last executing test programs: 9.013837609s ago: executing program 0 (id=1163): splice$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8a5b, 0x401) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xed\xf8\xe1\xbc\x1d\x91D\xe7R\x12\xc4\xcd\xc6\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY2@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(', 0x100000a3dd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/queues\x00', 0x20000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000001c0)=""/218, 0xda) write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c\f\xb6,NS\xa2(Q\xcc', 0x7f) statmount$auto(0x0, 0x0, 0x9, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) futex$auto(0x0, 0x85, 0xa, 0x0, 0x0, 0xa0800002) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0xa, 0x0) mremap$auto(0x110c230000, 0x0, 0x101, 0x3, 0x0) r4 = openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/max_vfs\x00', 0x48002, 0x0) write$auto(r4, 0x0, 0x1) 7.571911096s ago: executing program 0 (id=1168): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1d\xc8\xfd\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5d\xcc', 0x10000) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, r1, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) ioctl$auto_SNDRV_PCM_IOCTL_PREPARE2(r1, 0x4140, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$auto_proc_uid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYRES8=r1, @ANYRESHEX=r0, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8103cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0xc850) madvise$auto(0x0, 0x200007, 0x19) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) r4 = socket(0x2, 0x1, 0x106) bind$auto(r4, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x5, 0x2020009, 0x7, 0x7fffffff, r3, 0x8000) setsockopt$auto_SO_DEBUG(r4, 0x6, 0x1, 0x0, 0xda3) mmap$auto(0x0, 0x7, 0x4000000000000df, 0x13, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bus/usb/002/001\x00', 0x4a901, 0x0) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/trigger\x00', 0x200, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000280)={0x2, 0x0, 0xffff, 0x5, &(0x7f0000000240)="2303", 0x4ba9, 0x3, 0x80005, @number_of_packets=0x353f, 0x2004b, 0xc, 0x0, [{0x6, 0x0, 0x1ff}, {0xe43b, 0xffffffff, 0xf852}]}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x1d, 0x3, 0x1) r6 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) 6.001214711s ago: executing program 1 (id=1170): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x6e0e267f, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) r0 = socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) (async) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) unshare$auto(0x800) (async) unshare$auto(0x800) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TIOCGDEV2(r1, 0x5429, 0x0) process_mrelease$auto(0xffffffffffffffff, 0xa) (async) process_mrelease$auto(0xffffffffffffffff, 0xa) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/midiC2D0\x00', 0x402802, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/039/001\x00', 0x202c02, 0x0) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r3, 0x8000) (async) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r3, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/loop13/queue/discard_granularity\x00', 0x20080, 0x0) close_range$auto(0x0, r0, 0xffffffef) (async) close_range$auto(0x0, r0, 0xffffffef) preadv$auto(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)="9e56c9e5dbcd979c5d960c8e85770f76e9bde529324758a54f8a8e352675c9532a5350269afae1dbe3367e08c0626ce84b62756f75b0f9c14128f11f926a8035241e416e7ac9c8ae3577dfd8d539aaed29a8faa5d3de4c9715eeb442246714ab7e25f57ea28ada19e57bb70dedc33905924a686c8436458ef8dbe4843d1cc32f931148a3b6e6648ac0030e425eca9b85cd2e94dd2e485f2d74ab76678612c8ab10f170086c5e1ede8e0217291b9c28ca08905bd0a4f88e5e0465d72ca4ece6d4646cd231d10c8b11aa0ca679f8f5", 0x1}, 0x0, 0xa4a4, 0x5) fanotify_init$auto(0x1f53, 0x17) (async) fanotify_init$auto(0x1f53, 0x17) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) fanotify_mark$auto(0x0, 0x401, 0x4, 0x4, 0x0) 5.571641505s ago: executing program 0 (id=1172): r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000004d00), 0x0, 0x0) ioctl$auto_RTC_PARAM_GET(r0, 0x40187013, &(0x7f0000004d40)={0x0, @uvalue=0x9, 0x8}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000800)='./file0\x00', 0x3cfb40, 0x39642ae5d3121abb) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x4) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='r', @ANYBLOB="1e"], 0x1ac}}, 0x0) r2 = memfd_create$auto(&(0x7f00000001c0)='\xc6\x00', 0x3) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_STATION(r2, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r3, @ANYBLOB="61d926bd7000fddbdf25130000008c002280040042008200b6002a9d97b07f3be18e3144f6c6880966b98bbffda134353dc3f57fb23c1d995bf7ef9aa6800cb9d01eb487b07127521857cf0380f692cdab0236b3a534f5d342ba5f6105216b043492141ac8a3ec4efbeb8ac8df935e440b4c876044b54c7955522f3390232f5eab97dd3800cc449d0000000000000000000600480004000000060066004e210000040067002c008180050001000700000004008c00"], 0xc4}, 0x1, 0x0, 0x0, 0x48485}, 0x20000000) mmap$auto(0x0, 0x4020009, 0x40000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/trigger\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000001080)='\xcb:\x00', 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_thermal(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_THERMAL_GENL_CMD_CDEV_GET(r6, &(0x7f0000000640)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f0000000440)=ANY=[@ANYBLOB="84453500", @ANYRES16=r7, @ANYBLOB="000227bd7000fcdbdf25060000000001048008008b0006000000f400ac8021002a005c7837664626b58ddd456c2f747261635f6e6f74726163655f7069640000000014007700fe8800000000000000000000000001010800bc00e0000002fcbddfaaa006b3577e337c64eadbad83c40f6773a896cbc5bde760db9bac6f9017fa88f6fb9b9951a012160776defa44750125a3b46be5d083f435b22726c292f248c78a92dfbfb68e49d94afe1359b7bd70eb466f940400dd0037596d2eeaa8a5e23e6e02c8e4db352dcefb5abeac739ad995255c6c42b2c78c23b7ff6a5ff5a3d0e960d2efa625ed82da7b348f016aec4d70e13fb8a807fc97236e766bb4921c28dc4d68dc540508005b00ffffffff08001000070000000800160009000000080008000d00000030000d002f7379732f646576696365732f706369303030303a30302f303030303a30303a30312e332f656e61626c6500080015000800000008001000000000000800030000600000080005001900000005000a0028000000"], 0x184}}, 0x800) memfd_create$auto(0x0, 0x4) r8 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bus/usb/028/001\x00', 0xb2c00, 0x0) ioctl$auto_USBDEVFS_CONTROL(r8, 0xc0185500, &(0x7f00000000c0)={0xa1, 0x0, 0xa, 0xac, 0xfff8, 0xfffffffe, 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50}, 0x40088c4) 5.343732281s ago: executing program 1 (id=1174): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8000, 0xe9) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) fremovexattr$auto(r1, &(0x7f0000000000)='system.posix_acl_access\x00') mmap$auto(0xea88, 0x810004, 0xd, 0x10, 0x3, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) 5.173693787s ago: executing program 0 (id=1175): ioctl$auto_RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000100)={0x1, 0x3, 0x9, 0x6, 0xfffff0d3, 0x2, 0x6, 0x6, 0xa}) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRESHEX=0x0], 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtrr\x00', 0x0, 0x0) ioctl$auto(r0, 0x400c4d02, r0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000180)=""/178, 0xb2) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) madvise$auto(0x110c230000, 0x1, 0x9) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/prev\x00', 0x101002, 0x0) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x7) select$auto(0x8, 0x0, 0x0, 0x0, 0x0) io_setup$auto(0x7ffe, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/usb_storage/parameters/delay_use\x00', 0x181942, 0x0) capget$auto(0x0, &(0x7f00000000c0)={0x5, 0x3, 0x1}) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'ip6erspan0\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) fcntl$auto_F_SETLKW(r2, 0x7, 0x3786e7c6) rseq$auto(0x0, 0x8002, 0x0, 0x6) listmount$auto(&(0x7f0000000080)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x8}, 0x0, 0xf4240, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) sysfs$auto(0x2, 0x44, 0x0) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) 4.920010666s ago: executing program 3 (id=1176): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram4\x00', 0x47afc0, 0x0) mmap$auto(0x0, 0x8, 0xffb, 0x210, 0x3, 0x0) ftruncate$auto(0x3, 0x700) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x8) r0 = socket(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.throttle.io_serviced\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)=""/64, 0x40) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x1, 0x1, &(0x7f0000000040)=0xf2, &(0x7f0000000080)=0x5, 0x181ea61b) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) bpf$auto(0xfffffffe, 0x0, 0x6f2) io_uring_setup$auto(0xf2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) open(0x0, 0x22040, 0x75) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) close_range$auto(r0, r2, 0x0) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0xcf, 0x0) 4.652093281s ago: executing program 2 (id=1177): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0x2, 0x400000000009b72, 0x2, 0xcd3) readahead$auto(0xffffffffffffffff, 0x2, 0x10001) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f00000002c0)={&(0x7f0000000100), 0xc, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="011700d8", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25270000000500190007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r2 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000140)='/dev/media11\x00', 0x40, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socket(0x2a, 0x2, 0x1) connect$auto(r3, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) getsockopt$auto(r2, 0xffffffff, 0x200001c, 0x0, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "0232890300"}, 0x6c) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x88082, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f0000000080)={0x4, 0x7, 0x2, 0x4, 0x5, "4c2b0ed565bf9524dad3851ad95178ea6a5480d4e9366b7be8c4539d0787214c263e8c247dbab932f65ead78737be123fcf8b13def85a3465428202a"}) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/006/001\x00', 0xa901, 0x0) poll$auto(&(0x7f0000000380)={r5, 0x6, 0x7}, 0x80, 0xf) connect$auto(0x3, 0x0, 0x54) pwrite64$auto(0xc8, 0x0, 0x11, 0x2) close_range$auto(r0, 0xfffffffffffff000, 0x2) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r6 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r6, 0xaf01, 0x5) sendmsg$auto_OVS_VPORT_CMD_SET(0xffffffffffffffff, 0x0, 0x8000) 4.256667894s ago: executing program 2 (id=1178): splice$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8a5b, 0x401) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xed\xf8\xe1\xbc\x1d\x91D\xe7R\x12\xc4\xcd\xc6\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY2@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(', 0x100000a3dd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/queues\x00', 0x20000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000001c0)=""/218, 0xda) write$auto(0xffffffffffffffff, 0x0, 0x8) statmount$auto(0x0, 0x0, 0x9, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) futex$auto(0x0, 0x85, 0xa, 0x0, 0x0, 0xa0800002) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0xa, 0x0) mremap$auto(0x110c230000, 0x0, 0x101, 0x3, 0x0) r4 = openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/max_vfs\x00', 0x48002, 0x0) write$auto(r4, 0x0, 0x1) 4.098862726s ago: executing program 1 (id=1179): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyu3\x00', 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) io_uring_register$auto_IORING_UNREGISTER_IOWQ_AFF(r0, 0x12, &(0x7f0000000440)="18ffa536e842111dd0ec435fb8a355965c39fc5db433ec91a85868fc5721cad5c2a181256185f1aa9b16a7a352fc9ae65011e786055744bed5dac5dd45e9580c0165cb931279cdff3052a3ce1f5fdefbb76912890127eb9b2341c0d58fed85169b3b38fca7e1e872e7eedd678b191f339dc6466f45cd2ba66e1e86f6ae83da72af67326544546723dbe1cb34aeaad3", 0x1f116fcf) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setresuid$auto(0x0, 0x7, 0x8080) setfsuid$auto(0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x89f3, r0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="00042d2ab3c60d9447acec9703a36dbd7000fbdbdf2521000000"], 0x14}, 0x1, 0x0, 0x0, 0x24004000}, 0x20004004) socket$nl_generic(0x10, 0x3, 0x10) r3 = mq_open$auto(&(0x7f00000001c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\x89h\xc5\xba\xff\xc8u50x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRESDEC=r2, @ANYRES16=r1, @ANYRESOCT=r2], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) r3 = socket(0x2, 0x5, 0x0) setsockopt$auto(r3, 0x0, 0x10, 0x0, 0x5) (async) read$auto_kmsg_fops_printk(r0, &(0x7f0000000000)=""/195, 0xc3) 2.998067215s ago: executing program 0 (id=1182): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x6) listen$auto(0x3, 0x81) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f00000005c0)={0x2, 0x0, [{0x490, 0x400, 0x9}]}) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, r1, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) ioctl$auto_SNDRV_PCM_IOCTL_PREPARE2(r1, 0x4140, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) write$auto_proc_uid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a800", @ANYRES16, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8103cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) r4 = socket(0x2, 0x4, 0x8) bind$auto(r4, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @loopback}, 0x54) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto_SO_DEBUG(r4, 0x6, 0x1, 0x0, 0xda3) mmap$auto(0x0, 0x4, 0x4000000000000df, 0x13, 0x401, 0x8000) r5 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/037/001\x00', 0x4a901, 0x0) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x200, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000340)={0xa, 0x80, 0xffff, 0x5, &(0x7f0000000240)="2303", 0xc694, 0x200003, 0x80005, @stream_id=0x7, 0x2004b, 0xc, 0x0, [{0xb, 0x2, 0xffff}]}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x1a, 0x6, 0xa) 2.820267726s ago: executing program 2 (id=1183): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) shutdown$auto(0x200000003, 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x9, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) clone3$auto(0x0, 0xfffffffffffffff8) sendmsg$auto_NL802154_CMD_SET_PAN_ID(r2, 0x0, 0x4000000) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x240500, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6, 0xffffffffffffffff, 0xffffffffffffffff}, 0xf) open(&(0x7f0000000040)='./file2\x00', 0x149443, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000000c0)={0x2e8, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x2d3, 0xbe, "a6610b93fa066d3026fd8b934a60eb8c94b659149d085561c412b85e9feb52e2409479b681d11bfa7c01c83da5c2dd976a67cdac7bfbace7a8f689e5329b1282c709ab17d7742e2f3fa6089ae7f90b9efbfec8f65828ec96b00df3215fac458f75b961ef8cf0695bb3658020401fce0146008961e2f985442a95fb276501d36c5e77a8d731f5a9625496b7c20965a4bf7eeb0f7f66663f9ec1d7ee346973a22dd245589732c9c678cb00b67077bb6b83a30bfd64d493c71781cdca1575ec92f9f6199fc68059204836c50e6b1c25d3e6a936d032747f05874bae14989a6bf286ac66bf13ab7d367af84d692c31a79657f4e299a45d78671d105611b52df09ff2c0e4ac938c884790abb09967c641a50cdb854ab19c873524e08a8b9cbf679f7bba531716445f6733b2fd10a922706df98c27fc666def903b014ac6e18de79a2c69a866c3e1ae45ee29395017f80f9b6671ee7edb55915f21f51840e8f632cb1e07fbcf84b88534cbc9bd2bade7d457f37a4a93b6323d76b669397ee05bbe631243f0db61f7c5c3a5c4bef0336539ceb8cd8ab285e654e899e13c015dbb32f05b541cd0626eb961fc68c1cb9cfc58099afb4b1aa10d8b3399fa75cd13ea2ad98b31041087344d2b2b6a1eb30e88d7b9e73a7c3a2fb32b278a6d2ffa04430ad62189f753bb1a976783878cd040ceaa4d4ceedd5407be772e879c7f6cc9cdbed55f2d3a51f779954bb64ebdef4d7a3e916c2a5be7024798a7dc43b08a48829eb8ae4678105ec9c492a91c92506b74066beb79fff8fd76fbbc651b3d80f6b1c7300fd95d26a0793e5d3fde62010e2d05193fffc99685c055646572859d9b84776041c77c8178e1c3c2861f81ab8a48e2be5fd4610f6d8c0ee7f9de821bca983ab79887f30115884d38f3b8317624a33956cd79109d565ca3ac6b9b4ea322cf78bc96c179a18af915842840ead7e957c6d0eb591d13288a5a50110a5ce22a4942e87f545d3ba79177e6e7ff7a950e32b92c"}]}, 0x2e8}, 0x1, 0x0, 0x0, 0x4040002}, 0x20008820) write$auto_ftrace_enable_fops_trace_events(0xffffffffffffffff, &(0x7f0000000000)="a3a5ef09b5b35e13fae05cbc144f87d25db57560747a31736099f3281707ee3727cf3a430c340438cf2bfc7622074b9cbd47d33a8fcc675f800755e14e21f777602953a87d9d7c2e49c932f1c5241418c259f5e2a1b2503cceab9a366163116b184ac8d1b86457b107f50c1c04046b61946a73c534101cb745306fc6af1c74a0f948cb1d73e2ac13580c7e32d54d85beec07ff2eb69c8d41a15984f1972e642b9b23b6c352632fb7b4c1b5feef4cd41f6952484f2055b21b907aa67292afa156dbcc05f7e43ab888bb5aefab91adddec67f53b894be7cde405bd7a81f8f6cee1360bcea5d4953e7b0bb9c8806ecef879dcc644e379fbc46c61b31442cc91b967248f93ff7d880fe329752c8bb0be92332475e4f68c16a6a16223ad74ddbcc179c23864bc078e5f6da6ab5069a129c08405ad1a796579347990390966d71548262002f495a6824c9aeeae072347691188122d5bdd4b176aa40fe16f6f69f5dffbf63cee5af8facd6f083d35c609173ad85431a24a04d800275057a42ae08f9946f02cc0fcff16db4f719477937bcd107cc88d951326d537efad9840ab2898691d21d6f5ba539cebd073a20e7101b11866edc69c364300d1af3f366af7cbea46921c542e9fdcdbe614a8c5bc635b1b9fd0ea8019192416e2818de6b5c829fcb1551ef3c3916e45f32dca9915be6caef6da2dba8c099d2dbe5f8099afd4e5e1aa355a1a0be46fe5e9a26d9ed0667759cd68ba2a2fff7844016cdda98ad718ed1267d56bc79041edb3f9cf377f16cdd8d812399281f458f6612f66ea5fff4152a388998f91c8784d098276ac9770ffb1245e1e3b0df4d8718733b1aba36eec1fa1b52d01361090a92b65846b9d84bef1c73cb06b9c63d4296e2e08fc654dcdf74e61a88f74ae7f0810d0534dcec6312c2c", 0x28f) mount$auto(0x0, &(0x7f0000001500)='./file0\x00', &(0x7f0000001540)='cifs\x00', 0x8002, &(0x7f00000001c0)) bpf$auto(0x3, &(0x7f0000000440)=@bpf_attr_3={0x8, 0xef55, 0xc, 0x33f, 0x5, 0xb26, 0x0, 0x5, 0x8, "6d3e5621200f0937d44c1dcbf5c15502", 0x0, 0x6, r1, 0x14, 0x6, 0x3, 0x1, 0x9, 0x7, 0xffffffff, @attach_prog_fd=r4, 0x7, 0xfffffffffffffff8, 0x9, 0x5, 0x0, r3, r5}, 0x96) 2.820154332s ago: executing program 3 (id=1184): munmap$auto(0x80c00100000000, 0xffffffff) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) statmount$auto(&(0x7f0000000040)={0x1f, @raw, 0x8000001e, 0xf5ff, 0x8}, 0x0, 0x7ffffffff000, 0x0) munmap$auto(0x80c00100000000, 0xffffffff) (async) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) (async) statmount$auto(&(0x7f0000000040)={0x1f, @raw, 0x8000001e, 0xf5ff, 0x8}, 0x0, 0x7ffffffff000, 0x0) (async) 2.215102829s ago: executing program 1 (id=1185): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffa, 0x8000000008011, r0, 0x8000) madvise$auto(0x0, 0x400053, 0x9) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/meminfo\x00', 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) futex$auto(&(0x7f00000000c0)=0x1, 0x8c, 0x1, 0x0, 0x0, 0x1) 2.099956456s ago: executing program 3 (id=1186): mmap$auto(0xfff, 0x5, 0xffffffffffffffc0, 0x100000000000017, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)='-', 0x1) symlink$auto(0x0, &(0x7f0000000440)='./file0\x00') close_range$auto(0x2, 0x8, 0x0) getpid() sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100025bd7000fbdbdf250200000008000100fb19a1450c000e"], 0x28}}, 0x4) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB='! \x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000) r1 = socket(0x80000000000000a, 0x2, 0x0) mmap$auto(0x0, 0xf92e, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) getsockopt$auto(r1, 0x11, 0x66, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_SCAN(0xffffffffffffffff, 0x0, 0x0) inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x1000e6e) personality$auto(0x5) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) socket(0x6, 0x2, 0x7) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r3, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r3, @ANYRESDEC=r3], 0x68}}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.773594586s ago: executing program 2 (id=1187): r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000004d00), 0x0, 0x0) ioctl$auto_RTC_PARAM_GET(r0, 0x40187013, &(0x7f0000004d40)={0x0, @uvalue=0x9, 0x8}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000800)='./file0\x00', 0x3cfb40, 0x39642ae5d3121abb) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) write$auto(r1, 0x0, 0x4) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='r', @ANYBLOB="1e"], 0x1ac}}, 0x0) r2 = memfd_create$auto(&(0x7f00000001c0)='\xc6\x00', 0x3) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_STATION(r2, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r3, @ANYBLOB="61d926bd7000fddbdf25130000008c002280040042008200b6002a9d97b07f3be18e3144f6c6880966b98bbffda134353dc3f57fb23c1d995bf7ef9aa6800cb9d01eb487b07127521857cf0380f692cdab0236b3a534f5d342ba5f6105216b043492141ac8a3ec4efbeb8ac8df935e440b4c876044b54c7955522f3390232f5eab97dd3800cc449d0000000000000000000600480004000000060066004e210000040067002c008180050001000700000004008c00"], 0xc4}, 0x1, 0x0, 0x0, 0x48485}, 0x20000000) mmap$auto(0x0, 0x4020009, 0x40000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/trigger\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000001080)='\xcb:\x00', 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_thermal(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_THERMAL_GENL_CMD_CDEV_GET(r6, &(0x7f0000000640)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f0000000440)=ANY=[@ANYBLOB="84453500", @ANYRES16=r7, @ANYBLOB="000227bd7000fcdbdf25060000000001048008008b0006000000f400ac8021002a005c7837664626b58ddd456c2f747261635f6e6f74726163655f7069640000000014007700fe8800000000000000000000000001010800bc00e0000002fcbddfaaa006b3577e337c64eadbad83c40f6773a896cbc5bde760db9bac6f9017fa88f6fb9b9951a012160776defa44750125a3b46be5d083f435b22726c292f248c78a92dfbfb68e49d94afe1359b7bd70eb466f940400dd0037596d2eeaa8a5e23e6e02c8e4db352dcefb5abeac739ad995255c6c42b2c78c23b7ff6a5ff5a3d0e960d2efa625ed82da7b348f016aec4d70e13fb8a807fc97236e766bb4921c28dc4d68dc540508005b00ffffffff08001000070000000800160009000000080008000d00000030000d002f7379732f646576696365732f706369303030303a30302f303030303a30303a30312e332f656e61626c6500080015000800000008001000000000000800030000600000080005001900000005000a0028000000"], 0x184}}, 0x800) memfd_create$auto(0x0, 0x4) r8 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bus/usb/028/001\x00', 0xb2c00, 0x0) ioctl$auto_USBDEVFS_CONTROL(r8, 0xc0185500, &(0x7f00000000c0)={0xa1, 0x0, 0xa, 0xac, 0xfff8, 0xfffffffe, 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50}, 0x40088c4) 1.559419788s ago: executing program 2 (id=1188): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyu3\x00', 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) io_uring_register$auto_IORING_UNREGISTER_IOWQ_AFF(r0, 0x12, &(0x7f0000000440)="18ffa536e842111dd0ec435fb8a355965c39fc5db433ec91a85868fc5721cad5c2a181256185f1aa9b16a7a352fc9ae65011e786055744bed5dac5dd45e9580c0165cb931279cdff3052a3ce1f5fdefbb76912890127eb9b2341c0d58fed85169b3b38fca7e1e872e7eedd678b191f339dc6466f45cd2ba66e1e86f6ae83da72af67326544546723dbe1cb34aeaad3", 0x1f116fcf) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setresuid$auto(0x0, 0x7, 0x8080) setfsuid$auto(0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x89f3, r0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="00042d2ab3c60d9447acec9703a36dbd7000fbdbdf2521000000"], 0x14}, 0x1, 0x0, 0x0, 0x24004000}, 0x20004004) socket$nl_generic(0x10, 0x3, 0x10) r3 = mq_open$auto(&(0x7f00000001c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\x89h\xc5\xba\xff\xc8u5f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(', 0x100000a3dd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/queues\x00', 0x20000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000001c0)=""/218, 0xda) write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c\f\xb6,NS\xa2(Q\xcc', 0x7f) statmount$auto(0x0, 0x0, 0x9, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) futex$auto(0x0, 0x85, 0xa, 0x0, 0x0, 0xa0800002) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0xa, 0x0) mremap$auto(0x110c230000, 0x0, 0x101, 0x3, 0x0) r4 = openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/max_vfs\x00', 0x48002, 0x0) write$auto(r4, 0x0, 0x1) 179.371529ms ago: executing program 0 (id=1192): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x103342, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000280)={@_si_pad}, 0x6, 0x0) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = memfd_create$auto(0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x2a, 0x80005, 0x3) connect$auto(r2, &(0x7f0000000140)=@phonet={0x23, 0xe, 0xf, 0x2}, 0x9) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x3c3a01, 0x0) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) close_range$auto(r1, 0xa, 0x0) readv$auto(r0, &(0x7f0000000240)={0x0, 0x9}, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000100), 0x111802, 0x0) 0s ago: executing program 3 (id=1193): r0 = openat$auto_rts_threshold_ops_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy6/rts_threshold\x00', 0x105000, 0x0) io_uring_setup$auto(0x385, &(0x7f0000000000)={0x5, 0x1, 0x4c, 0x0, 0x1, 0x8, r0, [0x10001, 0x8, 0xa], {0x8, 0x8, 0x3fc000, 0x100004, 0xffffff7a, 0x3, 0x9, 0xec5, 0xffff}, {0xd5, 0x80000000, 0x1bee, 0x5d, 0x400, 0xd, 0x47, 0x8000, 0x7ff}}) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = pipe2$auto(0x0, 0x80) fcntl$auto(r2, 0x8, 0xffffffff80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(r1, 0x0, 0x208e0e, 0xc) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/memory.force_empty\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000000)='3\xc7\xff\xff\xff\xdd\x00\b(Ks\x0f\x87|P\x11\xd1li0\x89\x85\x90QM\xd6wfF\xf1x\xb3;c\tP\x03\x84\x97\x99\x83\x97\x81:\xf3\xa3o5\xc5\x86\xed\xa4\x18]\xa3\xc9\x0f\xff\xdak\xb0m\xe1U\xb3\xa2\xee\xdcTJQO\x98\xc8w\x8c\xe7\x00\x00\x00\x1dj\x1e\xebQT\xdd\x9b\x00'/101, 0x9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/thread-self/net/stat/rt_cache\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r4, &(0x7f00000002c0)=""/266, 0x10a) shmctl$auto(0x730, 0x52e, &(0x7f0000000840)={{0x9, 0x0, 0x0, 0x4, 0xffffffff, 0xd, 0x2}, 0x7, 0x4, 0x1, 0x7f, @inferred, @inferred, 0x8, 0x0, &(0x7f0000000680)="b2d6601bc2b928978c69197a8e7fae3822e58c3f8fe9808917a667ed9b390bba", &(0x7f00000006c0)="79a29cfb1ef58c32a6b1c3df73dface7bc48ecb963bf180fd0a90a4d8f3837539e5c29282d17ed401b6e82e96ff2fecc9878d337b8736f623822a97cf504497907222f52025889b3d9c7e8eaad022987d11acf3eb604ce9ea3944371e3f3bfd0b3b2181227112aec1369585a830e39092cf7a15643631d3a439edfe3f3d59368d27f51262a5455543205cb84e777e29aaec590578d2e19503b1c9a44875eb04feb8944f9a3f713625000afa82e9147a06194e10033620c82d33fde7174ab10c02ff0631ad4a535bb9931db2b8d1953503d6bc109a0efac3f9c2fa067669220963974d9d54f24b1e166d3c3d2c01601279d"}) lgetxattr$auto(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='@*[/.,^]\\%$F\x80\\$^\x00', &(0x7f0000001100)="b086fe590842a741f0a3e598823666af6e8e3813524d1195472fca57473bac6e69662074bea4dc292e7613e133a6f1e748ab352cb50390d45cc1eeae14cd86f85d7a917555ee90eea1644617b02c456e231ba81a6aff75381e594b31330fb5b14da47b692d0523a1dbda6c7a3a1769fc87ab53d6b6241834a4ca4f4c1fbe2ed059c38b79356d83d63494794c84874ad3e1b951f3d59b6bb8d973da82fc41ccc5722a6bf3b64fc72007d5569715bb66f0b77ca4fc256a85ae3e848546f9b3afff833e1fa94a8c47e19f7624d6b4f4ff774702fede059ed400192dcc7b494771782c590ff201e0d3cc00e5e033a1f40d3fc47970f84de62112a5232d972fed21e30415d34c885ad2e8bdedb72e83f8a9d687aba56bcbd960030911de7c64720f06c6cbac6bd7517b40bfcfb3175e42f0d5b594a0386a2cfbd89c6e0c9e6d114a30303ac490a92800de4c00d466f793dcd10fdb012ef767b63638c36f3149cf0e2335755c5b70ce2b3ef98972d99c98a55fc38f0f3e91f05961b66af7887f13987ef492745d4ab518492564cec4eaec1e1bf11a1f10da8acfd0a8017c1564ff1528e31e85845c30df4054326aa1af914b3cfbd63268e3af735719c4f591a320d581e44799971818d0e89fd6a2efd3b0830bc5c67dcf0b480f53138b337a23d6bb7c3706165fc1047128ec250056f73d2bc58ee6bc5ac09cc88d768d38795c198514f4860cebbe575812ed531bf9f648f6bfef91ea4b2f0a0c4aee81f5b6b4eac056207e9221828c5b3725cde76807ef5a3ccf09266ef03a9a6ab52a78948adb9b2c20a1b65f981acfe93147b3f363b4f580b186af2ecd828c468d43f8a92e9e6c8c580d3509709ea8a6da1e5bf168b07e7cb26d88aea88164726dc3e1b91549060ec5e303cde26d1a88d7c94c2a2e70fae0292abe2a60da8a750a1412e29170e57c96839075fe6b787034ee192c41aa6d38448b39ef83d169fd999f639eb0654399e1773f606d06504f31853f30a80c1d5d2d381d50bc314c75b2ee23c2ae0281ddcf503fb23c8e1f43e78cd7b8016ea99d3588faebfb2cbc4b9cc7a7fd98c3029df0f9d972aa88bdd063cd254d34c2093c909982315644069697729a15aca64879fd0f3b35d777ebacc11357aaabb36208591f5d98c0578d7565f24931b078688795defb284fc3079b4f965d1989981b5fa590990346ba2d750c5edee2e08598fa9684d337889f6a493444717ca2d875f337fe7800e2d1a2b2b8b99bc06477b645485fd9600024c2234220db3ffc051ebca3651b6dfadd46b6f7e468b93b78a12a1beebb685360b9d775df7b0a766d42f45797b287dcb5a2b134a31f62fb50cea2ada0e7a9bdaf1062860c78003756c40628f0b5d150c76706b9290ebe44418b12efa2956706d57a72d980b20dafcc1d73f7ee611a3c0b5ec74564a23cb717978dbcbb0d561bda6d107d0669578ee300fd742362bc221ddfd695595ec96e0a44ee832a309b4a272ca66d3a626ec530b10d407bdf467ee6cafe38f58d7b80672f9a0e707f1e9d327f7a9a6648406edb3df66d5239bcc417517d28870fba320eac0fe6b27c585b9ecd1ac82758d42ad644888b81cf024195ea59ca29fb2566622f9572ca20fb8d3e09c7809f21a2afbeb3854e6ecdc99b9a8e774dbab5651b97313e5d59c5b488c9c678feaad7cb6e31f952b1ca1c88eadfa7461a6e89a9a8e2fa9a028da12326855c7ccf909587137acd8010364f902b22217e2667c68d493e6489ea2cbe973e6b503fd005543c2e3e22b53daeccf541914a8586ec62447d9448b3f687635f85b57c92b55e90e4e62550db19f5aa902884d806b0e1a51abcd27de274b383cfc3726c115cd48a06d58c687126a17bedcc979cde9491fc1070460d815e802d1bd49d2ab28b0fad8fe92a046523085b7a4a597d1b424263e10470782ef047c4e34581e8b54a4ed5447d3b4b3da968e3d29c6135648c623c057a72504297c7b6a77a2d42ab6c22d4a6d9c96b89b4cf63e1521ab46fbac9d1d11a174649644a961c8da236dd0dabd33efe36f7d7cff75d0c6eb63fd3d7dc8cb850062b90d78402a5275429db8b8bea2b821ed631987b8d84f5c83814356a50f9ffcac016dfe9964fb4ed46649f02a7c29267fa07ef059ab9758522472338bf90b5d0693da3f8162056fb68c06502f6d8b2c089a04aa90f40142766b136d5c18c34b4c8fd7b019f683f38e75e1229e1dc7080d8a5d32a84d4972a79263a6a93ce48619e5813bb0881c2470a755e479eabdc8db9056fbf9a6a2733646f162d4c65a781b8c020305f7755b86afb22ab99f2c4046eed515204e70125577e0ea817444ec129cf67da042ef9c807a39eefd002352c8090bd760d348d442b7aa0fa9e550d096379f934ee0013d2954ed503093fac580eb39b9e075b34df1f5e651d66064daa46dd894b4fb8aa3bd008fb2fb0b78e958eb711a687443b12aef40586b1508eb1b349fcb9761ac2fe90b8b4570d00b8b3500e85adb331ea4365931e5467c35ac4a65861b4ba23833cfd20f1fb042dc1af221b08c08100fffd41822eeeac9fbbac5a8c2eebcd35c571a43641cb5cd4070235d834ca91cb8a61b60ec6d9b62a1ad40ac3d291c2c33fe7694a2c8fa6c20d6a16db06e0b14a120dcd9162c18c1c402541b08cd31f201fa4c51acda711328af75cd1b6cbc187fb2dbe1bdcc7c556c442e6e3a0d422c7596e36b35398afedd0b7325070e2c7d0c695a69c349bff414942addf11eb92e2d1b7f7b78a4e8a877f126f868254ae395a90eed79139e40eaf2586fefb60824cdc1d946aad3a61e34298e7ef466d1eeb19e0a05d6a37342a2adfd8267ec74e01717dbd1b17da2d8b1af93a68185f9ac935776d4a8185292718fefcb4591cc941d32020733ff29366f9519c754fbec128d9c20fd4fc7eb35434ed3ff9a00a65a95529d9cc0e18192ebe91def307bb70c2fefe85daa191c55b9ec71814c2ca1a46b8d0c655106e9b499215dcf9c96d4b3748612f8d82ec1f5b9276a7bad41d0007457acd3293599a3edccac68c5a9c1434488655fcef8e3346e753f5d8d2563401c0e38cd144bea435d79de8ba0d25a9b9f2d394711ee666f74e6f0f460c78648a17d00b05e4d346dbce03481d9eac56ba1536270ee5d6b4310837d390b6e1cb04f1c58b11822a2ba9121d12d750ff478371349ba312c57fb0a46c674fc94a9b18b321843f4c3b3a6957aa70969d8cfcdb469df85e16b52f3b947d73339c0760ad9ccac5434d8bc4d67f26b298536077fe21f37f8590a5f8e010402f25c19f766c64aaca0a04ac3642eac3a551a0284ea0bb041dde53bf69a7df71dadaad7ed632c18eb63a31ae917d0feed69dc175fc04891e64e4aa7731f60e386d3dae8390ce74468120888619e10bb592af7a561dff0487fdfb213ff855ea3756f47827d1d9a5ecbd96c84c633b481c2b29a36421be6376f153aafae9be09e160ba4bcfe9e9a15b1dc000c4a87361654b1526bdc37697e4616dc770ef860110b3d4f0becc755edb51f4b5f7093f2965098a5b7869c731afe068d94781f0ebf900b3ac72c7a1f2a8e8ef3bc2b25067d7bcd732911a62ae5abeb9da4c7d83ac048981812f6ece933e5483aca13dae4e0403f5884b40ba3e8aa1567c329973fc0525adf8d5ad531bb65d2cc0f1883a79f82f7593e08a904c0408354238d76021c2e92418ee29bf1e791f35b8814a83a11adaf33a47470ba92fd938bf5bd6a97c0ba330b98bb7d024a991a4d63ddd2b47aaaebdfc6fac6991831b7e9f3cdb4ecf4aaf32bae0ff7329dd530c143b6db7e7c82b5eb0e8e9d0d72bc65f288da802026131edf4bdaada8f29cc01c146447bd3e6da29279707324ad0e9a0ac1f203bea0920203226c408f16517f4c661afcb50c89c0e7104f215fcb4d74183e93df1921e3ddce0907929abbe8124277d7c588ed3b30ed9552cb975861906d5a2b901bf761dc850961b3232ba60a28c20274b86f421282dd7e98305ba4c395a61d346e62194bad7544f3180ca9c2381a8dbac910fdc75ad40591f88b75970f140a22da6e048f8bf2ef83eb2d14455717da22e0a915886b015ca705d17d735eae7bcdf00144d77fa9bf5e3d56f7227c4843155d02fa4f7903189d8c3a32f214acf1eee6b76cf6f5c73db10145b8e1f2bd57ec611749b505a0881ba7747bca7cb7de34d28c1a3d8dc861bab5e8e65f80eb90bb7f0d9fff363f1c133f8f40d7679f33c52b4412489adb8667b78ccf17226c6012cf07db99a765026c990ef603934bfb69903a7bc143542de9801ba4a9f8de624860ebd48e040024edca09c112c1f103b8639ef8effddc23ecd1592471acb7e161b670b8c4485130db316942727137ba7295c3ac912e6fa4d485e56af023064a0fcabefacf032401c81e06033756b0299c7a692c288e874e24bc770a69432a490090463b87a89da91a798708a1ea1ee004f339413dab61ee35eaeb19a84d627960be30409d6c23a56336e77c6ef595ef72d5bf5dc9dcd3e84a48e21d0f013d30a97e69bec6250e70328151c91d1580235a088fb98b43e84c8a034967c75281600846703b5de1f2492c5da38c72453e46388c39409b97f1bc1e6dd8a98e4b4571f84fc62ff20f95922f7ff934b90ae0215d076a0af737b76c350a6e4fb7474a1769e622e056cfc1f12b6c3c819722c35e827e740ab3c9eeadcde056d9ed372638c0f6d1419b597e5f4899dfe32f439ecba0025872bbf6a4a1cff182e88ee88c347f8f1f8483a17d90f4afc369733eb6e55321ae8cb8d80ac6ac74062845af2e85b289a5aa09cde152d57d2e1767c37eca54f80212b0911a50cc361f913163fc93a864454bd41b1a0a1e819faebf5e5a96d7c2d78bfe02a126bd6fe0a9b4798350a893c386b89dd265d0d5be791c230b500b1782e94ac914925b6f95971024efa314032e18248c909f525b70bcc675ce5f60198b57ab079140767344c5f8ba8853933b7678b9aea08f3858a0cace2b4d3458bfbccd25b94d56936538eb376662cc8264412f00a7cfc313b97638bc7f258ee9f600606e1f317ca714528c1272c38edd901e7340f2d5f1ed5d213e417c6afb64051919ec66dfd606d568f7059bb3b18ab7dde22a2109113acee7967bcae3f5c4a9fae0c7e7df671110447d5251a10f564ef62c90c8fcf880a64518ea36b2e6f9417285a7d5f1ce242e91afb41fa4d080d5b0c66b11d1f58235789202792e6f296c10d66a43bffe9003fc8fd1b5985a6196cd969f12146944c36317f064a32fcb11bffc153febf72257d027cc466c0bf041430a91e8623f0be26847812f04f4a64d545bb3967ad67a3d75290a38ef3f0da06a28b3deacf4876dffa3cb9e9a0b29529940459d86fad82a65afdc0b5be6a2c26e72f224397fd7f53e4600b799ccd5022ddc72f8f459c65d213d8b4def3dc56a315e4250585dca4a90c4d140b8fc0b06e0aa0b32aef46fb5f6bf7986fe633b3a250b2971f90f46001a11f1e5bd00b8e4b2d529d18d3e1ba90e9eedb5e24ddbf79a51b099d90ac35d91eb9025b0238dda49b9f67f66cae8e7802240107f73ddca930def16253a680401c0e352db54e2d9486ccd1fb391e7051e077a8ead9dfe48e09487e7d4b49e536d7fbe88aafb7c0013766e99d8b0ed4afbb8c72efa55a970cbb9b9f692b174506f37eb4b00c103f26403abbc393e651b73a9ab7db2bd68eb992866dd90896809ec247764dfc6f1d52c583b65056a547817a42d4eef42aefcd941ee27f367c0969371c2d75b66fe35bbb93c1", 0x9) mmap$auto(0x5, 0x2020009, 0xb, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0xffffffffffffffff) kernel console output (not intermixed with test programs): 048580kB managed:1100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 120.332103][ T6152] lowmem_reserve[]: 0 0 0 0 0 [ 120.341720][ T6152] Node 1 Normal free:3943948kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:2048kB local_pcp:2048kB free_cma:0kB [ 120.383538][ T6167] netlink: 338 bytes leftover after parsing attributes in process `syz.2.76'. [ 120.424929][ T6152] lowmem_reserve[]: 0 0 0 0 0 [ 120.429778][ T6152] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 120.460080][ T6152] Node 0 DMA32: 11792*4kB (UME) 940*8kB (UME) 366*16kB (UM) 254*32kB (UME) 103*64kB (UM) 51*128kB (UM) 33*256kB (UME) 17*512kB (UME) 7*1024kB (UM) 7*2048kB (UM) 259*4096kB (UM) = 1181312kB [ 120.504761][ T6152] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 120.534784][ T6152] Node 1 Normal: 1*4kB (M) 5*8kB (UM) 6*16kB (UM) 8*32kB (UM) 10*64kB (UM) 6*128kB (UM) 5*256kB (UM) 7*512kB (UM) 1*1024kB (M) 2*2048kB (UM) 960*4096kB (M) = 3943948kB [ 120.572160][ T6152] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 120.592448][ T6152] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 120.614927][ T6152] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 120.632688][ T6152] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 120.653442][ T6152] 93118 total pagecache pages [ 120.666693][ T6152] 0 pages in swap cache [ 120.680759][ T6152] Free swap = 124996kB [ 120.696633][ T6152] Total swap = 124996kB [ 120.707288][ T6152] 2097051 pages RAM [ 120.718210][ T6152] 0 pages HighMem/MovableOnly [ 120.729310][ T6152] 430826 pages reserved [ 120.740999][ T6152] 0 pages cma reserved [ 122.069059][ T6199] FAULT_INJECTION: forcing a failure. [ 122.069059][ T6199] name failslab, interval 1, probability 0, space 0, times 0 [ 122.098497][ T6199] CPU: 0 UID: 0 PID: 6199 Comm: syz.0.82 Not tainted syzkaller #0 PREEMPT(full) [ 122.098540][ T6199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 122.098559][ T6199] Call Trace: [ 122.098571][ T6199] [ 122.098583][ T6199] dump_stack_lvl+0x100/0x190 [ 122.098631][ T6199] should_fail_ex.cold+0x5/0xa [ 122.098669][ T6199] ? lsm_blob_alloc+0x68/0x90 [ 122.098719][ T6199] should_failslab+0xc2/0x120 [ 122.098756][ T6199] __kmalloc_noprof+0xe0/0x850 [ 122.098784][ T6199] ? trace_kmem_cache_alloc+0xd5/0x100 [ 122.098827][ T6199] lsm_blob_alloc+0x68/0x90 [ 122.098869][ T6199] security_sk_alloc+0x2d/0x290 [ 122.098918][ T6199] sk_prot_alloc+0x1d1/0x2a0 [ 122.098960][ T6199] sk_alloc+0x36/0xe80 [ 122.098991][ T6199] inet6_create+0x385/0x12b0 [ 122.099035][ T6199] ? inet6_create+0x7f/0x12b0 [ 122.099079][ T6199] __sock_create+0x339/0x860 [ 122.099131][ T6199] udp_sock_create6+0xc7/0x6a0 [ 122.099168][ T6199] ? __pfx_udp_sock_create6+0x10/0x10 [ 122.099210][ T6199] ? crng_make_state+0x477/0x6c0 [ 122.099243][ T6199] ? lockdep_hardirqs_on+0x78/0x100 [ 122.099286][ T6199] ? crng_make_state+0x2b0/0x6c0 [ 122.099324][ T6199] rxrpc_open_socket+0x206/0x6b0 [ 122.099363][ T6199] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 122.099420][ T6199] ? rcu_is_watching+0x12/0xc0 [ 122.099457][ T6199] ? trace_rxrpc_local+0x80/0x250 [ 122.099495][ T6199] rxrpc_lookup_local+0xac7/0x1220 [ 122.099536][ T6199] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 122.099573][ T6199] ? __local_bh_enable_ip+0x9e/0x120 [ 122.099616][ T6199] rxrpc_sendmsg+0x34a/0x680 [ 122.099662][ T6199] sock_write_iter+0x524/0x5a0 [ 122.099714][ T6199] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 122.099752][ T6199] ? __pfx_sock_write_iter+0x10/0x10 [ 122.099788][ T6199] ? futex_hash+0x141/0x370 [ 122.099827][ T6199] ? bpf_lsm_file_permission+0x9/0x10 [ 122.099854][ T6199] ? security_file_permission+0x76/0x210 [ 122.099889][ T6199] ? rw_verify_area+0xce/0x6d0 [ 122.099920][ T6199] vfs_write+0x6ac/0x1070 [ 122.099964][ T6199] ? __pfx_sock_write_iter+0x10/0x10 [ 122.100008][ T6199] ? __pfx_vfs_write+0x10/0x10 [ 122.100040][ T6199] ? find_held_lock+0x2b/0x80 [ 122.100100][ T6199] ksys_write+0x1f8/0x250 [ 122.100132][ T6199] ? __pfx_ksys_write+0x10/0x10 [ 122.100166][ T6199] ? rcu_is_watching+0x12/0xc0 [ 122.100201][ T6199] do_syscall_64+0x10b/0xf80 [ 122.100240][ T6199] ? clear_bhb_loop+0x40/0x90 [ 122.100277][ T6199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.100309][ T6199] RIP: 0033:0x7f0ea099cdd9 [ 122.100337][ T6199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.100364][ T6199] RSP: 002b:00007f0ea1942028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.100392][ T6199] RAX: ffffffffffffffda RBX: 00007f0ea0c15fa0 RCX: 00007f0ea099cdd9 [ 122.100411][ T6199] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 122.100428][ T6199] RBP: 00007f0ea0a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 122.100445][ T6199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.100462][ T6199] R13: 00007f0ea0c16038 R14: 00007f0ea0c15fa0 R15: 00007ffffcf27968 [ 122.100503][ T6199] [ 124.446884][ T6232] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 124.471210][ T6232] vhci_hcd vhci_hcd.2: invalid port number 111 [ 124.481969][ T6232] vhci_hcd vhci_hcd.2: invalid port number 111 [ 124.573997][ T6235] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 124.675449][ T6235] pci 0000:00:01.3: PCI INT A: no GSI [ 124.875228][ T6219] FAULT_INJECTION: forcing a failure. [ 124.875228][ T6219] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 124.950311][ T6219] CPU: 1 UID: 0 PID: 6219 Comm: syz.3.87 Not tainted syzkaller #0 PREEMPT(full) [ 124.950350][ T6219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 124.950367][ T6219] Call Trace: [ 124.950376][ T6219] [ 124.950387][ T6219] dump_stack_lvl+0x100/0x190 [ 124.950426][ T6219] should_fail_ex.cold+0x5/0xa [ 124.950456][ T6219] ? prepare_alloc_pages+0x16d/0x5f0 [ 124.950495][ T6219] should_fail_alloc_page+0xeb/0x140 [ 124.950529][ T6219] prepare_alloc_pages+0x1f0/0x5f0 [ 124.950569][ T6219] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 124.950629][ T6219] ? __lock_acquire+0x4a5/0x2630 [ 124.950660][ T6219] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 124.950711][ T6219] ? __lock_acquire+0x4a5/0x2630 [ 124.950736][ T6219] ? __lock_acquire+0x4a5/0x2630 [ 124.950760][ T6219] ? css_rstat_updated+0x1ce/0x5a0 [ 124.950813][ T6219] ? lock_acquire+0x1b1/0x370 [ 124.950848][ T6219] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 124.950890][ T6219] ? policy_nodemask+0xed/0x4f0 [ 124.950926][ T6219] alloc_pages_mpol+0x1fb/0x540 [ 124.950958][ T6219] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 124.950994][ T6219] ? __lock_acquire+0x4a5/0x2630 [ 124.951025][ T6219] folio_alloc_mpol_noprof+0x36/0x260 [ 124.951064][ T6219] vma_alloc_folio_noprof+0xed/0x1d0 [ 124.951100][ T6219] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 124.951149][ T6219] do_anonymous_page+0xb46/0x2050 [ 124.951190][ T6219] ? rcu_read_unlock+0x2d/0xb0 [ 124.951240][ T6219] __handle_mm_fault+0x1d2c/0x2a00 [ 124.951283][ T6219] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 124.951319][ T6219] ? __pfx___handle_mm_fault+0x10/0x10 [ 124.951368][ T6219] ? pte_offset_map_lock+0x174/0x320 [ 124.951399][ T6219] ? find_held_lock+0x2b/0x80 [ 124.951447][ T6219] ? follow_page_pte+0x4d0/0x13f0 [ 124.951487][ T6219] handle_mm_fault+0x36d/0xa20 [ 124.951535][ T6219] __get_user_pages+0x1178/0x32a0 [ 124.951583][ T6219] ? __pfx___get_user_pages+0x10/0x10 [ 124.951629][ T6219] populate_vma_page_range+0x267/0x3f0 [ 124.951666][ T6219] ? __pfx_populate_vma_page_range+0x10/0x10 [ 124.951700][ T6219] ? __pfx_find_vma_intersection+0x10/0x10 [ 124.951747][ T6219] __mm_populate+0x107/0x3a0 [ 124.951784][ T6219] ? __pfx___mm_populate+0x10/0x10 [ 124.951830][ T6219] ? up_write+0x28c/0x4f0 [ 124.951865][ T6219] vm_mmap_pgoff+0x37f/0x470 [ 124.951904][ T6219] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 124.951940][ T6219] ? do_futex+0x192/0x350 [ 124.951970][ T6219] ? __pfx_do_futex+0x10/0x10 [ 124.951999][ T6219] ? fdget+0x18b/0x210 [ 124.952034][ T6219] ksys_mmap_pgoff+0xe4/0x610 [ 124.952068][ T6219] ? __x64_sys_futex+0x358/0x4d0 [ 124.952098][ T6219] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 124.952130][ T6219] ? xfd_validate_state+0x129/0x190 [ 124.952167][ T6219] __x64_sys_mmap+0x125/0x190 [ 124.952201][ T6219] do_syscall_64+0x10b/0xf80 [ 124.952238][ T6219] ? clear_bhb_loop+0x40/0x90 [ 124.952271][ T6219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.952299][ T6219] RIP: 0033:0x7f9822f9cdd9 [ 124.952322][ T6219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 124.952347][ T6219] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 124.952373][ T6219] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 124.952391][ T6219] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 124.952408][ T6219] RBP: 00007f9823032d69 R08: ffffffffffffffff R09: 0000000000008000 [ 124.952425][ T6219] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 124.952442][ T6219] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 124.952480][ T6219] [ 125.697600][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 126.012125][ T6244] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 126.044181][ T6244] vhci_hcd vhci_hcd.2: invalid port number 111 [ 126.064894][ T6244] vhci_hcd vhci_hcd.2: invalid port number 111 [ 128.657670][ T6274] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 128.693919][ T6274] vhci_hcd vhci_hcd.2: invalid port number 111 [ 128.713164][ T6274] vhci_hcd vhci_hcd.2: invalid port number 111 [ 129.230195][ T6288] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 129.230195][ T6288] The task syz.3.100 (6288) triggered the difference, watch for misbehavior. [ 131.385966][ T6329] netlink: 'syz.1.107': attribute type 10 has an invalid length. [ 131.409808][ T6329] netlink: 330 bytes leftover after parsing attributes in process `syz.1.107'. [ 133.045648][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.054756][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.220094][ T6365] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 135.257977][ T6390] Device name cannot be null; rc = [-22] [ 136.330564][ T6401] futex_wake_op: syz.0.121 tries to shift op by -2048; fix this program [ 136.357100][ T6401] futex_wake_op: syz.0.121 tries to shift op by -2048; fix this program [ 138.540762][ T6442] netlink: 342 bytes leftover after parsing attributes in process `syz.1.130'. [ 138.806493][ T6447] netlink: 342 bytes leftover after parsing attributes in process `syz.1.133'. [ 138.826484][ T6449] netlink: 326 bytes leftover after parsing attributes in process `syz.2.132'. [ 139.078592][ T6458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.137'. [ 139.319830][ T6458] bond0: (slave bond_slave_0): Releasing backup interface [ 140.836811][ T6494] ======================================================= [ 140.836811][ T6494] WARNING: The mand mount option has been deprecated and [ 140.836811][ T6494] and is ignored by this kernel. Remove the mand [ 140.836811][ T6494] option from the mount to silence this warning. [ 140.836811][ T6494] ======================================================= [ 140.960182][ T6494] nfsd: Unknown parameter '%e' [ 141.000046][ T6494] nfsd: Unknown parameter '%e' [ 141.049117][ T6494] nfsd: Unknown parameter '%e' [ 141.098143][ T6494] nfsd: Unknown parameter '%e' [ 141.166758][ T6494] nfsd: Unknown parameter '%e' [ 141.221865][ T6494] nfsd: Unknown parameter '%e' [ 141.254797][ T6494] nfsd: Unknown parameter '%e' [ 141.303410][ T6494] nfsd: Unknown parameter '%e' [ 141.378571][ T6494] nfsd: Unknown parameter '%e' [ 141.446470][ T6494] nfsd: Unknown parameter '%e' [ 142.444889][ T6514] netlink: 342 bytes leftover after parsing attributes in process `syz.2.150'. [ 143.255852][ T6526] syz.2.153 (6526) used greatest stack depth: 19712 bytes left [ 147.361475][ T5626] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 147.472626][ T6588] futex_wake_op: syz.1.161 tries to shift op by -2048; fix this program [ 147.495015][ T6588] futex_wake_op: syz.1.161 tries to shift op by -2048; fix this program [ 150.492768][ T6639] ecryptfs_miscdev_write: Invalid packet size [0] [ 150.710801][ T6662] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 153.719366][ T6716] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 153.763305][ T6716] vhci_hcd vhci_hcd.2: invalid port number 188 [ 153.770595][ T6716] vhci_hcd vhci_hcd.2: invalid port number 188 [ 156.061344][ T6749] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 156.070977][ T6749] vhci_hcd vhci_hcd.2: invalid port number 188 [ 156.088690][ T6749] vhci_hcd vhci_hcd.2: invalid port number 188 [ 157.844710][ T6771] syz.0.190 uses obsolete (PF_INET,SOCK_PACKET) [ 158.399966][ T6780] netlink: 326 bytes leftover after parsing attributes in process `syz.1.192'. [ 160.204841][ T6806] MTRR 1 not used [ 160.612847][ T6810] FAULT_INJECTION: forcing a failure. [ 160.612847][ T6810] name failslab, interval 1, probability 0, space 0, times 0 [ 160.643754][ T6810] CPU: 1 UID: 0 PID: 6810 Comm: syz.3.200 Not tainted syzkaller #0 PREEMPT(full) [ 160.643799][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 160.643818][ T6810] Call Trace: [ 160.643829][ T6810] [ 160.643842][ T6810] dump_stack_lvl+0x100/0x190 [ 160.643885][ T6810] should_fail_ex.cold+0x5/0xa [ 160.643923][ T6810] ? tomoyo_realpath_from_path+0xb6/0x690 [ 160.643961][ T6810] should_failslab+0xc2/0x120 [ 160.643995][ T6810] __kmalloc_noprof+0xe0/0x850 [ 160.644021][ T6810] ? kfree+0x1dd/0x6c0 [ 160.644069][ T6810] tomoyo_realpath_from_path+0xb6/0x690 [ 160.644119][ T6810] tomoyo_check_open_permission+0x2af/0x3c0 [ 160.644154][ T6810] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 160.644187][ T6810] ? d_splice_alias_ops+0x5c3/0x1320 [ 160.644232][ T6810] ? hook_file_open+0x24e/0x7a0 [ 160.644294][ T6810] ? path_get+0x61/0x80 [ 160.644339][ T6810] tomoyo_file_open+0x6b/0x90 [ 160.644392][ T6810] security_file_open+0xb5/0x1e0 [ 160.644430][ T6810] do_dentry_open+0x5aa/0x1660 [ 160.644470][ T6810] ? security_inode_permission+0xbf/0x250 [ 160.644510][ T6810] vfs_open+0x82/0x3f0 [ 160.644559][ T6810] path_openat+0x208c/0x31a0 [ 160.644610][ T6810] ? __pfx_path_openat+0x10/0x10 [ 160.644670][ T6810] do_file_open+0x20e/0x430 [ 160.644710][ T6810] ? __pfx_do_file_open+0x10/0x10 [ 160.644779][ T6810] ? alloc_fd+0x476/0x790 [ 160.644820][ T6810] ? do_getname+0x191/0x390 [ 160.644869][ T6810] do_sys_openat2+0x10d/0x1e0 [ 160.644916][ T6810] ? __pfx_do_sys_openat2+0x10/0x10 [ 160.644967][ T6810] ? __fget_files+0x21f/0x3d0 [ 160.645011][ T6810] __x64_sys_openat+0x12d/0x210 [ 160.645058][ T6810] ? __pfx___x64_sys_openat+0x10/0x10 [ 160.645113][ T6810] ? rcu_is_watching+0x12/0xc0 [ 160.645156][ T6810] do_syscall_64+0x10b/0xf80 [ 160.645198][ T6810] ? clear_bhb_loop+0x40/0x90 [ 160.645235][ T6810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.645265][ T6810] RIP: 0033:0x7f9822f9cdd9 [ 160.645291][ T6810] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 160.645318][ T6810] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 160.645348][ T6810] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 160.645376][ T6810] RDX: 0000000000000080 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 160.645393][ T6810] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 160.645412][ T6810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 160.645428][ T6810] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 160.645469][ T6810] [ 161.026243][ T6810] ERROR: Out of memory at tomoyo_realpath_from_path. [ 161.352125][ T6818] FAULT_INJECTION: forcing a failure. [ 161.352125][ T6818] name failslab, interval 1, probability 0, space 0, times 0 [ 161.420380][ T6818] CPU: 1 UID: 0 PID: 6818 Comm: syz.0.201 Not tainted syzkaller #0 PREEMPT(full) [ 161.420422][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 161.420439][ T6818] Call Trace: [ 161.420448][ T6818] [ 161.420458][ T6818] dump_stack_lvl+0x100/0x190 [ 161.420499][ T6818] should_fail_ex.cold+0x5/0xa [ 161.420535][ T6818] should_failslab+0xc2/0x120 [ 161.420565][ T6818] __kmalloc_node_noprof+0xe6/0x850 [ 161.420587][ T6818] ? get_callchain_buffers+0x1e5/0x380 [ 161.420625][ T6818] get_callchain_buffers+0x1e5/0x380 [ 161.420656][ T6818] ? security_capable+0x80/0x260 [ 161.420695][ T6818] stack_map_alloc+0x316/0x610 [ 161.420725][ T6818] ? __pfx_stack_map_mem_usage+0x10/0x10 [ 161.420753][ T6818] map_create+0x84e/0x2bc0 [ 161.420786][ T6818] ? futex_unqueue+0x13d/0x2c0 [ 161.420812][ T6818] ? __futex_wait+0x256/0x300 [ 161.420850][ T6818] ? __pfx_map_create+0x10/0x10 [ 161.420885][ T6818] ? __might_fault+0xc5/0x140 [ 161.420921][ T6818] ? __might_fault+0xc5/0x140 [ 161.420969][ T6818] __sys_bpf+0x2091/0x4b90 [ 161.420998][ T6818] ? __pfx___sys_bpf+0x10/0x10 [ 161.421022][ T6818] ? __pfx_futex_wait+0x10/0x10 [ 161.421059][ T6818] ? ksys_write+0x190/0x250 [ 161.421095][ T6818] ? do_futex+0x192/0x350 [ 161.421139][ T6818] ? xfd_validate_state+0x129/0x190 [ 161.421173][ T6818] __x64_sys_bpf+0x7b/0xc0 [ 161.421197][ T6818] ? lockdep_hardirqs_on+0x78/0x100 [ 161.421240][ T6818] do_syscall_64+0x10b/0xf80 [ 161.421280][ T6818] ? clear_bhb_loop+0x40/0x90 [ 161.421310][ T6818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.421337][ T6818] RIP: 0033:0x7f0ea099cdd9 [ 161.421358][ T6818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.421380][ T6818] RSP: 002b:00007f0ea1900028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 161.421403][ T6818] RAX: ffffffffffffffda RBX: 00007f0ea0c16180 RCX: 00007f0ea099cdd9 [ 161.421424][ T6818] RDX: 00000000000006f4 RSI: 0000200000000580 RDI: 0000000000000000 [ 161.421438][ T6818] RBP: 00007f0ea0a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 161.421452][ T6818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.421465][ T6818] R13: 00007f0ea0c16218 R14: 00007f0ea0c16180 R15: 00007ffffcf27968 [ 161.421498][ T6818] [ 162.640240][ T6820] kexec: Could not allocate control_code_buffer [ 163.036398][ T5633] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 163.744380][ T6852] netlink: 342 bytes leftover after parsing attributes in process `syz.1.211'. [ 164.057735][ T6865] netlink: 342 bytes leftover after parsing attributes in process `syz.1.213'. [ 165.059142][ T5626] Bluetooth: hci1: command 0x2016 tx timeout [ 165.120405][ T6888] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 165.148233][ T6897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'. [ 165.198595][ T6888] vhci_hcd vhci_hcd.2: invalid port number 188 [ 165.244583][ T6888] vhci_hcd vhci_hcd.2: invalid port number 188 [ 167.138675][ T5633] Bluetooth: hci1: command 0x2016 tx timeout [ 168.093038][ T6948] input: f as /devices/virtual/input/input5 [ 168.825765][ T6964] netlink: 342 bytes leftover after parsing attributes in process `syz.1.236'. [ 168.977149][ T6968] ubi0: attaching mtd0 [ 169.017987][ T6968] ubi0: scanning is finished [ 169.036878][ T6968] ubi0: empty MTD device detected [ 169.490862][ T6968] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 169.510910][ T6968] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 169.529402][ T6968] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 169.588328][ T6968] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 169.596945][ T6968] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 169.663526][ T6968] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 169.774906][ T6968] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 591234751 [ 169.804974][ T6968] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 169.837161][ T6982] ubi0: background thread "ubi_bgt0d" started, PID 6982 [ 169.875922][ T6976] ubi0: detaching mtd0 [ 170.061828][ T6976] ubi0: mtd0 is detached [ 170.867724][ T6960] kexec: Could not allocate control_code_buffer [ 171.716080][ T7011] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 171.744277][ T7011] vhci_hcd vhci_hcd.2: invalid port number 230 [ 171.767673][ T7011] vhci_hcd vhci_hcd.2: invalid port number 230 [ 173.689613][ T7035] netlink: 342 bytes leftover after parsing attributes in process `syz.2.253'. [ 175.048817][ T7065] random: crng reseeded on system resumption [ 175.541887][ T7074] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 175.560002][ T7074] vhci_hcd vhci_hcd.2: invalid port number 230 [ 175.576957][ T7074] vhci_hcd vhci_hcd.2: invalid port number 230 [ 181.617167][ T7150] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 181.653949][ T7150] vhci_hcd vhci_hcd.2: invalid port number 230 [ 181.660475][ T7150] vhci_hcd vhci_hcd.2: invalid port number 230 [ 182.151628][ T7164] futex_wake_op: syz.0.281 tries to shift op by -2048; fix this program [ 182.178975][ T7164] futex_wake_op: syz.0.281 tries to shift op by -2048; fix this program [ 182.216891][ T7164] 0x000000000001-0x000000020000 : "" [ 182.333463][ T7164] ftl_cs: FTL header corrupt! [ 185.920446][ T7220] FAULT_INJECTION: forcing a failure. [ 185.920446][ T7220] name failslab, interval 1, probability 0, space 0, times 0 [ 185.944165][ T7220] CPU: 1 UID: 0 PID: 7220 Comm: syz.0.295 Tainted: G L syzkaller #0 PREEMPT(full) [ 185.944216][ T7220] Tainted: [L]=SOFTLOCKUP [ 185.944227][ T7220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 185.944245][ T7220] Call Trace: [ 185.944256][ T7220] [ 185.944268][ T7220] dump_stack_lvl+0x100/0x190 [ 185.944308][ T7220] should_fail_ex.cold+0x5/0xa [ 185.944346][ T7220] should_failslab+0xc2/0x120 [ 185.944382][ T7220] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 185.944431][ T7220] ? do_getname+0x35/0x390 [ 185.944485][ T7220] do_getname+0x35/0x390 [ 185.944529][ T7220] __x64_sys_execve+0x76/0xd0 [ 185.944564][ T7220] do_syscall_64+0x10b/0xf80 [ 185.944618][ T7220] ? clear_bhb_loop+0x40/0x90 [ 185.944656][ T7220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.944687][ T7220] RIP: 0033:0x7f0ea099cdd9 [ 185.944713][ T7220] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.944740][ T7220] RSP: 002b:00007f0ea1942028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 185.944769][ T7220] RAX: ffffffffffffffda RBX: 00007f0ea0c15fa0 RCX: 00007f0ea099cdd9 [ 185.944789][ T7220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0 [ 185.944807][ T7220] RBP: 00007f0ea0a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 185.944824][ T7220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.944842][ T7220] R13: 00007f0ea0c16038 R14: 00007f0ea0c15fa0 R15: 00007ffffcf27968 [ 185.944883][ T7220] [ 187.059607][ T7254] netlink: 8 bytes leftover after parsing attributes in process `syz.1.301'. [ 188.259576][ T7269] netlink: 28 bytes leftover after parsing attributes in process `syz.1.303'. [ 188.323914][ T7269] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.333911][ T7269] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.356049][ T7269] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.363821][ T7269] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 190.191685][ T5626] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 192.291188][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 193.697245][ T5626] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 193.708462][ T5626] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 193.722788][ T5626] CPU: 1 UID: 0 PID: 5626 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 193.722837][ T5626] Tainted: [L]=SOFTLOCKUP [ 193.722846][ T5626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 193.722865][ T5626] Workqueue: hci2 hci_rx_work [ 193.722908][ T5626] Call Trace: [ 193.722918][ T5626] [ 193.722930][ T5626] dump_stack_lvl+0x100/0x190 [ 193.722968][ T5626] sysfs_warn_dup.cold+0x1c/0x28 [ 193.723014][ T5626] sysfs_create_dir_ns+0x24b/0x2b0 [ 193.723048][ T5626] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 193.723079][ T5626] ? find_held_lock+0x2b/0x80 [ 193.723119][ T5626] ? kobject_add_internal+0x25f/0x930 [ 193.723156][ T5626] ? kobject_add_internal+0x25f/0x930 [ 193.723191][ T5626] ? do_raw_spin_unlock+0x145/0x1e0 [ 193.723229][ T5626] kobject_add_internal+0x2c8/0x930 [ 193.723267][ T5626] kobject_add+0x16a/0x1e0 [ 193.723298][ T5626] ? __pfx_kobject_add+0x10/0x10 [ 193.723337][ T5626] ? class_to_subsys+0x10f/0x150 [ 193.723383][ T5626] ? kobject_put+0xb9/0x640 [ 193.723409][ T5626] ? _raw_spin_unlock+0x28/0x50 [ 193.723460][ T5626] device_add+0x294/0x1950 [ 193.723500][ T5626] ? __pfx_dev_set_name+0x10/0x10 [ 193.723546][ T5626] ? __pfx_device_add+0x10/0x10 [ 193.723586][ T5626] ? mgmt_send_event_skb+0x2fb/0x460 [ 193.723640][ T5626] hci_conn_add_sysfs+0x1a3/0x260 [ 193.723689][ T5626] le_conn_complete_evt+0x11eb/0x1f60 [ 193.723743][ T5626] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 193.723782][ T5626] ? __pfx_bt_warn+0x10/0x10 [ 193.723841][ T5626] hci_le_conn_complete_evt+0x23c/0x3a0 [ 193.723885][ T5626] ? skb_pull_data+0x15f/0x1e0 [ 193.723933][ T5626] hci_le_meta_evt+0x34a/0x5f0 [ 193.723976][ T5626] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 193.724021][ T5626] hci_event_packet+0x51c/0xcd0 [ 193.724062][ T5626] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 193.724106][ T5626] ? __pfx_hci_event_packet+0x10/0x10 [ 193.724148][ T5626] ? kcov_remote_start+0x374/0x660 [ 193.724190][ T5626] ? lockdep_hardirqs_on+0x78/0x100 [ 193.724245][ T5626] hci_rx_work+0x451/0xfc0 [ 193.724291][ T5626] process_one_work+0xa0e/0x1980 [ 193.724351][ T5626] ? __pfx_process_one_work+0x10/0x10 [ 193.724396][ T5626] ? __pfx_hci_rx_work+0x10/0x10 [ 193.724443][ T5626] worker_thread+0x5ef/0xe50 [ 193.724487][ T5626] ? __pfx_worker_thread+0x10/0x10 [ 193.724522][ T5626] ? kthread+0x13a/0x450 [ 193.724549][ T5626] ? __pfx_worker_thread+0x10/0x10 [ 193.724578][ T5626] kthread+0x370/0x450 [ 193.724621][ T5626] ? __pfx_kthread+0x10/0x10 [ 193.724654][ T5626] ret_from_fork+0x72b/0xd50 [ 193.724692][ T5626] ? __pfx_ret_from_fork+0x10/0x10 [ 193.724728][ T5626] ? __switch_to+0x800/0x1100 [ 193.724771][ T5626] ? __switch_to_asm+0x39/0x70 [ 193.724808][ T5626] ? __pfx_kthread+0x10/0x10 [ 193.724839][ T5626] ret_from_fork_asm+0x1a/0x30 [ 193.724901][ T5626] [ 193.725247][ T5626] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 194.017076][ T5626] Bluetooth: hci2: failed to register connection device [ 194.517805][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.527126][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.136429][ T7357] FAULT_INJECTION: forcing a failure. [ 195.136429][ T7357] name failslab, interval 1, probability 0, space 0, times 0 [ 195.190500][ T7357] CPU: 0 UID: 0 PID: 7357 Comm: syz.2.323 Tainted: G L syzkaller #0 PREEMPT(full) [ 195.190544][ T7357] Tainted: [L]=SOFTLOCKUP [ 195.190553][ T7357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 195.190568][ T7357] Call Trace: [ 195.190577][ T7357] [ 195.190588][ T7357] dump_stack_lvl+0x100/0x190 [ 195.190625][ T7357] should_fail_ex.cold+0x5/0xa [ 195.190659][ T7357] ? sk_prot_alloc+0x10b/0x2a0 [ 195.190694][ T7357] should_failslab+0xc2/0x120 [ 195.190725][ T7357] __kmalloc_noprof+0xe0/0x850 [ 195.190759][ T7357] sk_prot_alloc+0x10b/0x2a0 [ 195.190796][ T7357] sk_alloc+0x36/0xe80 [ 195.190825][ T7357] __netlink_create+0x5e/0x2c0 [ 195.190855][ T7357] ? __wake_up+0x3f/0x60 [ 195.190896][ T7357] netlink_create+0x29b/0x610 [ 195.190927][ T7357] ? __pfx_genl_bind+0x10/0x10 [ 195.190963][ T7357] ? __pfx_genl_unbind+0x10/0x10 [ 195.190997][ T7357] ? __pfx_genl_release+0x10/0x10 [ 195.191048][ T7357] __sock_create+0x339/0x860 [ 195.191092][ T7357] __sys_socket+0x14d/0x260 [ 195.191127][ T7357] ? exc_page_fault+0x6f/0xd0 [ 195.191164][ T7357] ? __pfx___sys_socket+0x10/0x10 [ 195.191212][ T7357] __x64_sys_socket+0x72/0xb0 [ 195.191248][ T7357] ? lockdep_hardirqs_on+0x78/0x100 [ 195.191284][ T7357] do_syscall_64+0x10b/0xf80 [ 195.191320][ T7357] ? clear_bhb_loop+0x40/0x90 [ 195.191355][ T7357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.191381][ T7357] RIP: 0033:0x7fd0e2b9e647 [ 195.191404][ T7357] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 195.191428][ T7357] RSP: 002b:00007fd0e3aaff98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 195.191455][ T7357] RAX: ffffffffffffffda RBX: 00007fd0e2e16090 RCX: 00007fd0e2b9e647 [ 195.191473][ T7357] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 195.191487][ T7357] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 195.191503][ T7357] R10: 0000200000000180 R11: 0000000000000286 R12: 0000000000000000 [ 195.191518][ T7357] R13: 00007fd0e2e16128 R14: 00007fd0e2e16090 R15: 00007ffe7c6c9108 [ 195.191555][ T7357] [ 196.032812][ T5626] Bluetooth: hci2: command 0x2016 tx timeout [ 198.113625][ T5633] Bluetooth: hci2: command 0x2016 tx timeout [ 205.211010][ T7481] random: crng reseeded on system resumption [ 206.253144][ T7496] random: crng reseeded on system resumption [ 206.850031][ T7472] Bluetooth: hci3: command 0x0406 tx timeout [ 206.856521][ T7472] Bluetooth: hci1: command 0x2016 tx timeout [ 206.863971][ T7472] Bluetooth: hci0: command 0x0406 tx timeout [ 206.870273][ T7472] Bluetooth: hci2: command 0x2016 tx timeout [ 206.978895][ T7504] netlink: 28 bytes leftover after parsing attributes in process `syz.0.352'. [ 211.456925][ T29] audit: type=1800 audit(1778306617.669:2): pid=7533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.353" name="file0" dev="tmpfs" ino=477 res=0 errno=0 [ 212.602610][ T7565] netlink: 12 bytes leftover after parsing attributes in process `syz.1.364'. [ 212.633543][ T7565] nbd: must specify a size in bytes for the device [ 213.719586][ T7580] NFSD: Failed to start, no listeners configured. [ 219.669923][ T7690] openvswitch: netlink: Message has 4 unknown bytes. [ 220.018361][ T7296] syz.0.307 (7296) used greatest stack depth: 19376 bytes left [ 222.807667][ T7747] FAULT_INJECTION: forcing a failure. [ 222.807667][ T7747] name failslab, interval 1, probability 0, space 0, times 0 [ 222.884151][ T7747] CPU: 0 UID: 0 PID: 7747 Comm: syz.0.390 Tainted: G L syzkaller #0 PREEMPT(full) [ 222.884204][ T7747] Tainted: [L]=SOFTLOCKUP [ 222.884215][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 222.884233][ T7747] Call Trace: [ 222.884244][ T7747] [ 222.884255][ T7747] dump_stack_lvl+0x100/0x190 [ 222.884299][ T7747] should_fail_ex.cold+0x5/0xa [ 222.884339][ T7747] ? lsm_blob_alloc+0x68/0x90 [ 222.884386][ T7747] should_failslab+0xc2/0x120 [ 222.884422][ T7747] __kmalloc_noprof+0xe0/0x850 [ 222.884452][ T7747] ? trace_kmem_cache_alloc+0xd5/0x100 [ 222.884502][ T7747] lsm_blob_alloc+0x68/0x90 [ 222.884547][ T7747] security_prepare_creds+0x2d/0x290 [ 222.884591][ T7747] prepare_creds+0x5d6/0x950 [ 222.884630][ T7747] __sys_setfsgid+0xe3/0x3b0 [ 222.884676][ T7747] do_syscall_64+0x10b/0xf80 [ 222.884721][ T7747] ? clear_bhb_loop+0x40/0x90 [ 222.884760][ T7747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.884793][ T7747] RIP: 0033:0x7f0ea099cdd9 [ 222.884820][ T7747] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 222.884857][ T7747] RSP: 002b:00007f0ea189d028 EFLAGS: 00000246 ORIG_RAX: 000000000000007b [ 222.884888][ T7747] RAX: ffffffffffffffda RBX: 00007f0ea0c16450 RCX: 00007f0ea099cdd9 [ 222.884908][ T7747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00 [ 222.884926][ T7747] RBP: 00007f0ea0a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 222.884943][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.884961][ T7747] R13: 00007f0ea0c164e8 R14: 00007f0ea0c16450 R15: 00007ffffcf27968 [ 222.885001][ T7747] [ 223.324232][ T7750] netlink: 28 bytes leftover after parsing attributes in process `syz.3.396'. [ 224.985637][ T7320] syz.0.313 (7320) used greatest stack depth: 18232 bytes left [ 225.385475][ T29] audit: type=1804 audit(1778306631.592:3): pid=7785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.402" name="file0" dev="tmpfs" ino=661 res=1 errno=0 [ 226.305258][ T7800] netlink: 342 bytes leftover after parsing attributes in process `syz.3.407'. [ 226.899698][ T7802] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.130796][ T5636] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 228.273870][ T7835] random: crng reseeded on system resumption [ 228.407955][ T7837] netlink: 342 bytes leftover after parsing attributes in process `syz.1.416'. [ 231.757418][ T7928] ubi31: attaching mtd0 [ 231.800149][ T7928] ubi31 error: validate_ec_hdr: bad VID header offset 64, expected 514 [ 231.866624][ T7928] ubi31 error: validate_ec_hdr: bad EC header [ 231.927831][ T7928] Erase counter header dump: [ 231.965483][ T7928] magic 0x55424923 [ 231.971225][ T7925] could not allocate digest TFM handle [ 232.006017][ T7928] version 1 [ 232.027423][ T7928] ec 1 [ 232.062267][ T7928] vid_hdr_offset 64 [ 232.076490][ T7928] data_offset 128 [ 232.091654][ T7928] image_seq 591234751 [ 232.105980][ T7928] hdr_crc 0xfcad5592 [ 232.127580][ T7928] erase counter header hexdump: [ 232.133191][ T7928] CPU: 0 UID: 0 PID: 7928 Comm: syz.0.431 Tainted: G L syzkaller #0 PREEMPT(full) [ 232.133233][ T7928] Tainted: [L]=SOFTLOCKUP [ 232.133243][ T7928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 232.133261][ T7928] Call Trace: [ 232.133271][ T7928] [ 232.133282][ T7928] dump_stack_lvl+0x100/0x190 [ 232.133322][ T7928] validate_ec_hdr+0x2d0/0x330 [ 232.133373][ T7928] ubi_io_read_ec_hdr+0x656/0x6d0 [ 232.133409][ T7928] ubi_attach+0x601/0x4d30 [ 232.133460][ T7928] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 232.133504][ T7928] ? ubi_msg+0x114/0x159 [ 232.133533][ T7928] ? __pfx_ubi_msg+0x10/0x10 [ 232.133565][ T7928] ? __pfx_ubi_attach+0x10/0x10 [ 232.133601][ T7928] ? lockdep_init_map_type+0x5c/0x250 [ 232.133638][ T7928] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 232.133676][ T7928] ? __vmalloc_node_noprof+0xad/0xf0 [ 232.133717][ T7928] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 232.133761][ T7928] ubi_attach_mtd_dev+0x139f/0x32a0 [ 232.133832][ T7928] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 232.133871][ T7928] ? __pfx_get_mtd_device+0x10/0x10 [ 232.133912][ T7928] ctrl_cdev_ioctl+0x36a/0x400 [ 232.133953][ T7928] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 232.134005][ T7928] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 232.134048][ T7928] __x64_sys_ioctl+0x18e/0x210 [ 232.134089][ T7928] do_syscall_64+0x10b/0xf80 [ 232.134133][ T7928] ? clear_bhb_loop+0x40/0x90 [ 232.134171][ T7928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.134203][ T7928] RIP: 0033:0x7f0ea099cdd9 [ 232.134228][ T7928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 232.134255][ T7928] RSP: 002b:00007f0ea1900028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.134283][ T7928] RAX: ffffffffffffffda RBX: 00007f0ea0c16180 RCX: 00007f0ea099cdd9 [ 232.134302][ T7928] RDX: 0000200000000000 RSI: 0000000040186f40 RDI: 0000000000000005 [ 232.134321][ T7928] RBP: 00007f0ea0a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 232.134340][ T7928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.134358][ T7928] R13: 00007f0ea0c16218 R14: 00007f0ea0c16180 R15: 00007ffffcf27968 [ 232.134400][ T7928] [ 232.198883][ T7928] ubi31 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 232.529704][ T7928] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 233.696230][ T29] audit: type=1800 audit(1778306639.907:4): pid=7945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.434" name="file0" dev="tmpfs" ino=563 res=0 errno=0 [ 234.588466][ T7956] zero sized request [ 235.235397][ T7977] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 235.247775][ T7977] vhci_hcd vhci_hcd.2: invalid port number 230 [ 235.260891][ T7977] vhci_hcd vhci_hcd.2: invalid port number 230 [ 238.972615][ T29] audit: type=1800 audit(1778306645.175:5): pid=8022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.449" name="file0" dev="tmpfs" ino=570 res=0 errno=0 [ 239.038643][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 239.416342][ T8050] futex_wake_op: syz.0.454 tries to shift op by -2048; fix this program [ 239.474549][ T8050] futex_wake_op: syz.0.454 tries to shift op by -2048; fix this program [ 241.444377][ T8101] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3773896398 (3773896398 ns) > initial count (1915 ns). Using initial count to start timer. [ 246.446066][ T8240] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 246.487988][ T8240] vhci_hcd vhci_hcd.2: invalid port number 230 [ 246.511963][ T8240] vhci_hcd vhci_hcd.2: invalid port number 230 [ 246.583410][ T8233] zswap: compressor not available [ 247.663341][ T5636] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 247.670940][ T5636] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 247.689505][ T8262] futex_wake_op: syz.1.483 tries to shift op by -2048; fix this program [ 247.731528][ T8262] futex_wake_op: syz.1.483 tries to shift op by -2048; fix this program [ 250.448889][ T5636] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 252.477547][ T8378] FAULT_INJECTION: forcing a failure. [ 252.477547][ T8378] name failslab, interval 1, probability 0, space 0, times 0 [ 252.542725][ T8378] CPU: 0 UID: 0 PID: 8378 Comm: syz.2.499 Tainted: G L syzkaller #0 PREEMPT(full) [ 252.542772][ T8378] Tainted: [L]=SOFTLOCKUP [ 252.542782][ T8378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 252.542799][ T8378] Call Trace: [ 252.542809][ T8378] [ 252.542831][ T8378] dump_stack_lvl+0x100/0x190 [ 252.542872][ T8378] should_fail_ex.cold+0x5/0xa [ 252.542914][ T8378] should_failslab+0xc2/0x120 [ 252.542952][ T8378] __kmalloc_cache_noprof+0x7a/0x6f0 [ 252.542997][ T8378] ? ima_add_digest_entry+0x52/0x520 [ 252.543051][ T8378] ima_add_digest_entry+0x52/0x520 [ 252.543102][ T8378] ima_add_template_entry+0x442/0x800 [ 252.543156][ T8378] ? __pfx_ima_add_template_entry+0x10/0x10 [ 252.543204][ T8378] ? ima_calc_field_array_hash+0x378/0x440 [ 252.543245][ T8378] ima_store_template+0xda/0x150 [ 252.543280][ T8378] ima_store_measurement+0x21c/0x5b0 [ 252.543315][ T8378] ? __pfx_ima_store_measurement+0x10/0x10 [ 252.543362][ T8378] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 252.543415][ T8378] process_measurement+0x19cc/0x2350 [ 252.543480][ T8378] ? __pfx_process_measurement+0x10/0x10 [ 252.543542][ T8378] ? find_held_lock+0x2b/0x80 [ 252.543580][ T8378] ? rcu_read_unlock+0x17/0x60 [ 252.543619][ T8378] ? rcu_read_unlock+0x17/0x60 [ 252.543693][ T8378] ? lockdep_init_map_type+0x5c/0x250 [ 252.543725][ T8378] ? mutex_init_lockdep+0xf1/0x120 [ 252.543758][ T8378] ? inode_to_bdi+0x9e/0x160 [ 252.543802][ T8378] ima_file_check+0xcc/0x120 [ 252.543855][ T8378] ? __pfx_ima_file_check+0x10/0x10 [ 252.543911][ T8378] security_file_post_open+0xc4/0x210 [ 252.543947][ T8378] path_openat+0x1418/0x31a0 [ 252.543999][ T8378] ? __pfx_path_openat+0x10/0x10 [ 252.544052][ T8378] do_file_open+0x20e/0x430 [ 252.544093][ T8378] ? __pfx_do_file_open+0x10/0x10 [ 252.544162][ T8378] ? alloc_fd+0x476/0x790 [ 252.544207][ T8378] ? do_getname+0x191/0x390 [ 252.544258][ T8378] do_sys_openat2+0x10d/0x1e0 [ 252.544308][ T8378] ? __pfx_do_sys_openat2+0x10/0x10 [ 252.544360][ T8378] ? __fget_files+0x21f/0x3d0 [ 252.544407][ T8378] __x64_sys_openat+0x12d/0x210 [ 252.544458][ T8378] ? __pfx___x64_sys_openat+0x10/0x10 [ 252.544511][ T8378] ? kcov_ioctl+0x16a/0x720 [ 252.544558][ T8378] ? rcu_is_watching+0x12/0xc0 [ 252.544601][ T8378] do_syscall_64+0x10b/0xf80 [ 252.544646][ T8378] ? clear_bhb_loop+0x40/0x90 [ 252.544684][ T8378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.544716][ T8378] RIP: 0033:0x7fd0e2b9cdd9 [ 252.544742][ T8378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 252.544770][ T8378] RSP: 002b:00007fd0e3a2d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 252.544799][ T8378] RAX: ffffffffffffffda RBX: 00007fd0e2e16450 RCX: 00007fd0e2b9cdd9 [ 252.544827][ T8378] RDX: 0000000000000302 RSI: 00002000000009c0 RDI: ffffffffffffff9c [ 252.544845][ T8378] RBP: 00007fd0e2c32d69 R08: 0000000000000000 R09: 0000000000000000 [ 252.544864][ T8378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 252.544883][ T8378] R13: 00007fd0e2e164e8 R14: 00007fd0e2e16450 R15: 00007ffe7c6c9108 [ 252.544927][ T8378] [ 252.546246][ T8378] ima: OUT OF MEMORY ERROR creating queue entry [ 252.978189][ T29] audit: type=1804 audit(1778306659.168:6): pid=8378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.499" name="/newroot/sys/kernel/tracing/uprobe_events" dev="tracefs" ino=19 res=0 errno=0 [ 254.130331][ T8439] sctp: [Deprecated]: syz.0.505 (pid 8439) Use of struct sctp_assoc_value in delayed_ack socket option. [ 254.130331][ T8439] Use struct sctp_sack_info instead [ 255.117568][ T8446] netlink: 28 bytes leftover after parsing attributes in process `syz.3.507'. [ 255.190384][ T5636] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 255.406744][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 255.409571][ T5636] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 255.409665][ T5636] CPU: 0 UID: 0 PID: 5636 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 255.409710][ T5636] Tainted: [L]=SOFTLOCKUP [ 255.409721][ T5636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 255.409741][ T5636] Workqueue: hci0 hci_rx_work [ 255.409786][ T5636] Call Trace: [ 255.409796][ T5636] [ 255.409808][ T5636] dump_stack_lvl+0x100/0x190 [ 255.409846][ T5636] sysfs_warn_dup.cold+0x1c/0x28 [ 255.409893][ T5636] sysfs_create_dir_ns+0x24b/0x2b0 [ 255.409928][ T5636] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 255.409960][ T5636] ? find_held_lock+0x2b/0x80 [ 255.410000][ T5636] ? kobject_add_internal+0x25f/0x930 [ 255.410033][ T5636] ? kobject_add_internal+0x25f/0x930 [ 255.410070][ T5636] ? do_raw_spin_unlock+0x145/0x1e0 [ 255.410110][ T5636] kobject_add_internal+0x2c8/0x930 [ 255.410149][ T5636] kobject_add+0x16a/0x1e0 [ 255.410181][ T5636] ? __pfx_kobject_add+0x10/0x10 [ 255.410211][ T5636] ? class_to_subsys+0x10f/0x150 [ 255.410259][ T5636] ? kobject_put+0xb9/0x640 [ 255.410285][ T5636] ? _raw_spin_unlock+0x28/0x50 [ 255.410335][ T5636] device_add+0x294/0x1950 [ 255.410376][ T5636] ? __pfx_dev_set_name+0x10/0x10 [ 255.410422][ T5636] ? __pfx_device_add+0x10/0x10 [ 255.410464][ T5636] ? mgmt_send_event_skb+0x2fb/0x460 [ 255.410519][ T5636] hci_conn_add_sysfs+0x1a3/0x260 [ 255.410568][ T5636] le_conn_complete_evt+0x11eb/0x1f60 [ 255.410630][ T5636] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 255.410669][ T5636] ? __pfx_bt_warn+0x10/0x10 [ 255.410728][ T5636] hci_le_conn_complete_evt+0x23c/0x3a0 [ 255.410772][ T5636] ? skb_pull_data+0x15f/0x1e0 [ 255.410820][ T5636] hci_le_meta_evt+0x34a/0x5f0 [ 255.410862][ T5636] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 255.410910][ T5636] hci_event_packet+0x51c/0xcd0 [ 255.410951][ T5636] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 255.410993][ T5636] ? __pfx_hci_event_packet+0x10/0x10 [ 255.411039][ T5636] ? kcov_remote_start+0x374/0x660 [ 255.411080][ T5636] ? lockdep_hardirqs_on+0x78/0x100 [ 255.411134][ T5636] hci_rx_work+0x451/0xfc0 [ 255.411179][ T5636] process_one_work+0xa0e/0x1980 [ 255.411230][ T5636] ? __pfx_process_one_work+0x10/0x10 [ 255.411273][ T5636] ? __pfx_hci_rx_work+0x10/0x10 [ 255.411317][ T5636] worker_thread+0x5ef/0xe50 [ 255.411359][ T5636] ? __pfx_worker_thread+0x10/0x10 [ 255.411392][ T5636] ? kthread+0x13a/0x450 [ 255.411417][ T5636] ? __pfx_worker_thread+0x10/0x10 [ 255.411447][ T5636] kthread+0x370/0x450 [ 255.411473][ T5636] ? __pfx_kthread+0x10/0x10 [ 255.411503][ T5636] ret_from_fork+0x72b/0xd50 [ 255.411538][ T5636] ? __pfx_ret_from_fork+0x10/0x10 [ 255.411571][ T5636] ? rcu_is_watching+0x12/0xc0 [ 255.411618][ T5636] ? __switch_to+0x800/0x1100 [ 255.411656][ T5636] ? __switch_to_asm+0x39/0x70 [ 255.411695][ T5636] ? __pfx_kthread+0x10/0x10 [ 255.411721][ T5636] ret_from_fork_asm+0x1a/0x30 [ 255.411783][ T5636] [ 255.411817][ T5636] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 255.411862][ T5636] Bluetooth: hci0: failed to register connection device [ 256.009635][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.009744][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.424952][ T5626] Bluetooth: hci0: command 0x0406 tx timeout [ 257.699970][ T8485] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 259.504168][ T5636] Bluetooth: hci0: command 0x0406 tx timeout [ 260.454188][ T8537] Process accounting resumed [ 260.927334][ T29] audit: type=1804 audit(1778306667.124:7): pid=8561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.530" name="/newroot/124/file0" dev="tmpfs" ino=674 res=1 errno=0 [ 261.873668][ T8572] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.323435][ T8572] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.505486][ T8572] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.721432][ T8572] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.983196][ T5636] Bluetooth: hci0: unexpected event 0x3e length: 0 < 1 [ 263.752925][ T8603] FAULT_INJECTION: forcing a failure. [ 263.752925][ T8603] name failslab, interval 1, probability 0, space 0, times 0 [ 263.818363][ T8603] CPU: 0 UID: 0 PID: 8603 Comm: syz.3.541 Tainted: G L syzkaller #0 PREEMPT(full) [ 263.818412][ T8603] Tainted: [L]=SOFTLOCKUP [ 263.818423][ T8603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 263.818440][ T8603] Call Trace: [ 263.818450][ T8603] [ 263.818462][ T8603] dump_stack_lvl+0x100/0x190 [ 263.818502][ T8603] should_fail_ex.cold+0x5/0xa [ 263.818542][ T8603] should_failslab+0xc2/0x120 [ 263.818577][ T8603] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 263.818610][ T8603] ? x509_get_sig_params+0xf5/0x6c0 [ 263.818645][ T8603] ? trace_kmalloc+0xe3/0x110 [ 263.818688][ T8603] kmemdup_noprof+0x29/0x60 [ 263.818722][ T8603] x509_get_sig_params+0xf5/0x6c0 [ 263.818762][ T8603] ? __asan_memcpy+0x3c/0x60 [ 263.818813][ T8603] x509_cert_parse+0x4e9/0x910 [ 263.818852][ T8603] ? kasan_save_stack+0x3f/0x50 [ 263.818880][ T8603] ? kasan_save_stack+0x30/0x50 [ 263.818908][ T8603] ? kasan_save_track+0x14/0x30 [ 263.818942][ T8603] pkcs7_extract_cert+0xa4/0x380 [ 263.818986][ T8603] asn1_ber_decoder+0x12b3/0x2170 [ 263.819044][ T8603] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 263.819115][ T8603] pkcs7_parse_message+0x289/0x870 [ 263.819159][ T8603] verify_pkcs7_signature+0x30/0xa0 [ 263.819195][ T8603] valid_regdb+0x211/0x590 [ 263.819247][ T8603] ? __pfx_valid_regdb+0x10/0x10 [ 263.819294][ T8603] reg_reload_regdb+0x11a/0x460 [ 263.819336][ T8603] ? __pfx_reg_reload_regdb+0x10/0x10 [ 263.819379][ T8603] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 263.819408][ T8603] ? nl80211_pre_doit+0x19a/0xae0 [ 263.819443][ T8603] genl_family_rcv_msg_doit+0x214/0x300 [ 263.819498][ T8603] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 263.819545][ T8603] ? genl_get_cmd+0x3e7/0x760 [ 263.819598][ T8603] ? bpf_lsm_capable+0x9/0x10 [ 263.819631][ T8603] ? security_capable+0x80/0x260 [ 263.819687][ T8603] genl_rcv_msg+0x560/0x800 [ 263.819741][ T8603] ? __pfx_genl_rcv_msg+0x10/0x10 [ 263.819787][ T8603] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 263.819814][ T8603] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 263.819859][ T8603] ? __pfx_nl80211_post_doit+0x10/0x10 [ 263.819904][ T8603] netlink_rcv_skb+0x159/0x420 [ 263.819948][ T8603] ? __pfx_genl_rcv_msg+0x10/0x10 [ 263.820000][ T8603] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 263.820062][ T8603] ? netlink_deliver_tap+0x1ae/0xcc0 [ 263.820109][ T8603] genl_rcv+0x28/0x40 [ 263.820153][ T8603] netlink_unicast+0x585/0x850 [ 263.820203][ T8603] ? __pfx_netlink_unicast+0x10/0x10 [ 263.820256][ T8603] netlink_sendmsg+0x8b0/0xda0 [ 263.820308][ T8603] ? __pfx_netlink_sendmsg+0x10/0x10 [ 263.820349][ T8603] ? __import_iovec+0x1d2/0x640 [ 263.820386][ T8603] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 263.820441][ T8603] ____sys_sendmsg+0x9e1/0xb70 [ 263.820482][ T8603] ? __pfx_netlink_sendmsg+0x10/0x10 [ 263.820529][ T8603] ? __pfx_____sys_sendmsg+0x10/0x10 [ 263.820580][ T8603] ? __pfx_futex_wake_mark+0x10/0x10 [ 263.820628][ T8603] ___sys_sendmsg+0x190/0x1e0 [ 263.820677][ T8603] ? __pfx____sys_sendmsg+0x10/0x10 [ 263.820784][ T8603] __sys_sendmsg+0x170/0x220 [ 263.820821][ T8603] ? __pfx___sys_sendmsg+0x10/0x10 [ 263.820862][ T8603] ? __x64_sys_futex+0x34f/0x4d0 [ 263.820914][ T8603] ? rcu_is_watching+0x12/0xc0 [ 263.820960][ T8603] do_syscall_64+0x10b/0xf80 [ 263.821003][ T8603] ? clear_bhb_loop+0x40/0x90 [ 263.821042][ T8603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.821073][ T8603] RIP: 0033:0x7f9822f9cdd9 [ 263.821099][ T8603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 263.821127][ T8603] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 263.821158][ T8603] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 263.821178][ T8603] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 263.821196][ T8603] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 263.821214][ T8603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 263.821231][ T8603] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 263.821273][ T8603] [ 265.504790][ T29] audit: type=1800 audit(1778306680.695:8): pid=8641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.551" name="features" dev="configfs" ino=23189 res=0 errno=0 [ 265.820605][ T8654] FAULT_INJECTION: forcing a failure. [ 265.820605][ T8654] name failslab, interval 1, probability 0, space 0, times 0 [ 265.853914][ T8654] CPU: 1 UID: 0 PID: 8654 Comm: syz.2.553 Tainted: G L syzkaller #0 PREEMPT(full) [ 265.853965][ T8654] Tainted: [L]=SOFTLOCKUP [ 265.853976][ T8654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 265.853993][ T8654] Call Trace: [ 265.854003][ T8654] [ 265.854015][ T8654] dump_stack_lvl+0x100/0x190 [ 265.854058][ T8654] should_fail_ex.cold+0x5/0xa [ 265.854095][ T8654] ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 265.854147][ T8654] should_failslab+0xc2/0x120 [ 265.854182][ T8654] __kmalloc_noprof+0xe0/0x850 [ 265.854220][ T8654] genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 265.854277][ T8654] genl_family_rcv_msg_doit+0xc7/0x300 [ 265.854330][ T8654] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 265.854377][ T8654] ? genl_get_cmd+0x3e7/0x760 [ 265.854434][ T8654] ? __dev_queue_xmit+0xa10/0x4950 [ 265.854478][ T8654] ? __radix_tree_lookup+0x217/0x2b0 [ 265.854527][ T8654] genl_rcv_msg+0x560/0x800 [ 265.854578][ T8654] ? __pfx_genl_rcv_msg+0x10/0x10 [ 265.854625][ T8654] ? __pfx_ctrl_getfamily+0x10/0x10 [ 265.854670][ T8654] netlink_rcv_skb+0x159/0x420 [ 265.854712][ T8654] ? __pfx_genl_rcv_msg+0x10/0x10 [ 265.854768][ T8654] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 265.854829][ T8654] ? netlink_deliver_tap+0x1ae/0xcc0 [ 265.854879][ T8654] genl_rcv+0x28/0x40 [ 265.854921][ T8654] netlink_unicast+0x585/0x850 [ 265.854968][ T8654] ? __pfx_netlink_unicast+0x10/0x10 [ 265.855023][ T8654] netlink_sendmsg+0x8b0/0xda0 [ 265.855078][ T8654] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.855123][ T8654] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 265.855173][ T8654] __sys_sendto+0x468/0x4b0 [ 265.855201][ T8654] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.855246][ T8654] ? __pfx___sys_sendto+0x10/0x10 [ 265.855293][ T8654] ? fd_install+0x223/0x580 [ 265.855350][ T8654] ? __pfx___sys_socket+0x10/0x10 [ 265.855407][ T8654] __x64_sys_sendto+0xe0/0x1c0 [ 265.855438][ T8654] ? do_syscall_64+0x90/0xf80 [ 265.855484][ T8654] ? lockdep_hardirqs_on+0x78/0x100 [ 265.855527][ T8654] do_syscall_64+0x10b/0xf80 [ 265.855571][ T8654] ? clear_bhb_loop+0x40/0x90 [ 265.855611][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.855644][ T8654] RIP: 0033:0x7fd0e2b5d60e [ 265.855671][ T8654] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 265.855696][ T8654] RSP: 002b:00007fd0e3ad0e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 265.855726][ T8654] RAX: ffffffffffffffda RBX: 00007fd0e3ad26c0 RCX: 00007fd0e2b5d60e [ 265.855755][ T8654] RDX: 0000000000000020 RSI: 00007fd0e3ad1000 RDI: 000000000000000a [ 265.855773][ T8654] RBP: 0000000000000000 R08: 00007fd0e3ad0f04 R09: 000000000000000c [ 265.855791][ T8654] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 265.855809][ T8654] R13: 00007fd0e3ad0f58 R14: 00007fd0e3ad1000 R15: 0000000000000000 [ 265.855851][ T8654] [ 266.368536][ T29] audit: type=1804 audit(1778306681.445:9): pid=8660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.548" name="/newroot/125/file0" dev="tmpfs" ino=684 res=1 errno=0 [ 267.588115][ T29] audit: type=1804 audit(1778306682.775:10): pid=8687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.555" name="/newroot/131/file0" dev="tmpfs" ino=711 res=1 errno=0 [ 268.098816][ T8693] netlink: 16 bytes leftover after parsing attributes in process `syz.1.561'. [ 269.219967][ T8684] kexec: Could not allocate control_code_buffer [ 269.297582][ T8716] netlink: 28 bytes leftover after parsing attributes in process `syz.3.565'. [ 270.024903][ T8728] MTRR 1 not used [ 270.191380][ T8735] futex_wake_op: syz.3.569 tries to shift op by -2048; fix this program [ 270.232980][ T8735] futex_wake_op: syz.3.569 tries to shift op by -2048; fix this program [ 270.318752][ T8726] 0x000000000001-0x000000020000 : "" [ 270.389043][ T8726] ftl_cs: FTL header corrupt! [ 270.950809][ T8745] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 273.214424][ T8785] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 273.763441][ T8795] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 273.763441][ T8795] program syz.3.580 not setting count and/or reply_len properly [ 273.952377][ T8795] netlink: 8 bytes leftover after parsing attributes in process `syz.3.580'. [ 274.445175][ T5636] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 274.678887][ T8819] futex_wake_op: syz.2.582 tries to shift op by -2048; fix this program [ 274.688334][ T8819] futex_wake_op: syz.2.582 tries to shift op by -2048; fix this program [ 277.295344][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 277.302903][ T5636] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 277.425712][ T8857] futex_wake_op: syz.0.594 tries to shift op by -2048; fix this program [ 277.452986][ T8857] futex_wake_op: syz.0.594 tries to shift op by -2048; fix this program [ 277.946330][ T8863] FAULT_INJECTION: forcing a failure. [ 277.946330][ T8863] name failslab, interval 1, probability 0, space 0, times 0 [ 278.037858][ T8863] CPU: 1 UID: 0 PID: 8863 Comm: syz.3.595 Tainted: G L syzkaller #0 PREEMPT(full) [ 278.037889][ T8863] Tainted: [L]=SOFTLOCKUP [ 278.037896][ T8863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 278.037905][ T8863] Call Trace: [ 278.037912][ T8863] [ 278.037919][ T8863] dump_stack_lvl+0x100/0x190 [ 278.037951][ T8863] should_fail_ex.cold+0x5/0xa [ 278.037974][ T8863] should_failslab+0xc2/0x120 [ 278.037996][ T8863] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 278.038024][ T8863] ? acpi_ut_create_generic_state+0x61/0xc0 [ 278.038056][ T8863] acpi_ut_create_generic_state+0x61/0xc0 [ 278.038077][ T8863] acpi_ps_push_scope+0x42/0x280 [ 278.038101][ T8863] acpi_ps_parse_loop+0x334/0x24a0 [ 278.038130][ T8863] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 278.038156][ T8863] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 278.038185][ T8863] ? acpi_ut_create_thread_state+0x6d/0x170 [ 278.038232][ T8863] acpi_ps_parse_aml+0x81e/0x1120 [ 278.038262][ T8863] acpi_ps_execute_method+0x5c4/0xe90 [ 278.038292][ T8863] acpi_ns_evaluate+0x640/0x1670 [ 278.038322][ T8863] acpi_evaluate_object+0x420/0xe00 [ 278.038341][ T8863] ? kasan_save_stack+0x30/0x50 [ 278.038357][ T8863] ? kasan_save_track+0x14/0x30 [ 278.038373][ T8863] ? __kasan_kmalloc+0xaa/0xb0 [ 278.038397][ T8863] ? __kvmalloc_node_noprof+0x360/0xa00 [ 278.038418][ T8863] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 278.038437][ T8863] ? lock_acquire+0x1b1/0x370 [ 278.038460][ T8863] acpi_evaluate_integer+0xdf/0x220 [ 278.038488][ T8863] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 278.038525][ T8863] ? __pfx_status_show+0x10/0x10 [ 278.038544][ T8863] status_show+0xa0/0x120 [ 278.038563][ T8863] ? __pfx_status_show+0x10/0x10 [ 278.038588][ T8863] dev_attr_show+0x52/0xa0 [ 278.038612][ T8863] ? __pfx_dev_attr_show+0x10/0x10 [ 278.038635][ T8863] sysfs_kf_seq_show+0x217/0x3a0 [ 278.038659][ T8863] seq_read_iter+0x32f/0x1270 [ 278.038679][ T8863] ? lock_acquire+0x1b1/0x370 [ 278.038706][ T8863] kernfs_fop_read_iter+0x46c/0x610 [ 278.038733][ T8863] ? rw_verify_area+0xce/0x6d0 [ 278.038751][ T8863] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 278.038779][ T8863] vfs_read+0x825/0xb30 [ 278.038802][ T8863] ? __pfx_vfs_read+0x10/0x10 [ 278.038844][ T8863] ksys_read+0x12a/0x250 [ 278.038864][ T8863] ? __pfx_ksys_read+0x10/0x10 [ 278.038886][ T8863] ? rcu_is_watching+0x12/0xc0 [ 278.038911][ T8863] do_syscall_64+0x10b/0xf80 [ 278.038937][ T8863] ? clear_bhb_loop+0x40/0x90 [ 278.038960][ T8863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.038986][ T8863] RIP: 0033:0x7f9822f9cdd9 [ 278.039002][ T8863] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 278.039019][ T8863] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 278.039037][ T8863] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 278.039049][ T8863] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 278.039060][ T8863] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 278.039070][ T8863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.039080][ T8863] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 278.039104][ T8863] [ 278.042244][ T8863] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 278.655718][ T5636] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 278.663877][ T5636] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 278.692415][ T8876] futex_wake_op: syz.1.598 tries to shift op by -2048; fix this program [ 278.737856][ T8876] futex_wake_op: syz.1.598 tries to shift op by -2048; fix this program [ 279.042925][ T8871] netlink: 4 bytes leftover after parsing attributes in process `syz.2.597'. [ 279.780023][ T8897] FAULT_INJECTION: forcing a failure. [ 279.780023][ T8897] name failslab, interval 1, probability 0, space 0, times 0 [ 279.807964][ T8897] CPU: 0 UID: 0 PID: 8897 Comm: syz.0.602 Tainted: G L syzkaller #0 PREEMPT(full) [ 279.808012][ T8897] Tainted: [L]=SOFTLOCKUP [ 279.808023][ T8897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 279.808040][ T8897] Call Trace: [ 279.808051][ T8897] [ 279.808062][ T8897] dump_stack_lvl+0x100/0x190 [ 279.808101][ T8897] should_fail_ex.cold+0x5/0xa [ 279.808140][ T8897] should_failslab+0xc2/0x120 [ 279.808178][ T8897] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 279.808244][ T8897] ? anon_vma_clone+0x2ba/0xcd0 [ 279.808295][ T8897] anon_vma_clone+0x2ba/0xcd0 [ 279.808350][ T8897] __split_vma+0x51f/0xd90 [ 279.808400][ T8897] ? __pfx___split_vma+0x10/0x10 [ 279.808456][ T8897] ? __pfx_mas_prev+0x10/0x10 [ 279.808495][ T8897] vms_gather_munmap_vmas+0x3a5/0x1720 [ 279.808546][ T8897] ? find_held_lock+0x2b/0x80 [ 279.808589][ T8897] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 279.808652][ T8897] ? move_page_tables+0xe1d/0x4500 [ 279.808723][ T8897] do_vmi_align_munmap+0x287/0x5f0 [ 279.808778][ T8897] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 279.808890][ T8897] do_vmi_munmap+0x1f8/0x3e0 [ 279.808944][ T8897] move_vma+0xe5b/0x1920 [ 279.808978][ T8897] ? __pfx_move_vma+0x10/0x10 [ 279.809010][ T8897] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 279.809064][ T8897] ? vrm_set_new_addr+0x204/0x290 [ 279.809115][ T8897] mremap_to+0x234/0x4c0 [ 279.809140][ T8897] ? mas_walk+0x6ef/0x9b0 [ 279.809181][ T8897] ? __pfx_mremap_to+0x10/0x10 [ 279.809208][ T8897] ? check_prep_vma+0x878/0xdf0 [ 279.809263][ T8897] __do_sys_mremap+0xa7a/0x1850 [ 279.809306][ T8897] ? __pfx___do_sys_mremap+0x10/0x10 [ 279.809342][ T8897] ? do_futex+0x192/0x350 [ 279.809376][ T8897] ? __pfx_do_futex+0x10/0x10 [ 279.809420][ T8897] ? __x64_sys_futex+0x34f/0x4d0 [ 279.809467][ T8897] ? rcu_is_watching+0x12/0xc0 [ 279.809510][ T8897] do_syscall_64+0x10b/0xf80 [ 279.809551][ T8897] ? clear_bhb_loop+0x40/0x90 [ 279.809586][ T8897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.809625][ T8897] RIP: 0033:0x7f0ea099cdd9 [ 279.809652][ T8897] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.809680][ T8897] RSP: 002b:00007f0ea1921028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 279.809710][ T8897] RAX: ffffffffffffffda RBX: 00007f0ea0c16090 RCX: 00007f0ea099cdd9 [ 279.809730][ T8897] RDX: 0000000000000037 RSI: 0000000000000008 RDI: 0000200000001000 [ 279.809748][ T8897] RBP: 00007f0ea0a32d69 R08: 000000110c230000 R09: 0000000000000000 [ 279.809766][ T8897] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 279.809779][ T8897] R13: 00007f0ea0c16128 R14: 00007f0ea0c16090 R15: 00007ffffcf27968 [ 279.809802][ T8897] [ 280.725281][ T8919] FAULT_INJECTION: forcing a failure. [ 280.725281][ T8919] name failslab, interval 1, probability 0, space 0, times 0 [ 280.805595][ T8919] CPU: 0 UID: 0 PID: 8919 Comm: syz.3.608 Tainted: G L syzkaller #0 PREEMPT(full) [ 280.805695][ T8919] Tainted: [L]=SOFTLOCKUP [ 280.805707][ T8919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 280.805722][ T8919] Call Trace: [ 280.805732][ T8919] [ 280.805743][ T8919] dump_stack_lvl+0x100/0x190 [ 280.805783][ T8919] should_fail_ex.cold+0x5/0xa [ 280.805822][ T8919] should_failslab+0xc2/0x120 [ 280.805857][ T8919] __kmalloc_cache_noprof+0x7a/0x6f0 [ 280.805900][ T8919] ? cec_open+0xdb/0x690 [ 280.805943][ T8919] ? __lock_acquire+0x4a5/0x2630 [ 280.805978][ T8919] cec_open+0xdb/0x690 [ 280.806023][ T8919] ? __pfx_cec_open+0x10/0x10 [ 280.806071][ T8919] ? do_raw_spin_lock+0x128/0x260 [ 280.806105][ T8919] ? find_held_lock+0x2b/0x80 [ 280.806142][ T8919] ? chrdev_open+0x589/0x6a0 [ 280.806178][ T8919] ? chrdev_open+0x589/0x6a0 [ 280.806221][ T8919] ? __pfx_cec_open+0x10/0x10 [ 280.806264][ T8919] chrdev_open+0x234/0x6a0 [ 280.806304][ T8919] ? __pfx_chrdev_open+0x10/0x10 [ 280.806343][ T8919] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 280.806392][ T8919] do_dentry_open+0x6d8/0x1660 [ 280.806427][ T8919] ? __pfx_chrdev_open+0x10/0x10 [ 280.806474][ T8919] vfs_open+0x82/0x3f0 [ 280.806523][ T8919] path_openat+0x208c/0x31a0 [ 280.806574][ T8919] ? __pfx_path_openat+0x10/0x10 [ 280.806627][ T8919] do_file_open+0x20e/0x430 [ 280.806689][ T8919] ? __pfx_do_file_open+0x10/0x10 [ 280.806751][ T8919] ? alloc_fd+0x476/0x790 [ 280.806788][ T8919] ? do_getname+0x191/0x390 [ 280.806835][ T8919] do_sys_openat2+0x10d/0x1e0 [ 280.806880][ T8919] ? __pfx_do_sys_openat2+0x10/0x10 [ 280.806927][ T8919] ? rcu_is_watching+0x12/0xc0 [ 280.806975][ T8919] __x64_sys_openat+0x12d/0x210 [ 280.807022][ T8919] ? __pfx___x64_sys_openat+0x10/0x10 [ 280.807094][ T8919] ? rcu_is_watching+0x12/0xc0 [ 280.807136][ T8919] do_syscall_64+0x10b/0xf80 [ 280.807179][ T8919] ? clear_bhb_loop+0x40/0x90 [ 280.807216][ T8919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.807247][ T8919] RIP: 0033:0x7f9822f9cdd9 [ 280.807273][ T8919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 280.807300][ T8919] RSP: 002b:00007f9821172028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 280.807328][ T8919] RAX: ffffffffffffffda RBX: 00007f9823216450 RCX: 00007f9822f9cdd9 [ 280.807347][ T8919] RDX: 0000000000101901 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 280.807365][ T8919] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 280.807382][ T8919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.807397][ T8919] R13: 00007f98232164e8 R14: 00007f9823216450 R15: 00007ffc1f7e76b8 [ 280.807435][ T8919] [ 281.264695][ T183] bridge_slave_1: left allmulticast mode [ 281.290549][ T183] bridge_slave_1: left promiscuous mode [ 281.316726][ T29] audit: type=1804 audit(1778306696.505:11): pid=8921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.609" name="file0" dev="tmpfs" ino=959 res=1 errno=0 [ 281.349875][ T183] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.435170][ T183] bridge_slave_0: left allmulticast mode [ 281.466122][ T183] bridge_slave_0: left promiscuous mode [ 281.497079][ T183] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.802042][ T5626] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 281.814271][ T5626] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 281.827688][ T5626] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 281.840165][ T5626] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 281.853544][ T5626] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 282.199045][ T183] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.225117][ T183] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.280065][ T183] bond0 (unregistering): Released all slaves [ 283.202637][ T8950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.613'. [ 283.365998][ T183] hsr_slave_0: left promiscuous mode [ 283.384626][ T183] hsr_slave_1: left promiscuous mode [ 283.403346][ T183] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.431881][ T183] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.461675][ T183] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.479517][ T183] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.531181][ T183] veth1_macvtap: left promiscuous mode [ 283.538596][ T183] veth0_macvtap: left promiscuous mode [ 283.565303][ T183] veth1_vlan: left promiscuous mode [ 283.585859][ T183] veth0_vlan: left promiscuous mode [ 283.908579][ T5626] Bluetooth: hci3: command tx timeout [ 284.453118][ T183] team0 (unregistering): Port device team_slave_1 removed [ 284.491285][ T183] team0 (unregistering): Port device team_slave_0 removed [ 284.940204][ T8972] MTRR 1 not used [ 285.988076][ T5626] Bluetooth: hci3: command tx timeout [ 286.281805][ T8928] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.313828][ T8928] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.330499][ T8928] bridge_slave_0: entered allmulticast mode [ 286.343646][ T8928] bridge_slave_0: entered promiscuous mode [ 286.363054][ T8928] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.386899][ T8928] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.402110][ T8928] bridge_slave_1: entered allmulticast mode [ 286.411140][ T8928] bridge_slave_1: entered promiscuous mode [ 286.506596][ T8928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.534998][ T8928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.701305][ T8928] team0: Port device team_slave_0 added [ 286.791251][ T8928] team0: Port device team_slave_1 added [ 286.981535][ T8928] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 286.994823][ T8928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 287.025294][ T8928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.083015][ T8928] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.096306][ T8928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 287.150667][ T8928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.752254][ T8928] hsr_slave_0: entered promiscuous mode [ 287.767669][ T8928] hsr_slave_1: entered promiscuous mode [ 287.778819][ T5626] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 287.801774][ T8928] debugfs: 'hsr0' already exists in 'hsr' [ 287.830774][ T8928] Cannot create hsr debugfs directory [ 288.016444][ T9021] futex_wake_op: syz.3.623 tries to shift op by -2048; fix this program [ 288.028201][ T9021] futex_wake_op: syz.3.623 tries to shift op by -2048; fix this program [ 288.066802][ T5626] Bluetooth: hci3: command tx timeout [ 288.607287][ T9037] MTRR 1 not used [ 289.097218][ T8928] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 289.115137][ T8928] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 289.124188][ T8928] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 289.161756][ T8928] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 289.170404][ T8928] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 289.191941][ T8928] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 289.200598][ T8928] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 289.236964][ T8928] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 289.759829][ T9056] random: crng reseeded on system resumption [ 289.824454][ T8928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.869492][ T8928] 8021q: adding VLAN 0 to HW filter on device team0 [ 289.980961][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.988235][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.048245][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.055435][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.146987][ T5626] Bluetooth: hci3: command tx timeout [ 290.424010][ T9061] netlink: 8 bytes leftover after parsing attributes in process `syz.1.630'. [ 290.597403][ T9054] hub 1-0:1.0: USB hub found [ 290.642973][ T9054] hub 1-0:1.0: 1 port detected [ 291.556435][ T8928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.763679][ T8928] veth0_vlan: entered promiscuous mode [ 291.805033][ T8928] veth1_vlan: entered promiscuous mode [ 291.948200][ T8928] veth0_macvtap: entered promiscuous mode [ 292.024029][ T8928] veth1_macvtap: entered promiscuous mode [ 292.101247][ T8928] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 292.168252][ T8928] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 292.221886][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.255693][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.282343][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.334692][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.564769][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.575591][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.750504][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.777599][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.037778][ T9086] kexec: Could not allocate control_code_buffer [ 293.228313][ T9103] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 294.716789][ T9122] netlink: 342 bytes leftover after parsing attributes in process `syz.1.641'. [ 294.772130][ T9122] IPv6: NLM_F_CREATE should be specified when creating new route [ 294.835031][ T9122] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 294.844034][ T9122] IPv6: NLM_F_CREATE should be set when creating new route [ 294.851509][ T9122] IPv6: NLM_F_CREATE should be set when creating new route [ 295.405741][ T9139] netlink: 342 bytes leftover after parsing attributes in process `syz.2.643'. [ 298.764989][ T9171] FAULT_INJECTION: forcing a failure. [ 298.764989][ T9171] name failslab, interval 1, probability 0, space 0, times 0 [ 298.826789][ T9171] CPU: 1 UID: 0 PID: 9171 Comm: syz.3.650 Tainted: G L syzkaller #0 PREEMPT(full) [ 298.826838][ T9171] Tainted: [L]=SOFTLOCKUP [ 298.826848][ T9171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 298.826864][ T9171] Call Trace: [ 298.826873][ T9171] [ 298.826885][ T9171] dump_stack_lvl+0x100/0x190 [ 298.826923][ T9171] should_fail_ex.cold+0x5/0xa [ 298.826963][ T9171] should_failslab+0xc2/0x120 [ 298.827000][ T9171] __kmalloc_cache_noprof+0x7a/0x6f0 [ 298.827044][ T9171] ? __request_module+0x2c3/0x6c0 [ 298.827074][ T9171] ? lockdep_hardirqs_on+0x78/0x100 [ 298.827124][ T9171] __request_module+0x2c3/0x6c0 [ 298.827158][ T9171] ? __pfx___request_module+0x10/0x10 [ 298.827203][ T9171] ? preempt_schedule_thunk+0x16/0x30 [ 298.827276][ T9171] get_fs_type+0xd7/0x190 [ 298.827321][ T9171] __x64_sys_fsopen+0xca/0x220 [ 298.827350][ T9171] do_syscall_64+0x10b/0xf80 [ 298.827391][ T9171] ? clear_bhb_loop+0x40/0x90 [ 298.827427][ T9171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.827459][ T9171] RIP: 0033:0x7f9822f9cdd9 [ 298.827484][ T9171] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 298.827510][ T9171] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 298.827538][ T9171] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 298.827557][ T9171] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 298.827574][ T9171] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 298.827591][ T9171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 298.827607][ T9171] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 298.827645][ T9171] [ 299.413221][ T9183] FAULT_INJECTION: forcing a failure. [ 299.413221][ T9183] name failslab, interval 1, probability 0, space 0, times 0 [ 299.458687][ T9183] CPU: 1 UID: 0 PID: 9183 Comm: syz.2.651 Tainted: G L syzkaller #0 PREEMPT(full) [ 299.458732][ T9183] Tainted: [L]=SOFTLOCKUP [ 299.458742][ T9183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 299.458757][ T9183] Call Trace: [ 299.458767][ T9183] [ 299.458778][ T9183] dump_stack_lvl+0x100/0x190 [ 299.458816][ T9183] should_fail_ex.cold+0x5/0xa [ 299.458852][ T9183] should_failslab+0xc2/0x120 [ 299.458886][ T9183] __kmalloc_cache_noprof+0x7a/0x6f0 [ 299.458924][ T9183] ? append_filter_err+0xb8/0x620 [ 299.458960][ T9183] ? process_preds+0x93d/0x1d90 [ 299.459003][ T9183] append_filter_err+0xb8/0x620 [ 299.459048][ T9183] apply_subsystem_event_filter+0x727/0x17b0 [ 299.459100][ T9183] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 299.459154][ T9183] ? _copy_from_user+0x59/0xd0 [ 299.459188][ T9183] subsystem_filter_write+0x95/0x120 [ 299.459232][ T9183] vfs_write+0x2aa/0x1070 [ 299.459278][ T9183] ? __pfx_subsystem_filter_write+0x10/0x10 [ 299.459321][ T9183] ? __pfx_vfs_write+0x10/0x10 [ 299.459353][ T9183] ? __fget_files+0x215/0x3d0 [ 299.459398][ T9183] ? __fget_files+0x21f/0x3d0 [ 299.459447][ T9183] ksys_write+0x12a/0x250 [ 299.459478][ T9183] ? __pfx_ksys_write+0x10/0x10 [ 299.459514][ T9183] ? rcu_is_watching+0x12/0xc0 [ 299.459552][ T9183] do_syscall_64+0x10b/0xf80 [ 299.459589][ T9183] ? clear_bhb_loop+0x40/0x90 [ 299.459622][ T9183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.459649][ T9183] RIP: 0033:0x7f228279cdd9 [ 299.459673][ T9183] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 299.459698][ T9183] RSP: 002b:00007f228364d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 299.459726][ T9183] RAX: ffffffffffffffda RBX: 00007f2282a15fa0 RCX: 00007f228279cdd9 [ 299.459745][ T9183] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 299.459761][ T9183] RBP: 00007f2282832d69 R08: 0000000000000000 R09: 0000000000000000 [ 299.459777][ T9183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 299.459794][ T9183] R13: 00007f2282a16038 R14: 00007f2282a15fa0 R15: 00007fff1c0f7ff8 [ 299.459834][ T9183] [ 302.972512][ T5626] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 302.980089][ T5626] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 302.999858][ T5626] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 303.054960][ T9252] futex_wake_op: syz.1.659 tries to shift op by -2048; fix this program [ 303.131852][ T9252] futex_wake_op: syz.1.659 tries to shift op by -2048; fix this program [ 303.244658][ T9253] futex_wake_op: syz.2.660 tries to shift op by -2048; fix this program [ 303.334025][ T9253] futex_wake_op: syz.2.660 tries to shift op by -2048; fix this program [ 310.996786][ T29] audit: type=1804 audit(1778306726.195:12): pid=9414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.682" name="file0" dev="tmpfs" ino=1091 res=1 errno=0 [ 311.638427][ T5626] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 311.646059][ T5626] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 312.236392][ T9437] futex_wake_op: syz.0.687 tries to shift op by -2048; fix this program [ 312.292580][ T9445] netlink: 28 bytes leftover after parsing attributes in process `syz.2.686'. [ 312.311781][ T9437] futex_wake_op: syz.0.687 tries to shift op by -2048; fix this program [ 312.792431][ T9445] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.890322][ T9445] bridge_slave_0 (unregistering): left allmulticast mode [ 312.917666][ T9445] bridge_slave_0 (unregistering): left promiscuous mode [ 312.943474][ T9445] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.807991][ T9458] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 314.437935][ T9459] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 314.463208][ T9459] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 314.581680][ T9481] netlink: 16 bytes leftover after parsing attributes in process `syz.1.694'. [ 314.594529][ T9459] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 314.625091][ T9459] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 314.637854][ T9459] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 314.644110][ T9459] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 314.721128][ T9459] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 314.741907][ T9459] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 314.751326][ T9459] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 314.791459][ T9459] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 314.820687][ T9459] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 314.841099][ T9459] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 314.856905][ T9459] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 314.873150][ T9459] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 314.884715][ T9459] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 315.166606][ T29] audit: type=1804 audit(1778306730.355:13): pid=9482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.692" name="/newroot/162/file0" dev="tmpfs" ino=876 res=1 errno=0 [ 315.901523][ T5626] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 315.949055][ T9509] futex_wake_op: syz.1.700 tries to shift op by -2048; fix this program [ 315.960676][ T9509] futex_wake_op: syz.1.700 tries to shift op by -2048; fix this program [ 316.066613][ T5636] Bluetooth: hci0: command 0x0406 tx timeout [ 316.707835][ T5636] Bluetooth: hci1: command 0x2016 tx timeout [ 316.789834][ T5636] Bluetooth: hci2: command 0x2016 tx timeout [ 316.866742][ T5636] Bluetooth: hci3: command 0x0c1a tx timeout [ 317.431781][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.438874][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.152212][ T5636] Bluetooth: hci0: command 0x0406 tx timeout [ 318.458369][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 318.786692][ T5636] Bluetooth: hci1: command 0x2016 tx timeout [ 318.866766][ T5636] Bluetooth: hci2: command 0x2016 tx timeout [ 318.952018][ T5636] Bluetooth: hci3: command 0x0c1a tx timeout [ 319.792021][ T9580] cougar: G6 mapped to space [ 320.038841][ T9590] netlink: 330 bytes leftover after parsing attributes in process `syz.0.721'. [ 320.088989][ T9590] IPv6: NLM_F_CREATE should be specified when creating new route [ 320.226571][ T5636] Bluetooth: hci0: command 0x0406 tx timeout [ 320.866686][ T5636] Bluetooth: hci1: command 0x2016 tx timeout [ 320.947755][ T5636] Bluetooth: hci2: command 0x2016 tx timeout [ 321.026789][ T5636] Bluetooth: hci3: command 0x0c1a tx timeout [ 321.934840][ T9628] netlink: 338 bytes leftover after parsing attributes in process `syz.0.728'. [ 322.247174][ T9629] vhci_hcd vhci_hcd.2: invalid port number 230 [ 322.263573][ T9629] vhci_hcd vhci_hcd.2: default hub control req: b7a1 v5c6f i00e6 l3260 [ 322.306725][ T5636] Bluetooth: hci0: command 0x0406 tx timeout [ 323.036658][ T5636] Bluetooth: hci2: command 0x2016 tx timeout [ 323.106599][ T5636] Bluetooth: hci3: command 0x0c1a tx timeout [ 325.184067][ T9667] netlink: 338 bytes leftover after parsing attributes in process `syz.1.737'. [ 329.408390][ T9747] FAULT_INJECTION: forcing a failure. [ 329.408390][ T9747] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 329.456144][ T9747] CPU: 1 UID: 0 PID: 9747 Comm: syz.3.757 Tainted: G L syzkaller #0 PREEMPT(full) [ 329.456189][ T9747] Tainted: [L]=SOFTLOCKUP [ 329.456198][ T9747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 329.456214][ T9747] Call Trace: [ 329.456223][ T9747] [ 329.456233][ T9747] dump_stack_lvl+0x100/0x190 [ 329.456271][ T9747] should_fail_ex.cold+0x5/0xa [ 329.456306][ T9747] _copy_from_user+0x2e/0xd0 [ 329.456336][ T9747] copy_msghdr_from_user+0x9f/0x4f0 [ 329.456380][ T9747] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 329.456427][ T9747] ? __pfx__kstrtoull+0x10/0x10 [ 329.456476][ T9747] ___sys_sendmsg+0x106/0x1e0 [ 329.456520][ T9747] ? __pfx____sys_sendmsg+0x10/0x10 [ 329.456576][ T9747] ? find_held_lock+0x2b/0x80 [ 329.456640][ T9747] __sys_sendmmsg+0x205/0x430 [ 329.456679][ T9747] ? __pfx___sys_sendmmsg+0x10/0x10 [ 329.456726][ T9747] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 329.456789][ T9747] ? fput+0x79/0x100 [ 329.456827][ T9747] ? ksys_write+0x1ac/0x250 [ 329.456856][ T9747] ? __pfx_ksys_write+0x10/0x10 [ 329.456894][ T9747] __x64_sys_sendmmsg+0x9c/0x100 [ 329.456928][ T9747] ? lockdep_hardirqs_on+0x78/0x100 [ 329.456970][ T9747] do_syscall_64+0x10b/0xf80 [ 329.457012][ T9747] ? clear_bhb_loop+0x40/0x90 [ 329.457049][ T9747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.457088][ T9747] RIP: 0033:0x7f9822f9cdd9 [ 329.457114][ T9747] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 329.457140][ T9747] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 329.457168][ T9747] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 329.457186][ T9747] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000004 [ 329.457202][ T9747] RBP: 00007f9823d73090 R08: 0000000000000000 R09: 0000000000000000 [ 329.457219][ T9747] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 329.457235][ T9747] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 329.457274][ T9747] [ 331.577975][ T29] audit: type=1804 audit(4294975108.519:14): pid=9781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.761" name="/newroot/30/file0" dev="tmpfs" ino=174 res=1 errno=0 [ 331.989932][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 331.997701][ T5636] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 332.252559][ T9801] futex_wake_op: syz.0.764 tries to shift op by -2048; fix this program [ 332.867787][ T9813] FAULT_INJECTION: forcing a failure. [ 332.867787][ T9813] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.972673][ T9813] CPU: 0 UID: 0 PID: 9813 Comm: syz.3.766 Tainted: G L syzkaller #0 PREEMPT(full) [ 332.972702][ T9813] Tainted: [L]=SOFTLOCKUP [ 332.972708][ T9813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 332.972717][ T9813] Call Trace: [ 332.972723][ T9813] [ 332.972730][ T9813] dump_stack_lvl+0x100/0x190 [ 332.972754][ T9813] should_fail_ex.cold+0x5/0xa [ 332.972777][ T9813] _copy_from_user+0x2e/0xd0 [ 332.972795][ T9813] ____sys_sendmsg+0x1d1/0xb70 [ 332.972822][ T9813] ? __pfx_____sys_sendmsg+0x10/0x10 [ 332.972850][ T9813] ? __pfx__kstrtoull+0x10/0x10 [ 332.972877][ T9813] ___sys_sendmsg+0x190/0x1e0 [ 332.972904][ T9813] ? __pfx____sys_sendmsg+0x10/0x10 [ 332.972939][ T9813] ? find_held_lock+0x2b/0x80 [ 332.972975][ T9813] __sys_sendmmsg+0x205/0x430 [ 332.972997][ T9813] ? __pfx___sys_sendmmsg+0x10/0x10 [ 332.973023][ T9813] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 332.973059][ T9813] ? fput+0x79/0x100 [ 332.973083][ T9813] ? ksys_write+0x1ac/0x250 [ 332.973102][ T9813] ? __pfx_ksys_write+0x10/0x10 [ 332.973125][ T9813] __x64_sys_sendmmsg+0x9c/0x100 [ 332.973145][ T9813] ? lockdep_hardirqs_on+0x78/0x100 [ 332.973170][ T9813] do_syscall_64+0x10b/0xf80 [ 332.973193][ T9813] ? clear_bhb_loop+0x40/0x90 [ 332.973214][ T9813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.973232][ T9813] RIP: 0033:0x7f9822f9cdd9 [ 332.973254][ T9813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 332.973271][ T9813] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 332.973288][ T9813] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 332.973299][ T9813] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000004 [ 332.973309][ T9813] RBP: 00007f9823d73090 R08: 0000000000000000 R09: 0000000000000000 [ 332.973318][ T9813] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 332.973328][ T9813] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 332.973349][ T9813] [ 334.123629][ T9833] netlink: 338 bytes leftover after parsing attributes in process `syz.1.771'. [ 334.178571][ T9835] netlink: 338 bytes leftover after parsing attributes in process `syz.2.772'. [ 334.494692][ T9846] random: crng reseeded on system resumption [ 335.210194][ T5626] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 335.217867][ T5626] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 335.249508][ T9864] futex_wake_op: syz.1.778 tries to shift op by -2048; fix this program [ 335.283077][ T9864] futex_wake_op: syz.1.778 tries to shift op by -2048; fix this program [ 335.554572][ T9872] netlink: Invalid conntrack helper [ 335.797572][ T9874] MTRR 1 not used [ 336.115956][ T9878] netlink: 338 bytes leftover after parsing attributes in process `syz.2.782'. [ 337.975011][ T9909] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 337.985876][ T9909] vhci_hcd vhci_hcd.2: invalid port number 230 [ 338.002908][ T9909] vhci_hcd vhci_hcd.2: default hub control req: 23a1 v5c6f i00e6 l3260 [ 338.657125][ T5626] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 338.739442][ T9924] futex_wake_op: syz.3.791 tries to shift op by -2048; fix this program [ 338.787482][ T9924] futex_wake_op: syz.3.791 tries to shift op by -2048; fix this program [ 340.806925][ T9954] size and base must be multiples of 4 kiB [ 340.835196][ T9954] CPU: 0 UID: 0 PID: 9954 Comm: syz.2.798 Tainted: G L syzkaller #0 PREEMPT(full) [ 340.835227][ T9954] Tainted: [L]=SOFTLOCKUP [ 340.835234][ T9954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 340.835244][ T9954] Call Trace: [ 340.835250][ T9954] [ 340.835257][ T9954] dump_stack_lvl+0x100/0x190 [ 340.835281][ T9954] mtrr_del.cold+0x72/0x85 [ 340.835301][ T9954] mtrr_ioctl+0xbc8/0xcf0 [ 340.835320][ T9954] ? __pfx_mtrr_ioctl+0x10/0x10 [ 340.835342][ T9954] ? find_held_lock+0x2b/0x80 [ 340.835371][ T9954] ? __fget_files+0x21f/0x3d0 [ 340.835394][ T9954] ? __pfx_mtrr_ioctl+0x10/0x10 [ 340.835412][ T9954] proc_reg_unlocked_ioctl+0x229/0x320 [ 340.835434][ T9954] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 340.835458][ T9954] __x64_sys_ioctl+0x18e/0x210 [ 340.835477][ T9954] do_syscall_64+0x10b/0xf80 [ 340.835503][ T9954] ? clear_bhb_loop+0x40/0x90 [ 340.835525][ T9954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.835543][ T9954] RIP: 0033:0x7f228279cdd9 [ 340.835558][ T9954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 340.835576][ T9954] RSP: 002b:00007f228364d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.835593][ T9954] RAX: ffffffffffffffda RBX: 00007f2282a15fa0 RCX: 00007f228279cdd9 [ 340.835605][ T9954] RDX: 0000000000000003 RSI: 00000000400c4d04 RDI: 0000000000000003 [ 340.835616][ T9954] RBP: 00007f2282832d69 R08: 0000000000000000 R09: 0000000000000000 [ 340.835627][ T9954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.835637][ T9954] R13: 00007f2282a16038 R14: 00007f2282a15fa0 R15: 00007fff1c0f7ff8 [ 340.835660][ T9954] [ 341.678014][ T29] audit: type=1804 audit(4294975118.619:15): pid=9970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.801" name="/newroot/199/file0" dev="tmpfs" ino=1060 res=1 errno=0 [ 342.112120][ T9983] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 342.129919][ T9983] vhci_hcd vhci_hcd.2: invalid port number 230 [ 342.142397][ T9983] vhci_hcd vhci_hcd.2: invalid port number 230 [ 342.359973][ T29] audit: type=1326 audit(4294975119.289:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9981 comm="syz.3.806" exe="/root/ci-qemu-gce-upstream-auto/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9822f9cdd9 code=0x0 [ 345.605225][ T29] audit: type=1804 audit(4294975122.539:17): pid=10036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.816" name="/newroot/44/file0" dev="tmpfs" ino=248 res=1 errno=0 [ 345.665887][T10040] random: crng reseeded on system resumption [ 346.141718][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 346.150007][ T5636] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 346.245505][T10046] futex_wake_op: syz.0.819 tries to shift op by -2048; fix this program [ 346.265888][T10046] futex_wake_op: syz.0.819 tries to shift op by -2048; fix this program [ 346.589178][T10058] sd 0:0:1:0: PR command failed: 1026 [ 346.622032][T10058] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 346.677165][T10054] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 346.696915][T10054] vhci_hcd vhci_hcd.2: invalid port number 230 [ 346.706851][T10058] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 346.731167][T10054] vhci_hcd vhci_hcd.2: invalid port number 230 [ 347.009839][T10070] MTRR 1 not used [ 351.449427][T10141] netlink: 338 bytes leftover after parsing attributes in process `syz.2.838'. [ 352.257388][T10162] &#$@\]\-: entered promiscuous mode [ 352.382035][T10165] openvswitch: &#$@\]\-: Dropping previously announced user features [ 352.525166][T10165] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 352.530250][T10162] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 352.806100][T10161] ima: policy update failed [ 352.825264][ T29] audit: type=1802 audit(4294975129.759:18): pid=10161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.843" res=0 errno=0 [ 353.135337][T10185] netlink: 338 bytes leftover after parsing attributes in process `syz.0.848'. [ 353.334067][T10195] netlink: 338 bytes leftover after parsing attributes in process `syz.1.850'. [ 354.711382][T10216] bond0: invalid ARP target specified [ 356.086269][T10248] netlink: 64 bytes leftover after parsing attributes in process `syz.1.861'. [ 357.437736][T10281] MTRR 1 not used [ 357.699996][ T29] audit: type=1804 audit(4294975134.639:19): pid=10284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.866" name="/newroot/202/file0" dev="tmpfs" ino=1080 res=1 errno=0 [ 359.417055][T10300] zswap: compressor not available [ 359.985854][ T5636] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 359.994767][ T5636] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 360.206232][T10333] futex_wake_op: syz.3.875 tries to shift op by -2048; fix this program [ 360.216868][T10333] futex_wake_op: syz.3.875 tries to shift op by -2048; fix this program [ 361.859960][T10364] vivid-007: ================= START STATUS ================= [ 361.894278][T10364] vivid-007: Generate PTS: true [ 361.927482][T10364] vivid-007: Generate SCR: true [ 361.957491][T10364] tpg source WxH: 320x240 (Y'CbCr) [ 361.978536][T10364] tpg field: 1 [ 361.995177][T10364] tpg crop: (0,0)/320x240 [ 362.015950][T10364] tpg compose: (0,0)/320x240 [ 362.046622][T10364] tpg colorspace: 8 [ 362.068208][T10364] tpg transfer function: 0/0 [ 362.108442][T10364] tpg Y'CbCr encoding: 0/0 [ 362.137229][T10364] tpg quantization: 0/0 [ 362.152733][T10364] tpg RGB range: 0/2 [ 362.164349][T10364] vivid-007: ================== END STATUS ================== [ 365.111805][T10426] zero sized request [ 365.372078][ T29] audit: type=1804 audit(4294975142.309:20): pid=10453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.893" name="file0" dev="tmpfs" ino=1368 res=1 errno=0 [ 366.312406][T10470] sd 0:0:1:0: PR command failed: 1026 [ 366.383172][T10470] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 366.446767][T10470] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 369.563258][ T29] audit: type=1804 audit(4294975146.499:21): pid=10539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.905" name="/newroot/216/file0" dev="tmpfs" ino=1154 res=1 errno=0 [ 370.385132][ T29] audit: type=1804 audit(4294975147.319:22): pid=10546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.906" name="file0" dev="tmpfs" ino=1384 res=1 errno=0 [ 370.475595][T10551] MTRR 1 not used [ 371.450192][T10575] netlink: 338 bytes leftover after parsing attributes in process `syz.3.912'. [ 371.533732][T10575] netlink: 342 bytes leftover after parsing attributes in process `syz.3.912'. [ 371.628041][T10575] netlink: 16 bytes leftover after parsing attributes in process `syz.3.912'. [ 375.066814][ T29] audit: type=1804 audit(4294975151.999:23): pid=10639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.919" name="/newroot/222/file0" dev="tmpfs" ino=1186 res=1 errno=0 [ 377.929597][T10705] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 377.972935][T10705] vhci_hcd vhci_hcd.2: invalid port number 230 [ 378.010727][T10705] vhci_hcd vhci_hcd.2: invalid port number 230 [ 378.295321][T10718] netlink: 'syz.0.930': attribute type 8 has an invalid length. [ 378.870031][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.876810][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.624780][ T29] audit: type=1804 audit(4294975156.559:24): pid=10752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.932" name="/newroot/68/file0" dev="tmpfs" ino=374 res=1 errno=0 [ 380.058643][T10765] netlink: 186 bytes leftover after parsing attributes in process `syz.3.936'. [ 380.110364][T10762] can: request_module (can-proto-5) failed. [ 380.333061][T10771] FAULT_INJECTION: forcing a failure. [ 380.333061][T10771] name failslab, interval 1, probability 0, space 0, times 0 [ 380.361627][T10771] CPU: 0 UID: 0 PID: 10771 Comm: syz.0.937 Tainted: G L syzkaller #0 PREEMPT(full) [ 380.361678][T10771] Tainted: [L]=SOFTLOCKUP [ 380.361688][T10771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 380.361703][T10771] Call Trace: [ 380.361712][T10771] [ 380.361724][T10771] dump_stack_lvl+0x100/0x190 [ 380.361762][T10771] should_fail_ex.cold+0x5/0xa [ 380.361800][T10771] ? ext4_find_extent+0x21b/0xa30 [ 380.361834][T10771] should_failslab+0xc2/0x120 [ 380.361872][T10771] __kmalloc_noprof+0xe0/0x850 [ 380.361909][T10771] ext4_find_extent+0x21b/0xa30 [ 380.361964][T10771] ext4_ext_map_blocks+0x20a/0x5930 [ 380.362016][T10771] ? stack_trace_save+0x8e/0xc0 [ 380.362057][T10771] ? __pfx_stack_trace_save+0x10/0x10 [ 380.362100][T10771] ? stack_depot_save_flags+0x27/0x9d0 [ 380.362144][T10771] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 380.362183][T10771] ? __lock_acquire+0x4a5/0x2630 [ 380.362214][T10771] ? filemap_writeback+0x22d/0x2e0 [ 380.362248][T10771] ? file_write_and_wait_range+0xcd/0x140 [ 380.362292][T10771] ? ext4_sync_file+0x358/0xb90 [ 380.362319][T10771] ? vfs_fsync_range+0x9b/0x190 [ 380.362359][T10771] ? __do_sys_msync+0x3ca/0x590 [ 380.362387][T10771] ? do_syscall_64+0x10b/0xf80 [ 380.362430][T10771] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.362499][T10771] ext4_map_create_blocks+0xec/0x5e0 [ 380.362557][T10771] ext4_map_blocks+0x46b/0xd30 [ 380.362611][T10771] ? __pfx_ext4_map_blocks+0x10/0x10 [ 380.362658][T10771] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 380.362712][T10771] ? ext4_ext_index_trans_blocks+0x167/0x1a0 [ 380.362750][T10771] ? __ext4_journal_ensure_credits+0x265/0x2f0 [ 380.362791][T10771] ext4_do_writepages+0x2313/0x3f20 [ 380.362858][T10771] ? __pfx_ext4_do_writepages+0x10/0x10 [ 380.362924][T10771] ? ext4_writepages+0x347/0x790 [ 380.362957][T10771] ext4_writepages+0x347/0x790 [ 380.362993][T10771] ? __pfx_ext4_writepages+0x10/0x10 [ 380.363047][T10771] ? do_writepages+0x4b5/0x600 [ 380.363086][T10771] ? do_writepages+0x4b5/0x600 [ 380.363130][T10771] ? __pfx_ext4_writepages+0x10/0x10 [ 380.363166][T10771] do_writepages+0x278/0x600 [ 380.363211][T10771] ? __pfx_do_writepages+0x10/0x10 [ 380.363247][T10771] ? do_raw_spin_unlock+0x145/0x1e0 [ 380.363282][T10771] ? _raw_spin_unlock+0x28/0x50 [ 380.363322][T10771] filemap_writeback+0x22d/0x2e0 [ 380.363367][T10771] ? __pfx_filemap_writeback+0x10/0x10 [ 380.363460][T10771] ? mt_find+0x45e/0x8e0 [ 380.363511][T10771] ? __pfx_mt_find+0x10/0x10 [ 380.363564][T10771] file_write_and_wait_range+0xcd/0x140 [ 380.363615][T10771] ext4_sync_file+0x358/0xb90 [ 380.363650][T10771] ? __pfx_ext4_sync_file+0x10/0x10 [ 380.363678][T10771] ? __up_read+0x230/0x6e0 [ 380.363725][T10771] ? __pfx___up_read+0x10/0x10 [ 380.363757][T10771] ? __do_sys_msync+0x39b/0x590 [ 380.363790][T10771] ? __pfx_ext4_sync_file+0x10/0x10 [ 380.363820][T10771] vfs_fsync_range+0x9b/0x190 [ 380.363869][T10771] __do_sys_msync+0x3ca/0x590 [ 380.363910][T10771] do_syscall_64+0x10b/0xf80 [ 380.363959][T10771] ? clear_bhb_loop+0x40/0x90 [ 380.363997][T10771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.364031][T10771] RIP: 0033:0x7f0ea099cdd9 [ 380.364058][T10771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 380.364088][T10771] RSP: 002b:00007f0ea1921028 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 380.364118][T10771] RAX: ffffffffffffffda RBX: 00007f0ea0c16090 RCX: 00007f0ea099cdd9 [ 380.364139][T10771] RDX: 0000000400000004 RSI: 01800000000000fe RDI: 000000001ffff000 [ 380.364159][T10771] RBP: 00007f0ea0a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 380.364177][T10771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.364195][T10771] R13: 00007f0ea0c16128 R14: 00007f0ea0c16090 R15: 00007ffffcf27968 [ 380.364238][T10771] [ 382.593284][ T29] audit: type=1804 audit(4294975159.529:25): pid=10795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.942" name="file0" dev="tmpfs" ino=1422 res=1 errno=0 [ 383.815967][T10817] netlink: 342 bytes leftover after parsing attributes in process `syz.1.948'. [ 384.304615][T10774] Process accounting resumed [ 384.372145][ T29] audit: type=1804 audit(4294975161.309:26): pid=10822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.947" name="/newroot/72/file0" dev="tmpfs" ino=396 res=1 errno=0 [ 384.494494][T10825] MTRR 1 not used [ 387.489770][T10881] netlink: 12 bytes leftover after parsing attributes in process `syz.2.962'. [ 388.915780][T10910] ovs_: entered promiscuous mode [ 389.162215][ T5636] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 389.270109][T10920] futex_wake_op: syz.2.969 tries to shift op by -2048; fix this program [ 389.288822][T10920] futex_wake_op: syz.2.969 tries to shift op by -2048; fix this program [ 392.579503][T10967] netlink: 8 bytes leftover after parsing attributes in process `syz.0.980'. [ 393.612195][T10993] FAULT_INJECTION: forcing a failure. [ 393.612195][T10993] name fail_futex, interval 1, probability 0, space 0, times 1 [ 393.647547][T10993] CPU: 1 UID: 0 PID: 10993 Comm: syz.0.986 Tainted: G L syzkaller #0 PREEMPT(full) [ 393.647599][T10993] Tainted: [L]=SOFTLOCKUP [ 393.647610][T10993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 393.647628][T10993] Call Trace: [ 393.647639][T10993] [ 393.647651][T10993] dump_stack_lvl+0x100/0x190 [ 393.647691][T10993] should_fail_ex.cold+0x5/0xa [ 393.647729][T10993] get_futex_key+0x295/0x1510 [ 393.647771][T10993] ? __pfx_get_futex_key+0x10/0x10 [ 393.647812][T10993] ? get_futex_key+0x4e8/0x1510 [ 393.647850][T10993] futex_wait_setup+0x83/0x510 [ 393.647901][T10993] futex_wait_requeue_pi+0x240/0x890 [ 393.647948][T10993] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 393.647994][T10993] ? __futex_wait+0x256/0x300 [ 393.648037][T10993] ? __pfx___futex_wait+0x10/0x10 [ 393.648074][T10993] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 393.648154][T10993] ? __pfx_futex_wake_mark+0x10/0x10 [ 393.648206][T10993] ? __fget_files+0x21f/0x3d0 [ 393.648252][T10993] do_futex+0x24f/0x350 [ 393.648287][T10993] ? __pfx_do_futex+0x10/0x10 [ 393.648332][T10993] __x64_sys_futex+0x34f/0x4d0 [ 393.648374][T10993] ? __pfx___x64_sys_futex+0x10/0x10 [ 393.648407][T10993] ? ksys_write+0x1ac/0x250 [ 393.648450][T10993] ? rcu_is_watching+0x12/0xc0 [ 393.648491][T10993] do_syscall_64+0x10b/0xf80 [ 393.648533][T10993] ? clear_bhb_loop+0x40/0x90 [ 393.648569][T10993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.648599][T10993] RIP: 0033:0x7f0ea099cdd9 [ 393.648625][T10993] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 393.648653][T10993] RSP: 002b:00007f0ea1942028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 393.648680][T10993] RAX: ffffffffffffffda RBX: 00007f0ea0c15fa0 RCX: 00007f0ea099cdd9 [ 393.648701][T10993] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 393.648719][T10993] RBP: 00007f0ea0a32d69 R08: 0000000000000000 R09: 00000000fffffffa [ 393.648739][T10993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.648757][T10993] R13: 00007f0ea0c16038 R14: 00007f0ea0c15fa0 R15: 00007ffffcf27968 [ 393.648795][T10993] [ 393.876072][T10997] netlink: 'syz.0.986': attribute type 1 has an invalid length. [ 393.876175][T10997] netlink: 322 bytes leftover after parsing attributes in process `syz.0.986'. [ 394.843850][ T5636] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 394.851639][ T5636] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 395.052128][T11027] futex_wake_op: syz.1.992 tries to shift op by -2048; fix this program [ 395.076782][T11027] futex_wake_op: syz.1.992 tries to shift op by -2048; fix this program [ 397.819106][T11093] netlink: 36 bytes leftover after parsing attributes in process `syz.3.998'. [ 399.283041][ T5636] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 399.290722][ T5636] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 399.497829][T11120] futex_wake_op: syz.3.1003 tries to shift op by -2048; fix this program [ 399.513269][T11120] futex_wake_op: syz.3.1003 tries to shift op by -2048; fix this program [ 399.535437][T11129] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1006'. [ 400.419336][T11140] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 400.435230][T11140] vhci_hcd vhci_hcd.2: invalid port number 230 [ 400.448124][T11140] vhci_hcd vhci_hcd.2: invalid port number 230 [ 401.185404][T11155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1012'. [ 401.756572][T11142] Process accounting resumed [ 402.591009][ T29] audit: type=1804 audit(4294975179.529:27): pid=11191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1016" name="/newroot/242/file0" dev="tmpfs" ino=1293 res=1 errno=0 [ 404.741010][T11222] MTRR 1 not used [ 404.806184][T11223] vivid-008: ================= START STATUS ================= [ 404.832221][T11223] vivid-008: ================== END STATUS ================== [ 405.522192][T11230] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 405.551347][T11230] vhci_hcd vhci_hcd.2: invalid port number 230 [ 405.566082][T11230] vhci_hcd vhci_hcd.2: invalid port number 230 [ 408.220047][T11271] random: crng reseeded on system resumption [ 408.550619][T11278] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1037'. [ 408.724085][T11280] vivid-007: ================= START STATUS ================= [ 408.743825][T11280] vivid-007: Generate PTS: true [ 408.760535][T11280] vivid-007: Generate SCR: true [ 408.774253][T11280] tpg source WxH: 320x240 (Y'CbCr) [ 408.794319][T11280] tpg field: 1 [ 408.811095][T11280] tpg crop: (0,0)/320x240 [ 408.829745][T11280] tpg compose: (0,0)/320x240 [ 408.842171][T11280] tpg colorspace: 8 [ 408.858698][T11280] tpg transfer function: 0/0 [ 408.872495][T11280] tpg Y'CbCr encoding: 0/0 [ 408.895899][T11280] tpg quantization: 0/0 [ 408.912052][T11280] tpg RGB range: 0/2 [ 408.926404][T11280] vivid-007: ================== END STATUS ================== [ 411.554273][T11321] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 411.563797][T11321] vhci_hcd vhci_hcd.2: invalid port number 230 [ 411.577922][T11321] vhci_hcd vhci_hcd.2: invalid port number 230 [ 412.323803][ T29] audit: type=1804 audit(4294975189.259:28): pid=11343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1046" name="/newroot/247/file0" dev="tmpfs" ino=1321 res=1 errno=0 [ 412.812029][T11355] syz.1.1052 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 413.071416][T11358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1053'. [ 413.172569][T11358] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1053'. [ 414.319608][T11372] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 414.328727][T11372] vhci_hcd vhci_hcd.2: invalid port number 230 [ 414.364011][T11372] vhci_hcd vhci_hcd.2: invalid port number 230 [ 415.394955][T11388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1062'. [ 415.476247][T11390] MTRR 1 not used [ 417.703808][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 417.711682][ T5636] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 417.829378][T11426] futex_wake_op: syz.0.1068 tries to shift op by -2048; fix this program [ 417.847288][T11426] futex_wake_op: syz.0.1068 tries to shift op by -2048; fix this program [ 419.305737][T11449] futex_wake_op: syz.0.1073 tries to shift op by -2048; fix this program [ 419.348581][T11449] futex_wake_op: syz.0.1073 tries to shift op by -2048; fix this program [ 420.542105][ T5636] Bluetooth: hci3: unexpected event 0x36 length: 123 > 7 [ 421.239966][T11503] MTRR 1 not used [ 421.941106][T11518] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 421.985892][T11518] vhci_hcd vhci_hcd.2: invalid port number 230 [ 422.014234][T11518] vhci_hcd vhci_hcd.2: invalid port number 230 [ 422.926707][ T29] audit: type=1804 audit(4294975199.859:29): pid=11541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1088" name="/newroot/105/file0" dev="tmpfs" ino=574 res=1 errno=0 [ 426.483934][T11573] kexec: Could not allocate control_code_buffer [ 426.955541][T11608] MTRR 1 not used [ 429.721666][T11664] futex_wake_op: syz.0.1110 tries to shift op by -2048; fix this program [ 429.730659][T11664] futex_wake_op: syz.0.1110 tries to shift op by -2048; fix this program [ 430.754372][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 430.761879][ T5636] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 430.993917][T11677] futex_wake_op: syz.0.1111 tries to shift op by -2048; fix this program [ 431.090085][T11677] futex_wake_op: syz.0.1111 tries to shift op by -2048; fix this program [ 432.371384][T11708] can: request_module (can-proto-0) failed. [ 432.482942][T11705] Process accounting paused [ 433.192234][T11723] FAULT_INJECTION: forcing a failure. [ 433.192234][T11723] name failslab, interval 1, probability 0, space 0, times 0 [ 433.243513][T11725] futex_wake_op: syz.0.1120 tries to shift op by -2048; fix this program [ 433.273184][T11725] futex_wake_op: syz.0.1120 tries to shift op by -2048; fix this program [ 433.299457][T11723] CPU: 0 UID: 0 PID: 11723 Comm: syz.0.1120 Tainted: G L syzkaller #0 PREEMPT(full) [ 433.299505][T11723] Tainted: [L]=SOFTLOCKUP [ 433.299515][T11723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 433.299532][T11723] Call Trace: [ 433.299542][T11723] [ 433.299553][T11723] dump_stack_lvl+0x100/0x190 [ 433.299592][T11723] should_fail_ex.cold+0x5/0xa [ 433.299627][T11723] should_failslab+0xc2/0x120 [ 433.299657][T11723] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 433.299695][T11723] ? __kernfs_new_node+0xd2/0x9f0 [ 433.299730][T11723] __kernfs_new_node+0xd2/0x9f0 [ 433.299762][T11723] ? __pfx___kernfs_new_node+0x10/0x10 [ 433.299798][T11723] ? find_held_lock+0x2b/0x80 [ 433.299828][T11723] ? kernfs_root+0xee/0x2a0 [ 433.299852][T11723] ? kernfs_root+0xee/0x2a0 [ 433.299885][T11723] kernfs_new_node+0x11b/0x1a0 [ 433.299921][T11723] __kernfs_create_file+0x53/0x350 [ 433.299961][T11723] sysfs_add_file_mode_ns+0x207/0x3c0 [ 433.299994][T11723] sysfs_merge_group+0x194/0x340 [ 433.300023][T11723] ? __pfx_sysfs_merge_group+0x10/0x10 [ 433.300050][T11723] ? bus_add_device+0x368/0x6b0 [ 433.300075][T11723] ? __pfx_bus_add_device+0x10/0x10 [ 433.300100][T11723] ? __pfx_dev_add_physical_location+0x10/0x10 [ 433.300140][T11723] dpm_sysfs_add+0x237/0x280 [ 433.300172][T11723] device_add+0x9ef/0x1950 [ 433.300215][T11723] ? __pfx_device_add+0x10/0x10 [ 433.300244][T11723] ? lockdep_init_map_type+0x5c/0x250 [ 433.300270][T11723] ? __init_waitqueue_head+0xca/0x150 [ 433.300308][T11723] rfkill_register+0x1ad/0xb30 [ 433.300344][T11723] nfc_register_device+0x11f/0x3e0 [ 433.300382][T11723] nci_register_device+0x7f1/0xb80 [ 433.300415][T11723] ? __pfx_nci_register_device+0x10/0x10 [ 433.300448][T11723] ? lockdep_init_map_type+0x5c/0x250 [ 433.300478][T11723] virtual_ncidev_open+0x141/0x220 [ 433.300515][T11723] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 433.300551][T11723] misc_open+0x26d/0x450 [ 433.300581][T11723] ? __pfx_misc_open+0x10/0x10 [ 433.300611][T11723] chrdev_open+0x234/0x6a0 [ 433.300641][T11723] ? __pfx_apparmor_file_open+0x10/0x10 [ 433.300679][T11723] ? __pfx_chrdev_open+0x10/0x10 [ 433.300711][T11723] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 433.300752][T11723] do_dentry_open+0x6d8/0x1660 [ 433.300782][T11723] ? __pfx_chrdev_open+0x10/0x10 [ 433.300820][T11723] vfs_open+0x82/0x3f0 [ 433.300859][T11723] path_openat+0x208c/0x31a0 [ 433.300900][T11723] ? __pfx_path_openat+0x10/0x10 [ 433.300942][T11723] do_file_open+0x20e/0x430 [ 433.300975][T11723] ? __pfx_do_file_open+0x10/0x10 [ 433.301030][T11723] ? alloc_fd+0x476/0x790 [ 433.301062][T11723] ? do_getname+0x191/0x390 [ 433.301100][T11723] do_sys_openat2+0x10d/0x1e0 [ 433.301137][T11723] ? __pfx_do_sys_openat2+0x10/0x10 [ 433.301176][T11723] ? __fget_files+0x21f/0x3d0 [ 433.301221][T11723] __x64_sys_openat+0x12d/0x210 [ 433.301261][T11723] ? __pfx___x64_sys_openat+0x10/0x10 [ 433.301305][T11723] ? rcu_is_watching+0x12/0xc0 [ 433.301341][T11723] do_syscall_64+0x10b/0xf80 [ 433.301376][T11723] ? clear_bhb_loop+0x40/0x90 [ 433.301405][T11723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.301430][T11723] RIP: 0033:0x7f0ea099cdd9 [ 433.301452][T11723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 433.301474][T11723] RSP: 002b:00007f0ea1900028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 433.301498][T11723] RAX: ffffffffffffffda RBX: 00007f0ea0c16180 RCX: 00007f0ea099cdd9 [ 433.301513][T11723] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 433.301527][T11723] RBP: 00007f0ea0a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 433.301542][T11723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.301555][T11723] R13: 00007f0ea0c16218 R14: 00007f0ea0c16180 R15: 00007ffffcf27968 [ 433.301588][T11723] [ 436.350590][T11771] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1130'. [ 437.234375][T11786] FAULT_INJECTION: forcing a failure. [ 437.234375][T11786] name failslab, interval 1, probability 0, space 0, times 0 [ 437.285014][T11786] CPU: 0 UID: 0 PID: 11786 Comm: syz.3.1132 Tainted: G L syzkaller #0 PREEMPT(full) [ 437.285068][T11786] Tainted: [L]=SOFTLOCKUP [ 437.285079][T11786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 437.285098][T11786] Call Trace: [ 437.285109][T11786] [ 437.285121][T11786] dump_stack_lvl+0x100/0x190 [ 437.285160][T11786] should_fail_ex.cold+0x5/0xa [ 437.285200][T11786] should_failslab+0xc2/0x120 [ 437.285235][T11786] __kmalloc_cache_noprof+0x7a/0x6f0 [ 437.285279][T11786] ? blk_alloc_queue_stats+0x3f/0x110 [ 437.285323][T11786] ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0 [ 437.285353][T11786] ? blk_alloc_queue+0x31/0x790 [ 437.285392][T11786] blk_alloc_queue_stats+0x3f/0x110 [ 437.285437][T11786] blk_alloc_queue+0xda/0x790 [ 437.285472][T11786] __blk_alloc_disk+0xa0/0x170 [ 437.285516][T11786] ? __pfx___blk_alloc_disk+0x10/0x10 [ 437.285596][T11786] ? __pfx_idr_alloc+0x10/0x10 [ 437.285639][T11786] ? lockdep_init_map_type+0x5c/0x250 [ 437.285673][T11786] ? __raw_spin_lock_init+0x3a/0x110 [ 437.285713][T11786] ? __pfx_hot_add_show+0x10/0x10 [ 437.285756][T11786] zram_add+0x1bf/0x5d0 [ 437.285805][T11786] ? __pfx_zram_add+0x10/0x10 [ 437.285874][T11786] ? find_held_lock+0x2b/0x80 [ 437.285914][T11786] ? sysfs_file_kobj+0xe4/0x290 [ 437.285949][T11786] ? __pfx_hot_add_show+0x10/0x10 [ 437.285991][T11786] hot_add_show+0x21/0x80 [ 437.286034][T11786] class_attr_show+0x72/0xa0 [ 437.286073][T11786] ? __pfx_class_attr_show+0x10/0x10 [ 437.286108][T11786] sysfs_kf_seq_show+0x217/0x3a0 [ 437.286146][T11786] seq_read_iter+0x32f/0x1270 [ 437.286176][T11786] ? lock_acquire+0x1b1/0x370 [ 437.286220][T11786] kernfs_fop_read_iter+0x46c/0x610 [ 437.286262][T11786] ? rw_verify_area+0xce/0x6d0 [ 437.286291][T11786] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 437.286337][T11786] vfs_read+0x825/0xb30 [ 437.286377][T11786] ? __pfx_vfs_read+0x10/0x10 [ 437.286436][T11786] ksys_read+0x12a/0x250 [ 437.286470][T11786] ? __pfx_ksys_read+0x10/0x10 [ 437.286506][T11786] ? rcu_is_watching+0x12/0xc0 [ 437.286558][T11786] do_syscall_64+0x10b/0xf80 [ 437.286599][T11786] ? clear_bhb_loop+0x40/0x90 [ 437.286638][T11786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.286669][T11786] RIP: 0033:0x7f9822f9cdd9 [ 437.286697][T11786] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 437.286725][T11786] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 437.286755][T11786] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 437.286775][T11786] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000006 [ 437.286794][T11786] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 437.286813][T11786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.286832][T11786] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 437.286876][T11786] [ 437.681484][T11786] zram: Error allocating disk structure for device 1 [ 437.707079][ T29] audit: type=1804 audit(4294975214.629:30): pid=11796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1134" name="/newroot/292/file0" dev="tmpfs" ino=1546 res=1 errno=0 [ 440.313574][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.321778][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.435168][T11853] program syz.2.1148 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 442.783502][T11860] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 442.796269][T11860] vhci_hcd vhci_hcd.2: invalid port number 230 [ 442.813243][T11860] vhci_hcd vhci_hcd.2: invalid port number 230 [ 442.971673][T11872] usb usb37: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 443.002929][T11872] vhci_hcd vhci_hcd.2: invalid port number 230 [ 443.018016][T11872] vhci_hcd vhci_hcd.2: invalid port number 230 [ 446.487676][ T5636] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 446.495176][ T5636] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 446.643027][T11928] futex_wake_op: syz.0.1163 tries to shift op by -2048; fix this program [ 446.658034][T11928] futex_wake_op: syz.0.1163 tries to shift op by -2048; fix this program [ 447.999361][T11950] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 448.334482][T11955] FAULT_INJECTION: forcing a failure. [ 448.334482][T11955] name failslab, interval 1, probability 0, space 0, times 0 [ 448.357599][T11955] CPU: 0 UID: 0 PID: 11955 Comm: syz.3.1169 Tainted: G L syzkaller #0 PREEMPT(full) [ 448.357648][T11955] Tainted: [L]=SOFTLOCKUP [ 448.357659][T11955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 448.357677][T11955] Call Trace: [ 448.357687][T11955] [ 448.357699][T11955] dump_stack_lvl+0x100/0x190 [ 448.357738][T11955] should_fail_ex.cold+0x5/0xa [ 448.357795][T11955] should_failslab+0xc2/0x120 [ 448.357832][T11955] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 448.357881][T11955] ? security_inode_alloc+0x3b/0x2c0 [ 448.357917][T11955] ? lockdep_init_map_type+0x5c/0x250 [ 448.357955][T11955] security_inode_alloc+0x3b/0x2c0 [ 448.357986][T11955] inode_init_always_gfp+0xcc0/0x1000 [ 448.358033][T11955] alloc_inode+0x8e/0x250 [ 448.358090][T11955] path_from_stashed+0x25b/0x750 [ 448.358132][T11955] ? do_raw_spin_unlock+0x145/0x1e0 [ 448.358175][T11955] ns_get_path+0x60/0x80 [ 448.358214][T11955] proc_ns_get_link+0x121/0x230 [ 448.358247][T11955] ? __pfx_proc_ns_get_link+0x10/0x10 [ 448.358287][T11955] ? atime_needs_update+0x8b/0x6b0 [ 448.358320][T11955] pick_link+0xd17/0x13c0 [ 448.358352][T11955] ? __pfx_proc_ns_get_link+0x10/0x10 [ 448.358392][T11955] step_into_slowpath+0x9ba/0xf90 [ 448.358433][T11955] ? __pfx_step_into_slowpath+0x10/0x10 [ 448.358466][T11955] ? find_held_lock+0x2b/0x80 [ 448.358519][T11955] path_openat+0xf95/0x31a0 [ 448.358571][T11955] ? __pfx_path_openat+0x10/0x10 [ 448.358624][T11955] do_file_open+0x20e/0x430 [ 448.358666][T11955] ? __pfx_do_file_open+0x10/0x10 [ 448.358734][T11955] ? alloc_fd+0x476/0x790 [ 448.358776][T11955] ? do_getname+0x191/0x390 [ 448.358825][T11955] do_sys_openat2+0x10d/0x1e0 [ 448.358873][T11955] ? __pfx_do_sys_openat2+0x10/0x10 [ 448.358924][T11955] ? __fget_files+0x21f/0x3d0 [ 448.358966][T11955] __x64_sys_openat+0x12d/0x210 [ 448.359012][T11955] ? __pfx___x64_sys_openat+0x10/0x10 [ 448.359065][T11955] ? rcu_is_watching+0x12/0xc0 [ 448.359114][T11955] do_syscall_64+0x10b/0xf80 [ 448.359146][T11955] ? clear_bhb_loop+0x40/0x90 [ 448.359168][T11955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.359195][T11955] RIP: 0033:0x7f9822f5d60e [ 448.359211][T11955] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 448.359228][T11955] RSP: 002b:00007f9823d72ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 448.359247][T11955] RAX: ffffffffffffffda RBX: 00007f9823d736c0 RCX: 00007f9822f5d60e [ 448.359259][T11955] RDX: 0000000000000002 RSI: 00007f9823d72f90 RDI: ffffffffffffff9c [ 448.359271][T11955] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 448.359282][T11955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 448.359292][T11955] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 448.359315][T11955] [ 449.838448][T11983] MTRR 1 not used [ 450.134306][ T29] audit: type=1800 audit(4294975227.069:31): pid=11985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1174" name="file0" dev="tmpfs" ino=1767 res=0 errno=0 [ 451.120186][T12002] futex_wake_op: syz.2.1178 tries to shift op by -2048; fix this program [ 451.268675][T12002] futex_wake_op: syz.2.1178 tries to shift op by -2048; fix this program [ 454.852485][ T5636] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 454.860493][ T5636] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 455.123865][T12079] futex_wake_op: syz.2.1191 tries to shift op by -2048; fix this program [ 455.133579][T12079] futex_wake_op: syz.2.1191 tries to shift op by -2048; fix this program [ 455.309676][T12093] ================================================================== [ 455.309691][T12093] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x174a/0x1910 [ 455.309725][T12093] Write of size 8 at addr ffffc90004889000 by task syz.3.1193/12093 [ 455.309741][T12093] [ 455.309753][T12093] CPU: 0 UID: 0 PID: 12093 Comm: syz.3.1193 Tainted: G L syzkaller #0 PREEMPT(full) [ 455.309778][T12093] Tainted: [L]=SOFTLOCKUP [ 455.309785][T12093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 455.309796][T12093] Call Trace: [ 455.309802][T12093] [ 455.309809][T12093] dump_stack_lvl+0x100/0x190 [ 455.309829][T12093] print_report+0x13d/0x4b0 [ 455.309855][T12093] ? _raw_spin_lock_irqsave+0x52/0x60 [ 455.309881][T12093] ? sys_fillrect+0x174a/0x1910 [ 455.309906][T12093] kasan_report+0xdf/0x1d0 [ 455.309927][T12093] ? sys_fillrect+0x174a/0x1910 [ 455.309955][T12093] sys_fillrect+0x174a/0x1910 [ 455.309984][T12093] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 455.310007][T12093] bit_clear+0x17d/0x220 [ 455.310028][T12093] ? __pfx_bit_clear+0x10/0x10 [ 455.310050][T12093] ? fb_get_color_depth+0x120/0x250 [ 455.310069][T12093] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 455.310098][T12093] __fbcon_clear+0x633/0x760 [ 455.310118][T12093] ? __pfx_bit_clear+0x10/0x10 [ 455.310141][T12093] fbcon_scroll+0x314/0x650 [ 455.310162][T12093] con_scroll+0x464/0x690 [ 455.310189][T12093] csi_ECMA.constprop.0+0xc57/0x3b60 [ 455.310217][T12093] ? find_held_lock+0x2b/0x80 [ 455.310240][T12093] ? __pfx_csi_ECMA.constprop.0+0x10/0x10 [ 455.310271][T12093] do_con_write+0x3946/0x4a10 [ 455.310297][T12093] ? trace_contention_end+0x122/0x170 [ 455.310329][T12093] ? __pfx_do_con_write+0x10/0x10 [ 455.310360][T12093] con_write+0x23/0xb0 [ 455.310387][T12093] n_tty_write+0x431/0x11c0 [ 455.310411][T12093] ? __pfx_n_tty_write+0x10/0x10 [ 455.310429][T12093] ? trace_kmalloc+0xe3/0x110 [ 455.310450][T12093] ? __pfx_woken_wake_function+0x10/0x10 [ 455.310472][T12093] ? rcu_is_watching+0x12/0xc0 [ 455.310494][T12093] ? file_tty_write.isra.0+0x694/0x890 [ 455.310521][T12093] ? kfree+0x1dd/0x6c0 [ 455.310545][T12093] ? __pfx_n_tty_write+0x10/0x10 [ 455.310565][T12093] file_tty_write.isra.0+0x4d2/0x890 [ 455.310593][T12093] redirected_tty_write+0xd4/0x120 [ 455.310620][T12093] vfs_write+0x6ac/0x1070 [ 455.310641][T12093] ? __pfx_redirected_tty_write+0x10/0x10 [ 455.310668][T12093] ? __pfx_vfs_write+0x10/0x10 [ 455.310687][T12093] ? find_held_lock+0x2b/0x80 [ 455.310715][T12093] ksys_write+0x12a/0x250 [ 455.310734][T12093] ? __pfx_ksys_write+0x10/0x10 [ 455.310755][T12093] ? rcu_is_watching+0x12/0xc0 [ 455.310777][T12093] do_syscall_64+0x10b/0xf80 [ 455.310801][T12093] ? clear_bhb_loop+0x40/0x90 [ 455.310821][T12093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.310839][T12093] RIP: 0033:0x7f9822f9cdd9 [ 455.310854][T12093] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 455.310877][T12093] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 455.310895][T12093] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 455.310907][T12093] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 455.310918][T12093] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 455.310929][T12093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 455.310940][T12093] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 455.310957][T12093] [ 455.310964][T12093] [ 455.310968][T12093] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90004589000 allocated at drm_gem_shmem_vmap_locked+0x553/0x860 [ 455.311003][T12093] Memory state around the buggy address: [ 455.311012][T12093] ffffc90004888f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 455.311025][T12093] ffffc90004888f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 455.311037][T12093] >ffffc90004889000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 455.311047][T12093] ^ [ 455.311055][T12093] ffffc90004889080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 455.311067][T12093] ffffc90004889100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 455.311077][T12093] ================================================================== [ 455.355939][T12093] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 455.355964][T12093] CPU: 1 UID: 0 PID: 12093 Comm: syz.3.1193 Tainted: G L syzkaller #0 PREEMPT(full) [ 455.355992][T12093] Tainted: [L]=SOFTLOCKUP [ 455.355999][T12093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 455.356010][T12093] Call Trace: [ 455.356016][T12093] [ 455.356024][T12093] dump_stack_lvl+0x100/0x190 [ 455.356048][T12093] vpanic+0x552/0x970 [ 455.356102][T12093] ? __pfx_vpanic+0x10/0x10 [ 455.356123][T12093] ? sys_fillrect+0x174a/0x1910 [ 455.356150][T12093] panic+0xd1/0xe0 [ 455.356166][T12093] ? __pfx_panic+0x10/0x10 [ 455.356184][T12093] ? sys_fillrect+0x174a/0x1910 [ 455.356211][T12093] ? preempt_schedule_common+0x42/0xc0 [ 455.356238][T12093] check_panic_on_warn.cold+0x19/0x34 [ 455.356258][T12093] end_report.part.0+0x3a/0x90 [ 455.356284][T12093] kasan_report.cold+0xe/0x18 [ 455.356309][T12093] ? sys_fillrect+0x174a/0x1910 [ 455.356341][T12093] sys_fillrect+0x174a/0x1910 [ 455.356370][T12093] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 455.356393][T12093] bit_clear+0x17d/0x220 [ 455.356420][T12093] ? __pfx_bit_clear+0x10/0x10 [ 455.356455][T12093] ? fb_get_color_depth+0x120/0x250 [ 455.356486][T12093] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 455.356533][T12093] __fbcon_clear+0x633/0x760 [ 455.356568][T12093] ? __pfx_bit_clear+0x10/0x10 [ 455.356608][T12093] fbcon_scroll+0x314/0x650 [ 455.356646][T12093] con_scroll+0x464/0x690 [ 455.356692][T12093] csi_ECMA.constprop.0+0xc57/0x3b60 [ 455.356737][T12093] ? find_held_lock+0x2b/0x80 [ 455.356776][T12093] ? __pfx_csi_ECMA.constprop.0+0x10/0x10 [ 455.356827][T12093] do_con_write+0x3946/0x4a10 [ 455.356866][T12093] ? trace_contention_end+0x122/0x170 [ 455.356907][T12093] ? __pfx_do_con_write+0x10/0x10 [ 455.356958][T12093] con_write+0x23/0xb0 [ 455.357003][T12093] n_tty_write+0x431/0x11c0 [ 455.357043][T12093] ? __pfx_n_tty_write+0x10/0x10 [ 455.357085][T12093] ? trace_kmalloc+0xe3/0x110 [ 455.357122][T12093] ? __pfx_woken_wake_function+0x10/0x10 [ 455.357160][T12093] ? rcu_is_watching+0x12/0xc0 [ 455.357197][T12093] ? file_tty_write.isra.0+0x694/0x890 [ 455.357243][T12093] ? kfree+0x1dd/0x6c0 [ 455.357287][T12093] ? __pfx_n_tty_write+0x10/0x10 [ 455.357320][T12093] file_tty_write.isra.0+0x4d2/0x890 [ 455.357372][T12093] redirected_tty_write+0xd4/0x120 [ 455.357419][T12093] vfs_write+0x6ac/0x1070 [ 455.357452][T12093] ? __pfx_redirected_tty_write+0x10/0x10 [ 455.357501][T12093] ? __pfx_vfs_write+0x10/0x10 [ 455.357534][T12093] ? find_held_lock+0x2b/0x80 [ 455.357585][T12093] ksys_write+0x12a/0x250 [ 455.357620][T12093] ? __pfx_ksys_write+0x10/0x10 [ 455.357656][T12093] ? rcu_is_watching+0x12/0xc0 [ 455.357693][T12093] do_syscall_64+0x10b/0xf80 [ 455.357737][T12093] ? clear_bhb_loop+0x40/0x90 [ 455.357774][T12093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.357804][T12093] RIP: 0033:0x7f9822f9cdd9 [ 455.357830][T12093] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 455.357860][T12093] RSP: 002b:00007f9823d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 455.357892][T12093] RAX: ffffffffffffffda RBX: 00007f9823215fa0 RCX: 00007f9822f9cdd9 [ 455.357915][T12093] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 455.357936][T12093] RBP: 00007f9823032d69 R08: 0000000000000000 R09: 0000000000000000 [ 455.357956][T12093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 455.357975][T12093] R13: 00007f9823216038 R14: 00007f9823215fa0 R15: 00007ffc1f7e76b8 [ 455.358005][T12093] [ 455.358508][T12093] Kernel Offset: disabled