last executing test programs: 13.043825858s ago: executing program 1 (id=199): r0 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, r1, 0x12000000000c004) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x443001f86cb35905, 0x0) set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r2, r2, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi3\x00', 0x2af01, 0x0) ioctl$auto(r3, 0xc0585611, r3) r4 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) ioctl$auto_FS_IOC_GETFLAGS(r4, 0x80086601, 0x1) r5 = bpf$auto_BPF_PROG_LOAD(0x5, &(0x7f0000000080)=@enable_stats={0x7}, 0x6) landlock_restrict_self$auto(r0, 0xb) clone$auto(0x4, 0x72d2, 0x0, 0x0, 0x4) set_tid_address$auto(0x0) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r5) sendmsg$auto_NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1800004b00", @ANYRES16=r6, @ANYBLOB="00042dbd7000fedbdf25530000000400d100"], 0x18}, 0x1, 0x0, 0x0, 0x20000005}, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x143080, 0x0) 11.719364783s ago: executing program 2 (id=201): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, 0x0, 0xffffffffffffff28) ioctl$auto(0xffffffffffffffff, 0x2400000, 0xffffffffffffffff) (async) futex$auto(0x0, 0x4f549, 0xc, 0x0, 0x0, 0x404) (async) unshare$auto(0x40000080) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) (async) socket(0x18, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) r1 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0x32) write$auto(r1, 0x0, 0xfffffdf1) (async) linkat$auto(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) fsetxattr$auto(r1, &(0x7f0000000180)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', 0x0, 0x7bd, 0x1) ioctl$auto_FS_IOC_SETFLAGS2(r1, 0x40086602, &(0x7f00000000c0)) (async) rename$auto(&(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='./file0\x00') mprotect$auto(0x0, 0x8000000000000001, 0x8) (async) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000140), r0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) setresuid$auto(0x2, 0x7, 0x8080) (async) connect$auto(r2, &(0x7f0000000940)=@nl=@proc={0x10, 0x0, 0x25dfdbfd}, 0x1e) (async) mmap$auto(0x5, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x10001) (async) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x2d41, 0x0) writev$auto(r4, &(0x7f0000000240)={0x0, 0x7}, 0x12) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x2b, 0x1, 0x0) 11.269301307s ago: executing program 1 (id=203): lseek$auto(0xffffffffffffffff, 0xfffffffffffffffe, 0x0) r0 = socket(0x25, 0x3, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/tracing/trace_marker\x00', 0x43, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) pread64$auto(0xffffffffffffffff, 0x0, 0x7, 0x10000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) r3 = fcntl$auto_F_RDLCK(r2, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r5, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x0) sendmsg$auto_IOAM6_CMD_DUMP_SCHEMAS(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r5, 0x8, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10040}, 0x40) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x240000000000, 0x3, 0x896, 0x9b72, 0x2, 0x0) listmount$auto(&(0x7f0000000100)={0x20, @raw, 0xffffffffffffffff}, 0x0, 0xbc23c, 0x0) mmap$auto_mtd_fops_mtdchar(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2, 0x20010, 0xffffffffffffffff, 0x7) nanosleep$auto(&(0x7f0000000000)={0x5, 0x5822}, &(0x7f0000000040)={0x6, 0x7f}) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x11, 0x1, 'd]/+^:-\'-\\*+\x00'}, @SMC_PNETID_NAME={0x7, 0x1, '(*\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBNAME={0x5, 0x3, '\x00'}, @SMC_PNETID_ETHNAME={0x5, 0x2, '\x00'}, @SMC_PNETID_ETHNAME={0x9, 0x2, ':%\'/\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040010}, 0x8001) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r1, &(0x7f0000001480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001440)={&(0x7f0000000300)=ANY=[@ANYBLOB="448dfbb9", @ANYRES16=r6, @ANYBLOB="000228bd7000fedbdf2503000000080009000200000004101800dbc3df03c7ffe0ea12e466a944d597f30c9a65c7cd6a71773aca4353961879bf1dcd8ac987837d241cb14b98f595fdb6c33b39a40c9bfb25bc1d94264755e46580d7d0e26ce977ef8f6b61bd8f655644d35737544b4548e0682fe28678c8facfbb3faf287d5167699d66405513c5b625bcdd416b55eb17b669b3b17520289795357e024546b22bc6bef01e1ab5d84b2c58f872c5d3f84a48a4acc79cfb32f3dc26738fbd855a6e468f1603b4a79fab56de7ce85b8a2a0627c335993218c86a79bec606873fafdab76599c2c281292901fe3822a4709a2d11a2b51e85c1433d4de35188b48db1b7e7bcb97feb59b5b9e150369d335d12717983bd62cfc4bebdd11a00aa01a5cc6038d073732c369094c5ab9cba9386e822c0c7145e0f2d771af4123530e95d60b3093e187b92133ecab270ba361db70c18d510a506a18586355b2a7c86a6897ec750eca9467729c04804b9e8eb24128d8635e9bf2ec91fba52254414ac1c6dd9a7253c161fe2b43525e4db5e459016aa0e1893a11c2480be36a2c441b772ee6a75e287e0c5bfdf996843184a342c1e999bf84f1182a97519e6035b70d04e98b13786013cf411f3262e659226837005e45b7f9a6061b44bc3debe598ecd33faf311bf22857ef2c4be08cb172ee52e24e4f887675dd0780af2682e26af6611f8bd65f5f35e54a85e38c1648a02ae2837ca18decf294768f95b764d6df5c4986976de49342cfb0882c081a35007d8b7c3fd6d9db3ed9f77f4609b735266366e98a3edf129d3c91c06aa29516b9132cc71d2db49098b8f3ad62f72eed5cda6a75691a8504137cdaed6b78aa0f6592e379b9649716dbf5419a1503524c899ebb224f378991a5068739fb6ad5ebfaadc7986de51e2ef8069b6fa2ef543b16527cd1393cf2bcadf3911b97d75f9defee5c30dea8f32ff1b070d15c3fee91ae82ca01595892b64b0ce120fcc5dba5a92c41c94e0919fb5e3c26cdaedf6e9a4414e01c16c4ef8e5dab5757902e99b9b9bf9231f12a97a73d3fb9e1b5c543d4a19732ce050aab77886778651561fc12699743a0942060aa2bafa4fdb5115e7d71abf3483a511a8f5d3ddef07a5b255c955514ec36f9ea27fcd5f13d0ec3a4069568f17669eb5d23775b020a11d6299ab740aa609c6b590a748588a6043f80ca2f445c07e28ba97038876e9f08f10c225720003b9c80a2c0ea406926c9489a5a1a05bd404fcce1ae4e0eb8aa93516e1c0832c729a47b340ae786095ebb9abbf93f09339da3ae88ffb6b137df4c4e065fde883dfda2c68dfd0d080bf97efd9a07665a46e42d53a7cdb469331cd5dc8b8d1050c3e2e9bcb72ea937aedcc61f1a2cf06af32f63b06ceb6d4c676a1ffd1d148ead264accf85e19901ff3634b0a4aedc520de88e94f4305b3993da38839f6c877e4691c57b48f9c8fb2fed9f38597a31f7e80cec41c9074696ccee750ab7a80e5b8ac418de25ab09578729b3e5640ce397894c41d42fc027fdc024d1d9b8526e4e85b4fb5f261d3007eeba130a4b8948128602646fbba8eefbf0b7c322a8820e501c7c8b97078ac14bf16f4466dd7db8e90b697998123e5909ac8953ee37daad79581fd2719a81078358e0eb45a86847f6f2c5168838dd1377956740140a1651c6bc040cb584f11a8ba5e9ac66b3b533a38fd970837daa179e7f57762290cffaa59d40048c46a73c305f348103819052bdb83132a735e5c3520719a479c0b04cab803511471ef54f1f8ac0a59643833670b8e5f87bfb50c1d313b8b4a9aa83acc2161ad21dc7f34c6246a99e376dba54b31f5b274fa6adaa960e3fb9fdf2b30df6137ced7de17eeb0902a6db6cf35ce95c5d4b3166d70a86bfcd012b9c80ffa7ddbba85eeb4fa394239cdb802616036ce27a6504a6169ea3a88e3f1133cb7222bd4c90456a7a5e63e94bcb09d809809dcd85a0229c40fd5d9f3af814f7bba6d30938ced9183a910cb91d7d768d2fa1313c91bebd8744d1f7b7a4f9fd4dde54dd519dfb8bcc18e0256c02f5ab3821ad0a96863b2dc64d877a90749679bd29d82833a748a17aaf8b4e1e30eceb00c831705579a13cd3a62b8827ba096a97e442147e305378e6e7e35e23e8f2d24f3954a0e0e55a70f9d61960629d7f8585fc406bb94f9212615bcc204193aaa88d4920e8513058ef0d9aa339df93140666f03ec061f24ef7f3c191412483daa1aaa0c2babc2809b8f34c9753b17fa4a6ad3d3b47bcc1091bb648710c86f501b1d04a5d52b4c5493d521baadc27fdd45f20929e81b27440e14c9fde9ad3952e776aaefd690ac938d10f72c1f42fd7c1d5c08018dc27929d7f47484954e5c8eede78039f3e5d5679a209d8618eccddef572fe09eefb6f08d1de3a575d9e672b80349d627666454026b477407db1623c51753bb30fe271312d335500fd36b00b8fc563be2c2339d21e1b3b90895fba784db23da75abc8744c12d655adaee008a54e13002c39074346dbb1c3fb5bf48a2807dd668a1a5de4f210f4eaf1a4064c4ae6393a30e4fa92c0158f0b726aa0980acd385d44c5859135e436b4d6d39914151788f742fc789224f62cd985e3483d2754615bec6e3bf23951d6e89bb7de72253be93073abffa2b985160609441f3ea9aa5c54f71f69cf98670545670d23d09b0cccdae652a10d9b8f87fa4975a8124f2b6a1ebbf37d86b6b6b38d5dcaf7d5b32dc91d6a753973c3045652cf0821e7f48b5f78ab7cf906b464f2ad6d842aa75e156d324d806a1bf4333482481e672583ebcfbbf8e4b3f49a6ce5a5d7f127e22c9e21d458fe83c835ae1332aeae0e6415b0b8fd0eebfa0177391b44c5c1b3791d120ac40bb13c8732d457a84c6453d905f32d67de7dd603cf12f491e9675de93561298b7121a19912b95e7c6581189dc507101163648c43343bc41b5a909b8c840a956ace993f27ce098a613cfe8da37eadfcca0bc02ccb0a0add1037a8cc3a10778db5fccc5495633227ef49fe555ef7aa382a9c2dfb91b41be1e3274bd8cae737f47c3d484fc2bfa502a87f47a037d702fc0a9a4745ef048e51193b6df883b4facb2dd9781c873fa9034ae10f4a9c7b606a05652637438e7a4dc75e55fe2298c5d5bccb6042424407809c899482ff067ea80cb4fff4aafd41d2121d1cb3959dee99cc2503aeecc6a9dfa69906c9e9b7ed1e3ab0809021477df75d879477fc428eb3583b6c4274a481127dd3919fa3d04df2a8b4c1a2c9a51579cc8132d60bdd4ec955ce42d2d86e1687fc6d008a2301891c5a899934b36d470a6d4fd182d19a1c42f2d49601ad24e8f4cdb055381f68a8e40b16970e8b3aa55e38101c0633f292ad2804130472a7bbced96b2b33f542eddd18d05ab147a6571d1994504a9f4530e5680f96c0bca74326544dc8e4e29720943942c2d985a6f55ad87b195bb64f60f93f0713da69e63168d6fc83ab20d71556b89c146b56d815929e02bf816fd86591deb164c8f1c8a580560c7d94a8cdf419cddb342fdaaa494de8a9ac651e0bd2598e5e560d9039843c1c88c52f03c1080d55bfa38965a279373d7091dc7c16810b89afe9f354259ed0c666a87b6c87a2065fd43572f7d8962e7f01fd39feb93e7f3f291edd96fdd998c1eae8585af7ac0ac23a82376c4553bb5eed94e2b7c1235d74580d616a62817ab91c5d359781521951dece9879e6402cb98f64cf5631726defbc521e405f914dab9c63f60c261ffa8ca6db16d3859b4cb840c91569566c794e3971f4c40004d4829baced0fa7554248cc9bdaf4f76b5f80e4e95468ec2d8b63d281eaa88e315797d709bcda634b2a05ff33dee474c4419f7fc9bebb9865cb5285f0aace880005dc9c581e7919108f2d0badf67d0caa88a8a1e4487bdfc27156152bf7ee80acf1cc2f4ae43d2008ddf3d6a345121f8a9d778a8049e3fd8d36e6cddc2ac80ea5c4184cba2e57dd818670afe62c82ce72652e1c64cb14315d5ed2bf1678b6fe5833b81484fc407d614a343f1dc8dad8cfecb5de9e7ef64890782fc5e96efd1625f95565b67d9aa5e05d0df5e92ea8e859de014d935a782535aa54bd20433cfbf9bdff4b2f079fa3241b21b15e1cc356d85ecede736fd35af075c8ce78b384e90c97b9b8cbed17f372c602e76d25610b0a7123541d7e872bea4717dece48ffdcec390fd61d09bd11d138a1fae10d244ded6a67b3de3dae6d11742f1804a685a0439dadcbb3be01a9757d9cad36375026a619992ce6f763aafe799ec4cb699dc132fed67085c7df9c74fbb319efb19ee4da856de68b01339d1a47e406b00d2c4387609afb35a120f95345d2fb393203dea144c7d8ce2906bc6f5f38d578d7f5284fc972acb00d99094b2a3a07eef122004b41dd6579a20813d6efa98a4cae025f14ec747b0da23ffe55e538d24f4e10764d6269e64133941bb0690cf7e83e5446b82045aac9ffe11a2c947f8a2f171bd32a78befd852dc0de236444408ff5199cee9a49b736ce667f64b3af4a05e5f9d7a56b854e9a83af3a50e71f1049d887e386c48d818ab4ffda453c26e677482f3f09a6c873a5743b2f7ec0f5f418226db69a9806cbaaea64ce679d1a0a2ed82b21edfcde77e11c146d22c4b70ea1fb3854fa29b54619f69fb8ed47463a9ebf600920b3e3c0c5eeb30d27d7ce35039740cf3b715c77a366647fc8204718e59582f08527e064baf13985c4a6cac3a608bb04e37de01ff64843174c9c6be5cbf5e39fb0f86b57f42cec5c7ba14065fedd71cef218702749b7c310f0cac64cd05fcd8cfd8c76f5c4f0a0cc353cb314fd185db63b65af2315991016a22119f2246b0cc7ace73caa75de313f79fe549502e6157406e28c43fac5aa212957a3620969cee989a478e7352d16f7f7947999b903fb1ed1fad13ccc342890975edd083ff2c0e0c1871221db02da35859af94629b44429fc09f1f77a45175f4ba0725411dc78461469777a3a7d455444306c93bdb3c238b9a7b4a964f810873325ac2533030743c61e7dd2c4a1228a00042614829e9c4c42308900c982ff8445c8d1af4328e42d39a3253bb451d375f3f7384bbe6b36c68d33f39322bb9aaf03615301fbf62e611e7da9c71759f24190ea61364e68b7169e8769f11ed4c960582fbb2f169cc14b535ffefb297d54de57d5d1775afca355ed9887ac97e4eaf3120737ec4600f6fefb023d7e4d1b567f76daf692ca19935c911f93edb70fe87c69b305428724e661b5e34706e602d88111d2e2f0100bc9e2d6fd1f868a752c6cdc3066c8e7ca7a49813ae1136f6150d9f9a356c647943878000731db21bd1d06ca0424295e45876ea1bb0676243b233bc48fe001492b7867e05d21ae48a1fdaa08f37b7279b78b67a43ff54f2d1433616f5235f5fdbae68d07549f0787c47b67c626eb9d5db2dda5f20aa32e7405b27e453bbdead2b0de7fc6406ecf2518203a130e016723ea8d23c26baad5b03729bd73ba6ff5fc334b298ad3c3c3bdb612e089d62400f6ae71d7c981482edfd2e1f0382665bec7566bfdbdb0d7a1628dfd1cfe9eedb60ddcec287ccdfc429ed06aaf9adccbdef40105da7bdb2134c69032a21ce1bfc187adb94454fc77881aa46c631ea9190320f8f3d879260b91beaa13c84bd71fb250de98c66e4df2e3762a4161a8904464e14480b5ae305ef6ac7f77f2fa13967a31535be55f3db1a7ba52fc97051e9a261074b98d512efe013bcf5c4d9367f2ea6b1714020b594556db5f98f53e818d347575d65c62767bc18455a4cabf4c5b75e7be9ba81419757b0a61f90101c06d1408000c000300000008000400a30000000400120004000e0008000c000400000008000500070000000800040000000000b3001600eba79e93fbb407528112b1df5627b909d6a8e7ab84a5a0e2eb8cf33503f01437eaac2243a2795c70611ffe39806e10eedec6d42363235825a3388db9d2c38d7d180e2a3fc357cbbded955ce305c493d9d92f9fe24446387822340f12886a9e1d4f79aef333855ff6fa89c8601e5369e07c8b65d8437bb7ecaeac1202ffeecdf0a56094c4b0ec05f32a69b7a3ce664a0b61214bf7d56f719835e50313516d1f755802f534faebff2bdfd0cb07cc752500"], 0x1104}, 0x1, 0x0, 0x0, 0x4000800}, 0x8000) io_uring_setup$auto(0x6, 0x0) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/sctp/assocs\x00', 0x101080, 0x0) pread64$auto(r7, 0x0, 0x44f, 0x2) mmap$auto(0x800, 0x40000a, 0x80df, 0x9b72, r7, 0x3) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) pipe$auto(0x0) write$auto(0x3, 0x0, 0x200ffd8) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) 10.62061876s ago: executing program 2 (id=206): mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0x11, 0x0, &(0x7f0000000000)=0x28000000) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000008c0)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x2, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) sysfs$auto(0x2, 0x3c, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x3, &(0x7f0000000000)='Q**\x00', &(0x7f0000000040), 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCR(0xffffffffffffffff, 0x0, 0x40) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x43102, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/security/tomoyo/query\x00', 0x42e01, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x41, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_EXT4_IOC_CHECKPOINT(r1, 0x4004662b, &(0x7f0000000080)=0x6) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/net/kcm\x00', 0x80, 0x0) futex$auto(&(0x7f0000000600)=0x4, 0xb, 0x4, 0x0, &(0x7f0000000680)=0xfff, 0xffffffff) socket(0x29, 0x2, 0x0) 9.4114548s ago: executing program 1 (id=209): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x80000001, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r1, 0x8000) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0x0, 0x202000a, 0x5, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x2) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r2 = socket(0x1d, 0x2, 0x6) r3 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) write$auto(0x3, 0x0, 0x81) sendmsg$auto_NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000227bd70007c46c241db73570d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x40001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_EVIOCSMASK(0xffffffffffffffff, 0x40104593, 0x0) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000140), 0xffffffffffffffff) 6.75456398s ago: executing program 2 (id=221): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000500)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a63c8fa7f7d5152d4831f60eade8e3d8a508f6178de4e7e975de72c549dbc7876cb528ba0841788237bfc00dd4eef57c") lseek$auto(0x3, 0x7fffffffffffffff, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.6/usb7/version\x00', 0x20040, 0x0) read$auto(r1, &(0x7f0000000240)='$\x00', 0xb) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/fib_multipath_hash_fields\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0x800000000000b17a, 0xeb1, 0x3fd, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2, 0x2, 0x1) setsockopt$auto(r2, 0x0, 0x80, 0x0, 0x78) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) setgroups$auto(0xe32, 0x0) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) r4 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x48601, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r4, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_CTX_GET_CPT_STATE(r4, 0x7b1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 5.675686509s ago: executing program 3 (id=217): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) socket(0xa, 0x2, 0x73) (async) r0 = io_uring_setup$auto(0x9, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) (async) close_range$auto(0x2, r0, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x742, 0x0) mmap$auto(0x0, 0x420009, 0xfff, 0xeb1, 0x401, 0x7ffd) r1 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) (async, rerun: 64) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async, rerun: 64) r4 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) (async, rerun: 32) ioctl$auto_SNDCTL_TMR_CONTINUE(r1, 0x5404, &(0x7f00000000c0)="873302e301e0b01ae9e5d8a7401b66e72e4857fababb0070dec76e27ea1c71b7f8b800abcfb9974f59c538ef") (async, rerun: 32) pread64$auto(r4, 0x0, 0x2, 0x3) (async, rerun: 64) prctl$auto(0x3e, 0x4a, r2, 0x6, 0x80000001) (async, rerun: 64) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async, rerun: 32) r6 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) (async) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r5, 0x1028, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x4}, @NL80211_ATTR_TIMED_OUT={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x8855}, 0x10) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) (async) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x1000000009, r1, 0x0) (async) open(0x0, 0x0, 0x408) (async, rerun: 32) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) (async, rerun: 32) open(&(0x7f0000000000)='./file0\x00', 0xa61c2, 0x94) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) shmctl$auto_IPC_INFO(0x5, 0x3, 0x0) 5.179315274s ago: executing program 2 (id=219): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000040), 0x28000, 0x0) r2 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f00000001c0), r1) sendmsg$auto_OVS_METER_CMD_FEATURES(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf250100000004"], 0x18}, 0x1, 0x0, 0x0, 0x8881}, 0x20008000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r3, 0x8000) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0x0, 0x202000a, 0x5, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x7fffffff) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) rt_sigsuspend$auto(0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x8000000000000001, 0x7, 0x4, 0x9b72, 0xffffffffffffffff, 0xf34) mremap$auto(0x1ff000, 0xff, 0x843, 0x3, 0xfffff000) 4.924322286s ago: executing program 0 (id=220): socket(0x25, 0x3, 0x9) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/exec\x00', 0x101002, 0x0) write$auto_proc_pid_attr_operations_base(r1, &(0x7f0000000200)="a597d9ce6359203d", 0x8) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x8}, 0xffffbff9, 0x10, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r3 = io_uring_setup$auto(0x8, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r4 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x1a3) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(r0, 0x1002) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) accept$auto(r3, 0x0, 0x0) socket(0x1, 0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) close_range$auto(0x2, 0x8, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x8010, 0x788b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) 4.639676005s ago: executing program 3 (id=222): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nbd8\x00', 0x400000, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xfffffffffffffffc, 0x4020008, 0x2000000000005, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000240)={0x0, 0xe703, &(0x7f0000000200)={&(0x7f0000000700)={0x14, r3, 0xb01, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000050}, 0x240088e4) 4.03236736s ago: executing program 3 (id=223): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000500)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a63c8fa7f7d5152d4831f60eade8e3d8a508f6178de4e7e975de72c549dbc7876cb528ba0841788237bfc00dd4eef57c") lseek$auto(0x3, 0x7fffffffffffffff, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.6/usb7/version\x00', 0x20040, 0x0) read$auto(r1, &(0x7f0000000240)='$\x00', 0xb) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/fib_multipath_hash_fields\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0x800000000000b17a, 0xeb1, 0x3fd, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2, 0x2, 0x1) setsockopt$auto(r2, 0x0, 0x80, 0x0, 0x78) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) setgroups$auto(0xe32, 0x0) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) r4 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x48601, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r4, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_CTX_GET_CPT_STATE(r4, 0x7b1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x1, 0x0, 0x9) 3.751401398s ago: executing program 0 (id=224): io_uring_setup$auto(0x59, &(0x7f0000000080)={0xb, 0x40000d, 0x10400, 0x6, 0x4, 0x3, 0xffffffffffffffff, [0x400, 0xffff6a23], {0x2, 0x2, 0x7, 0x2a3, 0x100, 0x3, 0x40100101, 0x6}, {0xf8, 0x4, 0x9, 0x1, 0x3, 0x40, 0xcc, 0x8, 0x100000000}}) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x200, 0x0) semget$auto(0x0, 0x2e4a, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r0, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000008ba6b01ddf6747058363dbaa1ccd28e8437245a39909eb91446deff7889eb6e26508466d439734eec871ff7d22c2d03b4cdf025103f3db8d97c63bd1cd496f3798b4555a8f2365e511842c31f73d17b9146afb58ed41d6a88fe6a2ae926e1e9f26ceab4f938f0794af5c80b92eef1fcdf0e94fcd", @ANYRES16=r1, @ANYBLOB="010326bd7000ffdbdf252d000000"], 0x14}, 0x1, 0x1000000, 0x0, 0x2404c012}, 0x80) mkdir$auto(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x8cd) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={0xffffffffffffffff, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7ffe, 0x10000, 0xc91c, 0x26, 0x5, 0x3, 0x3, 0x3, 0x3}, 0x1) mmap$auto(0x0, 0x9, 0x7, 0x8000000008011, 0x3, 0x8000) mprotect$auto(0x200000000000, 0x806122, 0xc) sched_setscheduler$auto(0x0, 0xfffffefe, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r2, 0x0, 0x40) sendmsg$auto_ETHTOOL_MSG_MM_SET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="1ce9ff00", @ANYRES16=0x0, @ANYBLOB="000825bd7000ffdbdf252b0000000500070001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4820) ioprio_set$auto(0x2, 0x800000000, 0x8) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r0, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x30, r1, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_MODULE_FW_FLASH_PASSWORD={0x8, 0x3, 0x485}, @ETHTOOL_A_MODULE_FW_FLASH_FILE_NAME={0x13, 0x2, '/dev/sequencer\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40010) epoll_ctl$auto(r0, 0x9, r2, &(0x7f0000000040)={0x0, 0xffffffff}) read$auto(0x3, 0x0, 0xfffffdef) settimeofday$auto(0x0, &(0x7f0000000100)={0x82, 0x4}) read$auto(0x3, 0x0, 0x400000000f34) 3.332448941s ago: executing program 0 (id=225): r0 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/discover\x00', 0x801, 0x0) write$auto_aoe_fops_aoechr(r0, 0x0, 0x0) 3.215423812s ago: executing program 1 (id=226): kexec_load$auto(0x200000000007, 0x1, 0x0, 0x4) r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd0/rqos/wbt/wb_background\x00', 0x40, 0x0) pread64$auto(r0, 0x0, 0x2, 0x9) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video54\x00', 0x42942, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC0D0c\x00', 0x404000, 0x0) (async) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8) (async) execveat$auto(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)=&(0x7f00000001c0)='\x00', &(0x7f0000000280)=&(0x7f0000000240)='/+.&\x00', 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r2 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim7/psample/trunc_size\x00', 0x48401, 0x0) fcntl$auto_F_GET_SEALS(r2, 0x40a, 0x8) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/nfs4.idtoname/content\x00', 0x200, 0x0) (async) r3 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) pwritev$auto(r3, &(0x7f0000000140)={0x0, 0x400000000001}, 0x5, 0x5, 0xd3b8) (async) socket(0x1d, 0x2, 0x4) (async) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) (async) bpf$auto(0x8, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x0, 0x10017, 0x800020010080c, 0x2, 0x5f, 0x20000000000803, 0x2000000000000003}, 0x6f0) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) (async, rerun: 32) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r5 = socket(0x2a, 0x2, 0x0) ioctl$auto(r5, 0x8912, 0x38) (async) r6 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000380), r4) sendmsg$auto_NLBL_CIPSOV4_C_ADD(r5, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r6, 0x8, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xfffffff1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x40080) mmap$auto(0x0, 0x400008, 0xdc, 0x9b72, 0x2, 0x800008000) 2.976854334s ago: executing program 0 (id=227): socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x8000, 0x200fa9d, 0x1, 0x0, 0x3, 0x1) (async) mbind$auto(0x8000, 0x200fa9d, 0x1, 0x0, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)) mmap$auto(0x0, 0x7, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0x80, 0x0, &(0x7f00000000c0)=0x97) (async) getsockopt$auto(r0, 0x84, 0x80, 0x0, &(0x7f00000000c0)=0x97) connect$auto(0x3, &(0x7f00000001c0)=@llc={0x1a, 0x306, 0x9, 0x7, 0x8, 0x1, @multicast}, 0x54) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), 0xffffffffffffffff) (async) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), 0xffffffffffffffff) setfsuid$auto(0xee00) (async) r2 = setfsuid$auto(0xee00) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(r0, &(0x7f0000000680)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000640)={&(0x7f0000000380)={0x2b0, r1, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0xed2}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CQM={0x279, 0x5e, 0x0, 0x1, [@typed={0xa, 0x114, 0x0, 0x0, @str='\xbb\xbb\xbb\xbb\xbb\xbb'}, @typed={0x8, 0x13d, 0x0, 0x0, @ipv4=@broadcast}, @typed={0x8, 0x15b, 0x0, 0x0, @ipv4=@loopback}, @generic="88ea4b75747172a979aee97f8420f66378f13ddf9115d79c9a2b8e7fcc379d0d96c054c48bfa41fa94c8c4c34112ba5fe14e8e7747a03d70c727b65e0e8fd1bcaf4eddfce7178596152860072b8eaaf2a0534d78b348385ab3d3e83e3f5a549b9d28e6cf0945ce966fef19f4c2d41a5718269238df21d3eccae92789ba6120035f6b6d9c57df40edde8ef77ce53d1ee47c5f87150a686cd08a3af287279851", @typed={0xb0, 0x70, 0x0, 0x0, @binary="9cb3152bdaedd5931ca97e7d2e138fcdfdb098a653a517297c2e7301d380f5ef65daf429d92b86414467374efc986e255f24044668d6c32d19e0fb347f37617dab4749928ea9bdce656dbe624d6f85f0b319471b98d66d3006c7b010cb8d6d315b5d4fd232f41a2a1af5d1ba28ba2f6016b2afea8b3503d07d65e63a12f8c4d6983220c2017d155d0c6c75cb28e066aff5da73110616c91dfdcb6eea57203031e6c295d7d8fc3882417d6f62"}, @typed={0x8, 0xc, 0x0, 0x0, @uid=r2}, @nested={0x50, 0x102, 0x0, 0x1, [@generic="e06615c05ca618df7e925f70f456913ef063e45ca9b02befbc2bfd825d29476ca3b96830d8c457c62f8d09d1df2283b07217f910d2b4b96843382f32fa277a8a9cb9a0286cb1afd1", @nested={0x4, 0xf1}]}, @generic="076e3b9cd32bf30e25e674d6843efc1071b7121773ffbb03a11ece99c408adacb329ca12d4c80052bab1c7a35bbbde278d5ab6f4948c6aaa386ab5d3c4bde1e614cfc5f28c7ac9b6067a79f1c5e36a26ad20f696298ad94471444671babae69bdc3ebdd8e217b429668b72bd38351e25b436c8b084d9691016c9ef52cd0a9d1a7607c5e5922846345fc348aef6b2ef19dc664c15e313f191137b3efb7f92cef321e448b7b62c8a898e53d4e4f409311b950b"]}, @NL80211_ATTR_MLO_SUPPORT={0x4}, @NL80211_ATTR_DISABLE_VHT={0x4}]}, 0x2b0}, 0x1, 0x0, 0x0, 0x8008010}, 0xfd70963a01defe6f) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000040}, 0xc0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0x80000000000000a7, &(0x7f0000000100)="e0e281b6a8ee90ae55923fce7f5d48b611b6b12c322bca95d28ade3f8655243b5c2aab09b2538b63707f9cb8a8e9d1e6e6d2e7311632fe4cb7e7cf6e5326491ab0680930638747074089336380884a32cb803591f2030cdf0e7b9a2f7ea33e815f84160cad3c9c3ee48240282017bb7532057c6b5bf474c60efc9ac96e38bdaba69586cdccd7dccf5f85f03c13d3107c3e1ef365ad612e85d5ecd151ae4c5ec2bc7f97ec9b5b1720", 0x8000, 0x1}, 0x8}, 0x1, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) 2.867150708s ago: executing program 3 (id=228): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/usb/drivers/ax88179_178a/remove_id\x00', 0x488081, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x82001, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0x80004000000000df, 0x10004000eb1, 0xffffffffffffffff, 0x8000008000) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x20082, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c0a, 0x0) ioctl$auto_SNDCTL_SEQ_SYNC(r0, 0x5101, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0xfffffffffffffffc, 0x2020109, 0x200000000000, 0xeb1, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) read$auto(0x3, 0x0, 0x7fffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0\x00', 0xc2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) listmount$auto(&(0x7f0000000080)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0xffffffff93366873}, 0x0, 0xf4240, 0x1) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x0, 0xffffffffffffffff, 0x8, 0x5, 0x8) waitid$auto_P_ALL(0x0, 0x8000, &(0x7f0000000340)={@siginfo_0_0={0x6, 0x0, 0x3de2, @_sigpoll={0x9cc, r2}}}, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x4) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40080, 0x0) unshare$auto(0x1) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x1) 2.791205495s ago: executing program 1 (id=229): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_TCSBRKP2(0xffffffffffffffff, 0x5425, &(0x7f0000000000)="526e1fdbb18f80cfa5c13f7196ea4f055bbb49100d435e821c5e0854c23a9b") madvise$auto(0x9, 0xffffffffffff0005, 0x2000017) r0 = seccomp$auto(0x1, 0x20003f, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYRES32=r1, @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r1, &(0x7f0000000080)='MJC802154_HWSIM\x00\xcb\x0fX\xc7\xfdx!\xf7\xb5T\x04\xad\x96\xf4\xbc\xca\xa52UWT1\a\x00\x00\x00\x00\x00\x007\xc9\xa6\x8a', 0x1060) read$auto(r1, 0x0, 0xb4d3) prctl$auto_PR_SET_THP_DISABLE(0x29, 0x9, 0x2, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80000, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3ec0) close_range$auto(0x2, 0x8000, 0x0) 2.302763467s ago: executing program 0 (id=230): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_TCSBRKP2(0xffffffffffffffff, 0x5425, &(0x7f0000000000)="526e1fdbb18f80cfa5c13f7196ea4f055bbb49100d435e821c5e0854c23a9b") madvise$auto(0x9, 0xffffffffffff0005, 0x2000017) r0 = seccomp$auto(0x1, 0x20003f, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYRES32=r1, @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r1, &(0x7f0000000080)='MJC802154_HWSIM\x00\xcb\x0fX\xc7\xfdx!\xf7\xb5T\x04\xad\x96\xf4\xbc\xca\xa52UWT1\a\x00\x00\x00\x00\x00\x007\xc9\xa6\x8a', 0x1060) read$auto(r1, 0x0, 0xb4d3) prctl$auto_PR_SET_THP_DISABLE(0x29, 0x9, 0x2, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80000, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3ec0) close_range$auto(0x2, 0x8000, 0x0) 1.694597422s ago: executing program 3 (id=231): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) unshare$auto(0x4f) r0 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x121102, 0x0) pipe$auto(&(0x7f0000000500)) select$auto(0x5, &(0x7f0000000080)={[0x400020000008, 0x7, 0x7, 0x6, 0x8, 0x83, 0x3, 0x1ffe001, 0xcad, 0x1, 0xd, 0xf, 0x40100000001, 0x207, 0xd3, 0x1]}, 0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000d40)=""/16, 0x10) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x6c000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) clock_gettime$auto(0x6, 0x0) write$auto_fops_init_pkru_pkeys(0xffffffffffffffff, 0x0, 0x0) rseq$auto(&(0x7f0000000280)={0xe, 0x403, 0x7, 0x80b, 0x10001, 0x2}, 0x20, 0x0, 0x8000006) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="30000004b658fffb8049c582e002a0a9bc9c537ccb856101877135c2bcaa6d009c073edea23f9b18d25fc4e6a152db0c", @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25010000000500060003000000050005000800000008000300ff03000004000400"], 0x30}, 0x1, 0x0, 0x0, 0x80040}, 0x44000) futex$auto(&(0x7f0000000080)=0x1, 0x109, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0x2, 0xa, 0x0, 0x0, 0x0, 0x440a48d2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0x7ff, &(0x7f0000000080)={[0x4, 0xfffffffffffffffd, 0x36a6f960, 0x3, 0x6, 0x6, 0x6, 0x1ffe000, 0xcad, 0x2, 0x9, 0xf, 0xa657, 0x203, 0xd3, 0x76]}, 0x0, 0x0, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x20201, 0x0) r3 = landlock_create_ruleset$auto(&(0x7f0000000100)={0x4, 0x1, 0x200}, 0x8, 0x0) landlock_restrict_self$auto(r3, 0xb) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/mac80211_hwsim/hwsim13\x00', 0x22200, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0xffffffff, &(0x7f0000000280)={&(0x7f0000000080), 0x400008}, 0xa, 0x1ff) socket(0xa, 0x5, 0xfffffffd) 1.533509679s ago: executing program 2 (id=232): openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/setgroups\x00', 0x28001, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e6, 0x40eb2, 0xffffffffffffffff, 0x300000000000) ioctl$auto(0xffffffffffffffff, 0x89f0, 0x24) close_range$auto(0x2, 0x8, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x1) 1.340928082s ago: executing program 1 (id=233): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0x541b, 0xffffffffffffffff) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) r1 = getsockopt$auto(r0, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x4bb) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) socket(0xa, 0x1, 0x100) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) process_mrelease$auto(0xffffffffffffffff, 0xa) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x60800, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) readv$auto(0xffffffffffffffff, 0x0, 0x7f) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/irq/default_smp_affinity\x00', 0x200001, 0x0) write$auto(r3, 0x0, 0x76d) r4 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000100), r1) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r0, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="580300aa", @ANYRES16=r4], 0x358}, 0x1, 0x0, 0x0, 0x84}, 0x20000080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e6, 0x40eb2, 0xffffffffffffffff, 0x300000000000) ioctl$auto(0xffffffffffffffff, 0x89f0, 0x24) close_range$auto(0x2, 0x8, 0x0) 448.632206ms ago: executing program 3 (id=234): madvise$auto(0x1, 0x7, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async, rerun: 32) mmap$auto(0x0, 0xf6, 0xdf, 0xeb1, 0x401, 0x0) (rerun: 32) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) (async) r0 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0) read$auto_rng_chrdev_ops_core(r0, &(0x7f0000000040)=""/4096, 0xfffffe82) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYRES16=r2, @ANYRESOCT=0x0, @ANYBLOB="1ed7504904c59df2465e774c34316d44c46efb883c56ebae51f17617795dd841eeee37d8e053918c3dbe3dc4d6dfc55c502308a45b3c6519bdc52004664c5f302c98357c767a0fbe347f09be4a8901c38ef8af5c11c4f1820462b55875bb9d07a0f046fa40c75c303aa085ab0c27a783f6d916f65376dbc9af089d128b1f81d7c76ee462c360c48cca18be507730b43ee6f79dbd7b73a22bbce5460128f1832f08e7141e3604adb59a73c02a7951bb", @ANYRES64=r2, @ANYRESOCT=r1, @ANYRES64=r2], 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x84) (async) sendmsg$auto_SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="bb00000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x4000004) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000000)="c80d1b5d399b58", 0xfdef) (async) openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read$auto(0x3, 0x0, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) (async) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ptyq0\x00', 0x197800, 0x0) (async) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/workqueue/ib-comp-unb-wq/nice\x00', 0xcaa02, 0x0) sendfile$auto(r5, r5, 0x0, 0x7ffff000) (async, rerun: 32) r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (rerun: 32) ioctl$auto(r4, 0x541c, r6) 421.592514ms ago: executing program 0 (id=235): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x80000001, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r1, 0x8000) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0x0, 0x202000a, 0x5, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x2) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r2 = socket(0x1d, 0x2, 0x6) r3 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) write$auto(0x3, 0x0, 0x81) sendmsg$auto_NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000227bd70007c46c241db73570d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x40001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_EVIOCSMASK(0xffffffffffffffff, 0x40104593, 0x0) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000140), 0xffffffffffffffff) 0s ago: executing program 2 (id=236): mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) mkdir$auto(0x0, 0x8001) mount$auto(0x0, 0x0, 0x0, 0xf, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x4100000a3d7) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) lseek$auto(r0, 0x0, 0x2) unshare$auto(0x40000080) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x8000000, 0x40009, 0x5, 0x9b72, 0x7, 0x28000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket(0x11, 0x5, 0x100) write$auto(r2, 0x0, 0xffda) shmctl$auto_IPC_SET(0x4, 0x1, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x1, 0x62, 0x8, 0x7, 0x6d3f, 0x5, 0xa, 0xfffffffffffffffe]}, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0xc4881, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.113' (ED25519) to the list of known hosts. [ 77.331637][ T5620] cgroup: Unknown subsys name 'net' [ 77.449340][ T5620] cgroup: Unknown subsys name 'cpuset' [ 77.458627][ T5620] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 78.922625][ T5620] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.987219][ T5632] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.996645][ T5632] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.021307][ T5643] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.029666][ T5643] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.040625][ T5644] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.049560][ T5644] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.050080][ T5643] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.058945][ T5644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.066538][ T5643] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.078208][ T5644] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.086458][ T5643] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.095372][ T5646] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.102872][ T5646] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.103872][ T5644] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.110715][ T5643] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.119317][ T5644] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.135153][ T5644] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.145292][ T5644] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.154999][ T5644] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.167440][ T5644] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.674963][ T5631] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.682283][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.689682][ T5631] bridge_slave_0: entered allmulticast mode [ 82.697410][ T5631] bridge_slave_0: entered promiscuous mode [ 82.732718][ T5631] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.739894][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.747237][ T5631] bridge_slave_1: entered allmulticast mode [ 82.754475][ T5631] bridge_slave_1: entered promiscuous mode [ 82.821598][ T5635] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.829064][ T5635] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.836287][ T5635] bridge_slave_0: entered allmulticast mode [ 82.843292][ T5635] bridge_slave_0: entered promiscuous mode [ 82.861534][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.868906][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.876780][ T5636] bridge_slave_0: entered allmulticast mode [ 82.883762][ T5636] bridge_slave_0: entered promiscuous mode [ 82.891595][ T5637] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.898826][ T5637] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.906215][ T5637] bridge_slave_0: entered allmulticast mode [ 82.913229][ T5637] bridge_slave_0: entered promiscuous mode [ 82.921829][ T5635] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.929522][ T5635] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.936809][ T5635] bridge_slave_1: entered allmulticast mode [ 82.943863][ T5635] bridge_slave_1: entered promiscuous mode [ 82.953513][ T5631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.963100][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.970833][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.978165][ T5636] bridge_slave_1: entered allmulticast mode [ 82.985242][ T5636] bridge_slave_1: entered promiscuous mode [ 82.992793][ T5637] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.999935][ T5637] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.007482][ T5637] bridge_slave_1: entered allmulticast mode [ 83.014494][ T5637] bridge_slave_1: entered promiscuous mode [ 83.032126][ T5631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.104376][ T5635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.125938][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.137940][ T5637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.150225][ T5635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.161768][ T5631] team0: Port device team_slave_0 added [ 83.169757][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.176898][ T50] Bluetooth: hci0: command tx timeout [ 83.179198][ T5644] Bluetooth: hci1: command tx timeout [ 83.194166][ T5637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.214703][ T5631] team0: Port device team_slave_1 added [ 83.246400][ T50] Bluetooth: hci3: command tx timeout [ 83.246674][ T5644] Bluetooth: hci2: command tx timeout [ 83.272695][ T5636] team0: Port device team_slave_0 added [ 83.289077][ T5635] team0: Port device team_slave_0 added [ 83.305797][ T5636] team0: Port device team_slave_1 added [ 83.313468][ T5637] team0: Port device team_slave_0 added [ 83.320673][ T5635] team0: Port device team_slave_1 added [ 83.328146][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.335099][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.361269][ T5631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.384847][ T5637] team0: Port device team_slave_1 added [ 83.401814][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.409259][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.435446][ T5631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.489299][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.496332][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.522437][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.543791][ T5635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.550855][ T5635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.579401][ T5635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.592180][ T5635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.599610][ T5635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.625612][ T5635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.637312][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.644382][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.670674][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.682815][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.690269][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.716847][ T5637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.729196][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.736230][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.762242][ T5637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.826993][ T5631] hsr_slave_0: entered promiscuous mode [ 83.833819][ T5631] hsr_slave_1: entered promiscuous mode [ 83.917820][ T5636] hsr_slave_0: entered promiscuous mode [ 83.924085][ T5636] hsr_slave_1: entered promiscuous mode [ 83.930518][ T5636] debugfs: 'hsr0' already exists in 'hsr' [ 83.936402][ T5636] Cannot create hsr debugfs directory [ 83.948516][ T5635] hsr_slave_0: entered promiscuous mode [ 83.954738][ T5635] hsr_slave_1: entered promiscuous mode [ 83.961406][ T5635] debugfs: 'hsr0' already exists in 'hsr' [ 83.967495][ T5635] Cannot create hsr debugfs directory [ 83.978631][ T5637] hsr_slave_0: entered promiscuous mode [ 83.984855][ T5637] hsr_slave_1: entered promiscuous mode [ 83.991076][ T5637] debugfs: 'hsr0' already exists in 'hsr' [ 83.996863][ T5637] Cannot create hsr debugfs directory [ 84.462732][ T5631] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.478572][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.487871][ T5631] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.499617][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.507763][ T5631] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.518251][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.534046][ T5631] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.544406][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.619606][ T5635] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.630543][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.657904][ T5635] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.668330][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.687412][ T5635] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.698606][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.717547][ T5635] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.729131][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.786736][ T5637] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.797372][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.805307][ T5637] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.815171][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.823811][ T5637] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.833949][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.842164][ T5637] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.852420][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.951438][ T5636] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.962250][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.970943][ T5636] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.980059][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.988296][ T5636] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 85.000281][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.008888][ T5636] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 85.019353][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.093511][ T5631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.153198][ T5631] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.185685][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.193610][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.219435][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.226584][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.246835][ T5644] Bluetooth: hci0: command tx timeout [ 85.252977][ T50] Bluetooth: hci1: command tx timeout [ 85.256150][ T5635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.282359][ T5637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.326786][ T50] Bluetooth: hci2: command tx timeout [ 85.337350][ T50] Bluetooth: hci3: command tx timeout [ 85.354367][ T5635] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.373975][ T5637] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.396885][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.409864][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.416997][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.428362][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.435508][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.461814][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.468956][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.479651][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.486853][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.528285][ T5636] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.590375][ T114] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.597613][ T114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.661117][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.668352][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.488993][ T5631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.645214][ T5631] veth0_vlan: entered promiscuous mode [ 86.684465][ T5631] veth1_vlan: entered promiscuous mode [ 86.698501][ T5635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.782228][ T5631] veth0_macvtap: entered promiscuous mode [ 86.811042][ T5631] veth1_macvtap: entered promiscuous mode [ 86.824724][ T5637] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.891701][ T5635] veth0_vlan: entered promiscuous mode [ 86.902721][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.929579][ T5635] veth1_vlan: entered promiscuous mode [ 86.959829][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.972623][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.008497][ T3385] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.031422][ T3385] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.041975][ T3385] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.100529][ T3385] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.127274][ T5635] veth0_macvtap: entered promiscuous mode [ 87.194574][ T5635] veth1_macvtap: entered promiscuous mode [ 87.257931][ T5637] veth0_vlan: entered promiscuous mode [ 87.300357][ T5636] veth0_vlan: entered promiscuous mode [ 87.310020][ T5637] veth1_vlan: entered promiscuous mode [ 87.326886][ T50] Bluetooth: hci1: command tx timeout [ 87.327100][ T5644] Bluetooth: hci0: command tx timeout [ 87.346162][ T3385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.367209][ T3385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.371202][ T5635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.395004][ T5635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.406673][ T5644] Bluetooth: hci3: command tx timeout [ 87.407607][ T50] Bluetooth: hci2: command tx timeout [ 87.419548][ T5636] veth1_vlan: entered promiscuous mode [ 87.467372][ T3385] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.476289][ T3385] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.485467][ T3385] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.498140][ T114] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.501689][ T3385] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.515570][ T3385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.570422][ T5637] veth0_macvtap: entered promiscuous mode [ 87.607766][ T5637] veth1_macvtap: entered promiscuous mode [ 87.642032][ T5631] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 87.665673][ T5636] veth0_macvtap: entered promiscuous mode [ 87.702861][ T5636] veth1_macvtap: entered promiscuous mode [ 87.724441][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.751267][ T3385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.789678][ T3385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.803703][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.850807][ T3385] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.862506][ T3385] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.889880][ T3385] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.908238][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.920847][ T3385] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.931609][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.940708][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.972281][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.009055][ T5790] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2'. [ 88.019064][ T5790] IPv6: NLM_F_CREATE should be specified when creating new route [ 88.030012][ T5790] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 88.037994][ T5790] IPv6: NLM_F_CREATE should be set when creating new route [ 88.045272][ T5790] IPv6: NLM_F_CREATE should be set when creating new route [ 88.062473][ T3385] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.073822][ T3385] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.083478][ T5790] FAULT_INJECTION: forcing a failure. [ 88.083478][ T5790] name failslab, interval 1, probability 0, space 0, times 1 [ 88.096907][ T5790] CPU: 0 UID: 0 PID: 5790 Comm: syz.1.2 Not tainted syzkaller #0 PREEMPT(full) [ 88.096942][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 88.096961][ T5790] Call Trace: [ 88.096970][ T5790] [ 88.096980][ T5790] dump_stack_lvl+0x100/0x190 [ 88.097040][ T5790] should_fail_ex.cold+0x5/0xa [ 88.097075][ T5790] should_failslab+0xc2/0x120 [ 88.097109][ T5790] __kmalloc_cache_noprof+0x7a/0x6f0 [ 88.097148][ T5790] ? copy_net_ns+0x135/0x7c0 [ 88.097189][ T5790] copy_net_ns+0x135/0x7c0 [ 88.097218][ T5790] ? copy_cgroup_ns+0x71/0x970 [ 88.097262][ T5790] create_new_namespaces+0x3ea/0xac0 [ 88.097302][ T5790] unshare_nsproxy_namespaces+0xf2/0x220 [ 88.097339][ T5790] ksys_unshare+0x438/0xab0 [ 88.097380][ T5790] ? __pfx_ksys_unshare+0x10/0x10 [ 88.097418][ T5790] ? ksys_write+0x1ac/0x250 [ 88.097458][ T5790] __x64_sys_unshare+0x31/0x40 [ 88.097496][ T5790] do_syscall_64+0x115/0x840 [ 88.097535][ T5790] ? clear_bhb_loop+0x40/0x90 [ 88.097567][ T5790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.097603][ T5790] RIP: 0033:0x7efecc19ce59 [ 88.097628][ T5790] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 88.097656][ T5790] RSP: 002b:00007efecd034028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 88.097689][ T5790] RAX: ffffffffffffffda RBX: 00007efecc415fa0 RCX: 00007efecc19ce59 [ 88.097708][ T5790] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 88.097723][ T5790] RBP: 00007efecc232d6f R08: 0000000000000000 R09: 0000000000000000 [ 88.097739][ T5790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.097754][ T5790] R13: 00007efecc416038 R14: 00007efecc415fa0 R15: 00007fff3341e558 [ 88.097789][ T5790] [ 88.102844][ T5790] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 88.161560][ T114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.307780][ T114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.320973][ T3385] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.330604][ T3385] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.415166][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.428195][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.481877][ T5793] FAULT_INJECTION: forcing a failure. [ 88.481877][ T5793] name failslab, interval 1, probability 0, space 0, times 0 [ 88.517977][ T5793] CPU: 0 UID: 0 PID: 5793 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) [ 88.518018][ T5793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 88.518036][ T5793] Call Trace: [ 88.518045][ T5793] [ 88.518056][ T5793] dump_stack_lvl+0x100/0x190 [ 88.518113][ T5793] should_fail_ex.cold+0x5/0xa [ 88.518150][ T5793] should_failslab+0xc2/0x120 [ 88.518185][ T5793] __kmalloc_node_noprof+0xe6/0x850 [ 88.518230][ T5793] ? __rb_allocate_pages+0x399/0x10a0 [ 88.518274][ T5793] __rb_allocate_pages+0x399/0x10a0 [ 88.518321][ T5793] ring_buffer_resize+0x6df/0x1e80 [ 88.518365][ T5793] ? __pfx_update_last_data+0x10/0x10 [ 88.518399][ T5793] __tracing_resize_ring_buffer.part.0+0x52/0x1f0 [ 88.518442][ T5793] tracing_update_buffers+0xd4/0xf0 [ 88.518476][ T5793] ftrace_event_write+0x14a/0x2c0 [ 88.518510][ T5793] ? __pfx_ftrace_event_write+0x10/0x10 [ 88.518569][ T5793] vfs_write+0x2aa/0x1070 [ 88.518605][ T5793] ? __pfx_ftrace_event_write+0x10/0x10 [ 88.518642][ T5793] ? __pfx_vfs_write+0x10/0x10 [ 88.518675][ T5793] ? __fget_files+0x215/0x3d0 [ 88.518718][ T5793] ? __fget_files+0x21f/0x3d0 [ 88.518764][ T5793] ksys_write+0x12a/0x250 [ 88.518796][ T5793] ? __pfx_ksys_write+0x10/0x10 [ 88.518832][ T5793] ? rcu_is_watching+0x12/0xc0 [ 88.518872][ T5793] do_syscall_64+0x115/0x840 [ 88.518911][ T5793] ? clear_bhb_loop+0x40/0x90 [ 88.518948][ T5793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.518979][ T5793] RIP: 0033:0x7fa6af59ce59 [ 88.519000][ T5793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 88.519024][ T5793] RSP: 002b:00007fa6b042e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 88.519052][ T5793] RAX: ffffffffffffffda RBX: 00007fa6af815fa0 RCX: 00007fa6af59ce59 [ 88.519073][ T5793] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000008 [ 88.519091][ T5793] RBP: 00007fa6af632d6f R08: 0000000000000000 R09: 0000000000000000 [ 88.519109][ T5793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.519128][ T5793] R13: 00007fa6af816038 R14: 00007fa6af815fa0 R15: 00007ffd7ce0b3e8 [ 88.519173][ T5793] [ 88.782861][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.790782][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.875835][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.895557][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.057411][ T5803] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 89.215381][ T5810] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6'. [ 89.226953][ T5810] IPv6: NLM_F_CREATE should be specified when creating new route [ 89.273535][ T5810] IPv6: Can't replace route, no match found [ 89.412438][ T5808] Bluetooth: hci0: command tx timeout [ 89.419409][ T5808] Bluetooth: hci1: command tx timeout [ 89.488439][ T5815] Bluetooth: hci3: command tx timeout [ 89.494384][ T5808] Bluetooth: hci2: command tx timeout [ 89.656378][ T5808] Bluetooth: hci2: unknown advertising packet type: 0xea [ 89.672764][ T5811] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 90.431126][ T5820] bond0: invalid ARP target specified [ 91.673010][ T5841] mmap: syz.0.10 (5841) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 91.912793][ T9] cfg80211: failed to load regulatory.db [ 92.359485][ T5848] vhci_hcd vhci_hcd.2: invalid port number 194 [ 92.373575][ T5848] vhci_hcd vhci_hcd.2: invalid port number 194 [ 92.444406][ T29] audit: type=1804 audit(1780254306.823:2): pid=5848 uid=2 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.13" name="/newroot/2/file0" dev="tmpfs" ino=28 res=1 errno=0 [ 92.975285][ T5870] netlink: 28 bytes leftover after parsing attributes in process `syz.0.15'. [ 93.180774][ T5870] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 93.252143][ T5870] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 93.270149][ T5870] bond0 (unregistering): Released all slaves [ 93.345738][ T5870] Zero length message leads to an empty skb [ 93.684376][ T5876] binder: 5875:5876 ioctl c0306201 0 returned -14 [ 94.086839][ T5884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.19'. [ 94.711624][ T5881] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.112808][ T5884] veth1_macvtap: left promiscuous mode [ 96.338079][ T5909] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.587780][ T5945] FAULT_INJECTION: forcing a failure. [ 98.587780][ T5945] name failslab, interval 1, probability 0, space 0, times 0 [ 98.642750][ T5945] CPU: 1 UID: 0 PID: 5945 Comm: syz.0.30 Not tainted syzkaller #0 PREEMPT(full) [ 98.642790][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 98.642807][ T5945] Call Trace: [ 98.642816][ T5945] [ 98.642827][ T5945] dump_stack_lvl+0x100/0x190 [ 98.642882][ T5945] should_fail_ex.cold+0x5/0xa [ 98.642918][ T5945] ? tomoyo_realpath_from_path+0xb6/0x690 [ 98.642959][ T5945] should_failslab+0xc2/0x120 [ 98.642993][ T5945] __kmalloc_noprof+0xe0/0x850 [ 98.643036][ T5945] ? kfree+0x1dd/0x6c0 [ 98.643081][ T5945] tomoyo_realpath_from_path+0xb6/0x690 [ 98.643127][ T5945] tomoyo_check_open_permission+0x2af/0x3c0 [ 98.643161][ T5945] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 98.643232][ T5945] ? hook_file_open+0x24e/0x7a0 [ 98.643302][ T5945] ? path_get+0x61/0x80 [ 98.643347][ T5945] tomoyo_file_open+0x6b/0x90 [ 98.643377][ T5945] security_file_open+0xb5/0x1e0 [ 98.643417][ T5945] do_dentry_open+0x588/0x14d0 [ 98.643463][ T5945] vfs_open+0x82/0x3f0 [ 98.643508][ T5945] path_openat+0x208c/0x31a0 [ 98.643550][ T5945] ? trace_kmem_cache_alloc+0x80/0x100 [ 98.643587][ T5945] ? __pfx_path_openat+0x10/0x10 [ 98.643627][ T5945] ? __asan_memcpy+0x3c/0x60 [ 98.643670][ T5945] ? do_getname_kernel+0x1be/0x250 [ 98.643712][ T5945] do_file_open_root+0x2f6/0x5a0 [ 98.643752][ T5945] ? __pfx_do_file_open_root+0x10/0x10 [ 98.643789][ T5945] ? __pfx_widen_string+0x10/0x10 [ 98.643844][ T5945] ? __lock_acquire+0x4a5/0x2630 [ 98.643892][ T5945] ? vsnprintf+0x4ee/0x1240 [ 98.643934][ T5945] file_open_root+0x19b/0x3b0 [ 98.643969][ T5945] ? __pfx_file_open_root+0x10/0x10 [ 98.644002][ T5945] ? find_held_lock+0x2b/0x80 [ 98.644037][ T5945] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 98.644068][ T5945] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 98.644107][ T5945] kernel_read_file_from_path_initns+0x189/0x260 [ 98.644142][ T5945] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 98.644191][ T5945] _request_firmware+0x733/0x13c0 [ 98.644244][ T5945] ? __pfx__request_firmware+0x10/0x10 [ 98.644289][ T5945] ? _request_firmware+0x274/0x13c0 [ 98.644343][ T5945] request_firmware+0x35/0x50 [ 98.644384][ T5945] valid_regdb+0x184/0x590 [ 98.644419][ T5945] ? __pfx_valid_regdb+0x10/0x10 [ 98.644458][ T5945] reg_reload_regdb+0x11a/0x460 [ 98.644495][ T5945] ? __pfx_reg_reload_regdb+0x10/0x10 [ 98.644531][ T5945] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 98.644573][ T5945] ? nl80211_pre_doit+0x19a/0xae0 [ 98.644621][ T5945] genl_family_rcv_msg_doit+0x214/0x300 [ 98.644668][ T5945] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 98.644708][ T5945] ? genl_get_cmd+0x3e7/0x760 [ 98.644753][ T5945] ? bpf_lsm_capable+0x9/0x10 [ 98.644782][ T5945] ? security_capable+0x80/0x260 [ 98.644819][ T5945] genl_rcv_msg+0x560/0x800 [ 98.644867][ T5945] ? __pfx_genl_rcv_msg+0x10/0x10 [ 98.644911][ T5945] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 98.644953][ T5945] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 98.644986][ T5945] ? __pfx_nl80211_post_doit+0x10/0x10 [ 98.645042][ T5945] netlink_rcv_skb+0x159/0x420 [ 98.645081][ T5945] ? __pfx_genl_rcv_msg+0x10/0x10 [ 98.645124][ T5945] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 98.645178][ T5945] ? netlink_deliver_tap+0x1ae/0xcc0 [ 98.645220][ T5945] genl_rcv+0x28/0x40 [ 98.645257][ T5945] netlink_unicast+0x585/0x850 [ 98.645308][ T5945] ? __pfx_netlink_unicast+0x10/0x10 [ 98.645358][ T5945] netlink_sendmsg+0x8b0/0xda0 [ 98.645404][ T5945] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.645441][ T5945] ? __import_iovec+0x1d2/0x640 [ 98.645486][ T5945] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 98.645522][ T5945] ____sys_sendmsg+0x9e1/0xb70 [ 98.645556][ T5945] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.645598][ T5945] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.645633][ T5945] ? preempt_schedule_thunk+0x16/0x30 [ 98.645682][ T5945] ? try_to_wake_up+0x5f6/0x1900 [ 98.645725][ T5945] ___sys_sendmsg+0x190/0x1e0 [ 98.645767][ T5945] ? __pfx____sys_sendmsg+0x10/0x10 [ 98.645806][ T5945] ? futex_private_hash_put+0x107/0x1c0 [ 98.645885][ T5945] __sys_sendmsg+0x170/0x220 [ 98.645913][ T5945] ? __pfx___sys_sendmsg+0x10/0x10 [ 98.645941][ T5945] ? __x64_sys_futex+0x34f/0x4d0 [ 98.645985][ T5945] ? rcu_is_watching+0x12/0xc0 [ 98.646020][ T5945] do_syscall_64+0x115/0x840 [ 98.646058][ T5945] ? clear_bhb_loop+0x40/0x90 [ 98.646093][ T5945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.646123][ T5945] RIP: 0033:0x7fa6af59ce59 [ 98.646148][ T5945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.646182][ T5945] RSP: 002b:00007fa6b03ec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.646211][ T5945] RAX: ffffffffffffffda RBX: 00007fa6af816180 RCX: 00007fa6af59ce59 [ 98.646228][ T5945] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000008 [ 98.646244][ T5945] RBP: 00007fa6af632d6f R08: 0000000000000000 R09: 0000000000000000 [ 98.646259][ T5945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.646275][ T5945] R13: 00007fa6af816218 R14: 00007fa6af816180 R15: 00007ffd7ce0b3e8 [ 98.646322][ T5945] [ 99.277627][ T5951] random: crng reseeded on system resumption [ 99.320388][ T5945] ERROR: Out of memory at tomoyo_realpath_from_path. [ 99.357402][ T29] audit: type=1800 audit(1780254313.743:3): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.30" name="regulatory.db.p7s" dev="sda1" ino=449 res=0 errno=0 [ 99.361125][ T5945] faux_driver regulatory: loading /lib/firmware/regulatory.db.p7s failed with error -4 [ 99.449449][ T5945] faux_driver regulatory: Direct firmware load for regulatory.db.p7s failed with error -4 [ 99.483718][ T5945] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db.p7s [ 99.652410][ T5951] hub 1-0:1.0: USB hub found [ 99.665823][ T5945] syz.0.30 (5945) used greatest stack depth: 19040 bytes left [ 99.686967][ T5951] hub 1-0:1.0: 1 port detected [ 100.523929][ T5958] hub 1-0:1.0: USB hub found [ 100.542882][ T5958] hub 1-0:1.0: 1 port detected [ 100.719408][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.1.34'. [ 101.004770][ T5968] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.089226][ T5968] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.118357][ T5968] bond0 (unregistering): Released all slaves [ 101.704913][ T5808] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 101.861044][ T5991] netlink: 28 bytes leftover after parsing attributes in process `syz.0.39'. [ 102.485919][ T6002] netlink: 12 bytes leftover after parsing attributes in process `syz.0.40'. [ 104.126752][ T5808] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 104.163565][ T6011] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 104.209093][ T6011] FAULT_INJECTION: forcing a failure. [ 104.209093][ T6011] name failslab, interval 1, probability 0, space 0, times 0 [ 104.251203][ T6011] CPU: 1 UID: 0 PID: 6011 Comm: syz.0.42 Not tainted syzkaller #0 PREEMPT(full) [ 104.251226][ T6011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 104.251236][ T6011] Call Trace: [ 104.251242][ T6011] [ 104.251249][ T6011] dump_stack_lvl+0x100/0x190 [ 104.251280][ T6011] should_fail_ex.cold+0x5/0xa [ 104.251302][ T6011] should_failslab+0xc2/0x120 [ 104.251322][ T6011] __kmalloc_cache_noprof+0x7a/0x6f0 [ 104.251343][ T6011] ? trace_pid_list_alloc+0x2fe/0x480 [ 104.251366][ T6011] trace_pid_list_alloc+0x2fe/0x480 [ 104.251387][ T6011] trace_pid_write+0x110/0x460 [ 104.251408][ T6011] ? __pfx_trace_pid_write+0x10/0x10 [ 104.251439][ T6011] event_pid_write.isra.0+0x1e4/0x7d0 [ 104.251460][ T6011] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 104.251492][ T6011] vfs_write+0x2aa/0x1070 [ 104.251524][ T6011] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 104.251550][ T6011] ? __pfx_vfs_write+0x10/0x10 [ 104.251566][ T6011] ? __fget_files+0x215/0x3d0 [ 104.251588][ T6011] ? __fget_files+0x21f/0x3d0 [ 104.251610][ T6011] ksys_write+0x12a/0x250 [ 104.251626][ T6011] ? __pfx_ksys_write+0x10/0x10 [ 104.251644][ T6011] ? rcu_is_watching+0x12/0xc0 [ 104.251664][ T6011] do_syscall_64+0x115/0x840 [ 104.251684][ T6011] ? clear_bhb_loop+0x40/0x90 [ 104.251703][ T6011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.251718][ T6011] RIP: 0033:0x7fa6af59ce59 [ 104.251732][ T6011] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.251745][ T6011] RSP: 002b:00007fa6b042e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 104.251760][ T6011] RAX: ffffffffffffffda RBX: 00007fa6af815fa0 RCX: 00007fa6af59ce59 [ 104.251770][ T6011] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 104.251779][ T6011] RBP: 00007fa6af632d6f R08: 0000000000000000 R09: 0000000000000000 [ 104.251787][ T6011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.251802][ T6011] R13: 00007fa6af816038 R14: 00007fa6af815fa0 R15: 00007ffd7ce0b3e8 [ 104.251822][ T6011] [ 106.247566][ T6044] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5631] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[6044] [ 109.324699][ T6078] input: jBǸ-¶š9ã!vø“û¨lÐQüÿÿÿaÇ™n„?aÔÎrk%l6°²ýxè õb6æYhšXŠ.=„º_‡

[ 109.829701][ T6082] dump_stack_lvl+0x100/0x190 [ 109.829756][ T6082] should_fail_ex.cold+0x5/0xa [ 109.829794][ T6082] should_failslab+0xc2/0x120 [ 109.829828][ T6082] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 109.829877][ T6082] ? ep_ptable_queue_proc+0x5b/0x280 [ 109.829920][ T6082] ep_ptable_queue_proc+0x5b/0x280 [ 109.829955][ T6082] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 109.829990][ T6082] snd_seq_oss_readq_poll+0x56/0xb0 [ 109.830023][ T6082] snd_seq_oss_poll+0x122/0x1d0 [ 109.830073][ T6082] ? __pfx_odev_poll+0x10/0x10 [ 109.830107][ T6082] odev_poll+0x4a/0x90 [ 109.830143][ T6082] ep_item_poll+0x141/0x1f0 [ 109.830182][ T6082] do_epoll_ctl+0x1f33/0x36a0 [ 109.830237][ T6082] ? __pfx_do_epoll_ctl+0x10/0x10 [ 109.830274][ T6082] ? find_held_lock+0x2b/0x80 [ 109.830308][ T6082] ? __might_fault+0xc5/0x140 [ 109.830350][ T6082] ? __might_fault+0xc5/0x140 [ 109.830391][ T6082] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 109.830439][ T6082] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 109.830476][ T6082] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 109.830516][ T6082] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 109.830559][ T6082] ? rcu_is_watching+0x12/0xc0 [ 109.830597][ T6082] do_syscall_64+0x115/0x840 [ 109.830634][ T6082] ? clear_bhb_loop+0x40/0x90 [ 109.830669][ T6082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.830698][ T6082] RIP: 0033:0x7f5cca59ce59 [ 109.830722][ T6082] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.830749][ T6082] RSP: 002b:00007f5ccb3db028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 109.830775][ T6082] RAX: ffffffffffffffda RBX: 00007f5cca816090 RCX: 00007f5cca59ce59 [ 109.830795][ T6082] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 109.830811][ T6082] RBP: 00007f5cca632d6f R08: 0000000000000000 R09: 0000000000000000 [ 109.830829][ T6082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.830845][ T6082] R13: 00007f5cca816128 R14: 00007f5cca816090 R15: 00007fff4f2e14f8 [ 109.830884][ T6082] [ 110.461971][ T6078] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 110.788183][ T6088] zswap: compressor 000 not available [ 111.110364][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 111.119720][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 111.240020][ T6076] process 'syz.3.54' launched './file0' with NULL argv: empty string added [ 111.280221][ T6099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 111.362130][ T6099] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 111.437357][ T6099] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 111.504907][ T6099] page_type: f5(slab) [ 111.516609][ T6099] raw: 00fff00000000040 ffff88813fe31280 dead000000000122 0000000000000000 [ 111.573961][ T6099] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 111.627446][ T6099] head: 00fff00000000040 ffff88813fe31280 dead000000000122 0000000000000000 [ 111.688320][ T6099] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 111.748672][ T6099] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 111.758000][ T6099] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 111.767171][ T6099] page dumped because: unmovable page [ 111.792995][ T6099] page_owner tracks the page as allocated [ 111.820023][ T6099] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5637, tgid 5637 (syz-executor), ts 84345975665, free_ts 79439324537 [ 111.900668][ T6099] post_alloc_hook+0xfd/0x120 [ 111.949220][ T6099] get_page_from_freelist+0x11a6/0x3410 [ 111.992165][ T6099] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 112.024035][ T6099] new_slab+0xa6/0x6c0 [ 112.048983][ T6099] refill_objects+0x277/0x420 [ 112.063679][ T6099] __pcs_replace_empty_main+0x375/0x650 [ 112.091180][ T6099] __kmalloc_cache_noprof+0x493/0x6f0 [ 112.114072][ T6099] macvlan_common_newlink+0x476/0x18b0 [ 112.131809][ T6099] macvtap_newlink+0x17a/0x240 [ 112.148955][ T6099] rtnl_newlink+0x1499/0x2380 [ 112.174259][ T6099] rtnetlink_rcv_msg+0x95e/0xe90 [ 112.202913][ T6099] netlink_rcv_skb+0x159/0x420 [ 112.225091][ T6099] netlink_unicast+0x585/0x850 [ 112.255903][ T6099] netlink_sendmsg+0x8b0/0xda0 [ 112.281821][ T6099] __sys_sendto+0x468/0x4b0 [ 112.305950][ T6099] __x64_sys_sendto+0xe0/0x1c0 [ 112.312210][ T6099] page last free pid 5620 tgid 5620 stack trace: [ 112.323929][ T6099] __free_frozen_pages+0x794/0x10a0 [ 112.340072][ T6099] __folio_put+0x3b4/0x5f0 [ 112.351772][ T6099] skb_release_data+0x649/0x8e0 [ 112.357203][ T6099] napi_consume_skb+0x2c0/0x320 [ 112.362296][ T6099] skb_defer_free_flush+0x1f1/0x290 [ 112.381500][ T6099] net_rx_action+0x3ca/0xf20 [ 112.393117][ T6099] handle_softirqs+0x1ea/0xa00 [ 112.404555][ T6099] do_softirq+0xac/0xe0 [ 112.430572][ T6099] __local_bh_enable_ip+0xf8/0x120 [ 112.454632][ T6099] __dev_queue_xmit+0xa04/0x4950 [ 112.498814][ T6099] ip_finish_output2+0xf4a/0x2400 [ 112.505441][ T6099] __ip_finish_output.part.0+0x444/0x6f0 [ 112.511720][ T6099] ip_output+0x39b/0xc10 [ 112.516504][ T6099] ip_local_out+0x193/0x1f0 [ 112.521096][ T6099] __ip_queue_xmit+0x885/0x1e90 [ 112.529079][ T6099] __tcp_transmit_skb+0x34f5/0x4f10 [ 113.241244][ T6116] FAULT_INJECTION: forcing a failure. [ 113.241244][ T6116] name failslab, interval 1, probability 0, space 0, times 0 [ 113.288621][ T6116] CPU: 1 UID: 0 PID: 6116 Comm: syz.1.62 Not tainted syzkaller #0 PREEMPT(full) [ 113.288661][ T6116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 113.288678][ T6116] Call Trace: [ 113.288688][ T6116] [ 113.288699][ T6116] dump_stack_lvl+0x100/0x190 [ 113.288759][ T6116] should_fail_ex.cold+0x5/0xa [ 113.288804][ T6116] should_failslab+0xc2/0x120 [ 113.288840][ T6116] __kmalloc_cache_noprof+0x7a/0x6f0 [ 113.288882][ T6116] ? ima_add_digest_entry+0x52/0x520 [ 113.288935][ T6116] ima_add_digest_entry+0x52/0x520 [ 113.288985][ T6116] ima_add_template_entry+0x442/0x800 [ 113.289039][ T6116] ? __pfx_ima_add_template_entry+0x10/0x10 [ 113.289090][ T6116] ? ima_calc_field_array_hash+0x378/0x440 [ 113.289132][ T6116] ima_store_template+0xda/0x150 [ 113.289168][ T6116] ima_store_measurement+0x21c/0x5b0 [ 113.289204][ T6116] ? __pfx_ima_store_measurement+0x10/0x10 [ 113.289251][ T6116] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 113.289301][ T6116] process_measurement+0x19cc/0x2350 [ 113.289341][ T6116] ? lock_acquire+0x1b1/0x370 [ 113.289385][ T6116] ? __pfx_process_measurement+0x10/0x10 [ 113.289418][ T6116] ? rcu_is_watching+0x12/0xc0 [ 113.289455][ T6116] ? __mutex_lock+0x26d/0x1b10 [ 113.289498][ T6116] ? trace_array_get+0x10c/0x140 [ 113.289573][ T6116] ? trace_array_get+0x10c/0x140 [ 113.289616][ T6116] ima_file_check+0xcc/0x120 [ 113.289648][ T6116] ? __pfx_ima_file_check+0x10/0x10 [ 113.289687][ T6116] security_file_post_open+0xc4/0x210 [ 113.289723][ T6116] path_openat+0x1418/0x31a0 [ 113.289773][ T6116] ? __pfx_path_openat+0x10/0x10 [ 113.289830][ T6116] do_file_open+0x20e/0x430 [ 113.289870][ T6116] ? __pfx_do_file_open+0x10/0x10 [ 113.289934][ T6116] ? alloc_fd+0x476/0x790 [ 113.289974][ T6116] ? do_getname+0x191/0x390 [ 113.290018][ T6116] do_sys_openat2+0x10d/0x1e0 [ 113.290063][ T6116] ? __pfx_do_sys_openat2+0x10/0x10 [ 113.290114][ T6116] ? find_held_lock+0x2b/0x80 [ 113.290159][ T6116] __x64_sys_openat+0x12d/0x210 [ 113.290204][ T6116] ? __pfx___x64_sys_openat+0x10/0x10 [ 113.290256][ T6116] ? rcu_is_watching+0x12/0xc0 [ 113.290293][ T6116] do_syscall_64+0x115/0x840 [ 113.290331][ T6116] ? clear_bhb_loop+0x40/0x90 [ 113.290367][ T6116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.290396][ T6116] RIP: 0033:0x7efecc19ce59 [ 113.290420][ T6116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 113.290447][ T6116] RSP: 002b:00007efecd034028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 113.290474][ T6116] RAX: ffffffffffffffda RBX: 00007efecc415fa0 RCX: 00007efecc19ce59 [ 113.290494][ T6116] RDX: 0000000000000400 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 113.290512][ T6116] RBP: 00007efecc232d6f R08: 0000000000000000 R09: 0000000000000000 [ 113.290529][ T6116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.290546][ T6116] R13: 00007efecc416038 R14: 00007efecc415fa0 R15: 00007fff3341e558 [ 113.290585][ T6116] [ 113.293508][ T6116] ima: OUT OF MEMORY ERROR creating queue entry [ 113.718993][ T29] audit: type=1804 audit(1780254328.103:4): pid=6116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.1.62" name="/newroot/sys/kernel/debug/tracing/trace_marker" dev="tracefs" ino=3591 res=0 errno=0 [ 114.785539][ T6146] FAULT_INJECTION: forcing a failure. [ 114.785539][ T6146] name failslab, interval 1, probability 0, space 0, times 0 [ 114.798910][ T6146] CPU: 1 UID: 0 PID: 6146 Comm: syz.3.69 Not tainted syzkaller #0 PREEMPT(full) [ 114.798954][ T6146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 114.798972][ T6146] Call Trace: [ 114.798981][ T6146] [ 114.798992][ T6146] dump_stack_lvl+0x100/0x190 [ 114.799047][ T6146] should_fail_ex.cold+0x5/0xa [ 114.799083][ T6146] should_failslab+0xc2/0x120 [ 114.799116][ T6146] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 114.799161][ T6146] ? do_epoll_ctl+0x2434/0x36a0 [ 114.799208][ T6146] do_epoll_ctl+0x2434/0x36a0 [ 114.799261][ T6146] ? __pfx_do_epoll_ctl+0x10/0x10 [ 114.799297][ T6146] ? find_held_lock+0x2b/0x80 [ 114.799327][ T6146] ? __might_fault+0xc5/0x140 [ 114.799365][ T6146] ? __might_fault+0xc5/0x140 [ 114.799425][ T6146] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 114.799463][ T6146] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 114.799504][ T6146] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 114.799548][ T6146] ? rcu_is_watching+0x12/0xc0 [ 114.799586][ T6146] do_syscall_64+0x115/0x840 [ 114.799636][ T6146] ? clear_bhb_loop+0x40/0x90 [ 114.799673][ T6146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.799703][ T6146] RIP: 0033:0x7f551c59ce59 [ 114.799728][ T6146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 114.799755][ T6146] RSP: 002b:00007f551d4b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 114.799783][ T6146] RAX: ffffffffffffffda RBX: 00007f551c815fa0 RCX: 00007f551c59ce59 [ 114.799803][ T6146] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000007 [ 114.799820][ T6146] RBP: 00007f551c632d6f R08: 0000000000000000 R09: 0000000000000000 [ 114.799839][ T6146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.799855][ T6146] R13: 00007f551c816038 R14: 00007f551c815fa0 R15: 00007ffc11320a78 [ 114.799895][ T6146] [ 117.360743][ T6177] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 117.400951][ T6177] pci 0000:00:01.3: PCI INT A: no GSI [ 118.552554][ T6189] netlink: 'syz.0.74': attribute type 2 has an invalid length. [ 118.829824][ T6189] netlink: 28 bytes leftover after parsing attributes in process `syz.0.74'. [ 119.204169][ T6189] virt_wifi0: entered allmulticast mode [ 120.339884][ T6214] hub 1-0:1.0: USB hub found [ 120.391902][ T6214] hub 1-0:1.0: 1 port detected [ 128.194949][ T6354] netlink: 'syz.1.94': attribute type 2 has an invalid length. [ 128.381738][ T6354] netlink: 28 bytes leftover after parsing attributes in process `syz.1.94'. [ 128.405806][ T6354] virt_wifi0: entered allmulticast mode [ 129.654748][ T6390] hub 1-0:1.0: USB hub found [ 129.670139][ T6390] hub 1-0:1.0: 1 port detected [ 130.047241][ T6406] FAULT_INJECTION: forcing a failure. [ 130.047241][ T6406] name failslab, interval 1, probability 0, space 0, times 0 [ 130.086458][ T6406] CPU: 1 UID: 0 PID: 6406 Comm: syz.2.103 Not tainted syzkaller #0 PREEMPT(full) [ 130.086496][ T6406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 130.086513][ T6406] Call Trace: [ 130.086522][ T6406] [ 130.086533][ T6406] dump_stack_lvl+0x100/0x190 [ 130.086608][ T6406] should_fail_ex.cold+0x5/0xa [ 130.086646][ T6406] should_failslab+0xc2/0x120 [ 130.086680][ T6406] __kmalloc_cache_node_noprof+0x7d/0x770 [ 130.086712][ T6406] ? __get_vm_area_node+0x101/0x330 [ 130.086753][ T6406] __get_vm_area_node+0x101/0x330 [ 130.086792][ T6406] __vmalloc_node_range_noprof+0x228/0x1630 [ 130.086832][ T6406] ? vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.086873][ T6406] ? vidtv_start_feed+0x34e/0x500 [ 130.086903][ T6406] ? dmx_section_feed_start_filtering+0x3a8/0x660 [ 130.086939][ T6406] ? dvb_dmxdev_filter_start+0x767/0xdd0 [ 130.086970][ T6406] ? dvb_demux_do_ioctl+0xe64/0x1200 [ 130.086998][ T6406] ? dvb_usercopy+0x167/0x340 [ 130.087039][ T6406] ? dvb_demux_ioctl+0x29/0x40 [ 130.087065][ T6406] ? do_syscall_64+0x115/0x840 [ 130.087103][ T6406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.087140][ T6406] ? vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.087194][ T6406] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 130.087254][ T6406] ? vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.087294][ T6406] __vmalloc_node_noprof+0xad/0xf0 [ 130.087332][ T6406] ? vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.087382][ T6406] vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.087425][ T6406] ? __pfx_vidtv_s302m_encoder_init+0x10/0x10 [ 130.087468][ T6406] ? trace_kmalloc+0xe3/0x110 [ 130.087500][ T6406] ? __kmalloc_noprof+0x320/0x850 [ 130.087549][ T6406] vidtv_channel_s302m_init+0x467/0x9b0 [ 130.087604][ T6406] ? trace_kmalloc+0xe3/0x110 [ 130.087637][ T6406] ? __pfx_vidtv_channel_s302m_init+0x10/0x10 [ 130.087688][ T6406] ? __asan_memcpy+0x3c/0x60 [ 130.087733][ T6406] vidtv_channels_init+0x4c/0xb0 [ 130.087775][ T6406] vidtv_mux_init+0x9df/0xbf0 [ 130.087821][ T6406] vidtv_start_feed+0x34e/0x500 [ 130.087856][ T6406] ? __pfx_vidtv_start_feed+0x10/0x10 [ 130.087890][ T6406] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 130.087943][ T6406] dmx_section_feed_start_filtering+0x3a8/0x660 [ 130.087992][ T6406] dvb_dmxdev_filter_start+0x767/0xdd0 [ 130.088036][ T6406] dvb_demux_do_ioctl+0xe64/0x1200 [ 130.088080][ T6406] dvb_usercopy+0x167/0x340 [ 130.088123][ T6406] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 130.088157][ T6406] ? __pfx_dvb_usercopy+0x10/0x10 [ 130.088218][ T6406] ? __fget_files+0x21f/0x3d0 [ 130.088259][ T6406] dvb_demux_ioctl+0x29/0x40 [ 130.088285][ T6406] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 130.088313][ T6406] __x64_sys_ioctl+0x18e/0x210 [ 130.088345][ T6406] do_syscall_64+0x115/0x840 [ 130.088385][ T6406] ? clear_bhb_loop+0x40/0x90 [ 130.088420][ T6406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.088449][ T6406] RIP: 0033:0x7f5cca59ce59 [ 130.088483][ T6406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 130.088516][ T6406] RSP: 002b:00007f5ccb3db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 130.088547][ T6406] RAX: ffffffffffffffda RBX: 00007f5cca816090 RCX: 00007f5cca59ce59 [ 130.088571][ T6406] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 0000000000000006 [ 130.088611][ T6406] RBP: 00007f5cca632d6f R08: 0000000000000000 R09: 0000000000000000 [ 130.088628][ T6406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.088645][ T6406] R13: 00007f5cca816128 R14: 00007f5cca816090 R15: 00007fff4f2e14f8 [ 130.088686][ T6406] [ 130.093452][ T6406] syz.2.103: vmalloc error: size 65024, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 130.556486][ T6406] CPU: 1 UID: 0 PID: 6406 Comm: syz.2.103 Not tainted syzkaller #0 PREEMPT(full) [ 130.556526][ T6406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 130.556551][ T6406] Call Trace: [ 130.556560][ T6406] [ 130.556591][ T6406] dump_stack_lvl+0x100/0x190 [ 130.556643][ T6406] warn_alloc.cold+0x95/0x1c1 [ 130.556673][ T6406] ? __pfx_warn_alloc+0x10/0x10 [ 130.556716][ T6406] ? trace_kmalloc+0xe3/0x110 [ 130.556750][ T6406] ? __kmalloc_cache_node_noprof+0x2d9/0x770 [ 130.556785][ T6406] ? __kasan_kmalloc+0x8a/0xb0 [ 130.556814][ T6406] ? __get_vm_area_node+0x208/0x330 [ 130.556855][ T6406] __vmalloc_node_range_noprof+0xccd/0x1630 [ 130.556891][ T6406] ? vidtv_start_feed+0x34e/0x500 [ 130.556920][ T6406] ? dmx_section_feed_start_filtering+0x3a8/0x660 [ 130.556955][ T6406] ? dvb_demux_do_ioctl+0xe64/0x1200 [ 130.556983][ T6406] ? dvb_usercopy+0x167/0x340 [ 130.557022][ T6406] ? dvb_demux_ioctl+0x29/0x40 [ 130.557047][ T6406] ? do_syscall_64+0x115/0x840 [ 130.557084][ T6406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.557117][ T6406] ? vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.557166][ T6406] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 130.557220][ T6406] ? vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.557258][ T6406] __vmalloc_node_noprof+0xad/0xf0 [ 130.557294][ T6406] ? vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.557337][ T6406] vidtv_s302m_encoder_init+0x1dd/0x890 [ 130.557378][ T6406] ? __pfx_vidtv_s302m_encoder_init+0x10/0x10 [ 130.557417][ T6406] ? trace_kmalloc+0xe3/0x110 [ 130.557451][ T6406] ? __kmalloc_noprof+0x320/0x850 [ 130.557501][ T6406] vidtv_channel_s302m_init+0x467/0x9b0 [ 130.557552][ T6406] ? trace_kmalloc+0xe3/0x110 [ 130.557600][ T6406] ? __pfx_vidtv_channel_s302m_init+0x10/0x10 [ 130.557649][ T6406] ? __asan_memcpy+0x3c/0x60 [ 130.557692][ T6406] vidtv_channels_init+0x4c/0xb0 [ 130.557730][ T6406] vidtv_mux_init+0x9df/0xbf0 [ 130.557773][ T6406] vidtv_start_feed+0x34e/0x500 [ 130.557805][ T6406] ? __pfx_vidtv_start_feed+0x10/0x10 [ 130.557837][ T6406] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 130.557887][ T6406] dmx_section_feed_start_filtering+0x3a8/0x660 [ 130.557932][ T6406] dvb_dmxdev_filter_start+0x767/0xdd0 [ 130.557973][ T6406] dvb_demux_do_ioctl+0xe64/0x1200 [ 130.558014][ T6406] dvb_usercopy+0x167/0x340 [ 130.558054][ T6406] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 130.558086][ T6406] ? __pfx_dvb_usercopy+0x10/0x10 [ 130.558141][ T6406] ? __fget_files+0x21f/0x3d0 [ 130.558179][ T6406] dvb_demux_ioctl+0x29/0x40 [ 130.558204][ T6406] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 130.558231][ T6406] __x64_sys_ioctl+0x18e/0x210 [ 130.558261][ T6406] do_syscall_64+0x115/0x840 [ 130.558297][ T6406] ? clear_bhb_loop+0x40/0x90 [ 130.558330][ T6406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.558358][ T6406] RIP: 0033:0x7f5cca59ce59 [ 130.558380][ T6406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 130.558405][ T6406] RSP: 002b:00007f5ccb3db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 130.558431][ T6406] RAX: ffffffffffffffda RBX: 00007f5cca816090 RCX: 00007f5cca59ce59 [ 130.558449][ T6406] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 0000000000000006 [ 130.558465][ T6406] RBP: 00007f5cca632d6f R08: 0000000000000000 R09: 0000000000000000 [ 130.558481][ T6406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.558497][ T6406] R13: 00007f5cca816128 R14: 00007f5cca816090 R15: 00007fff4f2e14f8 [ 130.558539][ T6406] [ 130.559402][ T6406] Mem-Info: [ 131.081758][ T6406] active_anon:5577 inactive_anon:0 isolated_anon:0 [ 131.081758][ T6406] active_file:12857 inactive_file:43268 isolated_file:0 [ 131.081758][ T6406] unevictable:768 dirty:2128 writeback:512 [ 131.081758][ T6406] slab_reclaimable:10974 slab_unreclaimable:90523 [ 131.081758][ T6406] mapped:26848 shmem:1293 pagetables:1111 [ 131.081758][ T6406] sec_pagetables:0 bounce:0 [ 131.081758][ T6406] kernel_misc_reclaimable:0 [ 131.081758][ T6406] free:1331872 free_pcp:11269 free_cma:0 [ 131.257378][ T6406] Node 0 active_anon:22008kB inactive_anon:0kB active_file:51428kB inactive_file:172860kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107292kB dirty:2440kB writeback:2048kB shmem:3636kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11396kB pagetables:4240kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 131.302096][ T6406] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:12kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 131.348873][ T6406] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 131.454627][ T6406] lowmem_reserve[]: 0 2478 2479 2479 2479 [ 131.486002][ T6406] Node 0 DMA32 free:1375708kB boost:0kB min:34060kB low:42572kB high:51084kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22008kB inactive_anon:0kB active_file:51428kB inactive_file:172860kB unevictable:1536kB writepending:2508kB zspages:0kB present:3129332kB managed:2537504kB mlocked:0kB bounce:0kB free_pcp:35912kB local_pcp:19336kB free_cma:0kB [ 131.550923][ T6406] lowmem_reserve[]: 0 0 1 1 1 [ 131.566574][ T6406] Node 0 Normal free:8kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1108kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:4kB free_cma:0kB [ 131.708093][ T6406] lowmem_reserve[]: 0 0 0 0 0 [ 131.721987][ T6406] Node 1 Normal free:3935964kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB writepending:12kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:10020kB local_pcp:5880kB free_cma:0kB [ 131.773706][ T6406] lowmem_reserve[]: 0 0 0 0 0 [ 131.820312][ T6406] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 131.867884][ T6406] Node 0 DMA32: 1778*4kB (UME) 1575*8kB (UM) 1085*16kB (UME) 654*32kB (UME) 424*64kB (UME) 293*128kB (UME) 118*256kB (UME) 30*512kB (UM) 12*1024kB (UM) 4*2048kB (UM) 293*4096kB (UM) = 1388816kB [ 131.960631][ T6406] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 132.015644][ T6406] Node 1 Normal: 1*4kB (U) 5*8kB (U) 17*16kB (U) 3*32kB (U) 5*64kB (U) 4*128kB (UM) 2*256kB (U) 2*512kB (UM) 1*1024kB (U) 2*2048kB (UM) 959*4096kB (M) = 3935964kB [ 132.032703][ T6406] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 132.043133][ T6406] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 132.053816][ T6406] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 132.065534][ T6406] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 132.075247][ T6406] 54342 total pagecache pages [ 132.085158][ T6406] 0 pages in swap cache [ 132.126583][ T6406] Free swap = 124996kB [ 132.141068][ T6406] Total swap = 124996kB [ 132.194989][ T6406] 2097051 pages RAM [ 132.207814][ T6406] 0 pages HighMem/MovableOnly [ 132.227618][ T6406] 430783 pages reserved [ 132.237631][ T6406] 0 pages cma reserved [ 132.859114][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.869044][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.491674][ T6443] syz_tun: tun_chr_ioctl cmd 2147767521 [ 136.522939][ T6497] kvm: user requested TSC rate below hardware speed [ 137.282833][ T6520] zswap: compressor û not available [ 137.868577][ T6536] FAULT_INJECTION: forcing a failure. [ 137.868577][ T6536] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 137.924251][ T6536] CPU: 1 UID: 0 PID: 6536 Comm: syz.3.124 Not tainted syzkaller #0 PREEMPT(full) [ 137.924288][ T6536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 137.924304][ T6536] Call Trace: [ 137.924312][ T6536] [ 137.924322][ T6536] dump_stack_lvl+0x100/0x190 [ 137.924372][ T6536] should_fail_ex.cold+0x5/0xa [ 137.924407][ T6536] _copy_from_user+0x2e/0xd0 [ 137.924448][ T6536] kstrtouint_from_user+0xd6/0x1d0 [ 137.924476][ T6536] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 137.924501][ T6536] ? __lock_acquire+0x4a5/0x2630 [ 137.924545][ T6536] ? lock_acquire+0x1b1/0x370 [ 137.924589][ T6536] proc_fail_nth_write+0x83/0x220 [ 137.924630][ T6536] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 137.924680][ T6536] vfs_write+0x2aa/0x1070 [ 137.924712][ T6536] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 137.924755][ T6536] ? __pfx_vfs_write+0x10/0x10 [ 137.924785][ T6536] ? __fget_files+0x215/0x3d0 [ 137.924825][ T6536] ? __fget_files+0x21f/0x3d0 [ 137.924867][ T6536] ksys_write+0x12a/0x250 [ 137.924898][ T6536] ? __pfx_ksys_write+0x10/0x10 [ 137.924931][ T6536] ? rcu_is_watching+0x12/0xc0 [ 137.924976][ T6536] do_syscall_64+0x115/0x840 [ 137.925015][ T6536] ? clear_bhb_loop+0x40/0x90 [ 137.925049][ T6536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.925077][ T6536] RIP: 0033:0x7f551c55d68e [ 137.925100][ T6536] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 137.925125][ T6536] RSP: 002b:00007f551d476fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.925151][ T6536] RAX: ffffffffffffffda RBX: 00007f551d4776c0 RCX: 00007f551c55d68e [ 137.925168][ T6536] RDX: 0000000000000001 RSI: 00007f551d4770a0 RDI: 000000000000000e [ 137.925183][ T6536] RBP: 00007f551d477090 R08: 0000000000000000 R09: 0000000000000000 [ 137.925199][ T6536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.925213][ T6536] R13: 00007f551c816218 R14: 00007f551c816180 R15: 00007ffc11320a78 [ 137.925246][ T6536] [ 140.624433][ T6572] smpboot: CPU 1 is now offline [ 141.015490][ T6584] random: crng reseeded on system resumption [ 141.163048][ T6584] hub 1-0:1.0: USB hub found [ 141.194950][ T6584] hub 1-0:1.0: 1 port detected [ 142.671138][ T6608] workqueue: name exceeds WQ_NAME_LEN. Truncating to: ›11!phy1!netdev:wlan1!rc_rateid [ 142.742190][ T6611] FAULT_INJECTION: forcing a failure. [ 142.742190][ T6611] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 142.857371][ T6611] CPU: 0 UID: 0 PID: 6611 Comm: syz.2.139 Not tainted syzkaller #0 PREEMPT(full) [ 142.857392][ T6611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 142.857401][ T6611] Call Trace: [ 142.857407][ T6611] [ 142.857413][ T6611] dump_stack_lvl+0x100/0x190 [ 142.857443][ T6611] should_fail_ex.cold+0x5/0xa [ 142.857460][ T6611] ? prepare_alloc_pages+0x16d/0x5f0 [ 142.857480][ T6611] should_fail_alloc_page+0xeb/0x140 [ 142.857500][ T6611] prepare_alloc_pages+0x1f0/0x5f0 [ 142.857521][ T6611] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 142.857544][ T6611] ? __lock_acquire+0x4a5/0x2630 [ 142.857571][ T6611] ? __lock_acquire+0x4a5/0x2630 [ 142.857597][ T6611] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 142.857630][ T6611] ? find_held_lock+0x2b/0x80 [ 142.857650][ T6611] ? __lock_acquire+0x4a5/0x2630 [ 142.857673][ T6611] ? is_bpf_text_address+0x94/0x1a0 [ 142.857693][ T6611] ? kernel_text_address+0x8d/0x100 [ 142.857708][ T6611] ? __kernel_text_address+0xd/0x30 [ 142.857721][ T6611] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 142.857743][ T6611] ? policy_nodemask+0xed/0x4f0 [ 142.857761][ T6611] alloc_pages_mpol+0x1fb/0x540 [ 142.857779][ T6611] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 142.857796][ T6611] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 142.857816][ T6611] ? lockdep_hardirqs_on+0x78/0x100 [ 142.857840][ T6611] folio_alloc_mpol_noprof+0x36/0x260 [ 142.857861][ T6611] shmem_alloc_folio+0x135/0x160 [ 142.857882][ T6611] shmem_alloc_and_add_folio+0x371/0xd40 [ 142.857910][ T6611] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 142.857937][ T6611] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 142.857956][ T6611] shmem_get_folio_gfp+0x6ab/0x1900 [ 142.857974][ T6611] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 142.857989][ T6611] ? filemap_map_pages+0x9c1/0x2140 [ 142.858015][ T6611] shmem_fault+0x1f9/0xa20 [ 142.858030][ T6611] ? __pfx_shmem_fault+0x10/0x10 [ 142.858047][ T6611] ? __pfx_filemap_map_pages+0x10/0x10 [ 142.858078][ T6611] ? find_held_lock+0x2b/0x80 [ 142.858098][ T6611] __do_fault+0x10b/0x440 [ 142.858115][ T6611] do_fault+0xa99/0x1750 [ 142.858136][ T6611] __handle_mm_fault+0x187d/0x2a00 [ 142.858161][ T6611] ? mt_find+0x45e/0x8e0 [ 142.858183][ T6611] ? __pfx___handle_mm_fault+0x10/0x10 [ 142.858207][ T6611] ? __pfx_mt_find+0x10/0x10 [ 142.858243][ T6611] ? find_vma+0xbf/0x140 [ 142.858258][ T6611] ? __pfx_find_vma+0x10/0x10 [ 142.858276][ T6611] handle_mm_fault+0x37b/0xa30 [ 142.858301][ T6611] do_user_addr_fault+0x74c/0x12f0 [ 142.858320][ T6611] ? trace_page_fault_kernel+0x7a/0x200 [ 142.858338][ T6611] exc_page_fault+0x6f/0xd0 [ 142.858359][ T6611] asm_exc_page_fault+0x26/0x30 [ 142.858374][ T6611] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 142.858390][ T6611] Code: 9d 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 142.858403][ T6611] RSP: 0018:ffffc9000208f7b8 EFLAGS: 00050202 [ 142.858416][ T6611] RAX: 0000000000000001 RBX: ffff88805bf20000 RCX: 000000000000efff [ 142.858425][ T6611] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffff88805bf21000 [ 142.858434][ T6611] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100b7e5fff [ 142.858442][ T6611] R10: ffff88805bf2fffe R11: 0000000000000000 R12: ffffc9000208fd40 [ 142.858451][ T6611] R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000 [ 142.858470][ T6611] _copy_from_iter+0x355/0x1690 [ 142.858493][ T6611] ? rcu_is_watching+0x12/0xc0 [ 142.858511][ T6611] ? trace_kmem_cache_alloc+0xd5/0x100 [ 142.858528][ T6611] ? __kasan_slab_alloc+0x89/0x90 [ 142.858543][ T6611] ? __pfx__copy_from_iter+0x10/0x10 [ 142.858564][ T6611] ? __asan_memset+0x23/0x50 [ 142.858586][ T6611] ? __build_skb_around+0x278/0x390 [ 142.858609][ T6611] ? is_vmalloc_addr+0x86/0xa0 [ 142.858633][ T6611] netlink_sendmsg+0x808/0xda0 [ 142.858657][ T6611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.858675][ T6611] ? __import_iovec+0x1d2/0x640 [ 142.858697][ T6611] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 142.858715][ T6611] ____sys_sendmsg+0x9e1/0xb70 [ 142.858734][ T6611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.858755][ T6611] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.858777][ T6611] ? __pfx__kstrtoull+0x10/0x10 [ 142.858795][ T6611] ___sys_sendmsg+0x190/0x1e0 [ 142.858816][ T6611] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.858845][ T6611] ? find_held_lock+0x2b/0x80 [ 142.858874][ T6611] __sys_sendmmsg+0x205/0x430 [ 142.858892][ T6611] ? __pfx___sys_sendmmsg+0x10/0x10 [ 142.858913][ T6611] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 142.858943][ T6611] ? fput+0x79/0x100 [ 142.858963][ T6611] ? ksys_write+0x1ac/0x250 [ 142.858978][ T6611] ? __pfx_ksys_write+0x10/0x10 [ 142.858998][ T6611] __x64_sys_sendmmsg+0x9c/0x100 [ 142.859013][ T6611] ? lockdep_hardirqs_on+0x78/0x100 [ 142.859033][ T6611] do_syscall_64+0x115/0x840 [ 142.859052][ T6611] ? clear_bhb_loop+0x40/0x90 [ 142.859074][ T6611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.859089][ T6611] RIP: 0033:0x7f5cca59ce59 [ 142.859102][ T6611] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.859114][ T6611] RSP: 002b:00007f5ccb3db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 142.859127][ T6611] RAX: ffffffffffffffda RBX: 00007f5cca816090 RCX: 00007f5cca59ce59 [ 142.859136][ T6611] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 142.859145][ T6611] RBP: 00007f5ccb3db090 R08: 0000000000000000 R09: 0000000000000000 [ 142.859153][ T6611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.859161][ T6611] R13: 00007f5cca816128 R14: 00007f5cca816090 R15: 00007fff4f2e14f8 [ 142.859180][ T6611] [ 143.705803][ T6623] zswap: compressor 000 not available syzkaller syzkaller login: [ 145.703656][ T6658] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 145.735886][ T6658] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 145.766014][ T6658] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 145.794477][ T6658] page_type: f5(slab) [ 145.810311][ T6658] raw: 00fff00000000040 ffff88813fe31280 dead000000000122 0000000000000000 [ 145.844353][ T6658] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 145.873637][ T6658] head: 00fff00000000040 ffff88813fe31280 dead000000000122 0000000000000000 [ 145.908329][ T6658] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 145.929080][ T6658] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 145.951483][ T6658] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 145.986358][ T6658] page dumped because: unmovable page [ 146.006394][ T6658] page_owner tracks the page as allocated [ 146.037381][ T6658] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5637, tgid 5637 (syz-executor), ts 84345975665, free_ts 79439324537 [ 146.122879][ T6658] post_alloc_hook+0xfd/0x120 [ 146.134554][ T6658] get_page_from_freelist+0x11a6/0x3410 [ 146.148923][ T6658] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 146.162550][ T6658] new_slab+0xa6/0x6c0 [ 146.173719][ T6658] refill_objects+0x277/0x420 [ 146.186197][ T6658] __pcs_replace_empty_main+0x375/0x650 [ 146.220493][ T6658] __kmalloc_cache_noprof+0x493/0x6f0 [ 146.238653][ T6658] macvlan_common_newlink+0x476/0x18b0 [ 146.267618][ T6658] macvtap_newlink+0x17a/0x240 [ 146.297702][ T6658] rtnl_newlink+0x1499/0x2380 [ 146.308950][ T6658] rtnetlink_rcv_msg+0x95e/0xe90 [ 146.324195][ T6658] netlink_rcv_skb+0x159/0x420 [ 146.338128][ T6658] netlink_unicast+0x585/0x850 [ 146.355963][ T6658] netlink_sendmsg+0x8b0/0xda0 [ 146.371165][ T6658] __sys_sendto+0x468/0x4b0 [ 146.387627][ T6658] __x64_sys_sendto+0xe0/0x1c0 [ 146.405955][ T6658] page last free pid 5620 tgid 5620 stack trace: [ 146.432158][ T6658] __free_frozen_pages+0x794/0x10a0 [ 146.447691][ T6658] __folio_put+0x3b4/0x5f0 [ 146.465436][ T6658] skb_release_data+0x649/0x8e0 [ 146.483633][ T6658] napi_consume_skb+0x2c0/0x320 [ 146.502356][ T6658] skb_defer_free_flush+0x1f1/0x290 [ 146.524366][ T6658] net_rx_action+0x3ca/0xf20 [ 146.569725][ T6658] handle_softirqs+0x1ea/0xa00 [ 146.592929][ T6658] do_softirq+0xac/0xe0 [ 146.627518][ T6658] __local_bh_enable_ip+0xf8/0x120 [ 146.656316][ T6658] __dev_queue_xmit+0xa04/0x4950 [ 146.673042][ T6658] ip_finish_output2+0xf4a/0x2400 [ 146.691328][ T6658] __ip_finish_output.part.0+0x444/0x6f0 [ 146.712378][ T6658] ip_output+0x39b/0xc10 [ 146.731902][ T6658] ip_local_out+0x193/0x1f0 [ 146.746954][ T6658] __ip_queue_xmit+0x885/0x1e90 [ 146.763336][ T6658] __tcp_transmit_skb+0x34f5/0x4f10 [ 147.077673][ T6671] netlink: 4 bytes leftover after parsing attributes in process `syz.2.155'. [ 147.147772][ T6671] netlink: 354 bytes leftover after parsing attributes in process `syz.2.155'. [ 147.780198][ T6650] kexec: Could not allocate control_code_buffer [ 149.300826][ T6710] FAULT_INJECTION: forcing a failure. [ 149.300826][ T6710] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.327001][ T6709] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5636] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[6709] [ 149.405566][ T6710] CPU: 0 UID: 0 PID: 6710 Comm: syz.1.164 Not tainted syzkaller #0 PREEMPT(full) [ 149.405589][ T6710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 149.405598][ T6710] Call Trace: [ 149.405603][ T6710] [ 149.405609][ T6710] dump_stack_lvl+0x100/0x190 [ 149.405639][ T6710] should_fail_ex.cold+0x5/0xa [ 149.405658][ T6710] _copy_from_user+0x2e/0xd0 [ 149.405685][ T6710] br_dev_read_uargs+0xcf/0x340 [ 149.405705][ T6710] ? __x64_sys_ioctl+0xb7/0x210 [ 149.405722][ T6710] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.405737][ T6710] ? __pfx_br_dev_read_uargs+0x10/0x10 [ 149.405757][ T6710] br_dev_siocdevprivate+0xeb/0x1650 [ 149.405774][ T6710] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 149.405789][ T6710] ? __lock_acquire+0x4a5/0x2630 [ 149.405821][ T6710] ? lock_acquire+0x1b1/0x370 [ 149.405849][ T6710] ? netdev_name_node_lookup+0x107/0x150 [ 149.405874][ T6710] dev_ifsioc+0xc2f/0x1f10 [ 149.405890][ T6710] ? __pfx_dev_ifsioc+0x10/0x10 [ 149.405902][ T6710] ? __pfx___mutex_lock+0x10/0x10 [ 149.405931][ T6710] ? dev_load+0x8e/0x240 [ 149.405953][ T6710] ? dev_load+0x8e/0x240 [ 149.405979][ T6710] dev_ioctl+0x70e/0x1070 [ 149.405994][ T6710] sock_ioctl+0x494/0x6b0 [ 149.406015][ T6710] ? __pfx_sock_ioctl+0x10/0x10 [ 149.406034][ T6710] ? hook_file_ioctl_common+0x149/0x410 [ 149.406056][ T6710] ? __fget_files+0x21f/0x3d0 [ 149.406080][ T6710] ? __pfx_sock_ioctl+0x10/0x10 [ 149.406100][ T6710] __x64_sys_ioctl+0x18e/0x210 [ 149.406116][ T6710] do_syscall_64+0x115/0x840 [ 149.406136][ T6710] ? clear_bhb_loop+0x40/0x90 [ 149.406154][ T6710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.406169][ T6710] RIP: 0033:0x7efecc19ce59 [ 149.406182][ T6710] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.406195][ T6710] RSP: 002b:00007efecd013028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 149.406209][ T6710] RAX: ffffffffffffffda RBX: 00007efecc416090 RCX: 00007efecc19ce59 [ 149.406219][ T6710] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000006 [ 149.406227][ T6710] RBP: 00007efecd013090 R08: 0000000000000000 R09: 0000000000000000 [ 149.406236][ T6710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.406244][ T6710] R13: 00007efecc416128 R14: 00007efecc416090 R15: 00007fff3341e558 [ 149.406263][ T6710] [ 151.742694][ T6748] FAULT_INJECTION: forcing a failure. [ 151.742694][ T6748] name failslab, interval 1, probability 0, space 0, times 0 [ 151.862174][ T6748] CPU: 0 UID: 0 PID: 6748 Comm: syz.1.172 Not tainted syzkaller #0 PREEMPT(full) [ 151.862198][ T6748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 151.862207][ T6748] Call Trace: [ 151.862213][ T6748] [ 151.862219][ T6748] dump_stack_lvl+0x100/0x190 [ 151.862249][ T6748] should_fail_ex.cold+0x5/0xa [ 151.862268][ T6748] should_failslab+0xc2/0x120 [ 151.862293][ T6748] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 151.862318][ T6748] ? security_inode_alloc+0x3b/0x2c0 [ 151.862335][ T6748] ? lockdep_init_map_type+0x5c/0x250 [ 151.862360][ T6748] security_inode_alloc+0x3b/0x2c0 [ 151.862377][ T6748] inode_init_always_gfp+0xc77/0xfb0 [ 151.862399][ T6748] alloc_inode+0x8e/0x250 [ 151.862420][ T6748] new_inode+0x22/0x1c0 [ 151.862444][ T6748] shmem_get_inode+0x1e3/0xfb0 [ 151.862465][ T6748] ? __pfx_shmem_get_inode+0x10/0x10 [ 151.862490][ T6748] __shmem_file_setup+0x382/0x460 [ 151.862510][ T6748] ? __pfx___shmem_file_setup+0x10/0x10 [ 151.862532][ T6748] ? vm_area_alloc+0x1f/0x160 [ 151.862554][ T6748] shmem_zero_setup+0x96/0x1b0 [ 151.862571][ T6748] __mmap_region+0x2509/0x2dd0 [ 151.862597][ T6748] ? __pfx___mmap_region+0x10/0x10 [ 151.862622][ T6748] ? rcu_is_watching+0x12/0xc0 [ 151.862638][ T6748] ? trace_pelt_se_tp+0x13b/0x190 [ 151.862668][ T6748] ? __lock_acquire+0x4a5/0x2630 [ 151.862690][ T6748] ? do_raw_spin_unlock+0x145/0x1e0 [ 151.862712][ T6748] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 151.862741][ T6748] ? find_held_lock+0x2b/0x80 [ 151.862760][ T6748] ? rcu_is_watching+0x12/0xc0 [ 151.862786][ T6748] ? rcu_is_watching+0x12/0xc0 [ 151.862803][ T6748] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 151.862822][ T6748] ? lockdep_hardirqs_on+0x78/0x100 [ 151.862873][ T6748] mmap_region+0x35d/0x620 [ 151.862888][ T6748] ? rcu_is_watching+0x12/0xc0 [ 151.862903][ T6748] ? __pfx_mmap_region+0x10/0x10 [ 151.862919][ T6748] ? cap_mmap_addr+0x4b/0x120 [ 151.862933][ T6748] ? bpf_lsm_mmap_addr+0x9/0x30 [ 151.862946][ T6748] ? security_mmap_addr+0x71/0x1e0 [ 151.862965][ T6748] ? __get_unmapped_area+0x255/0x3e0 [ 151.862986][ T6748] do_mmap+0xc63/0x12f0 [ 151.863007][ T6748] ? __pfx_do_mmap+0x10/0x10 [ 151.863025][ T6748] ? __pfx_down_write_killable+0x10/0x10 [ 151.863042][ T6748] vm_mmap_pgoff+0x29e/0x470 [ 151.863064][ T6748] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 151.863084][ T6748] ? do_futex+0x192/0x350 [ 151.863099][ T6748] ? __pfx_do_futex+0x10/0x10 [ 151.863117][ T6748] ksys_mmap_pgoff+0xe4/0x610 [ 151.863135][ T6748] ? __x64_sys_futex+0x358/0x4d0 [ 151.863150][ T6748] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 151.863167][ T6748] ? xfd_validate_state+0x129/0x190 [ 151.863181][ T6748] ? ksys_write+0x1ac/0x250 [ 151.863201][ T6748] __x64_sys_mmap+0x125/0x190 [ 151.863218][ T6748] do_syscall_64+0x115/0x840 [ 151.863238][ T6748] ? clear_bhb_loop+0x40/0x90 [ 151.863255][ T6748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.863270][ T6748] RIP: 0033:0x7efecc19ce59 [ 151.863289][ T6748] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 151.863304][ T6748] RSP: 002b:00007efecd013028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 151.863319][ T6748] RAX: ffffffffffffffda RBX: 00007efecc416090 RCX: 00007efecc19ce59 [ 151.863329][ T6748] RDX: 00004000000000df RSI: 0000000000000101 RDI: 0000000000000000 [ 151.863338][ T6748] RBP: 00007efecc232d6f R08: 0000000200000401 R09: 0000000000008000 [ 151.863347][ T6748] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 151.863356][ T6748] R13: 00007efecc416128 R14: 00007efecc416090 R15: 00007fff3341e558 [ 151.863376][ T6748] [ 152.798920][ T29] audit: type=1800 audit(1843104557.970:5): pid=6758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.173" name="dbroot" dev="configfs" ino=13948 res=0 errno=0 [ 153.334106][ T5631] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 153.383237][ T5631] CPU: 0 UID: 0 PID: 5631 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 153.383259][ T5631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 153.383268][ T5631] Call Trace: [ 153.383273][ T5631] [ 153.383279][ T5631] dump_stack_lvl+0x100/0x190 [ 153.383309][ T5631] dump_header+0xfb/0x606 [ 153.383326][ T5631] oom_kill_process.cold+0xd/0x330 [ 153.383344][ T5631] out_of_memory+0x340/0x14f0 [ 153.383370][ T5631] ? __pfx_out_of_memory+0x10/0x10 [ 153.383398][ T5631] mem_cgroup_out_of_memory+0xc6/0x130 [ 153.383421][ T5631] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 153.383442][ T5631] ? find_held_lock+0x2b/0x80 [ 153.383464][ T5631] ? do_raw_spin_unlock+0x145/0x1e0 [ 153.383480][ T5631] ? _raw_spin_unlock+0x28/0x50 [ 153.383501][ T5631] try_charge_memcg+0x6e5/0xdf0 [ 153.383522][ T5631] ? __pfx_try_charge_memcg+0x10/0x10 [ 153.383539][ T5631] ? find_held_lock+0x2b/0x80 [ 153.383556][ T5631] ? rcu_read_unlock+0x17/0x60 [ 153.383574][ T5631] ? rcu_read_unlock+0x17/0x60 [ 153.383592][ T5631] ? find_held_lock+0x2b/0x80 [ 153.383610][ T5631] ? rcu_read_unlock+0x17/0x60 [ 153.383631][ T5631] charge_memcg+0x19f/0x210 [ 153.383653][ T5631] mem_cgroup_swapin_charge_folio+0xd2/0x2f0 [ 153.383676][ T5631] __swap_cache_prepare_and_add+0x842/0xa20 [ 153.383699][ T5631] ? alloc_pages_mpol+0x25a/0x540 [ 153.383720][ T5631] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 153.383742][ T5631] ? __pfx_swap_entry_swapped+0x10/0x10 [ 153.383765][ T5631] swap_cache_alloc_folio+0x1cb/0x300 [ 153.383789][ T5631] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 153.383817][ T5631] swap_cluster_readahead+0x411/0x770 [ 153.383845][ T5631] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 153.383870][ T5631] ? ktime_get+0x9f/0x320 [ 153.383895][ T5631] ? do_raw_spin_unlock+0x145/0x1e0 [ 153.383913][ T5631] ? get_vma_policy+0x23d/0x3b0 [ 153.383933][ T5631] swapin_readahead+0x160/0x12c0 [ 153.383954][ T5631] ? do_raw_spin_lock+0x128/0x260 [ 153.383978][ T5631] ? __pfx_swapin_readahead+0x10/0x10 [ 153.384000][ T5631] ? find_held_lock+0x2b/0x80 [ 153.384017][ T5631] ? swap_table_get+0x103/0x2c0 [ 153.384042][ T5631] ? swap_table_get+0x10d/0x2c0 [ 153.384063][ T5631] ? swap_cache_get_folio+0x286/0x350 [ 153.384085][ T5631] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 153.384106][ T5631] ? __pfx_get_swap_device+0x10/0x10 [ 153.384126][ T5631] ? do_swap_page+0x931/0x6180 [ 153.384168][ T5631] do_swap_page+0x931/0x6180 [ 153.384198][ T5631] ? __pfx_do_swap_page+0x10/0x10 [ 153.384220][ T5631] ? __free_object+0x2a8/0x3f0 [ 153.384237][ T5631] ? lockdep_hardirqs_on+0x78/0x100 [ 153.384259][ T5631] ? rcu_is_watching+0x12/0xc0 [ 153.384276][ T5631] ? __pte_offset_map+0x179/0x310 [ 153.384294][ T5631] __handle_mm_fault+0x192f/0x2a00 [ 153.384320][ T5631] ? reacquire_held_locks+0xce/0x1e0 [ 153.384343][ T5631] ? __pfx___handle_mm_fault+0x10/0x10 [ 153.384367][ T5631] ? lock_vma_under_rcu+0x17c/0x590 [ 153.384400][ T5631] handle_mm_fault+0x37b/0xa30 [ 153.384425][ T5631] do_user_addr_fault+0x5a3/0x12f0 [ 153.384448][ T5631] exc_page_fault+0x6f/0xd0 [ 153.384468][ T5631] asm_exc_page_fault+0x26/0x30 [ 153.384483][ T5631] RIP: 0033:0x7efecc15d68e [ 153.384496][ T5631] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 153.384510][ T5631] RSP: 002b:00007fff3341e838 EFLAGS: 00010246 [ 153.384522][ T5631] RAX: 0000000000000000 RBX: 000055557ae6b500 RCX: 00007efecc15d68e [ 153.384531][ T5631] RDX: 00007fff3341e890 RSI: 0000000000000000 RDI: 0000000000000000 [ 153.384540][ T5631] RBP: 00007fff3341e8fc R08: 0000000000000000 R09: 0000000000000000 [ 153.384548][ T5631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 153.384557][ T5631] R13: 00000000000927c0 R14: 0000000000025407 R15: 00007fff3341e950 [ 153.384576][ T5631] [ 153.767294][ T5631] memory: usage 307200kB, limit 307200kB, failcnt 2530 [ 153.775021][ T5631] memory+swap: usage 307440kB, limit 9007199254740988kB, failcnt 0 [ 153.782950][ T5631] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 153.790319][ T5631] Memory cgroup stats for /syz1: [ 153.790493][ T5631] cache 4096 [ 153.798600][ T5631] rss 4096 [ 153.801608][ T5631] rss_huge 0 [ 153.804786][ T5631] shmem 0 [ 153.808058][ T5631] mapped_file 4096 [ 153.811759][ T5631] dirty 0 [ 153.814674][ T5631] writeback 0 [ 153.817961][ T5631] workingset_refault_anon 332 [ 153.822630][ T5631] workingset_refault_file 0 [ 153.827127][ T5631] swap 241664 [ 153.830392][ T5631] swapcached 1871872 [ 153.834263][ T5631] pgpgin 79359 [ 153.837645][ T5631] pgpgout 79357 [ 153.841101][ T5631] pgfault 75972 [ 153.844537][ T5631] pgmajfault 91 [ 153.847993][ T5631] inactive_anon 0 [ 153.851601][ T5631] active_anon 4096 [ 153.855316][ T5631] inactive_file 0 [ 153.858943][ T5631] active_file 4096 [ 153.862640][ T5631] unevictable 0 [ 153.866130][ T5631] hierarchical_memory_limit 314572800 [ 153.872565][ T5631] hierarchical_memsw_limit 9223372036854771712 [ 153.878756][ T5631] total_cache 4096 [ 153.882455][ T5631] total_rss 4096 [ 153.886061][ T5631] total_rss_huge 0 [ 153.890522][ T5631] total_shmem 0 [ 153.893964][ T5631] total_mapped_file 4096 [ 153.898215][ T5631] total_dirty 0 [ 153.901651][ T5631] total_writeback 0 [ 153.905457][ T5631] total_workingset_refault_anon 332 [ 153.910667][ T5631] total_workingset_refault_file 0 [ 153.915671][ T5631] total_swap 241664 [ 153.919474][ T5631] total_swapcached 1871872 [ 153.923882][ T5631] total_pgpgin 79359 [ 153.927769][ T5631] total_pgpgout 79357 [ 153.931725][ T5631] total_pgfault 75972 [ 153.935688][ T5631] total_pgmajfault 91 [ 153.939678][ T5631] total_inactive_anon 0 [ 153.943809][ T5631] total_active_anon 4096 [ 153.948090][ T5631] total_inactive_file 0 [ 153.952220][ T5631] total_active_file 4096 [ 153.956498][ T5631] total_unevictable 0 [ 153.960456][ T5631] anon_cost 0 [ 153.963715][ T5631] file_cost 0 [ 153.969673][ T5631] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.172,pid=6744,uid=0 [ 153.987373][ T5631] Memory cgroup out of memory: Killed process 6744 (syz.1.172) total-vm:180872kB, anon-rss:1240kB, file-rss:34224kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000 [ 155.629313][ T29] audit: type=1800 audit(1843104560.880:6): pid=6798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.183" name="dbroot" dev="configfs" ino=14183 res=0 errno=0 [ 156.221676][ T6808] FAULT_INJECTION: forcing a failure. [ 156.221676][ T6808] name failslab, interval 1, probability 0, space 0, times 0 [ 156.318492][ T6808] CPU: 0 UID: 0 PID: 6808 Comm: syz.2.184 Not tainted syzkaller #0 PREEMPT(full) [ 156.318515][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 156.318524][ T6808] Call Trace: [ 156.318530][ T6808] [ 156.318536][ T6808] dump_stack_lvl+0x100/0x190 [ 156.318567][ T6808] should_fail_ex.cold+0x5/0xa [ 156.318587][ T6808] should_failslab+0xc2/0x120 [ 156.318606][ T6808] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 156.318622][ T6808] ? vidtv_psi_short_event_desc_init+0x429/0x5f0 [ 156.318646][ T6808] kstrdup+0x51/0xe0 [ 156.318663][ T6808] vidtv_psi_short_event_desc_init+0x429/0x5f0 [ 156.318686][ T6808] vidtv_channel_s302m_init+0x4fd/0x9b0 [ 156.318708][ T6808] ? trace_kmalloc+0xe3/0x110 [ 156.318724][ T6808] ? __pfx_vidtv_channel_s302m_init+0x10/0x10 [ 156.318750][ T6808] ? __asan_memcpy+0x3c/0x60 [ 156.318773][ T6808] vidtv_channels_init+0x4c/0xb0 [ 156.318794][ T6808] vidtv_mux_init+0x9df/0xbf0 [ 156.318817][ T6808] vidtv_start_feed+0x34e/0x500 [ 156.318837][ T6808] ? __pfx_vidtv_start_feed+0x10/0x10 [ 156.318854][ T6808] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 156.318881][ T6808] dmx_section_feed_start_filtering+0x3a8/0x660 [ 156.318906][ T6808] dvb_dmxdev_filter_start+0x767/0xdd0 [ 156.318945][ T6808] dvb_demux_do_ioctl+0xe64/0x1200 [ 156.318967][ T6808] dvb_usercopy+0x167/0x340 [ 156.318996][ T6808] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 156.319014][ T6808] ? __pfx_dvb_usercopy+0x10/0x10 [ 156.319045][ T6808] ? __fget_files+0x21f/0x3d0 [ 156.319067][ T6808] dvb_demux_ioctl+0x29/0x40 [ 156.319081][ T6808] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 156.319095][ T6808] __x64_sys_ioctl+0x18e/0x210 [ 156.319112][ T6808] do_syscall_64+0x115/0x840 [ 156.319132][ T6808] ? clear_bhb_loop+0x40/0x90 [ 156.319150][ T6808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.319166][ T6808] RIP: 0033:0x7f5cca59ce59 [ 156.319179][ T6808] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.319194][ T6808] RSP: 002b:00007f5ccb3db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.319209][ T6808] RAX: ffffffffffffffda RBX: 00007f5cca816090 RCX: 00007f5cca59ce59 [ 156.319219][ T6808] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 0000000000000007 [ 156.319227][ T6808] RBP: 00007f5cca632d6f R08: 0000000000000000 R09: 0000000000000000 [ 156.319236][ T6808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.319244][ T6808] R13: 00007f5cca816128 R14: 00007f5cca816090 R15: 00007fff4f2e14f8 [ 156.319265][ T6808] [ 158.347780][ T6833] netlink: 16736 bytes leftover after parsing attributes in process `syz.3.189'. [ 158.991639][ T6845] FAULT_INJECTION: forcing a failure. [ 158.991639][ T6845] name fail_futex, interval 1, probability 0, space 0, times 1 [ 159.022853][ T6845] CPU: 0 UID: 0 PID: 6845 Comm: syz.3.192 Not tainted syzkaller #0 PREEMPT(full) [ 159.022878][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 159.022887][ T6845] Call Trace: [ 159.022893][ T6845] [ 159.022899][ T6845] dump_stack_lvl+0x100/0x190 [ 159.022930][ T6845] should_fail_ex.cold+0x5/0xa [ 159.022950][ T6845] get_futex_key+0x1d2/0x1510 [ 159.022976][ T6845] ? __pfx_get_futex_key+0x10/0x10 [ 159.023000][ T6845] ? __pfx____sys_sendmsg+0x10/0x10 [ 159.023025][ T6845] futex_wake+0xea/0x530 [ 159.023044][ T6845] ? __pfx_futex_wake+0x10/0x10 [ 159.023070][ T6845] do_futex+0x32b/0x350 [ 159.023085][ T6845] ? __pfx_do_futex+0x10/0x10 [ 159.023100][ T6845] ? fput+0x79/0x100 [ 159.023119][ T6845] ? __sys_sendmsg+0x18f/0x220 [ 159.023136][ T6845] __x64_sys_futex+0x34f/0x4d0 [ 159.023153][ T6845] ? __pfx___x64_sys_futex+0x10/0x10 [ 159.023172][ T6845] ? rcu_is_watching+0x12/0xc0 [ 159.023191][ T6845] do_syscall_64+0x115/0x840 [ 159.023211][ T6845] ? clear_bhb_loop+0x40/0x90 [ 159.023229][ T6845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.023243][ T6845] RIP: 0033:0x7f551c59ce59 [ 159.023257][ T6845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.023272][ T6845] RSP: 002b:00007f551d4b90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 159.023286][ T6845] RAX: ffffffffffffffda RBX: 00007f551c815fa8 RCX: 00007f551c59ce59 [ 159.023296][ T6845] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f551c815fac [ 159.023305][ T6845] RBP: 00007f551c815fa0 R08: 0000000000000001 R09: 0000000000000000 [ 159.023313][ T6845] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 159.023322][ T6845] R13: 00007f551c816038 R14: 00007ffc11320990 R15: 00007ffc11320a78 [ 159.023341][ T6845] [ 160.022830][ T5808] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 160.103567][ T29] audit: type=1800 audit(1843104565.350:7): pid=6858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.194" name="dbroot" dev="configfs" ino=14494 res=0 errno=0 [ 162.203536][ T6870] kexec: Could not allocate control_code_buffer [ 163.167383][ T5808] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 163.731768][ T6907] FAULT_INJECTION: forcing a failure. [ 163.731768][ T6907] name fail_futex, interval 1, probability 0, space 0, times 0 [ 163.916265][ T6907] CPU: 0 UID: 0 PID: 6907 Comm: syz.1.203 Not tainted syzkaller #0 PREEMPT(full) [ 163.916286][ T6907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 163.916295][ T6907] Call Trace: [ 163.916300][ T6907] [ 163.916306][ T6907] dump_stack_lvl+0x100/0x190 [ 163.916334][ T6907] should_fail_ex.cold+0x5/0xa [ 163.916353][ T6907] get_futex_key+0xf78/0x1510 [ 163.916379][ T6907] ? __pfx_get_futex_key+0x10/0x10 [ 163.916401][ T6907] ? lock_acquire+0x1b1/0x370 [ 163.916436][ T6907] futex_wake+0xea/0x530 [ 163.916456][ T6907] ? __pfx_futex_wake+0x10/0x10 [ 163.916473][ T6907] ? exit_mm_release+0x19/0x30 [ 163.916499][ T6907] do_futex+0x32b/0x350 [ 163.916514][ T6907] ? __pfx_do_futex+0x10/0x10 [ 163.916527][ T6907] ? __might_fault+0xc5/0x140 [ 163.916554][ T6907] mm_release+0x24a/0x2f0 [ 163.916572][ T6907] do_exit+0x707/0x2af0 [ 163.916596][ T6907] ? __pfx_do_exit+0x10/0x10 [ 163.916616][ T6907] ? do_raw_spin_lock+0x128/0x260 [ 163.916631][ T6907] ? find_held_lock+0x2b/0x80 [ 163.916651][ T6907] ? get_signal+0x7e5/0x2210 [ 163.916669][ T6907] do_group_exit+0xd5/0x2a0 [ 163.916692][ T6907] get_signal+0x20ff/0x2210 [ 163.916713][ T6907] ? __pfx_do_nanosleep+0x10/0x10 [ 163.916732][ T6907] ? __pfx_get_signal+0x10/0x10 [ 163.916750][ T6907] ? hrtimer_nanosleep+0x181/0x350 [ 163.916770][ T6907] arch_do_signal_or_restart+0x91/0x7a0 [ 163.916793][ T6907] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 163.916813][ T6907] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 163.916834][ T6907] ? rcu_is_watching+0x12/0xc0 [ 163.916853][ T6907] exit_to_user_mode_loop+0x98/0x670 [ 163.916875][ T6907] ? rcu_is_watching+0x12/0xc0 [ 163.916893][ T6907] do_syscall_64+0x652/0x840 [ 163.916913][ T6907] ? clear_bhb_loop+0x40/0x90 [ 163.916931][ T6907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.916945][ T6907] RIP: 0033:0x7efecc19ce59 [ 163.916958][ T6907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 163.916972][ T6907] RSP: 002b:00007efecd013028 EFLAGS: 00000246 ORIG_RAX: 0000000000000023 [ 163.916986][ T6907] RAX: fffffffffffffdfc RBX: 00007efecc416090 RCX: 00007efecc19ce59 [ 163.916996][ T6907] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000000 [ 163.917004][ T6907] RBP: 00007efecc232d6f R08: 0000000000000000 R09: 0000000000000000 [ 163.917012][ T6907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.917021][ T6907] R13: 00007efecc416128 R14: 00007efecc416090 R15: 00007fff3341e558 [ 163.917039][ T6907] [ 169.359199][ T29] audit: type=1400 audit(1843104574.600:8): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=7005 comm="syz.0.220" [ 169.485458][ T5808] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 170.886748][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 170.897092][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 174.314547][ T7073] ================================================================== [ 174.314558][ T7073] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 174.314584][ T7073] Write of size 8 at addr ffffc90004ab1000 by task syz.3.234/7073 [ 174.314596][ T7073] [ 174.314603][ T7073] CPU: 0 UID: 0 PID: 7073 Comm: syz.3.234 Not tainted syzkaller #0 PREEMPT(full) [ 174.314620][ T7073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 174.314634][ T7073] Call Trace: [ 174.314640][ T7073] [ 174.314645][ T7073] dump_stack_lvl+0x100/0x190 [ 174.314672][ T7073] print_report+0x13d/0x4b0 [ 174.314693][ T7073] ? _raw_spin_lock_irqsave+0x52/0x60 [ 174.314713][ T7073] ? sys_imageblit+0x19fb/0x1d60 [ 174.314730][ T7073] kasan_report+0xdf/0x1d0 [ 174.314747][ T7073] ? sys_imageblit+0x19fb/0x1d60 [ 174.314766][ T7073] sys_imageblit+0x19fb/0x1d60 [ 174.314786][ T7073] ? __pfx_sys_imageblit+0x10/0x10 [ 174.314805][ T7073] ? prb_read_valid+0x78/0xa0 [ 174.314819][ T7073] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 174.314843][ T7073] soft_cursor+0x524/0xa10 [ 174.314859][ T7073] ? __probestub_notifier_run+0x10/0x10 [ 174.314880][ T7073] ? fb_get_color_depth+0x120/0x250 [ 174.314903][ T7073] bit_cursor+0xca1/0x1490 [ 174.314919][ T7073] ? __pfx_bit_cursor+0x10/0x10 [ 174.314933][ T7073] ? __lock_acquire+0x4a5/0x2630 [ 174.314957][ T7073] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 174.314977][ T7073] ? get_color+0x1da/0x450 [ 174.314997][ T7073] ? __pfx_bit_cursor+0x10/0x10 [ 174.315010][ T7073] fbcon_cursor+0x43c/0x5e0 [ 174.315031][ T7073] ? add_softcursor+0x190/0x290 [ 174.315048][ T7073] set_cursor+0x1db/0x250 [ 174.315063][ T7073] con_write+0x89/0xb0 [ 174.315081][ T7073] do_output_char+0x63b/0x850 [ 174.315102][ T7073] n_tty_write+0x4e8/0x11c0 [ 174.315126][ T7073] ? __pfx_n_tty_write+0x10/0x10 [ 174.315147][ T7073] ? __pfx_woken_wake_function+0x10/0x10 [ 174.315165][ T7073] ? __pfx___might_resched+0x10/0x10 [ 174.315179][ T7073] ? kfree+0x1dd/0x6c0 [ 174.315199][ T7073] ? __pfx_n_tty_write+0x10/0x10 [ 174.315221][ T7073] file_tty_write.isra.0+0x4d2/0x890 [ 174.315241][ T7073] redirected_tty_write+0xd4/0x120 [ 174.315259][ T7073] vfs_write+0x6ac/0x1070 [ 174.315276][ T7073] ? __pfx_redirected_tty_write+0x10/0x10 [ 174.315295][ T7073] ? __pfx_vfs_write+0x10/0x10 [ 174.315309][ T7073] ? find_held_lock+0x2b/0x80 [ 174.315331][ T7073] ksys_write+0x12a/0x250 [ 174.315347][ T7073] ? __pfx_ksys_write+0x10/0x10 [ 174.315363][ T7073] ? rcu_is_watching+0x12/0xc0 [ 174.315380][ T7073] do_syscall_64+0x115/0x840 [ 174.315400][ T7073] ? clear_bhb_loop+0x40/0x90 [ 174.315416][ T7073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.315431][ T7073] RIP: 0033:0x7f551c59ce59 [ 174.315442][ T7073] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 174.315456][ T7073] RSP: 002b:00007f551d477028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 174.315470][ T7073] RAX: ffffffffffffffda RBX: 00007f551c816180 RCX: 00007f551c59ce59 [ 174.315480][ T7073] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000006 [ 174.315489][ T7073] RBP: 00007f551c632d6f R08: 0000000000000000 R09: 0000000000000000 [ 174.315497][ T7073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.315506][ T7073] R13: 00007f551c816218 R14: 00007f551c816180 R15: 00007ffc11320a78 [ 174.315520][ T7073] [ 174.315525][ T7073] [ 174.315528][ T7073] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc900047b1000 allocated at drm_gem_shmem_vmap_locked+0x553/0x860 [ 174.315560][ T7073] Memory state around the buggy address: [ 174.315567][ T7073] ffffc90004ab0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 174.315577][ T7073] ffffc90004ab0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 174.315587][ T7073] >ffffc90004ab1000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 174.315594][ T7073] ^ [ 174.315601][ T7073] ffffc90004ab1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 174.315611][ T7073] ffffc90004ab1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 174.315633][ T7073] ================================================================== [ 174.357525][ T7073] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 174.357542][ T7073] CPU: 0 UID: 0 PID: 7073 Comm: syz.3.234 Not tainted syzkaller #0 PREEMPT(full) [ 174.357560][ T7073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 174.357569][ T7073] Call Trace: [ 174.357574][ T7073] [ 174.357580][ T7073] dump_stack_lvl+0x100/0x190 [ 174.357630][ T7073] vpanic+0x552/0x970 [ 174.357644][ T7073] ? __pfx_vpanic+0x10/0x10 [ 174.357658][ T7073] ? mark_held_locks+0x40/0x70 [ 174.357683][ T7073] ? sys_imageblit+0x19fb/0x1d60 [ 174.357701][ T7073] panic+0xd1/0xe0 [ 174.357714][ T7073] ? __pfx_panic+0x10/0x10 [ 174.357728][ T7073] ? sys_imageblit+0x19fb/0x1d60 [ 174.357745][ T7073] ? preempt_schedule_common+0x42/0xc0 [ 174.357766][ T7073] ? check_panic_on_warn+0x1f/0x90 [ 174.357789][ T7073] check_panic_on_warn.cold+0x19/0x34 [ 174.357805][ T7073] end_report.part.0+0x3a/0x90 [ 174.357826][ T7073] kasan_report.cold+0xe/0x18 [ 174.357846][ T7073] ? sys_imageblit+0x19fb/0x1d60 [ 174.357866][ T7073] sys_imageblit+0x19fb/0x1d60 [ 174.357886][ T7073] ? __pfx_sys_imageblit+0x10/0x10 [ 174.357904][ T7073] ? prb_read_valid+0x78/0xa0 [ 174.357919][ T7073] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 174.357943][ T7073] soft_cursor+0x524/0xa10 [ 174.357959][ T7073] ? __probestub_notifier_run+0x10/0x10 [ 174.357981][ T7073] ? fb_get_color_depth+0x120/0x250 [ 174.358003][ T7073] bit_cursor+0xca1/0x1490 [ 174.358020][ T7073] ? __pfx_bit_cursor+0x10/0x10 [ 174.358034][ T7073] ? __lock_acquire+0x4a5/0x2630 [ 174.358057][ T7073] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 174.358078][ T7073] ? get_color+0x1da/0x450 [ 174.358098][ T7073] ? __pfx_bit_cursor+0x10/0x10 [ 174.358111][ T7073] fbcon_cursor+0x43c/0x5e0 [ 174.358132][ T7073] ? add_softcursor+0x190/0x290 [ 174.358149][ T7073] set_cursor+0x1db/0x250 [ 174.358164][ T7073] con_write+0x89/0xb0 [ 174.358182][ T7073] do_output_char+0x63b/0x850 [ 174.358203][ T7073] n_tty_write+0x4e8/0x11c0 [ 174.358228][ T7073] ? __pfx_n_tty_write+0x10/0x10 [ 174.358249][ T7073] ? __pfx_woken_wake_function+0x10/0x10 [ 174.358267][ T7073] ? __pfx___might_resched+0x10/0x10 [ 174.358282][ T7073] ? kfree+0x1dd/0x6c0 [ 174.358301][ T7073] ? __pfx_n_tty_write+0x10/0x10 [ 174.358323][ T7073] file_tty_write.isra.0+0x4d2/0x890 [ 174.358343][ T7073] redirected_tty_write+0xd4/0x120 [ 174.358362][ T7073] vfs_write+0x6ac/0x1070 [ 174.358379][ T7073] ? __pfx_redirected_tty_write+0x10/0x10 [ 174.358398][ T7073] ? __pfx_vfs_write+0x10/0x10 [ 174.358413][ T7073] ? find_held_lock+0x2b/0x80 [ 174.358435][ T7073] ksys_write+0x12a/0x250 [ 174.358451][ T7073] ? __pfx_ksys_write+0x10/0x10 [ 174.358467][ T7073] ? rcu_is_watching+0x12/0xc0 [ 174.358484][ T7073] do_syscall_64+0x115/0x840 [ 174.358504][ T7073] ? clear_bhb_loop+0x40/0x90 [ 174.358520][ T7073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.358535][ T7073] RIP: 0033:0x7f551c59ce59 [ 174.358547][ T7073] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 174.358561][ T7073] RSP: 002b:00007f551d477028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 174.358576][ T7073] RAX: ffffffffffffffda RBX: 00007f551c816180 RCX: 00007f551c59ce59 [ 174.358592][ T7073] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000006 [ 174.358601][ T7073] RBP: 00007f551c632d6f R08: 0000000000000000 R09: 0000000000000000 [ 174.358610][ T7073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.358619][ T7073] R13: 00007f551c816218 R14: 00007f551c816180 R15: 00007ffc11320a78 [ 174.358632][ T7073] [ 174.358697][ T7073] Kernel Offset: disabled