82b7028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 197.101020][ T7182] RAX: ffffffffffffffda RBX: 00007fbec7616270 RCX: 00007fbec739c799 [ 197.101031][ T7182] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 197.101042][ T7182] RBP: 00007fbec7432c99 R08: 0000000000000000 R09: 0000000000000000 [ 197.101052][ T7182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 197.101062][ T7182] R13: 00007fbec7616308 R14: 00007fbec7616270 R15: 00007ffe922b2d48 [ 197.101084][ T7182] [ 197.944515][ T5835] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 198.024299][ T7198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.236'. [ 198.670202][ T7206] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 199.206299][ T7211] netlink: 28 bytes leftover after parsing attributes in process `syz.2.239'. [ 199.480668][ T5826] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 199.856236][ T7220] bond0: option slaves: interface - does not exist! [ 200.743444][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 200.749895][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 200.768099][ T7206] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 200.785249][ T7206] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 200.807459][ T7206] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 202.396224][ T7268] netlink: 28 bytes leftover after parsing attributes in process `syz.2.249'. [ 202.631216][ T7263] Invalid ELF header magic: != ELF [ 202.796699][ T7273] netlink: 28 bytes leftover after parsing attributes in process `syz.2.250'. [ 202.821254][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 202.827313][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 202.833350][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 203.598489][ T7284] Invalid ELF header magic: != ELF [ 206.537733][ T7311] FAULT_INJECTION: forcing a failure. [ 206.537733][ T7311] name failslab, interval 1, probability 0, space 0, times 0 [ 206.774590][ T7311] CPU: 0 UID: 0 PID: 7311 Comm: syz.1.263 Not tainted syzkaller #0 PREEMPT(full) [ 206.774618][ T7311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 206.774628][ T7311] Call Trace: [ 206.774635][ T7311] [ 206.774642][ T7311] dump_stack_lvl+0x100/0x190 [ 206.774674][ T7311] should_fail_ex.cold+0x5/0xa [ 206.774695][ T7311] should_failslab+0xc2/0x120 [ 206.774715][ T7311] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 206.774743][ T7311] ? __d_alloc+0x34/0xa80 [ 206.774762][ T7311] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 206.774780][ T7311] ? lockdep_hardirqs_on+0x78/0x100 [ 206.774809][ T7311] __d_alloc+0x34/0xa80 [ 206.774836][ T7311] d_alloc+0x4a/0x1e0 [ 206.774857][ T7311] d_alloc_name+0x83/0xb0 [ 206.774876][ T7311] ? __pfx_d_alloc_name+0x10/0x10 [ 206.774898][ T7311] ? dput.part.0+0xdd/0x570 [ 206.774922][ T7311] simple_fill_super+0x4c3/0x680 [ 206.774944][ T7311] ? __pfx_nfsd_fill_super+0x10/0x10 [ 206.774964][ T7311] nfsd_fill_super+0x98/0x560 [ 206.774983][ T7311] ? __pfx_set_anon_super_fc+0x10/0x10 [ 206.775008][ T7311] ? __pfx_nfsd_fill_super+0x10/0x10 [ 206.775027][ T7311] get_tree_keyed+0x10e/0x1d0 [ 206.775056][ T7311] vfs_get_tree+0x92/0x320 [ 206.775081][ T7311] path_mount+0x7d0/0x23d0 [ 206.775106][ T7311] ? __pfx_path_mount+0x10/0x10 [ 206.775126][ T7311] ? lockdep_hardirqs_on+0x78/0x100 [ 206.775153][ T7311] ? putname+0xb1/0x110 [ 206.775170][ T7311] ? kmem_cache_free+0x124/0x6a0 [ 206.775202][ T7311] ? __x64_sys_mount+0x293/0x310 [ 206.775221][ T7311] __x64_sys_mount+0x293/0x310 [ 206.775242][ T7311] ? __pfx___x64_sys_mount+0x10/0x10 [ 206.775270][ T7311] do_syscall_64+0x106/0xf80 [ 206.775294][ T7311] ? clear_bhb_loop+0x40/0x90 [ 206.775316][ T7311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.775334][ T7311] RIP: 0033:0x7f8c5ed9c799 [ 206.775349][ T7311] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 206.775366][ T7311] RSP: 002b:00007f8c5fbdc028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 206.775384][ T7311] RAX: ffffffffffffffda RBX: 00007f8c5f016090 RCX: 00007f8c5ed9c799 [ 206.775395][ T7311] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 206.775405][ T7311] RBP: 00007f8c5ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 206.775415][ T7311] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 206.775425][ T7311] R13: 00007f8c5f016128 R14: 00007f8c5f016090 R15: 00007ffcb2f0e518 [ 206.775448][ T7311] [ 207.512796][ T5835] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 208.232613][ T7328] netlink: 28 bytes leftover after parsing attributes in process `syz.0.259'. [ 208.265940][ T7326] Invalid ELF header magic: != ELF [ 209.542730][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 209.715788][ T7336] Invalid ELF header magic: != ELF [ 210.677754][ T7358] Invalid ELF header magic: != ELF [ 211.623864][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 211.759873][ T7377] block2mtd: illegal erase size [ 211.789087][ T7377] netlink: 'syz.3.267': attribute type 1 has an invalid length. [ 213.387348][ T7395] netlink: 28 bytes leftover after parsing attributes in process `syz.2.280'. [ 214.161306][ T7409] Invalid ELF header magic: != ELF [ 219.502758][ T7473] netlink: 28 bytes leftover after parsing attributes in process `syz.3.283'. [ 225.623148][ T7545] Invalid ELF header magic: != ELF [ 225.910524][ T5835] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 227.941738][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 228.235806][ T7569] Invalid ELF header magic: != ELF [ 230.028342][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 231.086801][ T5835] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 234.994248][ T7637] netlink: 28 bytes leftover after parsing attributes in process `syz.1.319'. [ 244.061174][ T7741] Invalid ELF header magic: != ELF [ 245.645275][ T7760] Invalid ELF header magic: != ELF [ 247.811524][ T7790] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 247.830266][ T7790] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 247.856970][ T7790] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 247.911830][ T7790] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 249.861504][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 249.867542][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 249.944330][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 249.950419][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 250.057395][ T7823] netlink: 28 bytes leftover after parsing attributes in process `syz.0.343'. [ 250.477143][ T7834] Invalid ELF header magic: != ELF [ 253.452057][ T7887] netlink: 28 bytes leftover after parsing attributes in process `syz.2.355'. [ 253.593400][ T7884] can: request_module (can-proto-0) failed. [ 255.154422][ T7905] binder: 7904:7905 ioctl c018620c 0 returned -1 [ 255.946569][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.953088][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.266554][ T7918] Invalid ELF header magic: != ELF [ 261.055717][ T7987] input: jJǸ-9%vJ86 as /devices/virtual/input/input9 [ 262.689680][ T8009] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 264.234176][ T8035] Invalid ELF header magic: != ELF [ 264.690560][ T8032] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 264.708460][ T8032] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 264.733254][ T8032] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 264.762583][ T8032] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 266.026613][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 266.669518][ T8068] Invalid ELF header magic: != ELF [ 266.741190][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 266.747258][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 266.821028][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 271.116848][ T8125] zswap: compressor not available [ 273.244872][ T8143] Invalid ELF header magic: != ELF [ 275.039794][ T8162] Invalid ELF header magic: != ELF [ 276.875361][ T8184] netlink: 28 bytes leftover after parsing attributes in process `syz.0.410'. [ 277.708783][ T8204] input: jJǸ-9%vJ86 as /devices/virtual/input/input10 [ 279.016926][ T30] audit: type=1800 audit(1773649334.273:8): pid=8223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.421" name="dbroot" dev="configfs" ino=19839 res=0 errno=0 [ 279.542823][ T8232] tipc: Started in network mode [ 279.618002][ T8232] tipc: Node identity ffffffff, cluster identity 4711 [ 279.725981][ T8232] tipc: Node number set to 4294967295 [ 280.318106][ T8242] Invalid ELF header magic: != ELF [ 282.135397][ T8254] Invalid ELF header magic: != ELF [ 282.539940][ T8269] netlink: 'syz.0.428': attribute type 1 has an invalid length. [ 282.857957][ T8278] Invalid ELF header magic: != ELF [ 283.324184][ T5835] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 285.191265][ T8299] netlink: 28 bytes leftover after parsing attributes in process `syz.2.434'. [ 285.642975][ T8303] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 285.789435][ T8298] smpboot: CPU 1 is now offline [ 287.056275][ T8325] Invalid ELF header magic: != ELF [ 290.920567][ T8365] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 291.003374][ T8365] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 291.120871][ T8365] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 291.242220][ T8365] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 291.652571][ T5835] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 291.739767][ T8382] futex_wake_op: syz.2.448 tries to shift op by -2048; fix this program [ 291.786057][ T8382] futex_wake_op: syz.2.448 tries to shift op by -2048; fix this program [ 291.833399][ T8382] 0x000000000001-0x000000020000 : "" [ 291.876857][ T8382] ftl_cs: FTL header corrupt! [ 292.980397][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 293.060375][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 293.140527][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 293.146589][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 298.215953][ T5835] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 299.517408][ T8469] Invalid ELF header magic: != ELF [ 302.785349][ T8506] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 302.933531][ T8510] smpboot: CPU 1 is now offline [ 303.485679][ T8521] netlink: 'syz.3.474': attribute type 1 has an invalid length. [ 303.550501][ T8517] Invalid ELF header magic: != ELF [ 305.023160][ T8537] block2mtd: illegal erase size [ 305.070497][ T8537] netlink: 'syz.0.476': attribute type 1 has an invalid length. [ 306.268323][ T5835] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 309.300339][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 309.874297][ T8585] Invalid ELF header magic: != ELF [ 311.140271][ T8605] input: jJǸ-9%vJ86 as /devices/virtual/input/input11 [ 314.056089][ T8639] Invalid ELF header magic: != ELF [ 317.414922][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.433105][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.649707][ T8682] FAULT_INJECTION: forcing a failure. [ 317.649707][ T8682] name failslab, interval 1, probability 0, space 0, times 0 [ 317.690512][ T8682] CPU: 0 UID: 0 PID: 8682 Comm: syz.0.502 Not tainted syzkaller #0 PREEMPT(full) [ 317.690539][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 317.690551][ T8682] Call Trace: [ 317.690556][ T8682] [ 317.690563][ T8682] dump_stack_lvl+0x100/0x190 [ 317.690595][ T8682] should_fail_ex.cold+0x5/0xa [ 317.690615][ T8682] should_failslab+0xc2/0x120 [ 317.690635][ T8682] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 317.690667][ T8682] ? security_inode_alloc+0x3b/0x2c0 [ 317.690685][ T8682] ? lockdep_init_map_type+0x5c/0x250 [ 317.690711][ T8682] security_inode_alloc+0x3b/0x2c0 [ 317.690730][ T8682] inode_init_always_gfp+0xced/0x1040 [ 317.690751][ T8682] alloc_inode+0x8e/0x250 [ 317.690775][ T8682] new_inode+0x22/0x1c0 [ 317.690800][ T8682] nfsd_mkdir+0x78/0x460 [ 317.690818][ T8682] ? dput.part.0+0xdd/0x570 [ 317.690843][ T8682] nfsd_fill_super+0x3f9/0x560 [ 317.690864][ T8682] ? __pfx_nfsd_fill_super+0x10/0x10 [ 317.690883][ T8682] get_tree_keyed+0x10e/0x1d0 [ 317.690911][ T8682] vfs_get_tree+0x92/0x320 [ 317.690937][ T8682] path_mount+0x7d0/0x23d0 [ 317.690961][ T8682] ? __pfx_path_mount+0x10/0x10 [ 317.690980][ T8682] ? lockdep_hardirqs_on+0x78/0x100 [ 317.691007][ T8682] ? putname+0xb1/0x110 [ 317.691024][ T8682] ? kmem_cache_free+0x124/0x6a0 [ 317.691056][ T8682] ? __x64_sys_mount+0x293/0x310 [ 317.691075][ T8682] __x64_sys_mount+0x293/0x310 [ 317.691096][ T8682] ? __pfx___x64_sys_mount+0x10/0x10 [ 317.691124][ T8682] do_syscall_64+0x106/0xf80 [ 317.691148][ T8682] ? clear_bhb_loop+0x40/0x90 [ 317.691170][ T8682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.691188][ T8682] RIP: 0033:0x7fbec739c799 [ 317.691203][ T8682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 317.691220][ T8682] RSP: 002b:00007fbec82f9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 317.691244][ T8682] RAX: ffffffffffffffda RBX: 00007fbec7616090 RCX: 00007fbec739c799 [ 317.691255][ T8682] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 317.691266][ T8682] RBP: 00007fbec7432c99 R08: 0000000000000000 R09: 0000000000000000 [ 317.691275][ T8682] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 317.691286][ T8682] R13: 00007fbec7616128 R14: 00007fbec7616090 R15: 00007ffe922b2d48 [ 317.691308][ T8682] [ 319.590657][ T8694] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 319.597664][ T8694] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 319.630777][ T8694] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 319.659120][ T8694] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 320.738393][ T8717] Invalid ELF header magic: != ELF [ 320.983189][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 321.621406][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 321.705960][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 321.713048][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 324.818295][ T8765] Invalid ELF header magic: != ELF [ 325.997656][ T8791] Invalid ELF header magic: != ELF [ 329.275210][ T8830] FAULT_INJECTION: forcing a failure. [ 329.275210][ T8830] name failslab, interval 1, probability 0, space 0, times 0 [ 329.360169][ T8830] CPU: 0 UID: 0 PID: 8830 Comm: syz.3.526 Not tainted syzkaller #0 PREEMPT(full) [ 329.360197][ T8830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 329.360208][ T8830] Call Trace: [ 329.360214][ T8830] [ 329.360221][ T8830] dump_stack_lvl+0x100/0x190 [ 329.360253][ T8830] should_fail_ex.cold+0x5/0xa [ 329.360274][ T8830] ? __pfx_nfsd_fill_super+0x10/0x10 [ 329.360295][ T8830] should_failslab+0xc2/0x120 [ 329.360314][ T8830] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 329.360341][ T8830] ? alloc_inode+0x183/0x250 [ 329.360367][ T8830] ? __pfx_nfsd_fill_super+0x10/0x10 [ 329.360387][ T8830] alloc_inode+0x183/0x250 [ 329.360411][ T8830] new_inode+0x22/0x1c0 [ 329.360435][ T8830] ? __pfx_nfsd_fill_super+0x10/0x10 [ 329.360464][ T8830] nfsd_fill_super+0x145/0x560 [ 329.360485][ T8830] ? __pfx_nfsd_fill_super+0x10/0x10 [ 329.360504][ T8830] get_tree_keyed+0x10e/0x1d0 [ 329.360534][ T8830] vfs_get_tree+0x92/0x320 [ 329.360559][ T8830] path_mount+0x7d0/0x23d0 [ 329.360584][ T8830] ? __pfx_path_mount+0x10/0x10 [ 329.360603][ T8830] ? lockdep_hardirqs_on+0x78/0x100 [ 329.360630][ T8830] ? putname+0xb1/0x110 [ 329.360647][ T8830] ? kmem_cache_free+0x124/0x6a0 [ 329.360679][ T8830] ? __x64_sys_mount+0x293/0x310 [ 329.360698][ T8830] __x64_sys_mount+0x293/0x310 [ 329.360724][ T8830] ? __pfx___x64_sys_mount+0x10/0x10 [ 329.360753][ T8830] do_syscall_64+0x106/0xf80 [ 329.360776][ T8830] ? clear_bhb_loop+0x40/0x90 [ 329.360798][ T8830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.360816][ T8830] RIP: 0033:0x7f99bfd9c799 [ 329.360832][ T8830] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 329.360848][ T8830] RSP: 002b:00007f99c0cbb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 329.360866][ T8830] RAX: ffffffffffffffda RBX: 00007f99c0016090 RCX: 00007f99bfd9c799 [ 329.360877][ T8830] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 329.360887][ T8830] RBP: 00007f99bfe32c99 R08: 0000000000000000 R09: 0000000000000000 [ 329.360897][ T8830] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 329.360907][ T8830] R13: 00007f99c0016128 R14: 00007f99c0016090 R15: 00007ffca7e3dbe8 [ 329.360929][ T8830] [ 335.506061][ T8901] Invalid ELF header magic: != ELF [ 337.793036][ T8933] netlink: 'syz.2.545': attribute type 1 has an invalid length. [ 342.393532][ T5835] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 343.416900][ T8984] bond0: option arp_validate: invalid value () [ 344.405899][ T9005] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 344.593839][ T9006] can: request_module (can-proto-0) failed. [ 345.143706][ T9015] Invalid ELF header magic: != ELF [ 346.507221][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 349.274463][ T9038] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 350.382166][ T9040] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 351.233515][ T9064] FAULT_INJECTION: forcing a failure. [ 351.233515][ T9064] name failslab, interval 1, probability 0, space 0, times 0 [ 351.390318][ T9064] CPU: 0 UID: 0 PID: 9064 Comm: syz.0.577 Not tainted syzkaller #0 PREEMPT(full) [ 351.390345][ T9064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 351.390355][ T9064] Call Trace: [ 351.390362][ T9064] [ 351.390369][ T9064] dump_stack_lvl+0x100/0x190 [ 351.390402][ T9064] should_fail_ex.cold+0x5/0xa [ 351.390422][ T9064] should_failslab+0xc2/0x120 [ 351.390442][ T9064] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 351.390469][ T9064] ? __d_alloc+0x34/0xa80 [ 351.390489][ T9064] ? security_inode_alloc+0xcf/0x2c0 [ 351.390509][ T9064] __d_alloc+0x34/0xa80 [ 351.390531][ T9064] path_from_stashed+0x427/0x750 [ 351.390554][ T9064] pidfs_alloc_file+0xf8/0x290 [ 351.390582][ T9064] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 351.390615][ T9064] pidfd_prepare+0x123/0x200 [ 351.390637][ T9064] __x64_sys_pidfd_open+0x105/0x1a0 [ 351.390662][ T9064] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 351.390692][ T9064] do_syscall_64+0x106/0xf80 [ 351.390716][ T9064] ? clear_bhb_loop+0x40/0x90 [ 351.390738][ T9064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.390756][ T9064] RIP: 0033:0x7fbec739c799 [ 351.390771][ T9064] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.390787][ T9064] RSP: 002b:00007fbec831a028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 351.390805][ T9064] RAX: ffffffffffffffda RBX: 00007fbec7615fa0 RCX: 00007fbec739c799 [ 351.390816][ T9064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 351.390825][ T9064] RBP: 00007fbec7432c99 R08: 0000000000000000 R09: 0000000000000000 [ 351.390835][ T9064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.390845][ T9064] R13: 00007fbec7616038 R14: 00007fbec7615fa0 R15: 00007ffe922b2d48 [ 351.390866][ T9064] [ 352.156313][ T9067] kexec: Could not allocate control_code_buffer [ 354.618565][ T9103] random: crng reseeded on system resumption [ 357.724345][ T9131] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 358.395648][ T9150] Invalid ELF header magic: != ELF [ 359.126512][ T9161] can: request_module (can-proto-0) failed. [ 365.834419][ T9218] Invalid ELF header magic: != ELF [ 368.220571][ T9227] Invalid ELF header magic: != ELF [ 369.183714][ T9242] Invalid ELF header magic: != ELF [ 371.020516][ T9259] futex_wake_op: syz.0.603 tries to shift op by -2048; fix this program [ 371.153517][ T9259] futex_wake_op: syz.0.603 tries to shift op by -2048; fix this program [ 371.928222][ T9258] : Can't lookup blockdev [ 372.522345][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 374.159570][ T9304] bond0: option arp_validate: invalid value () [ 378.858093][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.865154][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.803866][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 385.582200][ T30] audit: type=1807 audit(1773650463.816:9): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 385.667146][ T9489] ima: policy update failed [ 385.703648][ T30] audit: type=1802 audit(1773650463.896:10): pid=9489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.0.633" res=0 errno=0 [ 385.856448][ T30] audit: type=1802 audit(1773650464.066:11): pid=9489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.633" res=0 errno=0 [ 388.187745][ T9514] netlink: 25 bytes leftover after parsing attributes in process `syz.2.637'. [ 388.246577][ T9511] Invalid ELF header magic: != ELF [ 389.373700][ T9520] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 392.769229][ T9556] bond0: option arp_validate: invalid value () [ 393.261001][ T9578] netlink: 'syz.3.650': attribute type 1 has an invalid length. [ 395.639507][ T9601] Invalid ELF header magic: != ELF [ 397.936889][ T9621] bond0: option arp_validate: invalid value () [ 398.301956][ T30] audit: type=1800 audit(1773651499.519:12): pid=9635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=26287 res=0 errno=0 [ 398.663087][ T9635] could not allocate digest TFM handle [ 398.704667][ T9642] netlink: 4 bytes leftover after parsing attributes in process `syz.0.661'. [ 398.804810][ T9643] netlink: 'syz.0.661': attribute type 1 has an invalid length. [ 398.896449][ T9643] netlink: 5 bytes leftover after parsing attributes in process `syz.0.661'. [ 399.635196][ T9654] netlink: 28 bytes leftover after parsing attributes in process `syz.3.663'. [ 400.433135][ T9670] netlink: 28 bytes leftover after parsing attributes in process `syz.0.667'. [ 400.673002][ T9670] macvlan1: entered promiscuous mode [ 400.711451][ T9670] macvlan1: entered allmulticast mode [ 400.744304][ T9670] veth1_vlan: entered allmulticast mode [ 401.525931][ T9687] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 401.545830][ T9687] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 401.578749][ T9687] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 401.617261][ T9687] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 403.575494][ T9728] netlink: 4 bytes leftover after parsing attributes in process `syz.1.678'. [ 403.587102][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 403.593131][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 403.616444][ T9728] netlink: 'syz.1.678': attribute type 1 has an invalid length. [ 403.656126][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 403.664036][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 403.670271][ T9728] netlink: 5 bytes leftover after parsing attributes in process `syz.1.678'. [ 405.363846][ T30] audit: type=1807 audit(1773651506.586:13): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 405.410748][ T9749] ima: policy update failed [ 405.435723][ T30] audit: type=1802 audit(1773651506.586:14): pid=9749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.681" res=0 errno=0 [ 405.549534][ T30] audit: type=1802 audit(1773651506.706:15): pid=9749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.681" res=0 errno=0 [ 405.740420][ T9753] syz.2.683(9753): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 407.112844][ T9761] Invalid ELF header magic: != ELF [ 407.767140][ T9773] ubi31: attaching mtd0 [ 407.809538][ T9773] ubi31: scanning is finished [ 407.859401][ T9773] ubi31: empty MTD device detected [ 408.558016][ T9773] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 408.666693][ T9773] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3518 bytes [ 408.747445][ T9790] Invalid ELF header magic: != ELF [ 408.841972][ T9773] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 409.028443][ T9773] ubi31: VID header offset: 514 (aligned 514), data offset: 578 [ 409.138623][ T9773] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 409.199370][ T9773] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 20 [ 409.348582][ T9773] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4050230819 [ 409.470435][ T9773] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 409.532168][ T9786] ubi31: background thread "ubi_bgt31d" started, PID 9786 [ 410.076036][ T9799] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 411.752095][ T9834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.697'. [ 412.736253][ T9845] Invalid ELF header magic: != ELF [ 413.308474][ T9854] Console: switching to colour frame buffer device 128x48 [ 413.622369][ T9860] netlink: 28 bytes leftover after parsing attributes in process `syz.2.701'. [ 413.867943][ T9864] netlink: 28 bytes leftover after parsing attributes in process `syz.3.702'. [ 415.361437][ T9892] Invalid ELF header magic: != ELF [ 416.023828][ T9899] __vm_enough_memory: pid: 9899, comm: syz.1.710, bytes: 4398046511104 not enough memory for the allocation [ 419.691916][ T9956] Invalid ELF header magic: != ELF [ 420.796700][ T9966] nvme_fcloop: unknown parameter or missing value '7' [ 422.115162][ T9983] netlink: 28 bytes leftover after parsing attributes in process `syz.3.725'. [ 422.311072][ T9987] Invalid ELF header magic: != ELF [ 424.764867][T10012] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 424.776476][T10012] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 424.818908][T10012] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 424.840964][T10012] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 426.567536][T10035] FAULT_INJECTION: forcing a failure. [ 426.567536][T10035] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 426.677422][T10035] CPU: 0 UID: 0 PID: 10035 Comm: syz.3.734 Not tainted syzkaller #0 PREEMPT(full) [ 426.677449][T10035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 426.677460][T10035] Call Trace: [ 426.677467][T10035] [ 426.677474][T10035] dump_stack_lvl+0x100/0x190 [ 426.677505][T10035] should_fail_ex.cold+0x5/0xa [ 426.677522][T10035] ? prepare_alloc_pages+0x16d/0x5f0 [ 426.677545][T10035] should_fail_alloc_page+0xeb/0x140 [ 426.677565][T10035] prepare_alloc_pages+0x1f0/0x5f0 [ 426.677589][T10035] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 426.677626][T10035] ? find_held_lock+0x2b/0x80 [ 426.677642][T10035] ? is_bpf_text_address+0x8a/0x1a0 [ 426.677670][T10035] ? is_bpf_text_address+0x8a/0x1a0 [ 426.677697][T10035] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 426.677724][T10035] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 426.677744][T10035] ? kernel_text_address+0x8d/0x100 [ 426.677770][T10035] ? __kernel_text_address+0xd/0x30 [ 426.677811][T10035] ? unwind_get_return_address+0x59/0xa0 [ 426.677839][T10035] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 426.677870][T10035] ? policy_nodemask+0xed/0x4f0 [ 426.677892][T10035] alloc_pages_mpol+0x1fb/0x550 [ 426.677917][T10035] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 426.677943][T10035] alloc_pages_noprof+0x131/0x390 [ 426.677963][T10035] __pud_alloc+0x3b/0x6e0 [ 426.677986][T10035] __handle_mm_fault+0x134c/0x2b60 [ 426.678014][T10035] ? mt_find+0x45e/0x8e0 [ 426.678042][T10035] ? __pfx___handle_mm_fault+0x10/0x10 [ 426.678065][T10035] ? __pfx_mt_find+0x10/0x10 [ 426.678109][T10035] handle_mm_fault+0x36d/0xa20 [ 426.678138][T10035] __get_user_pages+0xf9c/0x34d0 [ 426.678168][T10035] ? __pfx___get_user_pages+0x10/0x10 [ 426.678194][T10035] get_user_pages_remote+0x3d2/0xb10 [ 426.678219][T10035] ? __pfx_get_user_pages_remote+0x10/0x10 [ 426.678248][T10035] get_arg_page+0xf4/0x310 [ 426.678273][T10035] ? __pfx_get_arg_page+0x10/0x10 [ 426.678306][T10035] copy_string_kernel+0x17d/0x500 [ 426.678333][T10035] ? alloc_bprm+0x420/0x710 [ 426.678367][T10035] do_execveat_common.isra.0+0x2e6/0x580 [ 426.678399][T10035] __x64_sys_execve+0x93/0xd0 [ 426.678428][T10035] do_syscall_64+0x106/0xf80 [ 426.678451][T10035] ? clear_bhb_loop+0x40/0x90 [ 426.678473][T10035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.678491][T10035] RIP: 0033:0x7f99bfd9c799 [ 426.678507][T10035] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 426.678524][T10035] RSP: 002b:00007f99c0cbb028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 426.678541][T10035] RAX: ffffffffffffffda RBX: 00007f99c0016090 RCX: 00007f99bfd9c799 [ 426.678552][T10035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 426.678562][T10035] RBP: 00007f99bfe32c99 R08: 0000000000000000 R09: 0000000000000000 [ 426.678572][T10035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 426.678582][T10035] R13: 00007f99c0016128 R14: 00007f99c0016090 R15: 00007ffca7e3dbe8 [ 426.678604][T10035] [ 427.214546][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 427.220719][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 427.227906][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 427.233898][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 427.961638][T10044] mtrr: base(0xe00000) is not aligned on a size(0x4000000000) boundary [ 428.038419][T10060] [U] [ 429.237346][T10081] Invalid ELF header magic: != ELF [ 430.588366][T10072] program syz.2.739 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 430.784748][T10101] netlink: 'syz.3.744': attribute type 1 has an invalid length. [ 430.865267][T10101] netlink: 33 bytes leftover after parsing attributes in process `syz.3.744'. [ 431.171598][ T30] audit: type=1800 audit(1773651532.383:16): pid=10106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.745" name="dbroot" dev="configfs" ino=28046 res=0 errno=0 [ 431.754123][T10118] netlink: 4 bytes leftover after parsing attributes in process `syz.2.747'. [ 432.723892][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.749'. [ 432.804060][T10130] netlink: 354 bytes leftover after parsing attributes in process `syz.2.749'. [ 436.009950][T10139] program syz.3.752 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 436.763619][T10184] FAULT_INJECTION: forcing a failure. [ 436.763619][T10184] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 436.822504][T10184] CPU: 0 UID: 0 PID: 10184 Comm: syz.3.760 Not tainted syzkaller #0 PREEMPT(full) [ 436.822530][T10184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 436.822541][T10184] Call Trace: [ 436.822547][T10184] [ 436.822555][T10184] dump_stack_lvl+0x100/0x190 [ 436.822587][T10184] should_fail_ex.cold+0x5/0xa [ 436.822607][T10184] _copy_from_iter+0x1f4/0x1690 [ 436.822631][T10184] ? __asan_memset+0x23/0x50 [ 436.822655][T10184] ? __alloc_skb+0x4e9/0x710 [ 436.822679][T10184] ? __pfx__copy_from_iter+0x10/0x10 [ 436.822698][T10184] ? __pfx___alloc_skb+0x10/0x10 [ 436.822723][T10184] ? skb_page_frag_refill+0x2fc/0x5b0 [ 436.822743][T10184] ? sk_page_frag_refill+0x6c/0x340 [ 436.822764][T10184] tcp_sendmsg_locked+0xc8f/0x45e0 [ 436.822798][T10184] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 436.822818][T10184] ? do_raw_spin_lock+0x128/0x260 [ 436.822845][T10184] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 436.822899][T10184] ? __local_bh_enable_ip+0x9e/0x120 [ 436.822921][T10184] tcp_sendmsg+0x2e/0x50 [ 436.822937][T10184] ? __pfx_tcp_sendmsg+0x10/0x10 [ 436.822955][T10184] inet_sendmsg+0xb9/0x140 [ 436.822975][T10184] sock_write_iter+0x4ea/0x5a0 [ 436.823000][T10184] ? __pfx_inet_sendmsg+0x10/0x10 [ 436.823018][T10184] ? __pfx_sock_write_iter+0x10/0x10 [ 436.823043][T10184] ? bpf_lsm_file_permission+0x9/0x10 [ 436.823071][T10184] ? security_file_permission+0x76/0x210 [ 436.823093][T10184] ? rw_verify_area+0xce/0x6d0 [ 436.823121][T10184] vfs_write+0x6ac/0x1070 [ 436.823138][T10184] ? __pfx_sock_write_iter+0x10/0x10 [ 436.823159][T10184] ? __pfx_vfs_write+0x10/0x10 [ 436.823186][T10184] ? find_held_lock+0x2b/0x80 [ 436.823216][T10184] ksys_write+0x1f8/0x250 [ 436.823232][T10184] ? __pfx_ksys_write+0x10/0x10 [ 436.823254][T10184] do_syscall_64+0x106/0xf80 [ 436.823279][T10184] ? clear_bhb_loop+0x40/0x90 [ 436.823301][T10184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.823319][T10184] RIP: 0033:0x7f99bfd9c799 [ 436.823335][T10184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 436.823351][T10184] RSP: 002b:00007f99c0cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 436.823368][T10184] RAX: ffffffffffffffda RBX: 00007f99c0015fa0 RCX: 00007f99bfd9c799 [ 436.823379][T10184] RDX: 000000000000fdf3 RSI: 0000000000000000 RDI: 0000000000000003 [ 436.823389][T10184] RBP: 00007f99bfe32c99 R08: 0000000000000000 R09: 0000000000000000 [ 436.823399][T10184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 436.823409][T10184] R13: 00007f99c0016038 R14: 00007f99c0015fa0 R15: 00007ffca7e3dbe8 [ 436.823431][T10184] [ 440.317799][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.338396][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.551893][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.765'. [ 440.630524][T10216] netlink: 'syz.0.765': attribute type 1 has an invalid length. [ 440.704657][T10216] netlink: 5 bytes leftover after parsing attributes in process `syz.0.765'. [ 442.202350][T10225] nvme_fcloop: unknown parameter or missing value '7' [ 442.766821][T10246] FAULT_INJECTION: forcing a failure. [ 442.766821][T10246] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 442.835382][T10246] CPU: 0 UID: 0 PID: 10246 Comm: syz.1.772 Tainted: G L syzkaller #0 PREEMPT(full) [ 442.835417][T10246] Tainted: [L]=SOFTLOCKUP [ 442.835424][T10246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 442.835434][T10246] Call Trace: [ 442.835441][T10246] [ 442.835448][T10246] dump_stack_lvl+0x100/0x190 [ 442.835479][T10246] should_fail_ex.cold+0x5/0xa [ 442.835497][T10246] ? prepare_alloc_pages+0x16d/0x5f0 [ 442.835520][T10246] should_fail_alloc_page+0xeb/0x140 [ 442.835540][T10246] prepare_alloc_pages+0x1f0/0x5f0 [ 442.835565][T10246] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 442.835595][T10246] ? __pfx_stack_trace_save+0x10/0x10 [ 442.835614][T10246] ? stack_depot_save_flags+0x27/0x9d0 [ 442.835635][T10246] ? kasan_save_stack+0x3f/0x50 [ 442.835662][T10246] ? kasan_save_stack+0x30/0x50 [ 442.835688][T10246] ? kasan_save_track+0x14/0x30 [ 442.835717][T10246] ? kasan_save_stack+0x3f/0x50 [ 442.835747][T10246] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 442.835779][T10246] ? __lock_acquire+0x4a5/0x2630 [ 442.835801][T10246] ? look_up_lock_class+0x55/0x120 [ 442.835831][T10246] ? lock_acquire+0x1cf/0x380 [ 442.835853][T10246] ? find_held_lock+0x2b/0x80 [ 442.835868][T10246] ? page_table_check_set+0x49a/0xa10 [ 442.835885][T10246] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 442.835916][T10246] ? policy_nodemask+0xed/0x4f0 [ 442.835936][T10246] alloc_pages_mpol+0x1fb/0x550 [ 442.835955][T10246] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 442.835980][T10246] folio_alloc_mpol_noprof+0x36/0x340 [ 442.836013][T10246] vma_alloc_folio_noprof+0xed/0x1d0 [ 442.836034][T10246] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 442.836063][T10246] do_anonymous_page+0xb3a/0x1fb0 [ 442.836096][T10246] __handle_mm_fault+0x1d42/0x2b60 [ 442.836127][T10246] ? __pfx___handle_mm_fault+0x10/0x10 [ 442.836154][T10246] ? pte_offset_map_lock+0x174/0x320 [ 442.836172][T10246] ? find_held_lock+0x2b/0x80 [ 442.836199][T10246] ? follow_page_pte+0x5b3/0x1400 [ 442.836223][T10246] handle_mm_fault+0x36d/0xa20 [ 442.836252][T10246] __get_user_pages+0xf9c/0x34d0 [ 442.836280][T10246] ? __pfx___get_user_pages+0x10/0x10 [ 442.836307][T10246] populate_vma_page_range+0x267/0x3f0 [ 442.836330][T10246] ? __pfx_populate_vma_page_range+0x10/0x10 [ 442.836351][T10246] ? __pfx_find_vma_intersection+0x10/0x10 [ 442.836370][T10246] ? do_mmap+0x93f/0x12f0 [ 442.836392][T10246] __mm_populate+0x107/0x3a0 [ 442.836413][T10246] ? __pfx___mm_populate+0x10/0x10 [ 442.836436][T10246] ? up_write+0x290/0x4f0 [ 442.836473][T10246] vm_mmap_pgoff+0x37f/0x470 [ 442.836496][T10246] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 442.836518][T10246] ? do_futex+0x192/0x350 [ 442.836542][T10246] ? __pfx_do_futex+0x10/0x10 [ 442.836564][T10246] ? __pfx_do_sys_openat2+0x10/0x10 [ 442.836592][T10246] ksys_mmap_pgoff+0xe1/0x650 [ 442.836611][T10246] ? __x64_sys_futex+0x34f/0x4d0 [ 442.836633][T10246] ? __x64_sys_futex+0x358/0x4d0 [ 442.836656][T10246] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 442.836675][T10246] ? xfd_validate_state+0x129/0x190 [ 442.836705][T10246] __x64_sys_mmap+0x125/0x190 [ 442.836734][T10246] do_syscall_64+0x106/0xf80 [ 442.836763][T10246] ? clear_bhb_loop+0x40/0x90 [ 442.836784][T10246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.836802][T10246] RIP: 0033:0x7f8c5ed9c799 [ 442.836817][T10246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 442.836834][T10246] RSP: 002b:00007f8c5fbdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 442.836853][T10246] RAX: ffffffffffffffda RBX: 00007f8c5f016090 RCX: 00007f8c5ed9c799 [ 442.836864][T10246] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 442.836874][T10246] RBP: 00007f8c5ee32c99 R08: 0000000000000002 R09: 0000000000008000 [ 442.836885][T10246] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 442.836895][T10246] R13: 00007f8c5f016128 R14: 00007f8c5f016090 R15: 00007ffcb2f0e518 [ 442.836917][T10246] [ 443.250258][T10244] Invalid ELF header magic: != ELF [ 444.714060][T10258] netlink: 342 bytes leftover after parsing attributes in process `syz.1.774'. [ 444.862141][T10258] FAULT_INJECTION: forcing a failure. [ 444.862141][T10258] name failslab, interval 1, probability 0, space 0, times 0 [ 444.953593][T10258] CPU: 0 UID: 0 PID: 10258 Comm: syz.1.774 Tainted: G L syzkaller #0 PREEMPT(full) [ 444.953625][T10258] Tainted: [L]=SOFTLOCKUP [ 444.953631][T10258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 444.953641][T10258] Call Trace: [ 444.953648][T10258] [ 444.953655][T10258] dump_stack_lvl+0x100/0x190 [ 444.953690][T10258] should_fail_ex.cold+0x5/0xa [ 444.953711][T10258] should_failslab+0xc2/0x120 [ 444.953729][T10258] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 444.953756][T10258] ? security_inode_alloc+0x3b/0x2c0 [ 444.953774][T10258] ? lockdep_init_map_type+0x5c/0x250 [ 444.953800][T10258] security_inode_alloc+0x3b/0x2c0 [ 444.953818][T10258] inode_init_always_gfp+0xced/0x1040 [ 444.953840][T10258] alloc_inode+0x8e/0x250 [ 444.953863][T10258] path_from_stashed+0x25b/0x750 [ 444.953882][T10258] ? do_raw_spin_unlock+0x145/0x1e0 [ 444.953912][T10258] ns_get_path+0x60/0x80 [ 444.953931][T10258] proc_ns_get_link+0x121/0x230 [ 444.953956][T10258] ? __pfx_proc_ns_get_link+0x10/0x10 [ 444.953983][T10258] ? atime_needs_update+0x8b/0x6b0 [ 444.954010][T10258] pick_link+0xd17/0x13c0 [ 444.954034][T10258] ? __pfx_proc_ns_get_link+0x10/0x10 [ 444.954062][T10258] step_into_slowpath+0x9ba/0xf90 [ 444.954093][T10258] ? __pfx_step_into_slowpath+0x10/0x10 [ 444.954119][T10258] ? find_held_lock+0x2b/0x80 [ 444.954142][T10258] path_openat+0xf95/0x31a0 [ 444.954168][T10258] ? __pfx_path_openat+0x10/0x10 [ 444.954195][T10258] do_file_open+0x20e/0x430 [ 444.954215][T10258] ? __pfx_do_file_open+0x10/0x10 [ 444.954249][T10258] ? alloc_fd+0x476/0x790 [ 444.954267][T10258] ? do_getname+0x191/0x390 [ 444.954292][T10258] do_sys_openat2+0x10d/0x1e0 [ 444.954321][T10258] ? __pfx_do_sys_openat2+0x10/0x10 [ 444.954353][T10258] __x64_sys_openat+0x12d/0x210 [ 444.954377][T10258] ? __pfx___x64_sys_openat+0x10/0x10 [ 444.954410][T10258] do_syscall_64+0x106/0xf80 [ 444.954435][T10258] ? clear_bhb_loop+0x40/0x90 [ 444.954457][T10258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.954475][T10258] RIP: 0033:0x7f8c5ed5cfce [ 444.954491][T10258] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 444.954507][T10258] RSP: 002b:00007f8c5fbfcec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 444.954524][T10258] RAX: ffffffffffffffda RBX: 00007f8c5fbfd6c0 RCX: 00007f8c5ed5cfce [ 444.954536][T10258] RDX: 0000000000000002 RSI: 00007f8c5fbfcf90 RDI: ffffffffffffff9c [ 444.954547][T10258] RBP: 00007f8c5ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 444.954557][T10258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.954568][T10258] R13: 00007f8c5f016038 R14: 00007f8c5f015fa0 R15: 00007ffcb2f0e518 [ 444.954590][T10258] [ 446.417288][T10296] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 446.576005][T10299] Invalid ELF header magic: != ELF [ 447.215583][T10300] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 449.283806][T10335] FAULT_INJECTION: forcing a failure. [ 449.283806][T10335] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 449.438914][T10335] CPU: 0 UID: 0 PID: 10335 Comm: syz.0.788 Tainted: G L syzkaller #0 PREEMPT(full) [ 449.438946][T10335] Tainted: [L]=SOFTLOCKUP [ 449.438953][T10335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 449.438963][T10335] Call Trace: [ 449.438969][T10335] [ 449.438976][T10335] dump_stack_lvl+0x100/0x190 [ 449.439016][T10335] should_fail_ex.cold+0x5/0xa [ 449.439037][T10335] _copy_from_user+0x2e/0xd0 [ 449.439058][T10335] copy_mount_options+0x76/0x190 [ 449.439085][T10335] __x64_sys_mount+0x1ab/0x310 [ 449.439106][T10335] ? __pfx___x64_sys_mount+0x10/0x10 [ 449.439133][T10335] do_syscall_64+0x106/0xf80 [ 449.439157][T10335] ? clear_bhb_loop+0x40/0x90 [ 449.439178][T10335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.439196][T10335] RIP: 0033:0x7fbec739c799 [ 449.439212][T10335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 449.439229][T10335] RSP: 002b:00007fbec82f9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 449.439246][T10335] RAX: ffffffffffffffda RBX: 00007fbec7616090 RCX: 00007fbec739c799 [ 449.439257][T10335] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 449.439267][T10335] RBP: 00007fbec7432c99 R08: 0000200000000280 R09: 0000000000000000 [ 449.439277][T10335] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 449.439287][T10335] R13: 00007fbec7616128 R14: 00007fbec7616090 R15: 00007ffe922b2d48 [ 449.439308][T10335] [ 451.489122][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.792'. [ 454.088257][T10396] mmap: syz.2.800 (10396) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 455.484386][T10419] Invalid ELF header magic: != ELF [ 457.113750][T10432] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 457.314884][T10432] File: /dev/nullb0 PID: 10432 Comm: syz.2.805 [ 460.340994][T10468] netlink: 4 bytes leftover after parsing attributes in process `syz.0.812'. [ 460.355163][T10462] ERROR: Out of memory at tomoyo_memory_ok. [ 460.423440][T10469] netlink: 'syz.0.812': attribute type 1 has an invalid length. [ 460.514884][T10469] netlink: 5 bytes leftover after parsing attributes in process `syz.0.812'. [ 461.195969][T10467] Invalid ELF header magic: != ELF [ 461.943171][T10486] FAULT_INJECTION: forcing a failure. [ 461.943171][T10486] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 462.062719][T10486] CPU: 0 UID: 0 PID: 10486 Comm: syz.0.816 Tainted: G L syzkaller #0 PREEMPT(full) [ 462.062750][T10486] Tainted: [L]=SOFTLOCKUP [ 462.062756][T10486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 462.062767][T10486] Call Trace: [ 462.062773][T10486] [ 462.062780][T10486] dump_stack_lvl+0x100/0x190 [ 462.062812][T10486] should_fail_ex.cold+0x5/0xa [ 462.062854][T10486] _copy_from_iter+0x1f4/0x1690 [ 462.062877][T10486] ? sk_leave_memory_pressure+0x81/0x140 [ 462.062897][T10486] ? __sk_mem_raise_allocated+0x789/0x15a0 [ 462.062925][T10486] ? __pfx__copy_from_iter+0x10/0x10 [ 462.062944][T10486] ? __pfx___alloc_skb+0x10/0x10 [ 462.062975][T10486] ? skb_page_frag_refill+0x2fc/0x5b0 [ 462.062996][T10486] ? sk_page_frag_refill+0x6c/0x340 [ 462.063018][T10486] tcp_sendmsg_locked+0xc8f/0x45e0 [ 462.063051][T10486] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 462.063072][T10486] ? do_raw_spin_lock+0x128/0x260 [ 462.063099][T10486] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 462.063132][T10486] ? __local_bh_enable_ip+0x9e/0x120 [ 462.063154][T10486] tcp_sendmsg+0x2e/0x50 [ 462.063170][T10486] ? __pfx_tcp_sendmsg+0x10/0x10 [ 462.063188][T10486] inet_sendmsg+0xb9/0x140 [ 462.063207][T10486] sock_write_iter+0x4ea/0x5a0 [ 462.063224][T10486] ? __pfx_inet_sendmsg+0x10/0x10 [ 462.063242][T10486] ? __pfx_sock_write_iter+0x10/0x10 [ 462.063268][T10486] ? bpf_lsm_file_permission+0x9/0x10 [ 462.063296][T10486] ? security_file_permission+0x76/0x210 [ 462.063318][T10486] ? rw_verify_area+0xce/0x6d0 [ 462.063345][T10486] vfs_write+0x6ac/0x1070 [ 462.063362][T10486] ? __pfx_sock_write_iter+0x10/0x10 [ 462.063381][T10486] ? __pfx_vfs_write+0x10/0x10 [ 462.063407][T10486] ? find_held_lock+0x2b/0x80 [ 462.063437][T10486] ksys_write+0x1f8/0x250 [ 462.063453][T10486] ? __pfx_ksys_write+0x10/0x10 [ 462.063475][T10486] do_syscall_64+0x106/0xf80 [ 462.063499][T10486] ? clear_bhb_loop+0x40/0x90 [ 462.063521][T10486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.063539][T10486] RIP: 0033:0x7fbec739c799 [ 462.063554][T10486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 462.063571][T10486] RSP: 002b:00007fbec831a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 462.063588][T10486] RAX: ffffffffffffffda RBX: 00007fbec7615fa0 RCX: 00007fbec739c799 [ 462.063600][T10486] RDX: 000000000000fdf3 RSI: 0000000000000000 RDI: 0000000000000003 [ 462.063611][T10486] RBP: 00007fbec7432c99 R08: 0000000000000000 R09: 0000000000000000 [ 462.063621][T10486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.063631][T10486] R13: 00007fbec7616038 R14: 00007fbec7615fa0 R15: 00007ffe922b2d48 [ 462.063654][T10486] [ 463.058549][T10500] netlink: 28 bytes leftover after parsing attributes in process `syz.0.820'. [ 464.246554][T10517] random: crng reseeded on system resumption [ 464.495080][T10521] netlink: 504 bytes leftover after parsing attributes in process `syz.3.824'. [ 464.726371][T10516] netlink: 350 bytes leftover after parsing attributes in process `syz.3.824'. [ 466.228702][ T30] audit: type=1800 audit(4294967331.987:17): pid=10552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.829" name="lu_gp_id" dev="configfs" ino=29695 res=0 errno=0 [ 466.265598][T10552] kstrtoul() returned -22 for lu_gp_id [ 466.358534][T10546] zswap: compressor not available [ 466.751405][T10562] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.831: iget: checksum invalid [ 466.918294][T10562] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 467.054730][T10562] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.831: iget: checksum invalid [ 467.233437][T10562] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 467.352882][T10562] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.831: iget: checksum invalid [ 467.574577][T10562] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 467.758751][T10562] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.831: iget: checksum invalid [ 467.883166][T10562] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 467.980159][T10562] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 468.071767][T10562] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 469.092401][T10593] Invalid ELF header magic: != ELF [ 470.663872][ T5832] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 471.766198][T10623] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 472.724592][T10636] Invalid ELF header magic: != ELF [ 476.004763][T10681] netlink: 4 bytes leftover after parsing attributes in process `syz.0.855'. [ 476.087314][T10684] netlink: 'syz.0.855': attribute type 1 has an invalid length. [ 476.173987][T10684] netlink: 5 bytes leftover after parsing attributes in process `syz.0.855'. [ 479.154410][T10719] Invalid ELF header magic: != ELF [ 480.635788][T10739] Invalid ELF header magic: != ELF [ 484.544242][T10774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.873'. [ 484.617447][T10774] netlink: 354 bytes leftover after parsing attributes in process `syz.3.873'. [ 485.650629][T10791] FAULT_INJECTION: forcing a failure. [ 485.650629][T10791] name failslab, interval 1, probability 0, space 0, times 0 [ 485.823969][T10791] CPU: 0 UID: 0 PID: 10791 Comm: syz.1.878 Tainted: G L syzkaller #0 PREEMPT(full) [ 485.824000][T10791] Tainted: [L]=SOFTLOCKUP [ 485.824008][T10791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 485.824018][T10791] Call Trace: [ 485.824024][T10791] [ 485.824031][T10791] dump_stack_lvl+0x100/0x190 [ 485.824062][T10791] should_fail_ex.cold+0x5/0xa [ 485.824081][T10791] ? __pfx_nfsd_fill_super+0x10/0x10 [ 485.824102][T10791] should_failslab+0xc2/0x120 [ 485.824121][T10791] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 485.824148][T10791] ? alloc_inode+0x183/0x250 [ 485.824174][T10791] ? __pfx_nfsd_fill_super+0x10/0x10 [ 485.824193][T10791] alloc_inode+0x183/0x250 [ 485.824217][T10791] new_inode+0x22/0x1c0 [ 485.824241][T10791] ? __pfx_nfsd_fill_super+0x10/0x10 [ 485.824269][T10791] nfsd_fill_super+0x145/0x560 [ 485.824290][T10791] ? __pfx_nfsd_fill_super+0x10/0x10 [ 485.824309][T10791] get_tree_keyed+0x10e/0x1d0 [ 485.824337][T10791] vfs_get_tree+0x92/0x320 [ 485.824362][T10791] path_mount+0x7d0/0x23d0 [ 485.824386][T10791] ? __pfx_path_mount+0x10/0x10 [ 485.824405][T10791] ? lockdep_hardirqs_on+0x78/0x100 [ 485.824433][T10791] ? putname+0xb1/0x110 [ 485.824450][T10791] ? kmem_cache_free+0x124/0x6a0 [ 485.824481][T10791] ? __x64_sys_mount+0x293/0x310 [ 485.824500][T10791] __x64_sys_mount+0x293/0x310 [ 485.824521][T10791] ? __pfx___x64_sys_mount+0x10/0x10 [ 485.824548][T10791] do_syscall_64+0x106/0xf80 [ 485.824572][T10791] ? clear_bhb_loop+0x40/0x90 [ 485.824595][T10791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.824613][T10791] RIP: 0033:0x7f8c5ed9c799 [ 485.824628][T10791] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 485.824644][T10791] RSP: 002b:00007f8c5fbdc028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 485.824662][T10791] RAX: ffffffffffffffda RBX: 00007f8c5f016090 RCX: 00007f8c5ed9c799 [ 485.824673][T10791] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 485.824683][T10791] RBP: 00007f8c5ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 485.824693][T10791] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 485.824702][T10791] R13: 00007f8c5f016128 R14: 00007f8c5f016090 R15: 00007ffcb2f0e518 [ 485.824724][T10791] [ 486.616356][T10799] zswap: compressor not available [ 490.186182][T10855] Invalid ELF header magic: != ELF [ 490.236523][T10857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.891'. [ 491.361303][T10873] netlink: 4 bytes leftover after parsing attributes in process `syz.1.894'. [ 491.471838][T10875] netlink: 'syz.1.894': attribute type 1 has an invalid length. [ 491.591722][T10875] netlink: 5 bytes leftover after parsing attributes in process `syz.1.894'. [ 492.137860][T10887] sg_write: process 1129 (syz.1.898) changed security contexts after opening file descriptor, this is not allowed. [ 493.136037][T10868] program syz.2.892 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 496.563106][T10928] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 496.601596][T10928] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 496.671778][T10928] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 496.683800][T10928] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 496.743990][T10928] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 498.380268][ T1218] usb usb40-port2: attempt power cycle [ 498.505437][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 498.663416][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 498.743420][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 498.823740][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 498.986977][ T1218] usb usb40-port2: unable to enumerate USB device [ 499.905160][T10984] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.919: iget: checksum invalid [ 500.101700][T10984] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 500.254161][T10984] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.919: iget: checksum invalid [ 500.302157][ T30] audit: type=1804 audit(4294967353.446:18): pid=10994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.920" name=2F6E6577726F6F742F3233352F22050820 dev="tmpfs" ino=1262 res=1 errno=0 [ 500.421552][ T30] audit: type=1800 audit(4294967353.446:19): pid=10994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.920" name=22050820 dev="tmpfs" ino=1262 res=0 errno=0 [ 500.464499][T10984] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 500.573474][T10984] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.919: iget: checksum invalid [ 500.724427][T10984] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 500.826729][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 500.832836][ T5832] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 500.970465][T10984] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.919: iget: checksum invalid [ 501.147474][T10984] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 501.327454][T10984] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 501.407411][T10984] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 501.548243][T11006] Invalid ELF header magic: != ELF [ 501.787711][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.794082][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.171658][T11010] zswap: compressor not available [ 502.514399][T11022] Invalid ELF header magic: != ELF [ 502.665866][T11032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.928'. [ 502.746264][T11033] netlink: 'syz.3.928': attribute type 1 has an invalid length. [ 502.837970][T11033] netlink: 5 bytes leftover after parsing attributes in process `syz.3.928'. [ 503.409328][T11025] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 503.415963][T11025] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 505.700366][T11058] Invalid ELF header magic: != ELF [ 506.680709][T11069] Invalid ELF header magic: != ELF [ 513.079095][T11125] FAULT_INJECTION: forcing a failure. [ 513.079095][T11125] name failslab, interval 1, probability 0, space 0, times 0 [ 513.177765][T11125] CPU: 0 UID: 0 PID: 11125 Comm: syz.1.948 Tainted: G L syzkaller #0 PREEMPT(full) [ 513.177798][T11125] Tainted: [L]=SOFTLOCKUP [ 513.177805][T11125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 513.177815][T11125] Call Trace: [ 513.177821][T11125] [ 513.177828][T11125] dump_stack_lvl+0x100/0x190 [ 513.177859][T11125] should_fail_ex.cold+0x5/0xa [ 513.177880][T11125] ? pcpu_get_vm_areas+0x454/0x55d0 [ 513.177898][T11125] should_failslab+0xc2/0x120 [ 513.177916][T11125] __kmalloc_noprof+0xe0/0x850 [ 513.177954][T11125] pcpu_get_vm_areas+0x454/0x55d0 [ 513.177980][T11125] ? pcpu_mem_zalloc+0x54/0xb0 [ 513.178003][T11125] ? __vmalloc_node_noprof+0xad/0xf0 [ 513.178028][T11125] ? __vmalloc_noprof+0xa3/0x120 [ 513.178049][T11125] ? __pfx___vmalloc_noprof+0x10/0x10 [ 513.178070][T11125] ? __kasan_kmalloc+0xaa/0xb0 [ 513.178097][T11125] ? __pfx_pcpu_get_vm_areas+0x10/0x10 [ 513.178122][T11125] pcpu_create_chunk+0x254/0x730 [ 513.178158][T11125] pcpu_alloc_noprof+0x18c4/0x1c50 [ 513.178196][T11125] bpf_map_alloc_percpu+0x9a/0xf0 [ 513.178214][T11125] ? __pfx_bpf_map_alloc_percpu+0x10/0x10 [ 513.178234][T11125] ? __pfx___might_resched+0x10/0x10 [ 513.178261][T11125] ? __bpf_map_area_alloc+0x13a/0x200 [ 513.178286][T11125] htab_map_alloc+0x1054/0x14e0 [ 513.178319][T11125] ? ns_capable+0xd2/0xf0 [ 513.178337][T11125] ? __pfx_htab_map_mem_usage+0x10/0x10 [ 513.178365][T11125] map_create+0x84e/0x2ba0 [ 513.178381][T11125] ? preempt_schedule_thunk+0x16/0x30 [ 513.178411][T11125] ? __pfx_map_create+0x10/0x10 [ 513.178426][T11125] ? __might_fault+0xc5/0x140 [ 513.178450][T11125] ? __might_fault+0xc5/0x140 [ 513.178483][T11125] __sys_bpf+0x2091/0x4b90 [ 513.178502][T11125] ? futex_private_hash_put+0x107/0x1c0 [ 513.178526][T11125] ? __pfx___sys_bpf+0x10/0x10 [ 513.178548][T11125] ? __pfx_futex_wake+0x10/0x10 [ 513.178577][T11125] ? do_writev+0x214/0x340 [ 513.178609][T11125] ? do_futex+0x192/0x350 [ 513.178645][T11125] ? xfd_validate_state+0x129/0x190 [ 513.178675][T11125] __x64_sys_bpf+0x7b/0xc0 [ 513.178695][T11125] ? lockdep_hardirqs_on+0x78/0x100 [ 513.178720][T11125] do_syscall_64+0x106/0xf80 [ 513.178744][T11125] ? clear_bhb_loop+0x40/0x90 [ 513.178766][T11125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.178783][T11125] RIP: 0033:0x7f8c5ed9c799 [ 513.178798][T11125] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.178817][T11125] RSP: 002b:00007f8c5fbfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 513.178835][T11125] RAX: ffffffffffffffda RBX: 00007f8c5f015fa0 RCX: 00007f8c5ed9c799 [ 513.178847][T11125] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 513.178857][T11125] RBP: 00007f8c5ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 513.178868][T11125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.178878][T11125] R13: 00007f8c5f016038 R14: 00007f8c5f015fa0 R15: 00007ffcb2f0e518 [ 513.178901][T11125] [ 514.664928][T11141] Invalid ELF header magic: != ELF [ 522.417188][T11249] futex_wake_op: syz.3.968 tries to shift op by -2048; fix this program [ 522.514393][T11249] futex_wake_op: syz.3.968 tries to shift op by -2048; fix this program [ 522.549377][T11248] program syz.2.966 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 523.192667][T11257] Invalid ELF header magic: != ELF [ 523.618371][T11270] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.972: iget: checksum invalid [ 523.821071][T11270] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 524.020548][T11275] vivid-007: ================= START STATUS ================= [ 524.040887][T11270] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.972: iget: checksum invalid [ 524.069272][T11275] vivid-007: Generate PTS: true [ 524.087036][T11275] vivid-007: Generate SCR: true [ 524.110378][T11275] tpg source WxH: 320x240 (Y'CbCr) [ 524.140616][T11275] tpg field: 1 [ 524.154256][T11270] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 524.171935][T11275] tpg crop: (0,0)/320x240 [ 524.182309][T11275] tpg compose: (0,0)/320x240 [ 524.201688][T11275] tpg colorspace: 8 [ 524.205529][T11275] tpg transfer function: 0/0 [ 524.246214][T11275] tpg Y'CbCr encoding: 0/0 [ 524.253846][T11270] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.972: iget: checksum invalid [ 524.292917][T11275] tpg quantization: 0/0 [ 524.360749][T11275] tpg RGB range: 0/2 [ 524.365928][T11270] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 524.433839][T11275] vivid-007: ================== END STATUS ================== [ 524.502058][T11270] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.972: iget: checksum invalid [ 524.637136][T11270] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 524.726271][T11270] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 524.814752][T11270] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 525.190956][T11288] Invalid ELF header magic: != ELF [ 527.461741][T11331] Invalid ELF header magic: != ELF [ 527.658900][T11316] program syz.2.981 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 530.299702][T11363] program syz.0.988 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 530.726864][T11382] Invalid ELF header magic: != ELF [ 532.118068][ T30] audit: type=1804 audit(4294967354.196:20): pid=11396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.994" name=2F6E6577726F6F742F3234372F22050820 dev="tmpfs" ino=1319 res=1 errno=0 [ 532.249997][ T30] audit: type=1800 audit(4294967354.196:21): pid=11396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.994" name=22050820 dev="tmpfs" ino=1319 res=0 errno=0 [ 533.781509][ T9] usb usb40-port2: attempt power cycle [ 534.371977][ T9] usb usb40-port2: unable to enumerate USB device [ 535.115090][T11418] program syz.2.996 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 535.427953][T11434] FAULT_INJECTION: forcing a failure. [ 535.427953][T11434] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 535.626260][T11434] CPU: 0 UID: 0 PID: 11434 Comm: syz.1.999 Tainted: G L syzkaller #0 PREEMPT(full) [ 535.626292][T11434] Tainted: [L]=SOFTLOCKUP [ 535.626299][T11434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 535.626309][T11434] Call Trace: [ 535.626316][T11434] [ 535.626323][T11434] dump_stack_lvl+0x100/0x190 [ 535.626355][T11434] should_fail_ex.cold+0x5/0xa [ 535.626372][T11434] ? prepare_alloc_pages+0x16d/0x5f0 [ 535.626394][T11434] should_fail_alloc_page+0xeb/0x140 [ 535.626416][T11434] prepare_alloc_pages+0x1f0/0x5f0 [ 535.626440][T11434] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 535.626471][T11434] ? rcu_is_watching+0x12/0xc0 [ 535.626498][T11434] ? trace_mm_page_alloc+0x17a/0x1d0 [ 535.626519][T11434] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 535.626550][T11434] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 535.626579][T11434] ? stack_trace_save+0x8e/0xc0 [ 535.626598][T11434] ? stack_depot_save_flags+0x27/0x9d0 [ 535.626626][T11434] ? __lock_acquire+0x4a5/0x2630 [ 535.626652][T11434] ? kasan_save_stack+0x3f/0x50 [ 535.626680][T11434] ? kasan_save_track+0x14/0x30 [ 535.626707][T11434] ? __kasan_slab_free+0x5f/0x80 [ 535.626722][T11434] ? kmem_cache_free+0x124/0x6a0 [ 535.626746][T11434] ? pcpu_get_vm_areas+0x21c0/0x55d0 [ 535.626764][T11434] ? pcpu_create_chunk+0x254/0x730 [ 535.626799][T11434] ? pcpu_alloc_noprof+0x18c4/0x1c50 [ 535.626824][T11434] ? bpf_map_alloc_percpu+0x9a/0xf0 [ 535.626847][T11434] ? htab_map_alloc+0x1054/0x14e0 [ 535.626874][T11434] ? map_create+0x84e/0x2ba0 [ 535.626889][T11434] ? __sys_bpf+0x2091/0x4b90 [ 535.626914][T11434] alloc_pages_bulk_noprof+0x782/0x1490 [ 535.626951][T11434] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 535.626987][T11434] ? alloc_pages_noprof+0x233/0x390 [ 535.627009][T11434] __kasan_populate_vmalloc+0xf0/0x210 [ 535.627041][T11434] pcpu_get_vm_areas+0x2df1/0x55d0 [ 535.627078][T11434] ? __pfx_pcpu_get_vm_areas+0x10/0x10 [ 535.627104][T11434] pcpu_create_chunk+0x254/0x730 [ 535.627132][T11434] pcpu_alloc_noprof+0x18c4/0x1c50 [ 535.627168][T11434] bpf_map_alloc_percpu+0x9a/0xf0 [ 535.627186][T11434] ? __pfx_bpf_map_alloc_percpu+0x10/0x10 [ 535.627205][T11434] ? __pfx___might_resched+0x10/0x10 [ 535.627231][T11434] ? __bpf_map_area_alloc+0x13a/0x200 [ 535.627255][T11434] htab_map_alloc+0x1054/0x14e0 [ 535.627288][T11434] ? ns_capable+0xd2/0xf0 [ 535.627306][T11434] ? __pfx_htab_map_mem_usage+0x10/0x10 [ 535.627335][T11434] map_create+0x84e/0x2ba0 [ 535.627351][T11434] ? preempt_schedule_thunk+0x16/0x30 [ 535.627381][T11434] ? __pfx_map_create+0x10/0x10 [ 535.627396][T11434] ? __might_fault+0xc5/0x140 [ 535.627421][T11434] ? __might_fault+0xc5/0x140 [ 535.627455][T11434] __sys_bpf+0x2091/0x4b90 [ 535.627473][T11434] ? futex_private_hash_put+0x107/0x1c0 [ 535.627497][T11434] ? __pfx___sys_bpf+0x10/0x10 [ 535.627519][T11434] ? __pfx_futex_wake+0x10/0x10 [ 535.627549][T11434] ? do_writev+0x214/0x340 [ 535.627580][T11434] ? do_futex+0x192/0x350 [ 535.627616][T11434] ? xfd_validate_state+0x129/0x190 [ 535.627647][T11434] __x64_sys_bpf+0x7b/0xc0 [ 535.627672][T11434] ? lockdep_hardirqs_on+0x78/0x100 [ 535.627698][T11434] do_syscall_64+0x106/0xf80 [ 535.627721][T11434] ? clear_bhb_loop+0x40/0x90 [ 535.627743][T11434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.627761][T11434] RIP: 0033:0x7f8c5ed9c799 [ 535.627778][T11434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 535.627796][T11434] RSP: 002b:00007f8c5fbfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 535.627814][T11434] RAX: ffffffffffffffda RBX: 00007f8c5f015fa0 RCX: 00007f8c5ed9c799 [ 535.627825][T11434] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 535.627841][T11434] RBP: 00007f8c5ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 535.627852][T11434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 535.627862][T11434] R13: 00007f8c5f016038 R14: 00007f8c5f015fa0 R15: 00007ffcb2f0e518 [ 535.627885][T11434] [ 536.205976][T11438] Invalid ELF header magic: != ELF [ 536.647911][T11442] Invalid ELF header magic: != ELF [ 537.019381][T11452] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1004: iget: checksum invalid [ 537.219540][T11452] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 537.389148][T11452] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1004: iget: checksum invalid [ 537.421306][T11445] program syz.0.1001 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 537.554680][T11452] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 537.640711][T11452] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1004: iget: checksum invalid [ 537.754211][T11452] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 537.825533][T11452] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1004: iget: checksum invalid [ 537.915470][T11452] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 537.981606][T11452] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 538.044999][T11452] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 538.142085][T11461] program syz.2.1005 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 539.274335][T11481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1009'. [ 539.696695][T11491] FAULT_INJECTION: forcing a failure. [ 539.696695][T11491] name failslab, interval 1, probability 0, space 0, times 0 [ 539.836378][T11491] CPU: 0 UID: 0 PID: 11491 Comm: syz.3.1010 Tainted: G L syzkaller #0 PREEMPT(full) [ 539.836411][T11491] Tainted: [L]=SOFTLOCKUP [ 539.836418][T11491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 539.836429][T11491] Call Trace: [ 539.836434][T11491] [ 539.836441][T11491] dump_stack_lvl+0x100/0x190 [ 539.836473][T11491] should_fail_ex.cold+0x5/0xa [ 539.836493][T11491] should_failslab+0xc2/0x120 [ 539.836513][T11491] __kvmalloc_node_noprof+0xfa/0xa00 [ 539.836540][T11491] ? seq_read_iter+0x819/0x1270 [ 539.836572][T11491] seq_read_iter+0x819/0x1270 [ 539.836601][T11491] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 539.836635][T11491] kernfs_fop_read_iter+0x46c/0x610 [ 539.836661][T11491] copy_splice_read+0x4ba/0xb90 [ 539.836683][T11491] ? __pfx_copy_splice_read+0x10/0x10 [ 539.836702][T11491] ? look_up_lock_class+0x55/0x120 [ 539.836731][T11491] ? lockdep_init_map_type+0x5c/0x250 [ 539.836756][T11491] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 539.836792][T11491] ? __pfx_copy_splice_read+0x10/0x10 [ 539.836809][T11491] do_splice_read+0x285/0x370 [ 539.836829][T11491] splice_direct_to_actor+0x2a1/0xa30 [ 539.836848][T11491] ? __pfx_direct_splice_actor+0x10/0x10 [ 539.836882][T11491] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 539.836915][T11491] do_splice_direct+0x174/0x240 [ 539.836934][T11491] ? __pfx_do_splice_direct+0x10/0x10 [ 539.836952][T11491] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 539.836986][T11491] ? rw_verify_area+0xce/0x6d0 [ 539.837014][T11491] do_sendfile+0xadc/0xe20 [ 539.837046][T11491] ? __pfx_do_sendfile+0x10/0x10 [ 539.837072][T11491] ? apparmor_capable+0x1d7/0x4d0 [ 539.837093][T11491] ? __x64_sys_futex+0x34f/0x4d0 [ 539.837115][T11491] ? __x64_sys_futex+0x358/0x4d0 [ 539.837141][T11491] __x64_sys_sendfile64+0x1d8/0x220 [ 539.837161][T11491] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 539.837189][T11491] do_syscall_64+0x106/0xf80 [ 539.837216][T11491] ? clear_bhb_loop+0x40/0x90 [ 539.837238][T11491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.837256][T11491] RIP: 0033:0x7f99bfd9c799 [ 539.837272][T11491] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 539.837291][T11491] RSP: 002b:00007f99c0cbb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 539.837309][T11491] RAX: ffffffffffffffda RBX: 00007f99c0016090 RCX: 00007f99bfd9c799 [ 539.837320][T11491] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 539.837331][T11491] RBP: 00007f99bfe32c99 R08: 0000000000000000 R09: 0000000000000000 [ 539.837341][T11491] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 539.837351][T11491] R13: 00007f99c0016128 R14: 00007f99c0016090 R15: 00007ffca7e3dbe8 [ 539.837373][T11491] [ 540.473301][T11495] kvm: kvm [11494]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000085) [ 541.209110][T11501] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1013'. [ 542.087065][T11511] Invalid ELF header magic: != ELF [ 542.423360][T11509] Invalid ELF header magic: != ELF [ 542.897793][T11522] futex_wake_op: syz.0.1017 tries to shift op by -2048; fix this program [ 542.981516][T11522] futex_wake_op: syz.0.1017 tries to shift op by -2048; fix this program [ 544.072071][T11531] Invalid ELF header magic: != ELF [ 544.798638][T11545] Invalid ELF header magic: != ELF [ 544.908946][T11551] FAULT_INJECTION: forcing a failure. [ 544.908946][T11551] name failslab, interval 1, probability 0, space 0, times 0 [ 544.981596][T11551] CPU: 0 UID: 0 PID: 11551 Comm: syz.0.1022 Tainted: G L syzkaller #0 PREEMPT(full) [ 544.981628][T11551] Tainted: [L]=SOFTLOCKUP [ 544.981634][T11551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 544.981645][T11551] Call Trace: [ 544.981651][T11551] [ 544.981659][T11551] dump_stack_lvl+0x100/0x190 [ 544.981691][T11551] should_fail_ex.cold+0x5/0xa [ 544.981712][T11551] should_failslab+0xc2/0x120 [ 544.981733][T11551] __kvmalloc_node_noprof+0xfa/0xa00 [ 544.981761][T11551] ? seq_read_iter+0x819/0x1270 [ 544.981793][T11551] seq_read_iter+0x819/0x1270 [ 544.981821][T11551] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 544.981856][T11551] kernfs_fop_read_iter+0x46c/0x610 [ 544.981881][T11551] copy_splice_read+0x4ba/0xb90 [ 544.981910][T11551] ? __pfx_copy_splice_read+0x10/0x10 [ 544.981929][T11551] ? look_up_lock_class+0x55/0x120 [ 544.981960][T11551] ? lockdep_init_map_type+0x5c/0x250 [ 544.981985][T11551] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 544.982015][T11551] ? __pfx_copy_splice_read+0x10/0x10 [ 544.982032][T11551] do_splice_read+0x285/0x370 [ 544.982052][T11551] splice_direct_to_actor+0x2a1/0xa30 [ 544.982072][T11551] ? __pfx_direct_splice_actor+0x10/0x10 [ 544.982106][T11551] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 544.982130][T11551] do_splice_direct+0x174/0x240 [ 544.982148][T11551] ? __pfx_do_splice_direct+0x10/0x10 [ 544.982166][T11551] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 544.982199][T11551] ? rw_verify_area+0xce/0x6d0 [ 544.982227][T11551] do_sendfile+0xadc/0xe20 [ 544.982259][T11551] ? __pfx_do_sendfile+0x10/0x10 [ 544.982284][T11551] ? apparmor_capable+0x1d7/0x4d0 [ 544.982305][T11551] ? __x64_sys_futex+0x34f/0x4d0 [ 544.982327][T11551] ? __x64_sys_futex+0x358/0x4d0 [ 544.982352][T11551] __x64_sys_sendfile64+0x1d8/0x220 [ 544.982373][T11551] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 544.982400][T11551] do_syscall_64+0x106/0xf80 [ 544.982424][T11551] ? clear_bhb_loop+0x40/0x90 [ 544.982445][T11551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.982464][T11551] RIP: 0033:0x7fbec739c799 [ 544.982480][T11551] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 544.982497][T11551] RSP: 002b:00007fbec82f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 544.982515][T11551] RAX: ffffffffffffffda RBX: 00007fbec7616090 RCX: 00007fbec739c799 [ 544.982526][T11551] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 544.982536][T11551] RBP: 00007fbec7432c99 R08: 0000000000000000 R09: 0000000000000000 [ 544.982546][T11551] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 544.982556][T11551] R13: 00007fbec7616128 R14: 00007fbec7616090 R15: 00007ffe922b2d48 [ 544.982579][T11551] [ 545.824679][T11553] Invalid ELF header magic: != ELF [ 545.883285][T11562] kvm: kvm [11559]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000085) [ 547.234680][T11583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1029'. [ 547.363011][T11583] netlink: 'syz.1.1029': attribute type 1 has an invalid length. [ 547.415336][T11583] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1029'. [ 547.894013][T11592] futex_wake_op: syz.2.1031 tries to shift op by -2048; fix this program [ 547.975720][T11592] futex_wake_op: syz.2.1031 tries to shift op by -2048; fix this program [ 548.046498][T11595] 0x000000000001-0x000000020000 : "" [ 548.066397][T11594] Invalid ELF header magic: != ELF [ 548.146609][T11595] ftl_cs: FTL header corrupt! [ 548.240604][T11597] FAULT_INJECTION: forcing a failure. [ 548.240604][T11597] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 548.501473][T11597] CPU: 0 UID: 0 PID: 11597 Comm: syz.1.1033 Tainted: G L syzkaller #0 PREEMPT(full) [ 548.501507][T11597] Tainted: [L]=SOFTLOCKUP [ 548.501513][T11597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 548.501524][T11597] Call Trace: [ 548.501530][T11597] [ 548.501538][T11597] dump_stack_lvl+0x100/0x190 [ 548.501570][T11597] should_fail_ex.cold+0x5/0xa [ 548.501588][T11597] ? prepare_alloc_pages+0x16d/0x5f0 [ 548.501611][T11597] should_fail_alloc_page+0xeb/0x140 [ 548.501633][T11597] prepare_alloc_pages+0x1f0/0x5f0 [ 548.501657][T11597] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 548.501688][T11597] ? rcu_is_watching+0x12/0xc0 [ 548.501716][T11597] ? trace_mm_page_alloc+0x17a/0x1d0 [ 548.501738][T11597] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 548.501776][T11597] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 548.501814][T11597] ? stack_trace_save+0x8e/0xc0 [ 548.501834][T11597] ? stack_depot_save_flags+0x27/0x9d0 [ 548.501856][T11597] ? __lock_acquire+0x4a5/0x2630 [ 548.501884][T11597] ? kasan_save_stack+0x3f/0x50 [ 548.501911][T11597] ? kasan_save_track+0x14/0x30 [ 548.501938][T11597] ? __kasan_slab_free+0x5f/0x80 [ 548.501954][T11597] ? kmem_cache_free+0x124/0x6a0 [ 548.501977][T11597] ? pcpu_get_vm_areas+0x21c0/0x55d0 [ 548.501994][T11597] ? pcpu_create_chunk+0x254/0x730 [ 548.502018][T11597] ? pcpu_alloc_noprof+0x18c4/0x1c50 [ 548.502043][T11597] ? bpf_map_alloc_percpu+0x9a/0xf0 [ 548.502059][T11597] ? htab_map_alloc+0x1054/0x14e0 [ 548.502085][T11597] ? map_create+0x84e/0x2ba0 [ 548.502099][T11597] ? __sys_bpf+0x2091/0x4b90 [ 548.502124][T11597] alloc_pages_bulk_noprof+0x782/0x1490 [ 548.502160][T11597] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 548.502198][T11597] ? alloc_pages_noprof+0x233/0x390 [ 548.502219][T11597] __kasan_populate_vmalloc+0xf0/0x210 [ 548.502251][T11597] pcpu_get_vm_areas+0x2df1/0x55d0 [ 548.502288][T11597] ? __pfx_pcpu_get_vm_areas+0x10/0x10 [ 548.502314][T11597] pcpu_create_chunk+0x254/0x730 [ 548.502342][T11597] pcpu_alloc_noprof+0x18c4/0x1c50 [ 548.502380][T11597] bpf_map_alloc_percpu+0x9a/0xf0 [ 548.502397][T11597] ? __pfx_bpf_map_alloc_percpu+0x10/0x10 [ 548.502416][T11597] ? __pfx___might_resched+0x10/0x10 [ 548.502442][T11597] ? __bpf_map_area_alloc+0x13a/0x200 [ 548.502467][T11597] htab_map_alloc+0x1054/0x14e0 [ 548.502500][T11597] ? ns_capable+0xd2/0xf0 [ 548.502519][T11597] ? __pfx_htab_map_mem_usage+0x10/0x10 [ 548.502548][T11597] map_create+0x84e/0x2ba0 [ 548.502563][T11597] ? futex_unqueue+0x13d/0x2c0 [ 548.502586][T11597] ? __futex_wait+0x256/0x300 [ 548.502618][T11597] ? __pfx_map_create+0x10/0x10 [ 548.502633][T11597] ? __might_fault+0xc5/0x140 [ 548.502657][T11597] ? __might_fault+0xc5/0x140 [ 548.502713][T11597] __sys_bpf+0x2091/0x4b90 [ 548.502736][T11597] ? __pfx___sys_bpf+0x10/0x10 [ 548.502756][T11597] ? __pfx_futex_wait+0x10/0x10 [ 548.502789][T11597] ? do_writev+0x214/0x340 [ 548.502826][T11597] ? do_futex+0x192/0x350 [ 548.502863][T11597] ? xfd_validate_state+0x129/0x190 [ 548.502894][T11597] __x64_sys_bpf+0x7b/0xc0 [ 548.502914][T11597] ? lockdep_hardirqs_on+0x78/0x100 [ 548.502940][T11597] do_syscall_64+0x106/0xf80 [ 548.502964][T11597] ? clear_bhb_loop+0x40/0x90 [ 548.502986][T11597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.503005][T11597] RIP: 0033:0x7f8c5ed9c799 [ 548.503020][T11597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 548.503038][T11597] RSP: 002b:00007f8c5fbfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 548.503058][T11597] RAX: ffffffffffffffda RBX: 00007f8c5f015fa0 RCX: 00007f8c5ed9c799 [ 548.503069][T11597] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 548.503080][T11597] RBP: 00007f8c5ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 548.503090][T11597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.503100][T11597] R13: 00007f8c5f016038 R14: 00007f8c5f015fa0 R15: 00007ffcb2f0e518 [ 548.503123][T11597] [ 549.131297][T11595] "mq-deadline" elevator initialization, failed -12, falling back to "none" [ 549.141912][T11595] ------------[ cut here ]------------ [ 549.147379][T11595] !rwb [ 549.147390][T11595] WARNING: block/blk-wbt.c:785 at wbt_init_enable_default+0x164/0x1c0, CPU#0: syz.2.1031/11595 [ 549.160714][T11595] Modules linked in: [ 549.165448][T11595] CPU: 0 UID: 0 PID: 11595 Comm: syz.2.1031 Tainted: G L syzkaller #0 PREEMPT(full) [ 549.176448][T11595] Tainted: [L]=SOFTLOCKUP [ 549.180765][T11595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 549.191534][T11595] RIP: 0010:wbt_init_enable_default+0x164/0x1c0 [ 549.197879][T11595] Code: 16 22 fd 5b 5d 41 5c 41 5d 41 5e e9 c6 89 aa 06 4c 89 f7 e8 ee a1 8d fd eb 83 4c 89 f7 e8 e4 a1 8d fd eb d0 e8 2d 16 22 fd 90 <0f> 0b 90 e9 e9 fe ff ff e8 1f 16 22 fd 90 0f 0b 90 48 b8 00 00 00 [ 549.217651][T11595] RSP: 0018:ffffc90003957570 EFLAGS: 00010287 [ 549.223769][T11595] RAX: 000000000001e450 RBX: ffff88802af9b000 RCX: ffffc9000d881000 [ 549.231869][T11595] RDX: 0000000000080000 RSI: ffffffff84e60233 RDI: ffffffff8c1b0620 [ 549.241539][T11595] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 549.249529][T11595] R10: 0000000000000001 R11: ffffffff8b8cd186 R12: ffff88802b689310 [ 549.258080][T11595] R13: ffff88802ea3bd2c R14: ffff88802af9b390 R15: ffff88802b689320 [ 549.266108][T11595] FS: 00007f18bf2d36c0(0000) GS:ffff88812434a000(0000) knlGS:0000000000000000 [ 549.275101][T11595] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 549.281735][T11595] CR2: 0000001b30fc8ff8 CR3: 0000000056452000 CR4: 00000000003526f0 [ 549.289730][T11595] Call Trace: [ 549.293056][T11595] [ 549.296015][T11595] blk_register_queue+0x42c/0x590 [ 549.301140][T11595] __add_disk+0x73f/0xe40 [ 549.305536][T11595] add_disk_fwnode+0x118/0x5c0 [ 549.310325][T11595] add_mtd_blktrans_dev+0xd0b/0x1520 [ 549.315666][T11595] ? __pfx_add_mtd_blktrans_dev+0x10/0x10 [ 549.321470][T11595] mtdblock_add_mtd+0x1cc/0x270 [ 549.326329][T11595] blktrans_notify_add+0xa2/0xf0 [ 549.331267][T11595] add_mtd_device+0xb1a/0x17a0 [ 549.336082][T11595] ? __pfx_add_mtd_device+0x10/0x10 [ 549.342249][T11595] mtd_add_partition+0x30a/0x660 [ 549.347205][T11595] ? __pfx_mtd_add_partition+0x10/0x10 [ 549.353212][T11595] ? __might_fault+0xc5/0x140 [ 549.358040][T11595] ? __might_fault+0xc5/0x140 [ 549.362870][T11595] mtdchar_blkpg_ioctl+0x207/0x250 [ 549.367982][T11595] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 549.373679][T11595] mtdchar_ioctl+0x1670/0x1fd0 [ 549.378448][T11595] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 549.383591][T11595] ? lock_acquire+0x1cf/0x380 [ 549.388301][T11595] ? trace_contention_end+0x140/0x180 [ 549.393733][T11595] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 549.399112][T11595] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 549.404434][T11595] ? __pfx___mutex_lock+0x10/0x10 [ 549.409473][T11595] ? find_held_lock+0x2b/0x80 [ 549.414357][T11595] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 549.419586][T11595] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 549.425576][T11595] __x64_sys_ioctl+0x18e/0x210 [ 549.430383][T11595] do_syscall_64+0x106/0xf80 [ 549.435032][T11595] ? clear_bhb_loop+0x40/0x90 [ 549.439755][T11595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.446504][T11595] RIP: 0033:0x7f18be39c799 [ 549.450957][T11595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.471446][T11595] RSP: 002b:00007f18bf2d3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 549.479891][T11595] RAX: ffffffffffffffda RBX: 00007f18be616090 RCX: 00007f18be39c799 [ 549.488045][T11595] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000004 [ 549.496051][T11595] RBP: 00007f18be432c99 R08: 0000000000000000 R09: 0000000000000000 [ 549.504071][T11595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.512071][T11595] R13: 00007f18be616128 R14: 00007f18be616090 R15: 00007ffd8259df18 [ 549.520057][T11595] [ 549.523127][T11595] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 549.530406][T11595] CPU: 0 UID: 0 PID: 11595 Comm: syz.2.1031 Tainted: G L syzkaller #0 PREEMPT(full) [ 549.541348][T11595] Tainted: [L]=SOFTLOCKUP [ 549.545766][T11595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 549.555905][T11595] Call Trace: [ 549.559198][T11595] [ 549.562127][T11595] dump_stack_lvl+0x100/0x190 [ 549.566817][T11595] vpanic+0x552/0x970 [ 549.570803][T11595] ? __pfx_vpanic+0x10/0x10 [ 549.575328][T11595] panic+0xd1/0xe0 [ 549.579048][T11595] ? __pfx_panic+0x10/0x10 [ 549.583470][T11595] check_panic_on_warn.cold+0x19/0x34 [ 549.588856][T11595] ? wbt_init_enable_default+0x164/0x1c0 [ 549.594491][T11595] __warn.cold+0x191/0x348 [ 549.598908][T11595] __report_bug+0x296/0x3d0 [ 549.603429][T11595] ? wbt_init_enable_default+0x164/0x1c0 [ 549.609154][T11595] ? __pfx___report_bug+0x10/0x10 [ 549.614210][T11595] ? wbt_init_enable_default+0x164/0x1c0 [ 549.619857][T11595] report_bug+0xb2/0x220 [ 549.624190][T11595] ? wbt_init_enable_default+0x164/0x1c0 [ 549.629830][T11595] handle_bug+0x16a/0x2a0 [ 549.634178][T11595] exc_invalid_op+0x17/0x50 [ 549.638686][T11595] asm_exc_invalid_op+0x1a/0x20 [ 549.643533][T11595] RIP: 0010:wbt_init_enable_default+0x164/0x1c0 [ 549.649806][T11595] Code: 16 22 fd 5b 5d 41 5c 41 5d 41 5e e9 c6 89 aa 06 4c 89 f7 e8 ee a1 8d fd eb 83 4c 89 f7 e8 e4 a1 8d fd eb d0 e8 2d 16 22 fd 90 <0f> 0b 90 e9 e9 fe ff ff e8 1f 16 22 fd 90 0f 0b 90 48 b8 00 00 00 [ 549.669530][T11595] RSP: 0018:ffffc90003957570 EFLAGS: 00010287 [ 549.675643][T11595] RAX: 000000000001e450 RBX: ffff88802af9b000 RCX: ffffc9000d881000 [ 549.683637][T11595] RDX: 0000000000080000 RSI: ffffffff84e60233 RDI: ffffffff8c1b0620 [ 549.691617][T11595] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 549.699608][T11595] R10: 0000000000000001 R11: ffffffff8b8cd186 R12: ffff88802b689310 [ 549.708358][T11595] R13: ffff88802ea3bd2c R14: ffff88802af9b390 R15: ffff88802b689320 [ 549.716331][T11595] ? do_syscall_64+0x106/0xf80 [ 549.721105][T11595] ? wbt_init_enable_default+0x163/0x1c0 [ 549.726792][T11595] blk_register_queue+0x42c/0x590 [ 549.731826][T11595] __add_disk+0x73f/0xe40 [ 549.736303][T11595] add_disk_fwnode+0x118/0x5c0 [ 549.741157][T11595] add_mtd_blktrans_dev+0xd0b/0x1520 [ 549.746470][T11595] ? __pfx_add_mtd_blktrans_dev+0x10/0x10 [ 549.752211][T11595] mtdblock_add_mtd+0x1cc/0x270 [ 549.757066][T11595] blktrans_notify_add+0xa2/0xf0 [ 549.762004][T11595] add_mtd_device+0xb1a/0x17a0 [ 549.766778][T11595] ? __pfx_add_mtd_device+0x10/0x10 [ 549.772022][T11595] mtd_add_partition+0x30a/0x660 [ 549.776964][T11595] ? __pfx_mtd_add_partition+0x10/0x10 [ 549.782434][T11595] ? __might_fault+0xc5/0x140 [ 549.787117][T11595] ? __might_fault+0xc5/0x140 [ 549.791811][T11595] mtdchar_blkpg_ioctl+0x207/0x250 [ 549.796929][T11595] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 549.802844][T11595] mtdchar_ioctl+0x1670/0x1fd0 [ 549.807616][T11595] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 549.812742][T11595] ? lock_acquire+0x1cf/0x380 [ 549.817426][T11595] ? trace_contention_end+0x140/0x180 [ 549.822812][T11595] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 549.828184][T11595] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 549.833234][T11595] ? __pfx___mutex_lock+0x10/0x10 [ 549.838384][T11595] ? find_held_lock+0x2b/0x80 [ 549.843085][T11595] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 549.848294][T11595] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 549.854219][T11595] __x64_sys_ioctl+0x18e/0x210 [ 549.859013][T11595] do_syscall_64+0x106/0xf80 [ 549.863628][T11595] ? clear_bhb_loop+0x40/0x90 [ 549.868317][T11595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.874227][T11595] RIP: 0033:0x7f18be39c799 [ 549.878645][T11595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.898265][T11595] RSP: 002b:00007f18bf2d3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 549.906680][T11595] RAX: ffffffffffffffda RBX: 00007f18be616090 RCX: 00007f18be39c799 [ 549.914656][T11595] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000004 [ 549.922714][T11595] RBP: 00007f18be432c99 R08: 0000000000000000 R09: 0000000000000000 [ 549.930683][T11595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.938825][T11595] R13: 00007f18be616128 R14: 00007f18be616090 R15: 00007ffd8259df18 [ 549.946810][T11595] [ 549.949897][T11595] Kernel Offset: disabled [ 549.954215][T11595] Rebooting in 86400 seconds..