last executing test programs: 1m45.380723229s ago: executing program 2 (id=369): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/sit0/ifindex\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) mmap$auto(0x0, 0x6, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop6\x00', 0x580, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0xffffffffffffffff, 0x4b45, 0xffffffffffffffff) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000026d00)='/dev/dri/card0\x00', 0x2000, 0x0) ioctl$auto(r1, 0x64c9, r1) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) eventfd$auto(0x0) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r3, 0x4020ae76, r4) socket(0x18, 0x2, 0x0) fanotify_init$auto(0x65, 0x0) vmsplice$auto(0x4, 0x0, 0x3, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x202, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x2) rseq$auto(0x0, 0x8000, 0x0, 0x6) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/event0\x00', 0x101, 0x0) 1m44.528210121s ago: executing program 2 (id=373): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/inject\x00', 0x40, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) pread64$auto(r0, 0x0, 0x200, 0x80) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, 0x0) openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/fail_usercopy/verbose_ratelimit_burst\x00', 0x400, 0x0) r1 = openat$auto_hwsim_fops_group_(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ieee80211/phy8/hwsim/group\x00', 0x8200, 0x0) bpf$auto_BPF_TOKEN_CREATE(0x24, &(0x7f0000000180)=@raw_tracepoint={0x81, r1, 0x0, 0x2d8}, 0x9) unshare$auto(0x3) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$auto_XFS_IOC_SWAPEXT(0xffffffffffffffff, 0xc0c0586d, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000580)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9\xe8\xb2\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6E*\xc9\xdd.q\xdbAX\xf6\xfaD\xcdz\xbc~\xf30LE\xb5\x18Wf\xd3\x9b\\\x1c\xbb^\xfb9\xe5\x1b:\xa4\xdd\x81\x91\\\xbc\x1fUl\xfa)\xbf\x9dPV\xae\xa9\x9c)\x01|\xfe\xd0!Rx\a\xc4\xb1$\x8eE\xc2j\x83sLS\xa8H\xf6\xf2,R\x90:\x8fx\xab\x90\xfe$h\x80!\xe2\nY#\xee\x1b}O=\x8bn\xd7zZ\x18\xa7\x9e~\x94k\x8e\xdba\xf2\xc3G\x8egR3\x1d\x01J\x87\x14(}\f\xb1}%N|z,\xbe\x1fB\xd3\xeb\xec\x83X\x8f\x97\x95\xfd\xed\xe6wt\x1d\xb3\xa8\xfb)L~}\x9f\xbf\xd0\xc9\x9d\x82-C\xc3Ez@\x8c\xbf\xa2 \x88\\\r6M\x83', 0x4, 0x0) r2 = socket(0x2, 0x1, 0x0) prctl$auto(0x401, 0x10010000000001, 0x4, 0x4, 0x6) chroot$auto(&(0x7f0000000080)='}[,&*}\x00') ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) shutdown$auto(r2, 0x2) 1m43.991254599s ago: executing program 2 (id=375): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) bind$auto(0x3, 0x0, 0x6a) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) socket(0x2, 0x801, 0x106) r0 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0xc058565d, r0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/firmware/acpi/hotplug/processor/enabled\x00', 0x2062, 0x0) r2 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x10a) mkdirat$auto(r2, &(0x7f0000000080)='./cgroup\x00', 0x9) write$auto_uhid_fops_uhid(r2, &(0x7f0000000000)="4829e952decd8150c0dee8e0d56a8db05c61c9b5d0bb7c11e355990fdd907b95163fb4c6c14b4544b29ca1b08e30f39d10b1d87322ac049452d914c521b8489047d46d4529c2850fc963f0680e5f792bbc69589d900aa6debe485bbf9f343dfae7d81c4efa74fe529e5ffa68b69be3c4e56a659c60b373a367346a1c58b023906be6def5eea0bd4c98d0eb71252c5c9e0cb311bd54b8c744b5d587f23d46e2c1a99c22fd7b7a5bb74fbf085348521a1dfcb00bd2f770244287616ea00f3f316aa09710fbec20ce761579ae62d29e93d1de005afff6", 0xd5) write$auto(r1, &(0x7f00000001c0)='1\xc7\xcd\vy\x00x\xe2\xf2\x9e\xa0\x04|', 0x8) r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000100), r2) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000240), r2) r5 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x40901, 0x0) write$auto(r5, &(0x7f0000000040)='/sys/kernel/debug/drS/vkms/Wri1/edid_override\x00', 0x20004) sendmsg$auto_NL802154_CMD_STOP_BEACONS(r2, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000740)={&(0x7f0000000580)={0x1a4, r4, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_LEVEL={0x175, 0x2d, 0x0, 0x1, [@generic="d8c99453541bae05a8347be43ee8e2ffdd2689dda466ce952fd3ed5939c7cedc61fc4965bc5af73d2fc756ac870c1d0ddc54bbfbbf6cbfb11117a1ba143d07100cc20ad655295670dbe487cc3502a97daab33005b2f21a32c90cf35f8a630684b05ef25804dd7107f409cbd366f4043ceac2b26e9736ced8e7fd6144a1d9bc7ce3de0a3116c6ec8e186f776a30f0437ae0edef0403fbcffa95aa2b3a98704fd1eb", @nested={0xc6, 0x74, 0x0, 0x1, [@generic="56695f2b6758db6d6f3e7cd546684da0531aee699d74af18dcd66b462d84545a70dab32d3718e18562be2d0ad9be90a3400e906713cc2be6c37b89dbef2df48e1ac8a164c9c9c8490f714ca18dbce3931f5846309874bf514db0d945872c1a693bd9d7a3a173793dd27d0c5128c739946d99188f41d793a2034d8df54225cb039994a8f9d6f43d8c763deba0de9f28ee779e", @nested={0x4, 0x64}, @typed={0x8, 0x127, 0x0, 0x0, @ipv4=@private=0xa010102}, @nested={0x4, 0xac}, @typed={0x14, 0x5f, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @nested={0x4, 0x7}, @typed={0x8, 0xc6, 0x0, 0x0, @u32=0xa5}]}, @typed={0x8, 0xa1, 0x0, 0x0, @fd=r1}]}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0xff}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x6}, @NL802154_ATTR_SEC_ENABLED={0x5, 0x29, 0x1}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x8000}, 0x5) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r2, &(0x7f0000000180)={0xfffffffffffffffe, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x288, r3, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0xfb, 0x1, 0x0, 0x1, [@generic="cf0d33abb770ff4d56846abbcf356c9889861d8862fe5c33c24832ebc330e764d0f23772ee68e32de7d31a73d96c770a9590a1772f1a123d062d9c5a15f106e1cb7af8a172151e4d59c79ef1b0a39e466327f7fee760c2841ca3667d8182701ce6", @generic="be589126cba99a8f557f62e5791ba6523cea9aee2834ab02751fe31144981ddaf44209f3944ab4c579b0a895be646384dd508d8a9334f1ef27d920fd8f2b3301ae1c9591053ebaade7b85c9288c40c504fbd9bc2e73ff2c1e47c3f5e2e89839d396eaebdf90e28fdf9583c5ce5fe0d29aa0b77671a2160c97870e6c3b1d60d3a046cbb97746109da0433255e03e5f52df7bfade7e33a"]}, @IPVS_CMD_ATTR_DEST={0x168, 0x2, 0x0, 0x1, [@nested={0x164, 0x95, 0x0, 0x1, [@generic="c6094c587e3de70a983aaab0ff193a09002a47569e60dd93b20f8f208038d97bab45723d2308db05d2319f1e63c371ada31d31e00f0dbfecf64bc66effe70849d27cae6151932a1ae761d18348f49682b1f1d07d25ee074110d7d452ed73e07d6d1c4d3cfe81ff3b9387744ed4263d0a5e6151a1c4a69815bc56e06ddd37fed90d1f24212377641dace2fbac8a993b69b7f9ee3c35b75e2154cc923ccab846fd8c8e80317fffbcd887f2a0e25a9078de5a09a75bb7af30e7bf7407eaa15fa752a58e2297efe3c663f49ff6e9913f28dfec1dec991588f5b5e97e4fd7681574cd331d1d31372b7886", @generic="4a4f7c41118406557f8eddaec3ed49754adacbe49445d9307db5fe4897c93bcfecb921ddb4f8c1f66c27f45260b8fb0d4944d1f73b6400203058f5c52cef9781524d5065bd319bb288f97c4e74e2fdcffbfbcf2addb95bd257391dce7143bbc2a2d0073efaaf767c57c321a15dc69ed2d1d19e78013e8127"]}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffff2c3d}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe}]}, 0x288}, 0x1, 0x0, 0x0, 0x894}, 0x40) 1m43.480206961s ago: executing program 2 (id=376): openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0) r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x2c4c0, 0x0) read$auto_mISDN_fops_timerdev(r0, 0x0, 0x0) r1 = socket(0x5, 0x1, 0x0) mknod$auto(&(0x7f0000001040)=':,\x00', 0xca, 0xfffffffa) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000100), 0x428800, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) madvise$auto(0x0, 0x7fff, 0x22d) mmap$auto(0xffffffffffffffff, 0x20007, 0x401, 0xeb1, r1, 0x5) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0x1d, 0x1, 0x7fff) r3 = prctl$auto(0x6, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000200)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r4, &(0x7f0000000080)={&(0x7f00000002c0)="a4ec241a4abba7b37dcd5af18218b0feb7420e68b82c4212480006", 0xfff}, 0x1) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(0xffffffffffffffff, 0x0, 0x30004850) ioctl$auto_SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000440)="ac8e24194411c0449a7ab5dab8fdf2171d9bab7e6a570db2ae738a93b0515bad327b17446762213656c675951b03a5e9e735e1f6e103b9a726966e0465808833c45e3637a584cd345ef176e9be6180251b5c010c6f4830052787724e2a258033ef643f3f63fb4e3b5fa45b44cafa5efe3305f5329a9d843905058931538b1783c057974cd850d0daac114dc0") msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x4, 0x2020009, 0x2, 0xeb1, 0xffffffffffffffff, 0x8000) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff034}}) write$auto(r5, 0x0, 0x6) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty12\x00', 0x0, 0x0) ioctl$auto(r6, 0x4b47, 0x1) mmap$auto(0x4, 0x4, 0x380, 0xeb1, r2, 0x80008000) mmap$auto(0x0, 0x404008, 0xdf, 0x18, 0x2, 0x8000) 1m42.704924453s ago: executing program 2 (id=380): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = socket(0xa, 0x3, 0x3a) getsockopt$auto(r0, 0x3a, 0xbe2, 0x0, 0x0) (async) getsockopt$auto(r0, 0x3a, 0xbe2, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) fsetxattr$auto(0xffffffffffffffff, 0x0, 0x0, 0x2ee, 0x1a) sysfs$auto(0x2, 0x100001000000032, 0x0) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x80002, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3, 0x5) (async) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3, 0x5) fsopen$auto(0x0, 0x1) (async) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0) 1m41.469331505s ago: executing program 2 (id=384): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r0, 0x0, 0x800000006) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000100)="000004") timerfd_gettime$auto(0xffffffffffffffff, 0x0) io_uring_setup$auto(0xe0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0) r1 = socket(0xa, 0x3, 0x3a) semctl$auto_IPC_INFO(0x1000, 0x9, 0x3, 0xb) ioctl$auto(r1, 0x8916, 0x1) 1m26.288467366s ago: executing program 32 (id=384): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r0, 0x0, 0x800000006) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000100)="000004") timerfd_gettime$auto(0xffffffffffffffff, 0x0) io_uring_setup$auto(0xe0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0) r1 = socket(0xa, 0x3, 0x3a) semctl$auto_IPC_INFO(0x1000, 0x9, 0x3, 0xb) ioctl$auto(r1, 0x8916, 0x1) 18.005629588s ago: executing program 0 (id=628): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x46, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b65, 0x1) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) clone$auto(0x5, 0x2, 0x0, 0x0, 0x2) r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto_mISDN_fops_timerdev(r1, 0x0, 0x0) ioctl$auto_IMADDTIMER(r1, 0x80044940, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) bpf$auto(0x0, 0x0, 0xa3) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0x3, 0x0, 0x3}, 0x4) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x9, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r3, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0xa8, r4, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3}, @NL80211_ATTR_MESH_PEER_AID={0x6}, @NL80211_ATTR_FILS_NONCES={0x79, 0xf3, "fb1b2141037234df9ecd948513a02fe80b1f019d006c37ea4f17dd4af7b9b7fd4e6b15eb67f736ae1f9ed9f05315b5e41bcc8551462e50a28754cce452dd0acd070bb3fdfb602e824f994d9155600f8f32e8508de8a6b23a1312bbc29dd9b41204d5e9bd6d33b90af12f88de3ec14b2c7321c27a19"}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x9}]}, 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) fsopen$auto(0x0, 0x1) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) 15.842723468s ago: executing program 0 (id=634): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) read$auto_fops_x64_ro_(0xffffffffffffffff, 0x0, 0x0) signalfd$auto(r1, 0x0, 0xb071) unshare$auto(0x0) madvise$auto(0x0, 0x200007, 0x19) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x42000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000300)={{@raw=0x6, 0x0, 0x8001, 0x2, "da14cf93e7670976d4df4660872c34e34ab92824711bacf3578dcec408cf5180d03a4d126edb3169db6d48ac"}, 0x1, @iec958={"28f6a86309b1e098a7dfa272f95c4c28615313f81f02a4eb", "77a2e9b1b0224a8ef0ac25ff0db0b6ec20c55cccbf4e9b253241777363b62fbe19f64f49f5ed0205399a691cb53e4086d6ec9dcbc5173fee439c2db7f3d5f2d4dd2a267a11e3c0cc771cdddef6bdb02a85cf5ea2ecc26fa3fe291d1e45404619547117c0d45a0de14bc3b9c22d705152efa9d2cfb220c6210dd7606723fb4d6d8ea3e197b19203c65d90e3c761870cbd392bea", 0x0, "e8134be5"}, "a8949c7d9c57acd66da4c5f111166031ad47ebfed172b36a28d7b0204e3a90e9a6c41064df45da18212d9c4e61a29b8146bd0c0284d89751eb5c58cb32c2abf739599063c9a0820f08f1c1b3645f00006dcd033a712822785eeb6a2c41b6d7c00f5e965c1d0000000000000000000000000400"}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) fsopen$auto(0x0, 0x1) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) r5 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/loginuid\x00', 0x1a9602, 0x0) read$auto(r5, &(0x7f0000000100)='/proc/self/loginuid\x00', 0x7fffffff) sendfile$auto(0x3, r4, 0x0, 0x400000000006) shutdown$auto(r0, 0x2) 14.305349128s ago: executing program 0 (id=635): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x233, 0x2, 0x0, 0x9, 0x10001ff) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = setfsgid$auto(0x0) setresgid$auto(r1, 0x0, r1) msgctl$auto_IPC_SET(0x13, 0x1, &(0x7f0000000080)={{0x2, 0x0, r1, 0x5, 0x25, 0x6, 0x10}, &(0x7f0000000000)=0x8, &(0x7f0000000040)=0x2, 0x1, 0xffffffffffffffff, 0x6, 0xa2e, 0xc8, 0x3, 0xd308, 0x0, @raw, @inferred=0x0}) msgctl$auto_IPC_INFO(0x4, 0x3, &(0x7f0000000200)={{0x8, 0xee00, r2, 0x8, 0x6, 0x7ff, 0x8}, &(0x7f0000000180)=0x60, &(0x7f00000001c0)=0xff, 0x80000000, 0x100, 0xf, 0x200, 0x1af1, 0x400, 0xf8db, 0x9, @inferred=r3, @raw=0x9}) keyctl$auto(0x1e, r4, 0x6, r1, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x29, 0xc08, 0x5) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048084) statmount$auto(0x0, 0x0, 0x1fe, 0x408) r5 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x181c01, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x8e40, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r6, 0xc0045005, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000001440), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_GET(r7, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000008df744bea927086a529b63a812d42efe7f64bf4bae4116c281bc97cb67d96ec8d34172afc160dd14ec55b04d63a22999e3869970d1", @ANYRES16=r8, @ANYBLOB="83d72dbd7000fbdbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x4040) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000dc0), r9) sendmsg$auto_IPVS_CMD_GET_DEST(r9, &(0x7f0000003a40)={0x0, 0x0, &(0x7f0000003a00)={&(0x7f0000000e80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="ffa727bd7000fcdbdf25082000000500028081000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4040011}, 0x40010) ioctl$auto_FIOQSIZE(r9, 0x5460, 0x1) setsockopt$auto(r9, 0x7, 0x6, &(0x7f0000000000)='IPVS\x00', 0x7fffffff) socket(0x1d, 0x1, 0x7fff) 9.865006912s ago: executing program 0 (id=646): socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) modify_ldt$auto(0x1, 0x0, 0x10) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x2008, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) statmount$auto(&(0x7f0000000000)={0x7e, @raw=0x400, 0x80000024, 0x7fff, 0x4}, 0x0, 0x7ffffffff001, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0xa, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, 0x0, 0x0, 0x5) futex$auto(&(0x7f0000000080)=0x3, 0x3, 0x1f, 0x0, &(0x7f0000000100)=0x4, 0x440a48d3) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x8004) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/block/nbd12/queue/write_cache\x00', 0x80002, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000080)={0x67, 0x0, 0x7fff, 0x5, 0x80000000003, 0xfffbffffffffff80, 0x80000001, 0xff, 0x6, 0x7, 0xfbfffffe, 0x5, 0x0, 0x7, 0x80000005}) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x46c0c0, 0x0) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000540)={"ef13a5421a8765cadfca437c4d1316833843180bb151ed36e8ce6cb454168d6c", 0x3ff, 0xc9, 0x1000, 0xd, 0x9}) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x22, 0x0, 0x28) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 8.38040036s ago: executing program 1 (id=648): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0) ioctl$auto(0x3, 0x80004508, 0x10000000000402) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x3) io_uring_setup$auto(0x6, 0x0) setresgid$auto(0x0, 0x6, 0x0) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b5b", 0xfdef) 8.170006754s ago: executing program 4 (id=649): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x100000000008000) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1b0026bd7000fddbdf2503000000040008001400038010000c800c00038008000600", @ANYRES32=r1, @ANYBLOB="1200010089"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a00000808000300000000000800010000000000080002"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c51d50e", @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) r2 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000140), r0) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000000)={0x18, 0x0, 0x1, 0x70bd37, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40010}, 0x80000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = socket(0x11, 0x3, 0x9) r5 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r6 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r3, @ANYRES8=r4, @ANYRES8=r6], 0x18}, 0x1, 0x0, 0x0, 0x60008044}, 0x20008000) write$auto(r5, &(0x7f0000000000)='-\x00', 0xfdef) sendmsg$auto_KSMBD_EVENT_RPC_RESPONSE(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000014}, 0x24048001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x7}, 0xa}, 0x3, 0x0) 7.739120791s ago: executing program 4 (id=650): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0x7f, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/vmallocinfo\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa) r1 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6a) write$auto(r1, &(0x7f0000000000)='/dev/loop6\x00', 0x6) write$auto_fops_init_pkru_pkeys(0xffffffffffffffff, &(0x7f0000000280), 0x0) seccomp$auto(0x1, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_prog_fd=r2, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400200, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000300)='./file0\x00', 0x200000, 0x83) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r4) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db00ab29dc931f0e02b7745be74fb8e8255f614f85f94bc5ef8facda4b1cb3e135ef23203752a9a06f5adc02fe10fd6059eb5ec860fbb39453d7ba92bd5a73e0e45ce2d585cccf203901d41ed36536bffcadc5fa27dbe72d209b4c922ee03aba35fb65731b21d405c9def0", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x40, 0x0) ioctl$auto_SOUND_PCM_READ_CHANNELS(r6, 0x80045006, &(0x7f0000000040)) sendmsg$auto_NL80211_CMD_ADD_TX_TS(r4, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000000400)=ANY=[], 0xc0}, 0x1, 0x0, 0x0, 0x4891}, 0x10) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DUMP_SCHEMAS(r4, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x821000}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)={0x14, r7, 0x0, 0x70bd2b, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) preadv2$auto(r3, &(0x7f0000000040)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) 7.500448063s ago: executing program 3 (id=651): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0x7f, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/vmallocinfo\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, 0x0, 0x0) r1 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) write$auto(r1, &(0x7f0000000000)='/dev/loop6\x00', 0x6) write$auto_fops_init_pkru_pkeys(0xffffffffffffffff, &(0x7f0000000280), 0x0) seccomp$auto(0x1, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_prog_fd=r2, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400200, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000300)='./file0\x00', 0x200000, 0x83) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r4) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db00ab29dc931f0e02b7745be74fb8e8255f614f85f94bc5ef8facda4b1cb3e135ef23203752a9a06f5adc02fe10fd6059eb5ec860fbb39453d7ba92bd5a73e0e45ce2d585cccf203901d41ed36536bffcadc5fa27dbe72d209b4c922ee03aba35fb65731b21d405c9def0", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x40, 0x0) ioctl$auto_SOUND_PCM_READ_CHANNELS(r6, 0x80045006, &(0x7f0000000040)) sendmsg$auto_NL80211_CMD_ADD_TX_TS(r4, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000000400)=ANY=[], 0xc0}, 0x1, 0x0, 0x0, 0x4891}, 0x10) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DUMP_SCHEMAS(r4, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x821000}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)={0x14, r7, 0x0, 0x70bd2b, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) preadv2$auto(r3, &(0x7f0000000040)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) 7.236931105s ago: executing program 1 (id=652): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) read$auto_fops_x64_ro_(0xffffffffffffffff, 0x0, 0x0) signalfd$auto(r1, 0x0, 0xb071) unshare$auto(0x0) madvise$auto(0x0, 0x200007, 0x19) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x42000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000300)={{@raw=0x6, 0x0, 0x8001, 0x2, "da14cf93e7670976d4df4660872c34e34ab92824711bacf3578dcec408cf5180d03a4d126edb3169db6d48ac"}, 0x1, @iec958={"28f6a86309b1e098a7dfa272f95c4c28615313f81f02a4eb", "77a2e9b1b0224a8ef0ac25ff0db0b6ec20c55cccbf4e9b253241777363b62fbe19f64f49f5ed0205399a691cb53e4086d6ec9dcbc5173fee439c2db7f3d5f2d4dd2a267a11e3c0cc771cdddef6bdb02a85cf5ea2ecc26fa3fe291d1e45404619547117c0d45a0de14bc3b9c22d705152efa9d2cfb220c6210dd7606723fb4d6d8ea3e197b19203c65d90e3c761870cbd392bea", 0x0, "e8134be5"}, "a8949c7d9c57acd66da4c5f111166031ad47ebfed172b36a28d7b0204e3a90e9a6c41064df45da18212d9c4e61a29b8146bd0c0284d89751eb5c58cb32c2abf739599063c9a0820f08f1c1b3645f00006dcd033a712822785eeb6a2c41b6d7c00f5e965c1d0000000000000000000000000400"}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) fsopen$auto(0x0, 0x1) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) r5 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/loginuid\x00', 0x1a9602, 0x0) read$auto(r5, &(0x7f0000000100)='/proc/self/loginuid\x00', 0x7fffffff) sendfile$auto(0x3, r4, 0x0, 0x400000000006) shutdown$auto(r0, 0x2) 6.640589868s ago: executing program 1 (id=653): prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x10, 0x2, 0xc) socket(0x2000000000000021, 0x2, 0x10000000000002) io_uring_setup$auto(0x6, 0x0) ioctl$auto_FS_IOC_UNRESVSP(r0, 0x40305829, 0x1) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd700001dcdf2503000000040006000c00018008001000040005"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) madvise$auto(0x8000, 0x87fff, 0xc) gettimeofday$auto(&(0x7f0000000000)={0x2, 0x7ff}, &(0x7f0000000040)={0xffff, 0x40}) 6.453580367s ago: executing program 3 (id=654): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0xfffffffe, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/cmdline\x00', 0x1, 0x0) 5.681398137s ago: executing program 3 (id=655): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002780)={0x40, r1, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_KEY={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "89803500"}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x5, 0x17, 0x0, 0x1, [@generic="1f"]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) mmap$auto(0x48, 0x1, 0x5b, 0x3da, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) fsetxattr$auto(0xffffffffffffffff, 0x0, 0x0, 0x2ee, 0x1a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) shmctl$auto_SHM_INFO(0x5, 0xe, &(0x7f00000001c0)={{0x8000, 0xee01, 0x0, 0xffff, 0x8, 0x9, 0x9}, 0x48000000, 0x0, 0x10, 0x7, @inferred=0xffffffffffffffff, @inferred, 0x18, 0x0, &(0x7f0000000100)="434e8547e72910d0a764dee7fed9f2259f59434f95452385022e31c7eaefbeee929a1ae78d317655dafb7b9dee4f5d629d516a60a0a2be977f40ff043d9b3e22d487bf2305da6c1f5f4f", &(0x7f0000000180)="88a372964eeabc3fb638c6487ce09e6feb7689465dbadf51690dab0aedb94d7064c31f4f1b67f3bb7792a2b52a"}) r5 = getuid() sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={0x174, r3, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x14, 0x3, 0x0, 0x1, [@nested={0x10, 0xb, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x108, 0x0, 0x0, @ipv4=@private=0xa010102}]}]}]}, @OVS_PACKET_ATTR_ACTIONS={0x142, 0x3, 0x0, 0x1, [@typed={0x8, 0x14f, 0x0, 0x0, @u32=0x800}, @typed={0x8, 0x14d, 0x0, 0x0, @uid=r4}, @generic="1adfa5806d6a0a8cae03a9d5dc375e1f5567ff3ca5eb992394030730ab67488bcd95a699eb", @generic="41be8b35bf5d6ce0f9ff9dbc5d031086fdbe0e2edf651d8e894867b16b1af731b56435dccfa865e32f318caf49be5f189b876c62c22863c73e7d40c7de46e6eda44092c2afb22e1b467077a044e5ee9a3ab00c051149f2523ffbf28ef1dced231646e4413a09a6534d3d79202232a251fa1e91711d6be8877af7a6c26716e66b6d00916dc99ed248d60ab2485a7f3c7119564ed41ae4167496f44d316ba9feca81a6c3d8ee681feccd7e26fa811abfeb06fe67ac7beaa2dadca6dc43466a075ac68544e5a4fa58d1fa1a796dc5cb3627fded845dcd7c7881bbc4e21286c94320472da95e8a75fd8e8116e827939d5953776febb6f0", @typed={0x8, 0x68, 0x0, 0x0, @uid=r5}, @nested={0xc, 0xfd, 0x0, 0x1, [@typed={0x8, 0x6a, 0x0, 0x0, @fd=r2}]}]}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x174}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, 0x0, 0x0, 0x5) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_VENDOR(r6, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000001700)={0x14, r7, 0x705, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x80) r8 = epoll_create$auto(0x4) ioctl$auto(0x3, 0xffffffff40088a01, r8) futex$auto(&(0x7f0000000080)=0x7, 0x3, 0x1f, 0x0, &(0x7f00000000c0)=0x3, 0x440a48d3) 5.432068311s ago: executing program 4 (id=656): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) r1 = fcntl$auto(r0, 0x402, 0xffffffffffffffff) (async) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r2, 0x402, 0x2) close_range$auto(0x2, 0x8, 0x0) (async) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r3, 0xc10c5541, 0xffffffffffffffff) (async) ioctl$auto_BTRFS_IOC_SNAP_CREATE(r1, 0x50009401, &(0x7f0000000000)={@inferred=r3, "ee45322fa5cbf0e1d58191cc3870581608d0fcda74d7fff1743bbdb6a717593f4db0b9b45a9bebeefbdfe9e423265aa172b2820bf4204db5643faac9442eeb4d8786176b21ddc25bfa038e732646aebffc9a179ba962ab74fbab05e30682bb5313a1b77ed5b84e69e8462bc5bd9456218fa355e72573d5a5083d244aa0258bf1fe0036abfbad66dc310c6bd94a61ba2d8a006a6b7baef53f817e7b9bbce387c279734e37c53cf981e7e6c597b7ace2da26142d351ab44711cd40e05efe6f3d41eb01f866d4cb5b9ca67639f5deec039d8344698400daca91bbd20b8798a03968c78bc569f3f33233ff3b1f6071c546f10e180f9a96b03f9754c64c5fcf02b853141e444d8b3a09d0b4a2c9f5ce44a7088e30cc47971fb15f11fdb71d56b3afd7bcc7360f80743eae16f28094a3c8f80a58b3b1eab307e0265cdf8243d78cec07ebaffd5d32f57eaa999ad449c050a642529692a5f012df67c3ce049b8c6dfc750a2e0ff41cde11052368e66dd840c48b1fb412e2a9f7b07863418e68d325c683935512cbc497dcb188586530dba85b9ee3d9c4b2b8950caacb1817bfc308e3b71e09679fafee8879c3cd3332291eae501d974cdd4f363c5378ab70b563fced6eb4b1a9e3c2fcffc510fc4c1c745a93586b716800cfe93edbe6c27c86f616e8aefd7fd10e528d705abc1d7478e9ad9527bef6e31777ae7472fd303fabba03bccefdd06f2c6b3d672e1018b7da84cf0a666cef1eb545896bc9bdb060faa469836d9cdf861c7ef73ef60b7d610e80c372c5851e7be695aae87a042c4542c524b8038e8a8438f091fe8b63db95895633d86193e76601f6c7e48b26ba09e427d8b9958884c63871e0f3b4e9549a3c0ce5840545070983cc1bcf8541e11f8e843280113cd8696d7d95e6ab584d25b18f2dc63936156006eb124d40f13222aa5ec7f6e324fb44e6907af107ad5a8b3e0571c7df5135a510025b638425c8b03ab4e472c2f1d51522969da0249aa3702d49b91d7c110a99ce5697a207023547ed41004c9259a21c63ad36c570e7529bc6e8b14473af67ea4dbc47ccf2d937b8315c706f0f9b0d2da954702f5c59c2c7f7579ddee3e32b058ae0b34f356ff076b54ac111f6676455f281a026123ff6a63ee6a70706b1056386f64888fac81604faafb92c3a514b886fdac8dde7b6238cb7070b15c71c9e251be830295351af3a658c0e87ec7fd735f23c0098992defafd828cee148c554cb5d57233f05b2a172f1efbbbc40cd7c168af80acae677c175c3567c3cd8c4edc31c745dbb438ada90fc3e7b35b2e8337392fb69bce6dbc57ce3fa04094879b7a034f86fe2b4d5b1f617ac02e7d20e612ac2ef136086ec0c36897a7870927604b7bf1947160365280c44530f3db1d123d55e6533492a60676523969d9e306b1d54d4f8bae19188ff115ececb68627c16079a3c45c090bf0c6ae14f0ac18da6e7ea7cdf90c4a707c9772bf3440b92958c0ec786df785f31bc0deb10dd1a7d67cf6525dbbf7b0cd4bb7d9c55ce5504868213b51467a345173d8feea745e1ea303463ff1d4f3bda18f6ce47bac3da13978bca90594f5e396c098abf359775f3db9e8c7a7ba7c955498eea5342ab3b7e274c71495496194b8213b0f2b56280415f4863ac35e085ce12bd043ae70e80ca634925b4ae73e91f1e2064e63016ddc8994e35695ae0f5e3a1e4a9a4bbb39a91cc40ef1215ec24cb0970ed02fd30082cd918e5f6ddbe99a2670c9ababbfb8aac6ae071345500f26e508bd99b721a4873c73129c171b2733a5d8211c3ea8c80c32bb004e54feac18fec133d17cf95abba9821270af59fc9e65970461ec6c2cdb362bc09811a7fb45e4b78f7c1e411c11c9c2e5b655f28e77a9579a94feb5d70731f8333125ca130635e6f82654e9941056c71d0d0fde15a7c7ccf6eeb5e17547cf75edeb7704cab949ce0ed25e499a7bd3e9c15ab43a884cd2ae2bfd481478ddd5831900e1aa2b9094befcdd0fb49b2ed838ad36791dd90e261870e5fabe19cd28de7b73d7413c83bf19f740b46fdd59c6988650de4d7c63acf5986f1f5b7025da0ce407169f27922d250bdd2739dfb5fe6979d473554f1d76c7b61ddbeb971d5a9efa2dd00a8a51063ddcff137f8d34e992efce69210437d49e1881717a7cc31a73ac4252b2d994e00da650cc8f4d4f97acce4fd55319e9641e32bea1ab668ba1cc2e3161d5626b6f28ffac197365444b7197c23c830831a8757bc4ad121c2923f728dc198a95347e1fa9c3fec8a8ddc9174582ccd3d32b86370cd5031b6fbbe1c730b0c16be711a88e6b1bef61fa4fb63e2dabe4735f4b25e140be06aef2b3c4a4d649c8bbb08b68a38ced0b29bc4f4acbd576bce96ae8dc5c98c239f504d386f9740e7cf3422a820f075b5a48ccccd06f0e7d58cafede031bfe62fcf21116d283319be5d431132435918bb886babdefb2d49bc183348c3b1bda4ff7daf1b23ab57e1f2dd4fa073eb1c6d163f3ffbd01d0d9bd7bd8676b7cd6718b700b8c33798bfe2ab5a7b30629eaec8b82ef5706580dca31e0520103b33a97e21c06285a03a69def9e97afda8062ee6281a22e341d201b8c1d5b6f88ec28d49b5bc21e2bf24294ed124bb9fd4a560f32e641a9589c46833fe740ce4b1caf3bd86cb6c4db88c9659a7168ecd1fcca0879de6dc7194e0437d01ace0a4ca8bce057880c3d206b86d64f43efc933f2a55d6f0f22b0cc86ba6b3c4c472369d2f3387b92d230fe378e0d0b30dfefa0cfd472fdabce156b9a940683dc82ab19f788edbd4cdf908c42be4a7572138448ac01fe5cac876de50093dde5d66e2113b15032e9902164803108b3b635ed23c94b37f8d9f48309c9fad7ebf72d06e3201fbf97c19f8db1188b8d54b10ea85c2675641735fb4d6552cc0fdcdc78220b6ffbb249fbe7030521134c14d0d117f43e38bf17bf1bebbc16c38d8b0144edb516923680ca4e28cf78d3074deb9697ac75c6b927e81ad90707ced210fe1e26738e8b62e780bd6314b3cc3888d5f2c0e5ae48b2f00867aa066c7847093aed9b5250e02f78ba1544f978d56c45a9b58d297965985909daed4078a2034912c25c1171a97e79fa711b5be4b3bf8674b6d18ba1897cc737444baffa157d00c9df13fb65d7ccb986091b8a0722db54c7efb39443986294dd1f372f56ca706a2ef8d16eaa29fcc004fbaf3b2299d6eda69196f989b74e4d3e135c60af5c167f709fa0d60015d40a22df096690c37ee658ea7f21652f270af21a6c4a918789fabd7c0d865f4273d704280c6437d5fdabc2a0a9453fa59d4e027291c0f4e3e7d7e66405a42f5a030f0f9a0dade6dc319ca8e64ee4e3c86917e4be3dd5d159acc4c9b40e03295c484497e3971c7083cd0cc6a5c12c9d6967fe7a6004797cc1867a7937f3d498e8e0951c0e80041a030636a7c28d75d2c3de820a5c43790698f0f86305151605924a33a4cbf91932bb36e05b5e7c496bd7b8b1604c1a73e82b46ff7dc5851c9840b55523fe191738b37b078232cbe5f82fe04687f3d034c80b6aab7f95f9f04cf088ba2cd95c679add90bfbe0eb205515f875bcf27bc7bc1ecf51329edc4f0cc8cefb9d000544aa83d5921b0508f41a5d498c1b5f0f464f124c9f2b2eb859928ee1ce447c1aaf89d4fd20f7cd10046326130c0839b95e164dbb3e37230d1bcf69fd886ee23d722020da7ae1dd397deef6742ecf392a3c7a8cec828c9bfc97f04a3502ab7727f56615ebe5dd3621024788d738e3fe548e9d880609974e8a131285fb353d57d75358cb8d6675b912c221d47f0afb107caa6c7a79e178b95779408194498c0332bcc5c1de6dc9efab18adcceca225e8dc300e814dc350e81d20ac4cebf496ed350de3020b42ce23eab23554b40cdbcddf4758f8fcca5f52d852cc617a89a6bdced491a34510450fcbf6365e54992950a29c5099e16b3720a2023becfd981dcea73912f716369d9fb69667a495426fe2bb04e50253e22f0c44be519728e1edad17afb87dc8991e2767fd9218b82ea038ef101b30daa00f84e3faa703f2135cc22d6c87b4bb95a85092a5b6444dd06aa3a94867e187d183dcea997f4c36175cc0cf9348b17a5111348e13eae2bae523513cd00ddfb596bd9d0f86f66fc6487b64c4980cfd62c234a1e3de0d6c5adb5d6773e7a197490bcdb61355b8c2056f049bea5a173093446fdda8a6b6c713139470e08fd25f8e2a0909d0ddae725135215f59a4394a51192dacfbe6f743cbd29a9734ccd9fb6ab2d64d613341c45e05ccc4cd21e8895b67478829367e094a9b2f6bf55e3e20b2cb4097612c505a018fe5e8e236c80408e7201ee438c0b777139cdf75e6bcc7670d12f5f1801a73fae78151732e901db2cc055ccba4414f9b91602ab064306e2780927dc76bcc9ba35afc35fe68bdf53bd581faa538109f78ae06d889e98a5705ed3484a09f6e853febd16fe854cb3c73a3d68cd004f7c8d951776b061fa69551a680ca8d20a2ccb0ff623e01c5a40affad63cda272ad0a7cce8134c2dae5c73b99e541bcb2480af4c8be9ad993077b112be80633024b2cf1d4a92ed865e703b220df6c7498f0eccabe8abb6547a5be446b612a0b186685aa343376edf72c3f53e868b8c00d6cf279092a72eb8c986762df6ce8108208c0ce5915486e3a9b626bd4209e016ab81352d69e6127ba1f1d8e7bbbecb00ef93cfd2778c118f0b715c758cf3d3e9185abab0e00d2ec58e9c70a3531fda727d4cf7fd5b56198cc268ce7121fdeae9705bcd8424e2eff4207757f6d905e73fdc92134cdab9ed14f029e6072f623fde1250d37967cae119ce1a18da28deb1b074303c7afcd8c73ce561f1fa3af1b4a229b1fa9c6ff8e1abf9c6e2e6fcee7c720385afa5137514e1cf57faa0e3247c749759f1ed991aea14a8ea05de4ea78e772f796db5e6b67e341758f4d9507d39fb34e81444d9478c121166255c4546d7f5e7babd1ee10c68b72265b54010870b102872ccd2598f80efaf48e02878a4b97cd79c6cdd6719d598c23e2732f957f3dc8450d30d2f500a3866a2fa6dab1c945b831cb27e7477ff1f919ad4897858bc95e814a711e86d265513b082ef505cb2435d5517d46a6359fc654537ae0839230e9eb32d54c9a8382815682f32e9a48152da14f5707ad438d3d63ba40c005f18ac358cbb01ab68ed49a530a868191da5cbd999d21d475f294ce6448aea0977f6b357b3deb490041bb03eb09ec25007ac08c7237b10af0aff34b2ec4efc0ec955394bcdcb5f78636b90c1230542b09d77fd8e9ee4e24b11b972ba1948e91688a1755f83681accd54bcaf7ee9322421d8d7967b27d3bbb89b9767b66709d58ee28d212a2cab342d118c307d2608b8ceabe35e0d03fa4e5a5bd3f3c23027e7c946fedfd86e8e8c714b316008350d5b35c98289f536e2d900ce668b8a1d4f8546256136a4fc8ab2a2acc697b85d19a9c290a32fe32b7fa59474c992918ef197adc5d890284e5ba8b891c2382db632e6c9941539a9ba8cea9408bd1de3c15614cd9cb3cd41f426f569d4fdad5af135fcacb500840055f328dcce7e8baf1b6356bed06ce16944ab22a6624a7d956f7ee09e3fa73f05fa13a0aa990ee290d31b0b03ae12c5484b790039eff2fbc0ae327f1e60931db5f1a961955886bcab73a34b4f07b9a4e52085cbd3c2b879cc2f361c7d83915a59bfe64f38412212ce9d8ce1406bfb73b625edd34ad35b34d6e4d7d7bd5602c67c257de3857b2e81af28353aff96f559fe2b"}) 5.19662793s ago: executing program 1 (id=657): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_FLUSH(r0, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x4000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2a6300, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(0xffffffffffffffff, 0x0, 0x40) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x42a81, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x6, 0x0) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) socketcall$auto_SYS_RECV(0xa, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x1, 0x0) getsockopt$auto(r1, 0x6, 0x22, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0x3, 0x8b35, 0x91) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x35, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x2, 0x6, 0x4, 0xb2, 0x9, 0x0, 0xfffd, 0x80, 0x7, 0x40000, 0x10001, 0x2000, 0x200, 0x0, 0x81, 0x2, 0x7, 0x0, 0x0, 0x0, [0x1, 0x6, 0x4, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0xfffffffffffffffc, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x5, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00'], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 5.11618851s ago: executing program 4 (id=658): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x5, 0x801, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0xffffff39) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r2 = socket(0x23, 0x2, 0x0) sendto$auto(r2, 0x0, 0x8000000008000, 0x0, 0x0, 0x80) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_max_cpu\x00', 0x103001, 0x0) open(0x0, 0x22040, 0x75) socket(0xa, 0x3, 0x87) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f4) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x4, 0x4, 0x5, 0x7) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)) 3.919910905s ago: executing program 1 (id=659): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0x7f, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/vmallocinfo\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa) r1 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6a) write$auto(r1, &(0x7f0000000000)='/dev/loop6\x00', 0x6) write$auto_fops_init_pkru_pkeys(0xffffffffffffffff, &(0x7f0000000280), 0x0) seccomp$auto(0x1, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_prog_fd=r2, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400200, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000300)='./file0\x00', 0x200000, 0x83) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r4) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db00ab29dc931f0e02b7745be74fb8e8255f614f85f94bc5ef8facda4b1cb3e135ef23203752a9a06f5adc02fe10fd6059eb5ec860fbb39453d7ba92bd5a73e0e45ce2d585cccf203901d41ed36536bffcadc5fa27dbe72d209b4c922ee03aba35fb65731b21d405c9def0", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x40, 0x0) ioctl$auto_SOUND_PCM_READ_CHANNELS(r6, 0x80045006, &(0x7f0000000040)) sendmsg$auto_NL80211_CMD_ADD_TX_TS(r4, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000000400)=ANY=[], 0xc0}, 0x1, 0x0, 0x0, 0x4891}, 0x10) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DUMP_SCHEMAS(r4, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x821000}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)={0x14, r7, 0x0, 0x70bd2b, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) preadv2$auto(r3, &(0x7f0000000040)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) 2.456933239s ago: executing program 0 (id=660): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x9, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptys5\x00', 0x2000, 0x0) getsockopt$auto_SO_SNDBUF(r0, 0x31c4, 0x7, &(0x7f0000000000)='.-@-!.\x06^*\x00', &(0x7f0000000040)=0x7) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000100)="58d607bc") 1.93767793s ago: executing program 3 (id=661): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r0) sendmsg$auto_NL802154_CMD_SET_PAN_ID(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000011c0)=ANY=[], 0x1058}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db", @ANYRES32=r2, @ANYBLOB="0c002e010800000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) 1.580038685s ago: executing program 4 (id=662): mmap$auto(0x800000000, 0x400008, 0xca, 0x9b73, 0x2, 0x8000) mmap$auto(0xfffffffffffffffc, 0x9, 0x10001, 0x9000000eb1, 0xfffffffffffffffa, 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/cpu/cpu0/hotplug/state\x00', 0x0, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af22, 0xffffffffffffffff) pread64$auto(r0, 0x0, 0x100000003, 0x81) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000280)='/\xff\xf2 \xc8\xe4\x85;\xe9\x01\xff\x01S', 0xffffffff) write$auto(r2, 0x0, 0x3) fdatasync$auto(0xffffffffffffffff) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r3, 0x127f, 0x0) r4 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, 0x0, 0x383101, 0x0) getsockopt$auto_SO_PEEK_OFF(r4, 0x8, 0x2a, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', &(0x7f00000001c0)=0x6) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/003/001\x00', 0xc3400, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3dc) getcwd$auto(&(0x7f0000000540)='/sys/devices/\xde\xe7/xot\xfa\xec\x8f\xa4/}tate\x00X\xa0\xf7\xc7\x87\x92\xc9.2\x97R\xf4\xe6s\x00\xcf\x93\x1d\xe0K\xec\xacc$o\xf0\xa8\x93\x93\xe67U\xfb\xe1se\xfewZ\x03\x00\xaf\xc8$\x15\xc7\xd4\xcb\x92\x01\xecsP\x9aSM\xff\xf8\f\xcd3_oZ\x80\xdb\a\xbbY\xb7\xe9`\x1cV\xcdZ\xca\x89\x99#0x4, 0x200, 0xc, 0x24, 0x1, 0xffffffffffffffff, 0x0, 0x5}, 0x4f4) r1 = bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x0, 0x2, 0x8, 0xc, 0x66b, 0x4, 0x1}, 0x6f4) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ioctl$auto_SNDCTL_DSP_RESET(r2, 0x5000, 0x0) setsockopt$auto_SO_DONTROUTE(r0, 0x1, 0x5, &(0x7f0000000080)='/dev/mtd0\x00', 0x2) bpf$auto(0x1, 0x0, 0x9) connect$auto(0x3, 0x0, 0x50) r3 = io_uring_setup$auto(0x59, 0x0) io_uring_enter$auto(r3, 0x9, 0x820e, 0x6, 0x0, 0x18) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) poll$auto(&(0x7f0000000180)={r4, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x0) ioctl$auto_VHOST_SET_LOG_FD2(r4, 0x4004af07, &(0x7f00000003c0)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) ioctl$auto_SOUND_MIXER_WRITE_RECSRC(r1, 0xc0044dff, &(0x7f00000001c0)="9a318d289d8c397d3dfc5ab97d47ddb9c0d3b5e308f241b4ffccb7e518d8685776db681be9fb76064d77124826b8c961945236c433e2240c12563daaac8a5c816f9153bec70572e88fbcd04131b2fe694a165f34c95f3d21197096a3c962a3b64f8adc55") r6 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r6, 0x1269, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r2, 0x5001, 0xfffffffffffffffc) r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) sendfile$auto(r7, r7, 0x0, 0x7fffe000) r8 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyb3\x00', 0x10820, 0x0) ioctl$auto(r8, 0x5606, r8) ioctl$auto_UI_DEV_CREATE(r3, 0x5501, 0x0) fcntl$auto_F_GETPIPE_SZ(r8, 0x408, 0x5) 141.71393ms ago: executing program 3 (id=666): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) ioctl$auto(0x3, 0x80004508, 0x10000000000402) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0) r1 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/kernel/debug/netdevsim/netdevsim2/ports/2/ipsec\x00', 0x80080, 0x0) read$auto_ipsec_dbg_fops_ipsec(r1, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\x06\x00\x00\x00\x00\x00\x00\x00\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x959\xab\x80.\xab\x92q\x98H\x1b\xfc\x12\xd33.O\xab\"4\x8a\xbbY8@Z5`\xa4m\x7fb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbfD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(', 0x1e0) socket(0x2c, 0x1, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) r3 = fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x2, 0x1, 0x4000000000df, 0x78, 0xffffffffffffffff, 0x300000000000) socket(0x1d, 0x3, 0x1) open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) unshare$auto(0x0) read$auto(r1, 0x0, 0x1a) ioctl$auto_IOC_PR_RESERVE(r3, 0x401070c9, &(0x7f0000000080)={0x4, 0x5f3, 0x80001}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xb, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x3624239c, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) 0s ago: executing program 4 (id=667): mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x181400, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, &(0x7f0000000000)=0x7) socket$nl_generic(0x10, 0x3, 0x10) socket(0x6, 0x1, 0x6) r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r3, 0x5393, r2) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/246, 0xf6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xc048aec8, r0) kernel console output (not intermixed with test programs): 238] [U] [ 115.764965][ T6238] [U] [ 115.767710][ T6238] [U] [ 115.770447][ T6238] [U] [ 115.774066][ T6238] [U] [ 115.776909][ T6238] [U] [ 115.779649][ T6238] [U] [ 115.782391][ T6238] [U] [ 115.785843][ T6238] [U] [ 115.788600][ T6238] [U] [ 115.791359][ T6238] [U] [ 115.794100][ T6238] [U] [ 115.797061][ T6238] [U] [ 115.799807][ T6238] [U] [ 115.802581][ T6238] [U] [ 115.805328][ T6238] [U] [ 115.808500][ T6238] [U] [ 115.811245][ T6238] [U] [ 115.813975][ T6238] [U] [ 115.816720][ T6238] [U] [ 115.819637][ T6238] [U] [ 115.822382][ T6238] [U] [ 115.825120][ T6238] [U] [ 115.827860][ T6238] [U] [ 115.941158][ T6238] [U] [ 115.943960][ T6238] [U] [ 115.946724][ T6238] [U] [ 115.949530][ T6238] [U] [ 115.984623][ T6238] [U] [ 115.987555][ T6238] [U] [ 115.990269][ T6238] [U] [ 115.992999][ T6238] [U] [ 116.064891][ T6238] [U] [ 116.231022][ T6243] netlink: 330 bytes leftover after parsing attributes in process `syz.3.59'. [ 117.146798][ T127] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.583226][ T6281] [U] [ 118.585960][ T6281] [U] [ 118.588704][ T6281] [U] [ 118.591398][ T6281] [U] [ 118.594791][ T6281] [U] [ 118.597525][ T6281] [U] [ 118.600231][ T6281] [U] [ 118.602934][ T6281] [U] [ 118.609513][ T6281] [U] [ 118.612281][ T6281] [U] [ 118.615018][ T6281] [U] [ 118.617761][ T6281] [U] [ 118.653954][ T6281] [U] [ 118.656735][ T6281] [U] [ 118.659476][ T6281] [U] [ 118.662214][ T6281] [U] [ 118.666273][ T6281] [U] [ 118.669017][ T6281] [U] [ 118.671850][ T6281] [U] [ 118.674588][ T6281] [U] [ 118.685447][ T6281] [U] [ 118.688199][ T6281] [U] [ 118.691016][ T6281] [U] [ 118.693753][ T6281] [U] [ 118.979249][ T6280] [U] [ 119.307150][ T6292] futex_wake_op: syz.0.69 tries to shift op by -2048; fix this program [ 119.316629][ T6292] futex_wake_op: syz.0.69 tries to shift op by -2048; fix this program [ 119.327856][ T6292] 0x000000000001-0x000000020000 : "" [ 119.345645][ T6292] ftl_cs: FTL header corrupt! [ 121.613562][ T6313] [U]  [ 122.714190][ T6342] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 124.133284][ T6357] block nbd7: not configured, cannot reconfigure [ 126.907768][ T6404] FAULT_INJECTION: forcing a failure. [ 126.907768][ T6404] name failslab, interval 1, probability 0, space 0, times 0 [ 126.924050][ T6404] CPU: 1 UID: 0 PID: 6404 Comm: syz.2.90 Not tainted syzkaller #0 PREEMPT(full) [ 126.924092][ T6404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 126.924110][ T6404] Call Trace: [ 126.924120][ T6404] [ 126.924132][ T6404] dump_stack_lvl+0x100/0x190 [ 126.924184][ T6404] should_fail_ex.cold+0x5/0xa [ 126.924222][ T6404] should_failslab+0xc2/0x120 [ 126.924255][ T6404] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 126.924299][ T6404] ? skb_clone+0x190/0x400 [ 126.924332][ T6404] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 126.924383][ T6404] skb_clone+0x190/0x400 [ 126.924442][ T6404] genlmsg_multicast_allns+0x1a0/0x590 [ 126.924492][ T6404] l2tp_tunnel_notify.constprop.0+0xfc/0x150 [ 126.924530][ T6404] l2tp_nl_cmd_tunnel_create+0x47d/0x990 [ 126.924568][ T6404] ? rcu_is_watching+0x12/0xc0 [ 126.924616][ T6404] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 126.924684][ T6404] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 126.924734][ T6404] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 126.924793][ T6404] genl_family_rcv_msg_doit+0x214/0x300 [ 126.924846][ T6404] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 126.924902][ T6404] ? genl_get_cmd+0x3ef/0x720 [ 126.924956][ T6404] ? bpf_lsm_capable+0x9/0x10 [ 126.924987][ T6404] ? security_capable+0x80/0x260 [ 126.925033][ T6404] ? ns_capable+0xd2/0xf0 [ 126.925069][ T6404] genl_rcv_msg+0x560/0x800 [ 126.925121][ T6404] ? __pfx_genl_rcv_msg+0x10/0x10 [ 126.925170][ T6404] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 126.925222][ T6404] netlink_rcv_skb+0x159/0x420 [ 126.925265][ T6404] ? __pfx_genl_rcv_msg+0x10/0x10 [ 126.925312][ T6404] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 126.925370][ T6404] ? netlink_deliver_tap+0x1ae/0xcc0 [ 126.925413][ T6404] genl_rcv+0x28/0x40 [ 126.925451][ T6404] netlink_unicast+0x5aa/0x870 [ 126.925498][ T6404] ? __pfx_netlink_unicast+0x10/0x10 [ 126.925557][ T6404] netlink_sendmsg+0x8b0/0xda0 [ 126.925603][ T6404] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.925640][ T6404] ? __import_iovec+0x1d2/0x640 [ 126.925675][ T6404] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 126.925726][ T6404] ____sys_sendmsg+0x9e1/0xb70 [ 126.925768][ T6404] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.925811][ T6404] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.925867][ T6404] ? __pfx_futex_wake_mark+0x10/0x10 [ 126.925930][ T6404] ___sys_sendmsg+0x190/0x1e0 [ 126.925983][ T6404] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.926076][ T6404] __sys_sendmsg+0x170/0x220 [ 126.926111][ T6404] ? __pfx___sys_sendmsg+0x10/0x10 [ 126.926142][ T6404] ? __x64_sys_futex+0x34f/0x4d0 [ 126.926203][ T6404] do_syscall_64+0x106/0xf80 [ 126.926235][ T6404] ? clear_bhb_loop+0x40/0x90 [ 126.926273][ T6404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.926302][ T6404] RIP: 0033:0x7f0640d9c799 [ 126.926328][ T6404] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.926353][ T6404] RSP: 002b:00007f0641ce9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.926381][ T6404] RAX: ffffffffffffffda RBX: 00007f0641015fa0 RCX: 00007f0640d9c799 [ 126.926399][ T6404] RDX: 0000000004000000 RSI: 0000200000000140 RDI: 000000000000000d [ 126.926415][ T6404] RBP: 00007f0640e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 126.926432][ T6404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.926448][ T6404] R13: 00007f0641016038 R14: 00007f0641015fa0 R15: 00007fff1adce338 [ 126.926485][ T6404] [ 128.461687][ T6428] syz.0.95 uses obsolete (PF_INET,SOCK_PACKET) [ 130.367758][ T6463] binder: 6462:6463 ioctl c0306201 200000000000 returned -14 [ 130.419644][ T6442] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 syzkaller syzkaller login: [ 131.552239][ T6474] FAULT_INJECTION: forcing a failure. [ 131.552239][ T6474] name failslab, interval 1, probability 0, space 0, times 0 [ 131.646722][ T6474] CPU: 0 UID: 0 PID: 6474 Comm: syz.0.106 Tainted: G L syzkaller #0 PREEMPT(full) [ 131.646771][ T6474] Tainted: [L]=SOFTLOCKUP [ 131.646781][ T6474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 131.646799][ T6474] Call Trace: [ 131.646808][ T6474] [ 131.646819][ T6474] dump_stack_lvl+0x100/0x190 [ 131.646868][ T6474] should_fail_ex.cold+0x5/0xa [ 131.646911][ T6474] should_failslab+0xc2/0x120 [ 131.646952][ T6474] __kmalloc_cache_noprof+0x7a/0x6f0 [ 131.646992][ T6474] ? resv_map_alloc+0x46/0x400 [ 131.647038][ T6474] ? map_id_range_down+0x2bc/0x3b0 [ 131.647101][ T6474] resv_map_alloc+0x46/0x400 [ 131.647152][ T6474] hugetlbfs_get_inode+0x2fe/0x750 [ 131.647190][ T6474] hugetlb_file_setup+0x3cc/0x5b0 [ 131.647226][ T6474] newseg+0xabb/0xed0 [ 131.647266][ T6474] ? __pfx_newseg+0x10/0x10 [ 131.647298][ T6474] ? down_write+0x146/0x1f0 [ 131.647340][ T6474] ? ksys_write+0x190/0x250 [ 131.647367][ T6474] ? ksys_write+0x190/0x250 [ 131.647401][ T6474] ipcget+0xee/0xf50 [ 131.647434][ T6474] ? do_futex+0x192/0x350 [ 131.647477][ T6474] ? __pfx_do_futex+0x10/0x10 [ 131.647524][ T6474] ? __pfx_ipcget+0x10/0x10 [ 131.647558][ T6474] ? __x64_sys_futex+0x34f/0x4d0 [ 131.647594][ T6474] ? __x64_sys_futex+0x358/0x4d0 [ 131.647640][ T6474] __x64_sys_shmget+0x13b/0x1b0 [ 131.647674][ T6474] ? __pfx___x64_sys_shmget+0x10/0x10 [ 131.647720][ T6474] do_syscall_64+0x106/0xf80 [ 131.647755][ T6474] ? clear_bhb_loop+0x40/0x90 [ 131.647795][ T6474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.647835][ T6474] RIP: 0033:0x7fef3d99c799 [ 131.647861][ T6474] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 131.647888][ T6474] RSP: 002b:00007fef3e878028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 131.647917][ T6474] RAX: ffffffffffffffda RBX: 00007fef3dc16180 RCX: 00007fef3d99c799 [ 131.647944][ T6474] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 131.647963][ T6474] RBP: 00007fef3da32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 131.647982][ T6474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.647999][ T6474] R13: 00007fef3dc16218 R14: 00007fef3dc16180 R15: 00007ffccd1d32a8 [ 131.648041][ T6474] [ 132.421779][ T6495] netlink: 28 bytes leftover after parsing attributes in process `syz.0.112'. [ 132.449737][ T6495] veth0_macvtap: left promiscuous mode [ 132.473089][ T6495] macvtap0: entered promiscuous mode [ 132.498425][ T6495] macvtap0: entered allmulticast mode [ 132.972677][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.981565][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.615992][ T6523] FAULT_INJECTION: forcing a failure. [ 133.615992][ T6523] name failslab, interval 1, probability 0, space 0, times 0 [ 133.647609][ T6523] CPU: 0 UID: 0 PID: 6523 Comm: syz.3.118 Tainted: G L syzkaller #0 PREEMPT(full) [ 133.647659][ T6523] Tainted: [L]=SOFTLOCKUP [ 133.647670][ T6523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 133.647685][ T6523] Call Trace: [ 133.647696][ T6523] [ 133.647707][ T6523] dump_stack_lvl+0x100/0x190 [ 133.647760][ T6523] should_fail_ex.cold+0x5/0xa [ 133.647795][ T6523] should_failslab+0xc2/0x120 [ 133.647827][ T6523] __kmalloc_cache_noprof+0x7a/0x6f0 [ 133.647867][ T6523] ? apply_wqattrs_prepare+0x136/0xbb0 [ 133.647908][ T6523] apply_wqattrs_prepare+0x136/0xbb0 [ 133.647946][ T6523] ? __alloc_workqueue+0x901/0x1880 [ 133.647993][ T6523] apply_workqueue_attrs_locked+0x64/0xe0 [ 133.648027][ T6523] __alloc_workqueue+0xe25/0x1880 [ 133.648076][ T6523] alloc_workqueue_noprof+0xd2/0x200 [ 133.648111][ T6523] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 133.648149][ T6523] ? rcu_is_watching+0x12/0xc0 [ 133.648192][ T6523] ? trace_kmalloc+0x101/0x130 [ 133.648220][ T6523] ? __kasan_kmalloc+0xaa/0xb0 [ 133.648266][ T6523] ? __kmalloc_noprof+0x320/0x850 [ 133.648318][ T6523] ieee80211_register_hw+0x1f80/0x4140 [ 133.648380][ T6523] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 133.648419][ T6523] ? __pfx___debug_object_init+0x10/0x10 [ 133.648471][ T6523] ? find_held_lock+0x2b/0x80 [ 133.648499][ T6523] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 133.648546][ T6523] ? __hrtimer_setup+0x178/0x280 [ 133.648588][ T6523] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 133.648658][ T6523] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 133.648712][ T6523] hwsim_new_radio_nl+0xc1f/0x1340 [ 133.648760][ T6523] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 133.648816][ T6523] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 133.648874][ T6523] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 133.648938][ T6523] genl_family_rcv_msg_doit+0x214/0x300 [ 133.648998][ T6523] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 133.649041][ T6523] ? genl_get_cmd+0x3ef/0x720 [ 133.649092][ T6523] ? bpf_lsm_capable+0x9/0x10 [ 133.649124][ T6523] ? security_capable+0x80/0x260 [ 133.649165][ T6523] ? ns_capable+0xd2/0xf0 [ 133.649199][ T6523] genl_rcv_msg+0x560/0x800 [ 133.649246][ T6523] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.649292][ T6523] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 133.649348][ T6523] netlink_rcv_skb+0x159/0x420 [ 133.649387][ T6523] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.649434][ T6523] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.649512][ T6523] ? netlink_deliver_tap+0x1ae/0xcc0 [ 133.649560][ T6523] genl_rcv+0x28/0x40 [ 133.649601][ T6523] netlink_unicast+0x5aa/0x870 [ 133.649648][ T6523] ? __pfx_netlink_unicast+0x10/0x10 [ 133.649706][ T6523] netlink_sendmsg+0x8b0/0xda0 [ 133.649753][ T6523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.649792][ T6523] ? __import_iovec+0x1d2/0x640 [ 133.649826][ T6523] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 133.649875][ T6523] ____sys_sendmsg+0x9e1/0xb70 [ 133.649917][ T6523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.649969][ T6523] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.650020][ T6523] ? try_to_wake_up+0x644/0x1a80 [ 133.650059][ T6523] ___sys_sendmsg+0x190/0x1e0 [ 133.650107][ T6523] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.650153][ T6523] ? futex_private_hash_put+0x107/0x1c0 [ 133.650231][ T6523] __sys_sendmsg+0x170/0x220 [ 133.650268][ T6523] ? __pfx___sys_sendmsg+0x10/0x10 [ 133.650303][ T6523] ? __x64_sys_futex+0x34f/0x4d0 [ 133.650368][ T6523] do_syscall_64+0x106/0xf80 [ 133.650401][ T6523] ? clear_bhb_loop+0x40/0x90 [ 133.650436][ T6523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.650466][ T6523] RIP: 0033:0x7fa70c39c799 [ 133.650493][ T6523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.650522][ T6523] RSP: 002b:00007fa70d19b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.650552][ T6523] RAX: ffffffffffffffda RBX: 00007fa70c616090 RCX: 00007fa70c39c799 [ 133.650570][ T6523] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 133.650587][ T6523] RBP: 00007fa70c432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 133.650603][ T6523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.650619][ T6523] R13: 00007fa70c616128 R14: 00007fa70c616090 R15: 00007ffcd3400c28 [ 133.650656][ T6523] [ 135.093727][ T6551] netlink: 16 bytes leftover after parsing attributes in process `syz.3.125'. [ 135.093761][ T6551] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 135.093788][ T6551] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.096504][ T6551] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.096534][ T6551] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.822684][ T6563] Falling back ldisc for pty155. [ 136.321994][ T6578] FAULT_INJECTION: forcing a failure. [ 136.321994][ T6578] name fail_futex, interval 1, probability 0, space 0, times 0 [ 136.412414][ T6578] CPU: 0 UID: 0 PID: 6578 Comm: syz.3.131 Tainted: G L syzkaller #0 PREEMPT(full) [ 136.412468][ T6578] Tainted: [L]=SOFTLOCKUP [ 136.412479][ T6578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 136.412496][ T6578] Call Trace: [ 136.412508][ T6578] [ 136.412520][ T6578] dump_stack_lvl+0x100/0x190 [ 136.412575][ T6578] should_fail_ex.cold+0x5/0xa [ 136.412612][ T6578] get_futex_key+0x1d2/0x1620 [ 136.412655][ T6578] ? __pfx_get_futex_key+0x10/0x10 [ 136.412698][ T6578] ? do_user_addr_fault+0x8d6/0x12f0 [ 136.412753][ T6578] ? irqentry_exit+0x180/0x670 [ 136.412798][ T6578] futex_wake+0xea/0x530 [ 136.412848][ T6578] ? __pfx_futex_wake+0x10/0x10 [ 136.412902][ T6578] ? __asan_memset+0x23/0x50 [ 136.412962][ T6578] do_futex+0x32b/0x350 [ 136.413003][ T6578] ? __pfx_do_futex+0x10/0x10 [ 136.413054][ T6578] __x64_sys_futex+0x34f/0x4d0 [ 136.413101][ T6578] ? __pfx___x64_sys_futex+0x10/0x10 [ 136.413159][ T6578] do_syscall_64+0x106/0xf80 [ 136.413197][ T6578] ? clear_bhb_loop+0x40/0x90 [ 136.413236][ T6578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.413268][ T6578] RIP: 0033:0x7fa70c39c799 [ 136.413296][ T6578] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.413334][ T6578] RSP: 002b:00007fa70a1f40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 136.413372][ T6578] RAX: ffffffffffffffda RBX: 00007fa70c616278 RCX: 00007fa70c39c799 [ 136.413393][ T6578] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa70c61627c [ 136.413413][ T6578] RBP: 00007fa70c616270 R08: 0000000000000000 R09: 0000000000000000 [ 136.413431][ T6578] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 136.413449][ T6578] R13: 00007fa70c616308 R14: 00007ffcd3400b40 R15: 00007ffcd3400c28 [ 136.413491][ T6578] [ 136.970944][ T29] audit: type=1800 audit(1772876638.834:3): pid=6586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.135" name="dbroot" dev="configfs" ino=10850 res=0 errno=0 [ 138.299842][ T6601] FAULT_INJECTION: forcing a failure. [ 138.299842][ T6601] name failslab, interval 1, probability 0, space 0, times 0 [ 138.318465][ T6601] CPU: 1 UID: 0 PID: 6601 Comm: syz.2.138 Tainted: G L syzkaller #0 PREEMPT(full) [ 138.318515][ T6601] Tainted: [L]=SOFTLOCKUP [ 138.318526][ T6601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 138.318541][ T6601] Call Trace: [ 138.318549][ T6601] [ 138.318561][ T6601] dump_stack_lvl+0x100/0x190 [ 138.318609][ T6601] should_fail_ex.cold+0x5/0xa [ 138.318645][ T6601] ? lsm_blob_alloc+0x68/0x90 [ 138.318681][ T6601] should_failslab+0xc2/0x120 [ 138.318711][ T6601] __kmalloc_noprof+0xe0/0x850 [ 138.318755][ T6601] ? trace_kmem_cache_alloc+0xf3/0x120 [ 138.318792][ T6601] lsm_blob_alloc+0x68/0x90 [ 138.318828][ T6601] security_prepare_creds+0x2d/0x290 [ 138.318865][ T6601] prepare_creds+0x5d6/0x950 [ 138.318915][ T6601] __sys_setresuid+0x458/0x1280 [ 138.318964][ T6601] do_syscall_64+0x106/0xf80 [ 138.318999][ T6601] ? clear_bhb_loop+0x40/0x90 [ 138.319039][ T6601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.319079][ T6601] RIP: 0033:0x7f0640d9c799 [ 138.319106][ T6601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.319135][ T6601] RSP: 002b:00007f0641ce9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 138.319165][ T6601] RAX: ffffffffffffffda RBX: 00007f0641015fa0 RCX: 00007f0640d9c799 [ 138.319186][ T6601] RDX: 0000000000000000 RSI: 000000000000ee00 RDI: 0000000000000000 [ 138.319205][ T6601] RBP: 00007f0640e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 138.319224][ T6601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.319242][ T6601] R13: 00007f0641016038 R14: 00007f0641015fa0 R15: 00007fff1adce338 [ 138.319283][ T6601] [ 139.141765][ T6609] FAULT_INJECTION: forcing a failure. [ 139.141765][ T6609] name fail_futex, interval 1, probability 0, space 0, times 0 [ 139.155331][ T6609] CPU: 1 UID: 0 PID: 6609 Comm: syz.2.140 Tainted: G L syzkaller #0 PREEMPT(full) [ 139.155375][ T6609] Tainted: [L]=SOFTLOCKUP [ 139.155385][ T6609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 139.155401][ T6609] Call Trace: [ 139.155410][ T6609] [ 139.155420][ T6609] dump_stack_lvl+0x100/0x190 [ 139.155466][ T6609] should_fail_ex.cold+0x5/0xa [ 139.155501][ T6609] get_futex_key+0x1d2/0x1620 [ 139.155540][ T6609] ? __pfx_get_futex_key+0x10/0x10 [ 139.155588][ T6609] futex_wait_setup+0x83/0x510 [ 139.155642][ T6609] __futex_wait+0x19f/0x300 [ 139.155686][ T6609] ? __pfx___futex_wait+0x10/0x10 [ 139.155734][ T6609] ? __pfx_futex_wake_mark+0x10/0x10 [ 139.155783][ T6609] ? __hrtimer_setup+0x178/0x280 [ 139.155826][ T6609] ? ktime_add_safe+0x60/0x70 [ 139.155868][ T6609] futex_wait+0xed/0x380 [ 139.155912][ T6609] ? __pfx_futex_wait+0x10/0x10 [ 139.155962][ T6609] ? __lock_acquire+0x4a5/0x2630 [ 139.156001][ T6609] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 139.156055][ T6609] do_futex+0x1ef/0x350 [ 139.156091][ T6609] ? __pfx_do_futex+0x10/0x10 [ 139.156125][ T6609] ? ktime_get+0x200/0x300 [ 139.156153][ T6609] ? lockdep_hardirqs_on+0x78/0x100 [ 139.156188][ T6609] ? read_tsc+0x9/0x20 [ 139.156224][ T6609] __x64_sys_futex+0x34f/0x4d0 [ 139.156268][ T6609] ? __pfx___x64_sys_futex+0x10/0x10 [ 139.156320][ T6609] do_syscall_64+0x106/0xf80 [ 139.156353][ T6609] ? clear_bhb_loop+0x40/0x90 [ 139.156388][ T6609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.156418][ T6609] RIP: 0033:0x7f0640d9c799 [ 139.156443][ T6609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 139.156468][ T6609] RSP: 002b:00007fff1adce498 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 139.156496][ T6609] RAX: ffffffffffffffda RBX: 0000000000021f4f RCX: 00007f0640d9c799 [ 139.156513][ T6609] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0641015fac [ 139.156531][ T6609] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 139.156547][ T6609] R10: 00007fff1adce5a0 R11: 0000000000000246 R12: 00007fff1adce5c0 [ 139.156564][ T6609] R13: 00007f0641015fac R14: 0000000000021f81 R15: 00007fff1adce5a0 [ 139.156603][ T6609] [ 139.767142][ T6615] syz.2.142 (6615): /proc/6615/oom_adj is deprecated, please use /proc/6615/oom_score_adj instead. [ 140.552583][ T6629] FAULT_INJECTION: forcing a failure. [ 140.552583][ T6629] name failslab, interval 1, probability 0, space 0, times 0 [ 140.558974][ T6630] [U] [ 140.565663][ T6629] CPU: 0 UID: 0 PID: 6629 Comm: syz.3.146 Tainted: G L syzkaller #0 PREEMPT(full) [ 140.565710][ T6629] Tainted: [L]=SOFTLOCKUP [ 140.565719][ T6629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 140.565733][ T6629] Call Trace: [ 140.565742][ T6629] [ 140.565752][ T6629] dump_stack_lvl+0x100/0x190 [ 140.565795][ T6629] should_fail_ex.cold+0x5/0xa [ 140.565826][ T6629] should_failslab+0xc2/0x120 [ 140.565853][ T6629] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 140.565888][ T6629] ? radix_tree_node_alloc.constprop.0+0x66/0x340 [ 140.565937][ T6629] radix_tree_node_alloc.constprop.0+0x66/0x340 [ 140.565983][ T6629] idr_get_free+0x52e/0xa00 [ 140.566023][ T6629] idr_alloc_u32+0x1ac/0x320 [ 140.566055][ T6629] ? __pfx_idr_alloc_u32+0x10/0x10 [ 140.566080][ T6629] ? do_raw_spin_lock+0x128/0x260 [ 140.566130][ T6629] l2tp_tunnel_register+0xfc/0xc00 [ 140.566170][ T6629] ? __pfx___debug_object_init+0x10/0x10 [ 140.566206][ T6629] ? __pfx_l2tp_tunnel_register+0x10/0x10 [ 140.566255][ T6629] ? lockdep_init_map_type+0x5c/0x250 [ 140.566288][ T6629] ? l2tp_tunnel_create+0x2cf/0x460 [ 140.566317][ T6629] ? l2tp_tunnel_create+0x37d/0x460 [ 140.566352][ T6629] l2tp_nl_cmd_tunnel_create+0x44e/0x990 [ 140.566382][ T6629] ? rcu_is_watching+0x12/0xc0 [ 140.566420][ T6629] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 140.566461][ T6629] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 140.566499][ T6629] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 140.566543][ T6629] genl_family_rcv_msg_doit+0x214/0x300 [ 140.566583][ T6629] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 140.566619][ T6629] ? genl_get_cmd+0x3ef/0x720 [ 140.566662][ T6629] ? bpf_lsm_capable+0x9/0x10 [ 140.566694][ T6629] ? security_capable+0x80/0x260 [ 140.566729][ T6629] ? ns_capable+0xd2/0xf0 [ 140.566756][ T6629] genl_rcv_msg+0x560/0x800 [ 140.566796][ T6629] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.566833][ T6629] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 140.566875][ T6629] netlink_rcv_skb+0x159/0x420 [ 140.566908][ T6629] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.566946][ T6629] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 140.566994][ T6629] ? netlink_deliver_tap+0x1ae/0xcc0 [ 140.567031][ T6629] genl_rcv+0x28/0x40 [ 140.567064][ T6629] netlink_unicast+0x5aa/0x870 [ 140.567102][ T6629] ? __pfx_netlink_unicast+0x10/0x10 [ 140.567148][ T6629] netlink_sendmsg+0x8b0/0xda0 [ 140.567187][ T6629] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.567218][ T6629] ? __import_iovec+0x1d2/0x640 [ 140.567248][ T6629] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 140.567288][ T6629] ____sys_sendmsg+0x9e1/0xb70 [ 140.567324][ T6629] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.567359][ T6629] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.567413][ T6629] ___sys_sendmsg+0x190/0x1e0 [ 140.567453][ T6629] ? __pfx____sys_sendmsg+0x10/0x10 [ 140.567536][ T6629] __sys_sendmsg+0x170/0x220 [ 140.567567][ T6629] ? __pfx___sys_sendmsg+0x10/0x10 [ 140.567621][ T6629] do_syscall_64+0x106/0xf80 [ 140.567649][ T6629] ? clear_bhb_loop+0x40/0x90 [ 140.567687][ T6629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.567712][ T6629] RIP: 0033:0x7fa70c39c799 [ 140.567735][ T6629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.567758][ T6629] RSP: 002b:00007fa70d1bc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.567782][ T6629] RAX: ffffffffffffffda RBX: 00007fa70c615fa0 RCX: 00007fa70c39c799 [ 140.567798][ T6629] RDX: 0000000004000000 RSI: 0000200000000140 RDI: 000000000000000d [ 140.567813][ T6629] RBP: 00007fa70d1bc090 R08: 0000000000000000 R09: 0000000000000000 [ 140.567827][ T6629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.567841][ T6629] R13: 00007fa70c616038 R14: 00007fa70c615fa0 R15: 00007ffcd3400c28 [ 140.567876][ T6629] [ 140.944394][ T6630] [U] [ 140.947196][ T6630] [U] [ 140.949908][ T6630] [U] [ 141.152979][ T6630] [U] [ 141.155760][ T6630] [U] [ 141.158600][ T6630] [U] [ 141.161339][ T6630] [U] [ 141.165871][ T6630] [U] [ 141.169066][ T6630] [U] [ 141.171819][ T6630] [U] [ 141.174622][ T6630] [U] [ 141.186287][ T6630] [U] [ 141.189158][ T6630] [U] [ 141.191899][ T6630] [U] [ 141.194896][ T6630] [U] [ 141.205666][ T6630] [U] [ 141.208444][ T6630] [U] [ 141.211175][ T6630] [U] [ 141.213915][ T6630] [U] [ 141.217676][ T6630] [U] [ 141.220832][ T6630] [U] [ 141.223562][ T6630] [U] [ 141.226278][ T6630] [U] [ 141.230120][ T6630] [U] [ 141.232866][ T6630] [U] [ 141.235645][ T6630] [U] [ 141.238380][ T6630] [U] [ 141.241586][ T6630] [U] [ 141.244331][ T6630] [U] [ 141.247080][ T6630] [U] [ 141.249820][ T6630] [U] [ 141.312355][ T6630] [U] [ 141.518145][ T6641] __vm_enough_memory: pid: 6641, comm: syz.0.149, bytes: 4398046511104 not enough memory for the allocation [ 142.429998][ T6657] netlink: 13 bytes leftover after parsing attributes in process `syz.0.153'. [ 142.883307][ T6667] netlink: 4 bytes leftover after parsing attributes in process `syz.3.156'. [ 143.216360][ T6661] openvswitch: netlink: Key 15 has unexpected len 16 expected 4 [ 143.254919][ T6677] [U] [ 143.257705][ T6677] [U] [ 143.260444][ T6677] [U] [ 143.263178][ T6677] [U] [ 143.284922][ T6677] [U] [ 143.288234][ T6677] [U] [ 143.291003][ T6677] [U] [ 143.293742][ T6677] [U] [ 143.335346][ T6677] [U] [ 143.338143][ T6677] [U] [ 143.340904][ T6677] [U] [ 143.343644][ T6677] [U] [ 143.416296][ T6677] [U] [ 143.419260][ T6677] [U] [ 143.422102][ T6677] [U] [ 143.424816][ T6677] [U] [ 143.477161][ T6677] [U] [ 143.480050][ T6677] [U] [ 143.482964][ T6677] [U] [ 143.485705][ T6677] [U] [ 143.512211][ T6677] [U] [ 143.756301][ T6653] ubi0: attaching mtd0 [ 143.763606][ T6653] ubi0: scanning is finished [ 143.778927][ T6653] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 144.099391][ T6653] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 149.395311][ T6780] FAULT_INJECTION: forcing a failure. [ 149.395311][ T6780] name fail_futex, interval 1, probability 0, space 0, times 0 [ 149.418011][ T6782] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 149.518088][ T6780] CPU: 1 UID: 0 PID: 6780 Comm: syz.3.182 Tainted: G L syzkaller #0 PREEMPT(full) [ 149.518135][ T6780] Tainted: [L]=SOFTLOCKUP [ 149.518145][ T6780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 149.518161][ T6780] Call Trace: [ 149.518172][ T6780] [ 149.518184][ T6780] dump_stack_lvl+0x100/0x190 [ 149.518234][ T6780] should_fail_ex.cold+0x5/0xa [ 149.518269][ T6780] get_futex_key+0x295/0x1620 [ 149.518308][ T6780] ? __pfx_get_futex_key+0x10/0x10 [ 149.518347][ T6780] ? __lock_acquire+0x4a5/0x2630 [ 149.518390][ T6780] futex_requeue+0x250/0x20d0 [ 149.518442][ T6780] ? find_held_lock+0x2b/0x80 [ 149.518470][ T6780] ? __pfx_futex_requeue+0x10/0x10 [ 149.518519][ T6780] ? get_pid_task+0x106/0x250 [ 149.518569][ T6780] ? find_held_lock+0x2b/0x80 [ 149.518594][ T6780] ? ksys_write+0x190/0x250 [ 149.518619][ T6780] ? ksys_write+0x190/0x250 [ 149.518650][ T6780] do_futex+0x2af/0x350 [ 149.518699][ T6780] ? __pfx_do_futex+0x10/0x10 [ 149.518747][ T6780] __x64_sys_futex+0x34f/0x4d0 [ 149.518787][ T6780] ? fput+0x79/0x100 [ 149.518817][ T6780] ? __pfx___x64_sys_futex+0x10/0x10 [ 149.518850][ T6780] ? ksys_write+0x1ac/0x250 [ 149.518875][ T6780] ? __pfx_ksys_write+0x10/0x10 [ 149.518913][ T6780] do_syscall_64+0x106/0xf80 [ 149.518946][ T6780] ? clear_bhb_loop+0x40/0x90 [ 149.518982][ T6780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.519012][ T6780] RIP: 0033:0x7fa70c39c799 [ 149.519037][ T6780] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.519064][ T6780] RSP: 002b:00007fa70d19b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 149.519091][ T6780] RAX: ffffffffffffffda RBX: 00007fa70c616090 RCX: 00007fa70c39c799 [ 149.519109][ T6780] RDX: 000000000000001f RSI: 0000000000000003 RDI: 0000200000000080 [ 149.519125][ T6780] RBP: 00007fa70d19b090 R08: 00002000000000c0 R09: 00000000440a48d3 [ 149.519142][ T6780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.519157][ T6780] R13: 00007fa70c616128 R14: 00007fa70c616090 R15: 00007ffcd3400c28 [ 149.519190][ T6780] [ 150.166768][ T6793] Falling back ldisc for pty155. [ 152.603928][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.613341][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.620990][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.628710][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.636310][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.644226][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.651996][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.659645][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.667166][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.675007][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.682563][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.694736][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.702499][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.710958][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.719849][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.727760][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.735893][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.743485][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.751572][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.759303][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.767327][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.775021][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.782721][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.794147][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.804300][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.815909][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.826649][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.834257][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.842061][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.849813][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.857640][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.865391][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.872935][ T5826] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 152.949449][ T6843] program syz.2.197 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 153.195758][ T6849] misc userio: Invalid payload size [ 154.894663][ T5826] Bluetooth: hci1: command tx timeout [ 155.406009][ T6877] Invalid ELF header magic: != ELF [ 155.610597][ T6883] binder: 6882:6883 ioctl c0306201 0 returned -14 [ 155.892328][ T6888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.208'. [ 156.974186][ T5826] Bluetooth: hci1: command tx timeout [ 157.464519][ T29] audit: type=1326 audit(1772876659.324:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.214" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fef3d99c799 code=0x0 syzkaller syzkaller login: [ 158.923742][ T6935] netlink: 'syz.1.218': attribute type 29 has an invalid length. [ 158.936122][ T6935] netlink: 'syz.1.218': attribute type 30 has an invalid length. [ 158.944046][ T6935] netlink: 'syz.1.218': attribute type 31 has an invalid length. [ 158.979038][ T6935] netlink: 'syz.1.218': attribute type 32 has an invalid length. [ 158.995975][ T6935] netlink: 'syz.1.218': attribute type 33 has an invalid length. [ 159.033190][ T6935] netlink: 'syz.1.218': attribute type 35 has an invalid length. [ 159.044912][ T5826] Bluetooth: hci1: command tx timeout [ 159.051158][ T6935] netlink: 'syz.1.218': attribute type 37 has an invalid length. [ 159.104831][ T6935] netlink: 18 bytes leftover after parsing attributes in process `syz.1.218'. [ 159.273598][ T6941] binder: 6939:6941 unknown command 49 [ 159.320180][ T6941] binder: 6939:6941 ioctl c0306201 0 returned -22 [ 159.346927][ T6913] kexec: Could not allocate control_code_buffer [ 161.133247][ T5826] Bluetooth: hci1: command tx timeout [ 163.204873][ T5826] Bluetooth: hci1: command tx timeout [ 163.305076][ T6996] netlink: 12 bytes leftover after parsing attributes in process `syz.3.232'. [ 165.291437][ T5826] Bluetooth: hci1: command tx timeout [ 167.042439][ T66] Trying to write to read-only block-device sda1 [ 167.058358][ T7074] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 167.374516][ T5826] Bluetooth: hci1: command tx timeout [ 167.605888][ T7074] ======================================================= [ 167.605888][ T7074] WARNING: The mand mount option has been deprecated and [ 167.605888][ T7074] and is ignored by this kernel. Remove the mand [ 167.605888][ T7074] option from the mount to silence this warning. [ 167.605888][ T7074] ======================================================= [ 168.008729][ T7081] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.022835][ T7081] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.182569][ T7081] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.247581][ T7081] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 168.258657][ T7081] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.315252][ T7081] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.415111][ T7081] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 168.430767][ T7081] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 168.478981][ T7081] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 168.540487][ T7081] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 168.563151][ T7081] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 168.627918][ T7081] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 170.084657][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 170.326213][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 170.484492][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 170.564533][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 170.912836][ T7141] [U] [ 170.915648][ T7141] [U] [ 170.918383][ T7141] [U] [ 170.921116][ T7141] [U] [ 170.975980][ T7141] [U] [ 170.978716][ T7141] [U] [ 170.981418][ T7141] [U] [ 170.984182][ T7141] [U] [ 171.037723][ T7141] [U] [ 172.164652][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 172.404791][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 172.565981][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 172.644739][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 172.950623][ T7153] Invalid ELF header magic: != ELF [ 173.136788][ T7181] FAULT_INJECTION: forcing a failure. [ 173.136788][ T7181] name failslab, interval 1, probability 0, space 0, times 0 [ 173.192392][ T7181] CPU: 1 UID: 0 PID: 7181 Comm: syz.2.268 Tainted: G L syzkaller #0 PREEMPT(full) [ 173.192441][ T7181] Tainted: [L]=SOFTLOCKUP [ 173.192450][ T7181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 173.192466][ T7181] Call Trace: [ 173.192528][ T7181] [ 173.192548][ T7181] dump_stack_lvl+0x100/0x190 [ 173.192592][ T7181] should_fail_ex.cold+0x5/0xa [ 173.192703][ T7181] should_failslab+0xc2/0x120 [ 173.192734][ T7181] __kmalloc_cache_noprof+0x7a/0x6f0 [ 173.192770][ T7181] ? vkms_plane_duplicate_state+0x87/0x130 [ 173.192823][ T7181] vkms_plane_duplicate_state+0x87/0x130 [ 173.192872][ T7181] drm_atomic_get_plane_state+0x279/0x760 [ 173.192924][ T7181] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 173.192958][ T7181] ? trace_contention_end+0x140/0x180 [ 173.193002][ T7181] ? __mutex_lock+0x26a/0x1b90 [ 173.193037][ T7181] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 173.193079][ T7181] ? drm_master_internal_acquire+0x21/0x80 [ 173.193157][ T7181] drm_client_modeset_commit_locked+0x14d/0x580 [ 173.193200][ T7181] drm_client_modeset_commit+0x4f/0x80 [ 173.193237][ T7181] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 173.193277][ T7181] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 173.193323][ T7181] drm_fbdev_client_restore+0x1b/0x30 [ 173.193366][ T7181] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 173.193413][ T7181] drm_client_dev_restore+0x205/0x2a0 [ 173.193452][ T7181] drm_release+0x2c6/0x360 [ 173.193479][ T7181] ? __pfx_drm_release+0x10/0x10 [ 173.193503][ T7181] __fput+0x3ff/0xb40 [ 173.193546][ T7181] task_work_run+0x150/0x240 [ 173.193586][ T7181] ? __pfx_task_work_run+0x10/0x10 [ 173.193647][ T7181] exit_to_user_mode_loop+0x100/0x4a0 [ 173.193687][ T7181] do_syscall_64+0x668/0xf80 [ 173.193720][ T7181] ? clear_bhb_loop+0x40/0x90 [ 173.193757][ T7181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.193786][ T7181] RIP: 0033:0x7f0640d9c799 [ 173.193814][ T7181] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.193840][ T7181] RSP: 002b:00007f0641c65028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 173.193872][ T7181] RAX: 0000000000000000 RBX: 00007f0641016360 RCX: 00007f0640d9c799 [ 173.193888][ T7181] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 173.193904][ T7181] RBP: 00007f0640e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 173.193920][ T7181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.193936][ T7181] R13: 00007f06410163f8 R14: 00007f0641016360 R15: 00007fff1adce338 [ 173.193979][ T7181] [ 173.686396][ T7178] netlink: 28 bytes leftover after parsing attributes in process `syz.3.269'. [ 173.739152][ T7178] bond0: (slave bond_slave_0): Releasing backup interface [ 174.244545][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 174.484578][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 174.649530][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 174.724543][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 175.445970][ T7202] netlink: 86 bytes leftover after parsing attributes in process `syz.1.272'. [ 176.222146][ T7217] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 176.480671][ T7216] FAULT_INJECTION: forcing a failure. [ 176.480671][ T7216] name failslab, interval 1, probability 0, space 0, times 0 [ 176.573419][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 176.579929][ T7216] CPU: 1 UID: 0 PID: 7216 Comm: syz.1.274 Tainted: G L syzkaller #0 PREEMPT(full) [ 176.579987][ T7216] Tainted: [L]=SOFTLOCKUP [ 176.579998][ T7216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 176.580015][ T7216] Call Trace: [ 176.580026][ T7216] [ 176.580037][ T7216] dump_stack_lvl+0x100/0x190 [ 176.580091][ T7216] should_fail_ex.cold+0x5/0xa [ 176.580129][ T7216] should_failslab+0xc2/0x120 [ 176.580162][ T7216] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 176.580210][ T7216] ? alloc_unbound_pwq+0x3ff/0xdd0 [ 176.580249][ T7216] alloc_unbound_pwq+0x3ff/0xdd0 [ 176.580292][ T7216] apply_wqattrs_prepare+0x3aa/0xbb0 [ 176.580338][ T7216] apply_workqueue_attrs_locked+0x64/0xe0 [ 176.580370][ T7216] __alloc_workqueue+0xe25/0x1880 [ 176.580418][ T7216] alloc_workqueue_noprof+0xd2/0x200 [ 176.580450][ T7216] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 176.580483][ T7216] ? rcu_is_watching+0x12/0xc0 [ 176.580521][ T7216] ? trace_kmalloc+0x101/0x130 [ 176.580547][ T7216] ? __kasan_kmalloc+0xaa/0xb0 [ 176.580587][ T7216] ? __kmalloc_noprof+0x320/0x850 [ 176.580632][ T7216] ieee80211_register_hw+0x1f80/0x4140 [ 176.580687][ T7216] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 176.580722][ T7216] ? __pfx___debug_object_init+0x10/0x10 [ 176.580767][ T7216] ? find_held_lock+0x2b/0x80 [ 176.580794][ T7216] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 176.580838][ T7216] ? __hrtimer_setup+0x178/0x280 [ 176.580877][ T7216] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 176.580952][ T7216] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 176.581000][ T7216] hwsim_new_radio_nl+0xc1f/0x1340 [ 176.581041][ T7216] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 176.581090][ T7216] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 176.581130][ T7216] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 176.581178][ T7216] genl_family_rcv_msg_doit+0x214/0x300 [ 176.581221][ T7216] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 176.581261][ T7216] ? genl_get_cmd+0x3ef/0x720 [ 176.581308][ T7216] ? bpf_lsm_capable+0x9/0x10 [ 176.581335][ T7216] ? security_capable+0x80/0x260 [ 176.581372][ T7216] ? ns_capable+0xd2/0xf0 [ 176.581402][ T7216] genl_rcv_msg+0x560/0x800 [ 176.581445][ T7216] ? __pfx_genl_rcv_msg+0x10/0x10 [ 176.581483][ T7216] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 176.581533][ T7216] netlink_rcv_skb+0x159/0x420 [ 176.581568][ T7216] ? __pfx_genl_rcv_msg+0x10/0x10 [ 176.581608][ T7216] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 176.581659][ T7216] ? netlink_deliver_tap+0x1ae/0xcc0 [ 176.581699][ T7216] genl_rcv+0x28/0x40 [ 176.581733][ T7216] netlink_unicast+0x5aa/0x870 [ 176.581773][ T7216] ? __pfx_netlink_unicast+0x10/0x10 [ 176.581823][ T7216] netlink_sendmsg+0x8b0/0xda0 [ 176.581864][ T7216] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.581896][ T7216] ? __import_iovec+0x1d2/0x640 [ 176.581927][ T7216] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 176.581978][ T7216] ____sys_sendmsg+0x9e1/0xb70 [ 176.582014][ T7216] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.582052][ T7216] ? __pfx_____sys_sendmsg+0x10/0x10 [ 176.582098][ T7216] ? __pfx_futex_wake_mark+0x10/0x10 [ 176.582143][ T7216] ___sys_sendmsg+0x190/0x1e0 [ 176.582186][ T7216] ? __pfx____sys_sendmsg+0x10/0x10 [ 176.582273][ T7216] __sys_sendmsg+0x170/0x220 [ 176.582307][ T7216] ? __pfx___sys_sendmsg+0x10/0x10 [ 176.582338][ T7216] ? __x64_sys_futex+0x34f/0x4d0 [ 176.582394][ T7216] do_syscall_64+0x106/0xf80 [ 176.582423][ T7216] ? clear_bhb_loop+0x40/0x90 [ 176.582457][ T7216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.582485][ T7216] RIP: 0033:0x7fb8dff9c799 [ 176.582508][ T7216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 176.582532][ T7216] RSP: 002b:00007fb8e0dfd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.582558][ T7216] RAX: ffffffffffffffda RBX: 00007fb8e0216090 RCX: 00007fb8dff9c799 [ 176.582576][ T7216] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 176.582593][ T7216] RBP: 00007fb8e0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 176.582609][ T7216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 176.582625][ T7216] R13: 00007fb8e0216128 R14: 00007fb8e0216090 R15: 00007fffb144fca8 [ 176.582663][ T7216] [ 177.002642][ T7223] binder: 7213:7223 unknown command 524032 [ 177.008819][ T7223] binder: 7213:7223 ioctl c0306201 0 returned -22 [ 177.644982][ T7225] [U] [ 177.647719][ T7225] [U] [ 177.650424][ T7225] [U] [ 177.653218][ T7225] [U] [ 177.657033][ T7225] [U] [ 177.659744][ T7225] [U] [ 177.662444][ T7225] [U] [ 177.665147][ T7225] [U] [ 177.681851][ T7235] FAULT_INJECTION: forcing a failure. [ 177.681851][ T7235] name failslab, interval 1, probability 0, space 0, times 0 [ 177.714655][ T7235] CPU: 1 UID: 0 PID: 7235 Comm: syz.1.280 Tainted: G L syzkaller #0 PREEMPT(full) [ 177.714716][ T7235] Tainted: [L]=SOFTLOCKUP [ 177.714725][ T7235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 177.714741][ T7235] Call Trace: [ 177.714750][ T7235] [ 177.714760][ T7235] dump_stack_lvl+0x100/0x190 [ 177.714808][ T7235] should_fail_ex.cold+0x5/0xa [ 177.714841][ T7235] should_failslab+0xc2/0x120 [ 177.714871][ T7235] __kvmalloc_node_noprof+0xfa/0xa00 [ 177.714912][ T7235] ? alloc_netdev_mqs+0xc99/0x14f0 [ 177.714947][ T7235] ? lockdep_init_map_type+0x5c/0x250 [ 177.714991][ T7235] alloc_netdev_mqs+0xc99/0x14f0 [ 177.715031][ T7235] ? __pfx_loopback_net_init+0x10/0x10 [ 177.715061][ T7235] loopback_net_init+0x38/0x170 [ 177.715088][ T7235] ? __pfx_loopback_net_init+0x10/0x10 [ 177.715112][ T7235] ops_init+0x1e2/0x5f0 [ 177.715137][ T7235] setup_net+0x118/0x3a0 [ 177.715160][ T7235] ? __pfx_setup_net+0x10/0x10 [ 177.715181][ T7235] ? lockdep_init_map_type+0x5c/0x250 [ 177.715204][ T7235] ? mutex_init_lockep+0x110/0x150 [ 177.715231][ T7235] copy_net_ns+0x46f/0x7c0 [ 177.715259][ T7235] create_new_namespaces+0x3ea/0xac0 [ 177.715283][ T7235] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 177.715304][ T7235] ksys_unshare+0x473/0xad0 [ 177.715327][ T7235] ? __pfx_ksys_unshare+0x10/0x10 [ 177.715357][ T7235] __x64_sys_unshare+0x31/0x40 [ 177.715378][ T7235] do_syscall_64+0x106/0xf80 [ 177.715399][ T7235] ? clear_bhb_loop+0x40/0x90 [ 177.715420][ T7235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.715438][ T7235] RIP: 0033:0x7fb8dff9c799 [ 177.715454][ T7235] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.715470][ T7235] RSP: 002b:00007fb8e0e1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 177.715488][ T7235] RAX: ffffffffffffffda RBX: 00007fb8e0215fa0 RCX: 00007fb8dff9c799 [ 177.715498][ T7235] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 177.715508][ T7235] RBP: 00007fb8e0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 177.715519][ T7235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.715529][ T7235] R13: 00007fb8e0216038 R14: 00007fb8e0215fa0 R15: 00007fffb144fca8 [ 177.715551][ T7235] [ 178.135394][ T7225] [U] [ 179.054537][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 181.126811][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 183.204522][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 184.106364][ T7364] netlink: 8 bytes leftover after parsing attributes in process `syz.3.309'. [ 184.515821][ T7369] Console: switching to colour VGA+ 80x25 [ 185.297929][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 187.364763][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 188.405799][ T7423] FAULT_INJECTION: forcing a failure. [ 188.405799][ T7423] name failslab, interval 1, probability 0, space 0, times 0 [ 188.522943][ T7423] CPU: 0 UID: 0 PID: 7423 Comm: syz.1.322 Tainted: G L syzkaller #0 PREEMPT(full) [ 188.522976][ T7423] Tainted: [L]=SOFTLOCKUP [ 188.522982][ T7423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 188.522992][ T7423] Call Trace: [ 188.522998][ T7423] [ 188.523006][ T7423] dump_stack_lvl+0x100/0x190 [ 188.523037][ T7423] should_fail_ex.cold+0x5/0xa [ 188.523058][ T7423] should_failslab+0xc2/0x120 [ 188.523077][ T7423] __kmalloc_cache_node_noprof+0x7d/0x770 [ 188.523106][ T7423] ? __alloc_workqueue+0xf78/0x1880 [ 188.523127][ T7423] ? lockdep_init_map_type+0x5c/0x250 [ 188.523154][ T7423] __alloc_workqueue+0xf78/0x1880 [ 188.523184][ T7423] alloc_workqueue_noprof+0xd2/0x200 [ 188.523205][ T7423] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 188.523227][ T7423] ? rcu_is_watching+0x12/0xc0 [ 188.523253][ T7423] ? trace_kmalloc+0x101/0x130 [ 188.523270][ T7423] ? __kasan_kmalloc+0xaa/0xb0 [ 188.523297][ T7423] ? __kmalloc_noprof+0x320/0x850 [ 188.523328][ T7423] ieee80211_register_hw+0x1f80/0x4140 [ 188.523364][ T7423] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 188.523388][ T7423] ? __pfx___debug_object_init+0x10/0x10 [ 188.523418][ T7423] ? find_held_lock+0x2b/0x80 [ 188.523435][ T7423] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 188.523465][ T7423] ? __hrtimer_setup+0x178/0x280 [ 188.523491][ T7423] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 188.523531][ T7423] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 188.523563][ T7423] hwsim_new_radio_nl+0xc1f/0x1340 [ 188.523590][ T7423] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 188.523622][ T7423] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 188.523650][ T7423] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 188.523682][ T7423] genl_family_rcv_msg_doit+0x214/0x300 [ 188.523712][ T7423] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 188.523738][ T7423] ? genl_get_cmd+0x3ef/0x720 [ 188.523768][ T7423] ? bpf_lsm_capable+0x9/0x10 [ 188.523786][ T7423] ? security_capable+0x80/0x260 [ 188.523811][ T7423] ? ns_capable+0xd2/0xf0 [ 188.523829][ T7423] genl_rcv_msg+0x560/0x800 [ 188.523858][ T7423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.523891][ T7423] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 188.523924][ T7423] netlink_rcv_skb+0x159/0x420 [ 188.523947][ T7423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.523980][ T7423] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 188.524013][ T7423] ? netlink_deliver_tap+0x1ae/0xcc0 [ 188.524039][ T7423] genl_rcv+0x28/0x40 [ 188.524063][ T7423] netlink_unicast+0x5aa/0x870 [ 188.524091][ T7423] ? __pfx_netlink_unicast+0x10/0x10 [ 188.524124][ T7423] netlink_sendmsg+0x8b0/0xda0 [ 188.524152][ T7423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.524174][ T7423] ? __import_iovec+0x1d2/0x640 [ 188.524195][ T7423] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 188.524223][ T7423] ____sys_sendmsg+0x9e1/0xb70 [ 188.524248][ T7423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.524274][ T7423] ? __pfx_____sys_sendmsg+0x10/0x10 [ 188.524305][ T7423] ? __pfx_futex_wake_mark+0x10/0x10 [ 188.524335][ T7423] ___sys_sendmsg+0x190/0x1e0 [ 188.524365][ T7423] ? __pfx____sys_sendmsg+0x10/0x10 [ 188.524441][ T7423] __sys_sendmsg+0x170/0x220 [ 188.524476][ T7423] ? __pfx___sys_sendmsg+0x10/0x10 [ 188.524501][ T7423] ? __x64_sys_futex+0x34f/0x4d0 [ 188.524538][ T7423] do_syscall_64+0x106/0xf80 [ 188.524560][ T7423] ? clear_bhb_loop+0x40/0x90 [ 188.524582][ T7423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.524600][ T7423] RIP: 0033:0x7fb8dff9c799 [ 188.524616][ T7423] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 188.524633][ T7423] RSP: 002b:00007fb8e0e1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.524651][ T7423] RAX: ffffffffffffffda RBX: 00007fb8e0215fa0 RCX: 00007fb8dff9c799 [ 188.524662][ T7423] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 188.524673][ T7423] RBP: 00007fb8e0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 188.524683][ T7423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 188.524694][ T7423] R13: 00007fb8e0216038 R14: 00007fb8e0215fa0 R15: 00007fffb144fca8 [ 188.524717][ T7423] [ 189.451083][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 191.534772][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 193.606060][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 193.823445][ T7472] Invalid ELF header magic: != ELF [ 194.057209][ T7480] [U] [ 194.059996][ T7480] [U] [ 194.062736][ T7480] [U] [ 194.065550][ T7480] [U] [ 194.104504][ T7480] [U] [ 194.107296][ T7480] [U] [ 194.110046][ T7480] [U] [ 194.112798][ T7480] [U] [ 194.149927][ T7480] [U] [ 194.152807][ T7480] [U] [ 194.155546][ T7480] [U] [ 194.158290][ T7480] [U] [ 194.175730][ T7480] [U] [ 194.178505][ T7480] [U] [ 194.181243][ T7480] [U] [ 194.183971][ T7480] [U] [ 194.201326][ T7480] [U] [ 194.204094][ T7480] [U] [ 194.206840][ T7480] [U] [ 194.209574][ T7480] [U] [ 194.223811][ T7480] [U] [ 194.226573][ T7480] [U] [ 194.229311][ T7480] [U] [ 194.232047][ T7480] [U] [ 194.249766][ T7480] [U] [ 194.252530][ T7480] [U] [ 194.255281][ T7480] [U] [ 194.258015][ T7480] [U] [ 194.297562][ T7480] [U] [ 194.410744][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.434520][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.357520][ T7473] ubi31: attaching mtd0 [ 195.454702][ T7473] ubi31: scanning is finished [ 195.490296][ T7473] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 195.684504][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 196.559342][ T7473] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 197.772958][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 199.904922][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 200.621678][ T7556] tipc: Can't bind to reserved service type 1 [ 201.924518][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 202.825258][ T7590] netlink: 64 bytes leftover after parsing attributes in process `syz.0.353'. [ 203.698647][ T7588] Invalid ELF header magic: != ELF [ 203.717980][ T7604] netlink: 12 bytes leftover after parsing attributes in process `syz.3.355'. [ 204.004950][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 204.320392][ T7612] __vm_enough_memory: pid: 7612, comm: syz.1.358, bytes: 4398046511104 not enough memory for the allocation [ 204.716506][ T7617] netlink: 12 bytes leftover after parsing attributes in process `syz.1.360'. [ 204.811644][ T7620] futex_wake_op: syz.2.361 tries to shift op by -2048; fix this program [ 204.874775][ T7620] futex_wake_op: syz.2.361 tries to shift op by -2048; fix this program [ 204.927818][ T7620] 0x000000000001-0x000000020000 : "" [ 204.947528][ T7620] ftl_cs: FTL header corrupt! [ 206.084501][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 206.389312][ T7655] FAULT_INJECTION: forcing a failure. [ 206.389312][ T7655] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 206.413181][ T7655] CPU: 1 UID: 0 PID: 7655 Comm: syz.0.370 Tainted: G L syzkaller #0 PREEMPT(full) [ 206.413232][ T7655] Tainted: [L]=SOFTLOCKUP [ 206.413243][ T7655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 206.413261][ T7655] Call Trace: [ 206.413272][ T7655] [ 206.413283][ T7655] dump_stack_lvl+0x100/0x190 [ 206.413335][ T7655] should_fail_ex.cold+0x5/0xa [ 206.413361][ T7655] ? prepare_alloc_pages+0x16d/0x5f0 [ 206.413397][ T7655] should_fail_alloc_page+0xeb/0x140 [ 206.413430][ T7655] prepare_alloc_pages+0x1f0/0x5f0 [ 206.413466][ T7655] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 206.413528][ T7655] ? stack_trace_save+0x8e/0xc0 [ 206.413557][ T7655] ? __pfx_stack_trace_save+0x10/0x10 [ 206.413585][ T7655] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 206.413628][ T7655] ? stack_depot_save_flags+0x27/0x9d0 [ 206.413667][ T7655] ? kasan_save_stack+0x3f/0x50 [ 206.413709][ T7655] ? kasan_save_stack+0x30/0x50 [ 206.413753][ T7655] ? kasan_save_track+0x14/0x30 [ 206.413796][ T7655] ? __kasan_kmalloc+0xaa/0xb0 [ 206.413840][ T7655] ? do_file_open+0x20e/0x430 [ 206.413867][ T7655] ? do_sys_openat2+0x10d/0x1e0 [ 206.413901][ T7655] ? __x64_sys_openat+0x12d/0x210 [ 206.413945][ T7655] ? do_syscall_64+0x106/0xf80 [ 206.413978][ T7655] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.414017][ T7655] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 206.414068][ T7655] ? policy_nodemask+0xed/0x4f0 [ 206.414102][ T7655] alloc_pages_mpol+0x1fb/0x550 [ 206.414133][ T7655] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 206.414173][ T7655] alloc_pages_noprof+0x131/0x390 [ 206.414204][ T7655] get_zeroed_page_noprof+0x18/0xb0 [ 206.414236][ T7655] mon_alloc_buff+0xce/0x1b0 [ 206.414280][ T7655] ? kasan_save_track+0x14/0x30 [ 206.414327][ T7655] mon_bin_open+0x207/0x470 [ 206.414379][ T7655] ? __pfx_mon_bin_open+0x10/0x10 [ 206.414420][ T7655] chrdev_open+0x234/0x6a0 [ 206.414451][ T7655] ? __pfx_chrdev_open+0x10/0x10 [ 206.414481][ T7655] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 206.414520][ T7655] do_dentry_open+0x6d8/0x1660 [ 206.414547][ T7655] ? __pfx_chrdev_open+0x10/0x10 [ 206.414584][ T7655] vfs_open+0x82/0x3f0 [ 206.414624][ T7655] path_openat+0x208c/0x31a0 [ 206.414666][ T7655] ? __pfx_path_openat+0x10/0x10 [ 206.414709][ T7655] do_file_open+0x20e/0x430 [ 206.414741][ T7655] ? __pfx_do_file_open+0x10/0x10 [ 206.414799][ T7655] ? alloc_fd+0x476/0x790 [ 206.414830][ T7655] ? do_getname+0x191/0x390 [ 206.414869][ T7655] do_sys_openat2+0x10d/0x1e0 [ 206.414914][ T7655] ? __pfx_do_sys_openat2+0x10/0x10 [ 206.414954][ T7655] ? __fget_files+0x21f/0x3d0 [ 206.414989][ T7655] __x64_sys_openat+0x12d/0x210 [ 206.415027][ T7655] ? __pfx___x64_sys_openat+0x10/0x10 [ 206.415080][ T7655] do_syscall_64+0x106/0xf80 [ 206.415115][ T7655] ? clear_bhb_loop+0x40/0x90 [ 206.415151][ T7655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.415180][ T7655] RIP: 0033:0x7fef3d99c799 [ 206.415204][ T7655] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 206.415231][ T7655] RSP: 002b:00007fef3e8ba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 206.415258][ T7655] RAX: ffffffffffffffda RBX: 00007fef3dc15fa0 RCX: 00007fef3d99c799 [ 206.415277][ T7655] RDX: 0000000000002040 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 206.415294][ T7655] RBP: 00007fef3da32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 206.415310][ T7655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 206.415326][ T7655] R13: 00007fef3dc16038 R14: 00007fef3dc15fa0 R15: 00007ffccd1d32a8 [ 206.415363][ T7655] [ 207.824258][ T7674] netlink: 21 bytes leftover after parsing attributes in process `syz.0.374'. [ 208.164585][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 208.714053][ T7681] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 208.758177][ T7681] FAULT_INJECTION: forcing a failure. [ 208.758177][ T7681] name failslab, interval 1, probability 0, space 0, times 0 [ 208.771039][ T7681] CPU: 1 UID: 0 PID: 7681 Comm: syz.0.377 Tainted: G L syzkaller #0 PREEMPT(full) [ 208.771079][ T7681] Tainted: [L]=SOFTLOCKUP [ 208.771087][ T7681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 208.771101][ T7681] Call Trace: [ 208.771109][ T7681] [ 208.771119][ T7681] dump_stack_lvl+0x100/0x190 [ 208.771160][ T7681] should_fail_ex.cold+0x5/0xa [ 208.771188][ T7681] ? sk_prot_alloc+0x10b/0x2a0 [ 208.771222][ T7681] should_failslab+0xc2/0x120 [ 208.771246][ T7681] __kmalloc_noprof+0xe0/0x850 [ 208.771288][ T7681] sk_prot_alloc+0x10b/0x2a0 [ 208.771326][ T7681] sk_alloc+0x36/0xe80 [ 208.771359][ T7681] __netlink_create+0x5e/0x2c0 [ 208.771388][ T7681] ? __wake_up+0x3f/0x60 [ 208.771420][ T7681] netlink_create+0x293/0x610 [ 208.771452][ T7681] ? __pfx_genl_bind+0x10/0x10 [ 208.771488][ T7681] ? __pfx_genl_unbind+0x10/0x10 [ 208.771527][ T7681] ? __pfx_genl_release+0x10/0x10 [ 208.771572][ T7681] __sock_create+0x339/0x860 [ 208.771621][ T7681] __sys_socket+0x14d/0x260 [ 208.771648][ T7681] ? __pfx___sys_socket+0x10/0x10 [ 208.771704][ T7681] __x64_sys_socket+0x72/0xb0 [ 208.771728][ T7681] ? lockdep_hardirqs_on+0x78/0x100 [ 208.771757][ T7681] do_syscall_64+0x106/0xf80 [ 208.771789][ T7681] ? clear_bhb_loop+0x40/0x90 [ 208.771826][ T7681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.771850][ T7681] RIP: 0033:0x7fef3d99c799 [ 208.771870][ T7681] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.771892][ T7681] RSP: 002b:00007fef3e8ba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 208.771915][ T7681] RAX: ffffffffffffffda RBX: 00007fef3dc15fa0 RCX: 00007fef3d99c799 [ 208.771938][ T7681] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 208.771951][ T7681] RBP: 00007fef3da32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 208.771965][ T7681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.771978][ T7681] R13: 00007fef3dc16038 R14: 00007fef3dc15fa0 R15: 00007ffccd1d32a8 [ 208.772008][ T7681] [ 210.056196][ T7704] netlink: 12 bytes leftover after parsing attributes in process `syz.1.382'. [ 210.244488][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 212.326230][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 212.391720][ T7731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.928489][ T7741] FAULT_INJECTION: forcing a failure. [ 212.928489][ T7741] name failslab, interval 1, probability 0, space 0, times 0 [ 212.963815][ T7741] CPU: 0 UID: 0 PID: 7741 Comm: syz.1.391 Tainted: G L syzkaller #0 PREEMPT(full) [ 212.963866][ T7741] Tainted: [L]=SOFTLOCKUP [ 212.963877][ T7741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 212.963894][ T7741] Call Trace: [ 212.963904][ T7741] [ 212.963917][ T7741] dump_stack_lvl+0x100/0x190 [ 212.963969][ T7741] should_fail_ex.cold+0x5/0xa [ 212.964008][ T7741] ? __alloc_empty_sheaf+0x35/0x50 [ 212.964048][ T7741] should_failslab+0xc2/0x120 [ 212.964083][ T7741] __kmalloc_noprof+0xe0/0x850 [ 212.964127][ T7741] ? __pcs_replace_empty_main+0x134/0x600 [ 212.964173][ T7741] ? __pcs_replace_empty_main+0x134/0x600 [ 212.964227][ T7741] __alloc_empty_sheaf+0x35/0x50 [ 212.964267][ T7741] __pcs_replace_empty_main+0x404/0x600 [ 212.964321][ T7741] kmem_cache_alloc_noprof+0x480/0x6e0 [ 212.964366][ T7741] ? sp_alloc+0x27/0x160 [ 212.964412][ T7741] sp_alloc+0x27/0x160 [ 212.964446][ T7741] mpol_set_shared_policy+0xa5/0x8a0 [ 212.964491][ T7741] ? __pfx_shmem_set_policy+0x10/0x10 [ 212.964525][ T7741] mbind_range+0x339/0x550 [ 212.964569][ T7741] do_mbind+0x7de/0xfd0 [ 212.964616][ T7741] ? __might_fault+0xc5/0x140 [ 212.964670][ T7741] ? __pfx_do_mbind+0x10/0x10 [ 212.964717][ T7741] ? _copy_from_user+0x59/0xd0 [ 212.964760][ T7741] ? __pfx_get_nodes+0x10/0x10 [ 212.964822][ T7741] kernel_mbind+0x1b7/0x200 [ 212.964865][ T7741] ? __pfx_kernel_mbind+0x10/0x10 [ 212.964915][ T7741] do_syscall_64+0x106/0xf80 [ 212.964951][ T7741] ? clear_bhb_loop+0x40/0x90 [ 212.964990][ T7741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.965020][ T7741] RIP: 0033:0x7fb8dff9c799 [ 212.965047][ T7741] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.965076][ T7741] RSP: 002b:00007fb8e0dfd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 212.965107][ T7741] RAX: ffffffffffffffda RBX: 00007fb8e0216090 RCX: 00007fb8dff9c799 [ 212.965127][ T7741] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 212.965154][ T7741] RBP: 00007fb8e0032bd9 R08: 0000000000000003 R09: 0000000000000003 [ 212.965172][ T7741] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 212.965189][ T7741] R13: 00007fb8e0216128 R14: 00007fb8e0216090 R15: 00007fffb144fca8 [ 212.965229][ T7741] [ 214.418413][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 215.727572][ T7774] FAULT_INJECTION: forcing a failure. [ 215.727572][ T7774] name failslab, interval 1, probability 0, space 0, times 0 [ 215.740447][ T7774] CPU: 0 UID: 0 PID: 7774 Comm: syz.0.400 Tainted: G L syzkaller #0 PREEMPT(full) [ 215.740492][ T7774] Tainted: [L]=SOFTLOCKUP [ 215.740501][ T7774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 215.740517][ T7774] Call Trace: [ 215.740527][ T7774] [ 215.740537][ T7774] dump_stack_lvl+0x100/0x190 [ 215.740587][ T7774] should_fail_ex.cold+0x5/0xa [ 215.740623][ T7774] should_failslab+0xc2/0x120 [ 215.740653][ T7774] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 215.740697][ T7774] ? __alloc_skb+0x140/0x710 [ 215.740737][ T7774] __alloc_skb+0x140/0x710 [ 215.740768][ T7774] ? __alloc_skb+0x5b7/0x710 [ 215.740799][ T7774] ? __pfx___alloc_skb+0x10/0x10 [ 215.740843][ T7774] netlink_alloc_large_skb+0x69/0x150 [ 215.740886][ T7774] netlink_sendmsg+0x680/0xda0 [ 215.740940][ T7774] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.740976][ T7774] ? __import_iovec+0x1d2/0x640 [ 215.741011][ T7774] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 215.741058][ T7774] ____sys_sendmsg+0x9e1/0xb70 [ 215.741099][ T7774] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.741141][ T7774] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.741207][ T7774] ___sys_sendmsg+0x190/0x1e0 [ 215.741252][ T7774] ? __pfx____sys_sendmsg+0x10/0x10 [ 215.741344][ T7774] __sys_sendmsg+0x170/0x220 [ 215.741381][ T7774] ? __pfx___sys_sendmsg+0x10/0x10 [ 215.741441][ T7774] do_syscall_64+0x106/0xf80 [ 215.741475][ T7774] ? clear_bhb_loop+0x40/0x90 [ 215.741510][ T7774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.741540][ T7774] RIP: 0033:0x7fef3d99c799 [ 215.741565][ T7774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 215.741593][ T7774] RSP: 002b:00007fef3e8ba028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 215.741622][ T7774] RAX: ffffffffffffffda RBX: 00007fef3dc15fa0 RCX: 00007fef3d99c799 [ 215.741641][ T7774] RDX: 0000000000000000 RSI: 0000200000003a80 RDI: 0000000000000003 [ 215.741658][ T7774] RBP: 00007fef3e8ba090 R08: 0000000000000000 R09: 0000000000000000 [ 215.741675][ T7774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.741692][ T7774] R13: 00007fef3dc16038 R14: 00007fef3dc15fa0 R15: 00007ffccd1d32a8 [ 215.741731][ T7774] [ 216.485052][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 218.105383][ T7817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.411'. [ 218.178898][ T7817] vlan1: entered promiscuous mode [ 218.206733][ T7817] vlan1: entered allmulticast mode [ 218.211914][ T7817] veth0_vlan: entered allmulticast mode [ 218.564692][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 219.244710][ T7828] netlink: 64 bytes leftover after parsing attributes in process `syz.3.412'. [ 220.464774][ T7841] nvme_fcloop: unknown parameter or missing value '7' [ 220.531129][ T7833] Invalid ELF header magic: != ELF [ 220.649302][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 221.207473][ T7846] FAULT_INJECTION: forcing a failure. [ 221.207473][ T7846] name failslab, interval 1, probability 0, space 0, times 0 [ 221.257096][ T7846] CPU: 0 UID: 0 PID: 7846 Comm: syz.1.417 Tainted: G L syzkaller #0 PREEMPT(full) [ 221.257147][ T7846] Tainted: [L]=SOFTLOCKUP [ 221.257157][ T7846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 221.257174][ T7846] Call Trace: [ 221.257184][ T7846] [ 221.257196][ T7846] dump_stack_lvl+0x100/0x190 [ 221.257250][ T7846] should_fail_ex.cold+0x5/0xa [ 221.257289][ T7846] ? apply_wqattrs_prepare+0xfe/0xbb0 [ 221.257320][ T7846] should_failslab+0xc2/0x120 [ 221.257354][ T7846] __kmalloc_noprof+0xe0/0x850 [ 221.257411][ T7846] apply_wqattrs_prepare+0xfe/0xbb0 [ 221.257442][ T7846] ? __alloc_workqueue+0x901/0x1880 [ 221.257492][ T7846] apply_workqueue_attrs_locked+0x64/0xe0 [ 221.257527][ T7846] __alloc_workqueue+0xe25/0x1880 [ 221.257588][ T7846] alloc_workqueue_noprof+0xd2/0x200 [ 221.257627][ T7846] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 221.257667][ T7846] ? rcu_is_watching+0x12/0xc0 [ 221.257714][ T7846] ? trace_kmalloc+0x101/0x130 [ 221.257746][ T7846] ? __kasan_kmalloc+0xaa/0xb0 [ 221.257795][ T7846] ? __kmalloc_noprof+0x320/0x850 [ 221.257848][ T7846] ieee80211_register_hw+0x1f80/0x4140 [ 221.257913][ T7846] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 221.257957][ T7846] ? __pfx___debug_object_init+0x10/0x10 [ 221.258011][ T7846] ? find_held_lock+0x2b/0x80 [ 221.258043][ T7846] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 221.258097][ T7846] ? __hrtimer_setup+0x178/0x280 [ 221.258143][ T7846] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 221.258217][ T7846] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 221.258271][ T7846] hwsim_new_radio_nl+0xc1f/0x1340 [ 221.258318][ T7846] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 221.258375][ T7846] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 221.258426][ T7846] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 221.258484][ T7846] genl_family_rcv_msg_doit+0x214/0x300 [ 221.258537][ T7846] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 221.258610][ T7846] ? genl_get_cmd+0x3ef/0x720 [ 221.258666][ T7846] ? bpf_lsm_capable+0x9/0x10 [ 221.258699][ T7846] ? security_capable+0x80/0x260 [ 221.258745][ T7846] ? ns_capable+0xd2/0xf0 [ 221.258780][ T7846] genl_rcv_msg+0x560/0x800 [ 221.258832][ T7846] ? __pfx_genl_rcv_msg+0x10/0x10 [ 221.258934][ T7846] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 221.258991][ T7846] netlink_rcv_skb+0x159/0x420 [ 221.259034][ T7846] ? __pfx_genl_rcv_msg+0x10/0x10 [ 221.259094][ T7846] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 221.259156][ T7846] ? netlink_deliver_tap+0x1ae/0xcc0 [ 221.259204][ T7846] genl_rcv+0x28/0x40 [ 221.259247][ T7846] netlink_unicast+0x5aa/0x870 [ 221.259298][ T7846] ? __pfx_netlink_unicast+0x10/0x10 [ 221.259354][ T7846] netlink_sendmsg+0x8b0/0xda0 [ 221.259399][ T7846] ? __pfx_netlink_sendmsg+0x10/0x10 [ 221.259435][ T7846] ? __import_iovec+0x1d2/0x640 [ 221.259472][ T7846] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 221.259524][ T7846] ____sys_sendmsg+0x9e1/0xb70 [ 221.259569][ T7846] ? __pfx_netlink_sendmsg+0x10/0x10 [ 221.259616][ T7846] ? __pfx_____sys_sendmsg+0x10/0x10 [ 221.259691][ T7846] ? try_to_wake_up+0x644/0x1a80 [ 221.259734][ T7846] ___sys_sendmsg+0x190/0x1e0 [ 221.259787][ T7846] ? __pfx____sys_sendmsg+0x10/0x10 [ 221.259837][ T7846] ? futex_private_hash_put+0x107/0x1c0 [ 221.259925][ T7846] __sys_sendmsg+0x170/0x220 [ 221.259966][ T7846] ? __pfx___sys_sendmsg+0x10/0x10 [ 221.260004][ T7846] ? __x64_sys_futex+0x34f/0x4d0 [ 221.260070][ T7846] do_syscall_64+0x106/0xf80 [ 221.260108][ T7846] ? clear_bhb_loop+0x40/0x90 [ 221.260149][ T7846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.260181][ T7846] RIP: 0033:0x7fb8dff9c799 [ 221.260209][ T7846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.260238][ T7846] RSP: 002b:00007fb8e0dfd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 221.260268][ T7846] RAX: ffffffffffffffda RBX: 00007fb8e0216090 RCX: 00007fb8dff9c799 [ 221.260288][ T7846] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 221.260307][ T7846] RBP: 00007fb8e0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 221.260326][ T7846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.260344][ T7846] R13: 00007fb8e0216128 R14: 00007fb8e0216090 R15: 00007fffb144fca8 [ 221.260388][ T7846] [ 221.989200][ T7851] netlink: 350 bytes leftover after parsing attributes in process `syz.1.419'. [ 222.724791][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 224.472988][ T7492] syz.3.333 (7492) used greatest stack depth: 17560 bytes left [ 224.812197][ T5826] Bluetooth: hci1: command 0x201b tx timeout [ 225.934202][ T5823] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 225.945878][ T5823] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 225.954084][ T5823] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 226.009040][ T5823] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 226.017154][ T5823] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 227.389541][ T127] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.461444][ T7896] netlink: 'syz.1.433': attribute type 27 has an invalid length. [ 227.470935][ T7896] netlink: 'syz.1.433': attribute type 28 has an invalid length. [ 227.479231][ T7896] netlink: 'syz.1.433': attribute type 29 has an invalid length. [ 227.490675][ T7896] netlink: 'syz.1.433': attribute type 30 has an invalid length. [ 227.513689][ T7896] netlink: 'syz.1.433': attribute type 31 has an invalid length. [ 227.527923][ T7896] netlink: 'syz.1.433': attribute type 32 has an invalid length. [ 227.535863][ T7896] netlink: 'syz.1.433': attribute type 33 has an invalid length. [ 227.543618][ T7896] netlink: 'syz.1.433': attribute type 35 has an invalid length. [ 227.554596][ T7896] netlink: 'syz.1.433': attribute type 37 has an invalid length. [ 227.563480][ T7896] netlink: 18 bytes leftover after parsing attributes in process `syz.1.433'. [ 227.657280][ T127] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.739362][ T7902] FAULT_INJECTION: forcing a failure. [ 227.739362][ T7902] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 227.825448][ T127] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.893225][ T127] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.903553][ T7902] CPU: 1 UID: 0 PID: 7902 Comm: syz.1.434 Tainted: G L syzkaller #0 PREEMPT(full) [ 227.903597][ T7902] Tainted: [L]=SOFTLOCKUP [ 227.903606][ T7902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 227.903620][ T7902] Call Trace: [ 227.903630][ T7902] [ 227.903641][ T7902] dump_stack_lvl+0x100/0x190 [ 227.903699][ T7902] should_fail_ex.cold+0x5/0xa [ 227.903731][ T7902] _copy_from_user+0x2e/0xd0 [ 227.903759][ T7902] copy_msghdr_from_user+0x9f/0x4f0 [ 227.903803][ T7902] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 227.903865][ T7902] ? __pfx__kstrtoull+0x10/0x10 [ 227.903904][ T7902] ___sys_sendmsg+0x106/0x1e0 [ 227.903945][ T7902] ? __pfx____sys_sendmsg+0x10/0x10 [ 227.903998][ T7902] ? find_held_lock+0x2b/0x80 [ 227.904051][ T7902] __sys_sendmmsg+0x205/0x430 [ 227.904086][ T7902] ? __pfx___sys_sendmmsg+0x10/0x10 [ 227.904127][ T7902] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 227.904174][ T7902] ? fput+0x79/0x100 [ 227.904202][ T7902] ? ksys_write+0x1ac/0x250 [ 227.904225][ T7902] ? __pfx_ksys_write+0x10/0x10 [ 227.904254][ T7902] __x64_sys_sendmmsg+0x9c/0x100 [ 227.904284][ T7902] ? lockdep_hardirqs_on+0x78/0x100 [ 227.904320][ T7902] do_syscall_64+0x106/0xf80 [ 227.904349][ T7902] ? clear_bhb_loop+0x40/0x90 [ 227.904386][ T7902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.904411][ T7902] RIP: 0033:0x7fb8dff9c799 [ 227.904434][ T7902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 227.904456][ T7902] RSP: 002b:00007fb8e0e1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 227.904481][ T7902] RAX: ffffffffffffffda RBX: 00007fb8e0215fa0 RCX: 00007fb8dff9c799 [ 227.904497][ T7902] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 227.904512][ T7902] RBP: 00007fb8e0e1e090 R08: 0000000000000000 R09: 0000000000000000 [ 227.904526][ T7902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.904541][ T7902] R13: 00007fb8e0216038 R14: 00007fb8e0215fa0 R15: 00007fffb144fca8 [ 227.904575][ T7902] [ 228.084642][ T5823] Bluetooth: hci4: command tx timeout [ 228.102784][ T7898] ubi0: attaching mtd0 [ 228.137309][ T7898] ubi0: scanning is finished [ 228.144900][ T7898] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 228.356303][ T7890] chnl_net:caif_netlink_parms(): no params data found [ 228.468530][ T7898] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 228.551126][ T7917] [U] [ 228.553917][ T7917] [U] [ 228.556663][ T7917] [U] [ 228.559492][ T7917] [U] [ 228.564919][ T7917] [U] [ 228.567676][ T7917] [U] [ 228.570415][ T7917] [U] [ 228.573149][ T7917] [U] [ 228.607952][ T7917] [U] [ 228.610724][ T7917] [U] [ 228.613609][ T7917] [U] [ 228.616336][ T7917] [U] [ 228.658801][ T7917] [U] [ 228.661573][ T7917] [U] [ 228.664296][ T7917] [U] [ 228.667005][ T7917] [U] [ 228.686636][ T7917] [U] [ 228.689392][ T7917] [U] [ 228.692100][ T7917] [U] [ 228.694826][ T7917] [U] [ 228.714667][ T7917] [U] [ 228.823448][ T7890] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.860072][ T7890] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.876087][ T7890] bridge_slave_0: entered allmulticast mode [ 228.887357][ T7890] bridge_slave_0: entered promiscuous mode [ 228.912898][ T7890] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.927925][ T7890] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.935952][ T7890] bridge_slave_1: entered allmulticast mode [ 228.944254][ T7890] bridge_slave_1: entered promiscuous mode [ 229.023005][ T127] bridge_slave_1: left allmulticast mode [ 229.029480][ T127] bridge_slave_1: left promiscuous mode [ 229.037791][ T127] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.052289][ T127] bridge_slave_0: left allmulticast mode [ 229.060340][ T127] bridge_slave_0: left promiscuous mode [ 229.066662][ T127] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.286654][ T127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.303787][ T127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.317309][ T127] bond0 (unregistering): Released all slaves [ 229.405936][ T7890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 229.527797][ T7890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 229.707041][ T7890] team0: Port device team_slave_0 added [ 229.739388][ T7890] team0: Port device team_slave_1 added [ 229.836133][ T127] hsr_slave_0: left promiscuous mode [ 229.862549][ T127] hsr_slave_1: left promiscuous mode [ 229.868725][ T127] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.877525][ T127] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.930814][ T127] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.956404][ T127] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.992243][ T127] veth1_macvtap: left promiscuous mode [ 229.998098][ T127] veth0_macvtap: left promiscuous mode [ 230.089846][ T127] veth1_vlan: left promiscuous mode [ 230.104642][ T127] veth0_vlan: left promiscuous mode [ 230.164461][ T5823] Bluetooth: hci4: command tx timeout [ 230.826123][ T127] team0 (unregistering): Port device team_slave_1 removed [ 230.863196][ T127] team0 (unregistering): Port device team_slave_0 removed [ 231.186485][ T7890] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.209617][ T7890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 231.260345][ T7890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 231.276136][ T7954] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 231.304829][ T7890] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 231.329472][ T7954] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 231.345733][ T7890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 231.384898][ T7954] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 231.427470][ T7890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 231.650406][ T7890] hsr_slave_0: entered promiscuous mode [ 231.668273][ T7890] hsr_slave_1: entered promiscuous mode [ 231.696724][ T7890] debugfs: 'hsr0' already exists in 'hsr' [ 231.702520][ T7890] Cannot create hsr debugfs directory [ 231.832354][ T7975] [U] [ 231.835135][ T7975] [U] [ 231.837877][ T7975] [U] [ 231.840626][ T7975] [U] [ 231.855566][ T7975] [U] [ 232.244631][ T5823] Bluetooth: hci4: command tx timeout [ 232.292325][ T7971] kexec: Could not allocate control_code_buffer [ 232.558991][ T7890] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 232.632549][ T7890] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 232.664074][ T7890] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 232.698613][ T7890] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 232.709656][ T7996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078000400 pfn:0x78000 [ 232.709745][ T7996] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 232.709772][ T7996] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 232.709806][ T7996] page_type: f5(slab) [ 232.709837][ T7996] raw: 00fff00000000240 ffff88813fe3cb40 ffffea0001ea9290 ffff88813fe37708 [ 232.709867][ T7996] raw: ffff888078000400 000000080010000f 00000000f5000000 0000000000000000 [ 232.709896][ T7996] head: 00fff00000000240 ffff88813fe3cb40 ffffea0001ea9290 ffff88813fe37708 [ 232.709925][ T7996] head: ffff888078000400 000000080010000f 00000000f5000000 0000000000000000 [ 232.709953][ T7996] head: 00fff00000000001 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 232.709984][ T7996] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 232.710003][ T7996] page dumped because: unmovable page [ 232.710020][ T7996] page_owner tracks the page as allocated [ 232.710058][ T7996] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5824, tgid 5824 (syz-executor), ts 87108311508, free_ts 87096407367 [ 232.710114][ T7996] post_alloc_hook+0x153/0x170 [ 232.710708][ T7996] get_page_from_freelist+0x111d/0x3140 [ 232.710759][ T7996] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 232.710804][ T7996] new_slab+0xa6/0x6c0 [ 232.710838][ T7996] refill_objects+0x26b/0x400 [ 232.710870][ T7996] __pcs_replace_empty_main+0x1ab/0x600 [ 232.710912][ T7996] __kmalloc_noprof+0x688/0x850 [ 232.710952][ T7996] __register_sysctl_table+0xbe4/0x1650 [ 232.710997][ T7996] __devinet_sysctl_register+0x1b9/0x360 [ 232.711038][ T7996] devinet_sysctl_register+0x17b/0x210 [ 232.711078][ T7996] inetdev_event+0xefb/0x17f0 [ 232.711117][ T7996] notifier_call_chain+0x99/0x420 [ 232.711156][ T7996] call_netdevice_notifiers_info+0xbe/0x110 [ 232.711233][ T7996] netif_change_name+0x4d9/0x830 [ 232.711267][ T7996] do_setlink.isra.0+0x31db/0x3e50 [ 232.711305][ T7996] rtnl_newlink+0x11bd/0x2380 [ 232.711340][ T7996] page last free pid 5819 tgid 5819 stack trace: [ 232.711359][ T7996] __free_frozen_pages+0x7e1/0x10d0 [ 232.711397][ T7996] qlist_free_all+0x47/0xe0 [ 232.711438][ T7996] kasan_quarantine_reduce+0x1a0/0x1f0 [ 232.711479][ T7996] __kasan_slab_alloc+0x69/0x90 [ 232.711504][ T7996] __kmalloc_cache_noprof+0x243/0x6f0 [ 232.711543][ T7996] __kthread_create_on_node+0xce/0x3f0 [ 232.711577][ T7996] kthread_create_on_node+0xc7/0x100 [ 232.711612][ T7996] napi_kthread_create+0x8f/0x130 [ 232.711663][ T7996] netif_napi_add_weight_locked+0x992/0xca0 [ 232.711705][ T7996] wg_peer_create+0x5be/0x9f0 [ 232.711866][ T7996] set_peer+0x8e7/0x1430 [ 232.711904][ T7996] wg_set_device_doit+0xa6e/0x1300 [ 232.711943][ T7996] genl_family_rcv_msg_doit+0x214/0x300 [ 232.711990][ T7996] genl_rcv_msg+0x560/0x800 [ 232.712035][ T7996] netlink_rcv_skb+0x159/0x420 [ 232.712077][ T7996] genl_rcv+0x28/0x40 [ 233.328921][ T7890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.444880][ T7890] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.790893][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.798210][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.843783][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.850982][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.335197][ T5823] Bluetooth: hci4: command tx timeout [ 235.347222][ T7890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.557817][ T7890] veth0_vlan: entered promiscuous mode [ 236.763845][ T7890] veth1_vlan: entered promiscuous mode [ 236.915510][ T7890] veth0_macvtap: entered promiscuous mode [ 236.937527][ T7890] veth1_macvtap: entered promiscuous mode [ 237.006972][ T7890] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.062169][ T7890] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.100344][ T127] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.122370][ T127] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.184811][ T127] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.237720][ T127] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.612616][ T127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.648413][ T127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.950780][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.984520][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.373916][ T8127] input: jJǸ-9%vJ86 as /devices/virtual/input/input7 [ 240.459826][ T8138] [U] [ 240.462593][ T8138] [U] [ 240.465303][ T8138] [U] [ 240.467999][ T8138] [U] [ 240.470887][ T8138] [U] [ 240.473590][ T8138] [U] [ 240.476372][ T8138] [U] [ 240.479062][ T8138] [U] [ 240.489696][ T8138] [U] [ 240.492477][ T8138] [U] [ 240.495212][ T8138] [U] [ 240.497951][ T8138] [U] [ 240.549730][ T8138] [U] [ 240.552514][ T8138] [U] [ 240.555257][ T8138] [U] [ 240.557996][ T8138] [U] [ 240.620377][ T8138] [U] [ 241.319953][ T8148] [U] [ 241.322686][ T8148] [U] [ 241.325375][ T8148] [U] [ 241.328092][ T8148] [U] [ 241.331670][ T8148] [U] [ 241.334389][ T8148] [U] [ 241.337118][ T8148] [U] [ 241.339828][ T8148] [U] [ 241.366069][ T8148] [U] [ 241.369016][ T8148] [U] [ 241.371758][ T8148] [U] [ 241.374490][ T8148] [U] [ 241.452590][ T8148] [U] [ 241.455337][ T8148] [U] [ 241.458031][ T8148] [U] [ 241.460893][ T8148] [U] [ 241.485498][ T8148] [U] [ 241.488256][ T8148] [U] [ 241.491032][ T8148] [U] [ 241.493731][ T8148] [U] [ 241.516339][ T8148] [U] [ 241.819559][ T8165] block2mtd: error: cannot open device [ 242.305176][ T8176] netlink: 4 bytes leftover after parsing attributes in process `syz.3.482'. [ 243.073892][ T8187] [U] [ 243.076765][ T8187] [U] [ 243.079543][ T8187] [U] [ 243.082378][ T8187] [U] [ 243.085416][ T8187] [U] [ 243.088275][ T8187] [U] [ 243.091026][ T8187] [U] [ 243.093762][ T8187] [U] [ 243.098169][ T8187] [U] [ 243.100935][ T8187] [U] [ 243.103806][ T8187] [U] [ 243.106552][ T8187] [U] [ 243.159232][ T8187] [U] [ 243.162116][ T8187] [U] [ 243.164880][ T8187] [U] [ 243.167628][ T8187] [U] [ 243.223179][ T8187] [U] [ 243.225964][ T8187] [U] [ 243.228705][ T8187] [U] [ 243.231452][ T8187] [U] [ 243.342848][ T8187] [U] [ 245.227270][ T8233] netlink: 48 bytes leftover after parsing attributes in process `syz.4.496'. [ 245.248538][ T8233] [U] [ 245.251269][ T8233] [U] [ 245.254059][ T8233] [U] [ 245.256767][ T8233] [U] [ 245.260126][ T8233] [U] [ 245.262829][ T8233] [U] [ 245.265516][ T8233] [U] [ 245.268208][ T8233] [U] [ 245.271949][ T8233] [U] [ 245.274668][ T8233] [U] [ 245.277358][ T8233] [U] [ 245.280058][ T8233] [U] [ 245.285275][ T8233] [U] [ 245.288017][ T8233] [U] [ 245.290707][ T8233] [U] [ 245.293423][ T8233] [U] [ 245.310025][ T8233] [U] [ 245.312811][ T8233] [U] [ 245.315562][ T8233] [U] [ 245.318302][ T8233] [U] [ 245.405103][ T8233] [U] [ 245.407897][ T8233] [U] [ 245.410631][ T8233] [U] [ 245.413364][ T8233] [U] [ 245.453012][ T8233] [U] [ 246.612739][ T8254] loop6: detected capacity change from 0 to 8192 [ 246.954058][ T8262] netlink: 4 bytes leftover after parsing attributes in process `syz.4.505'. [ 247.006271][ T8263] FAULT_INJECTION: forcing a failure. [ 247.006271][ T8263] name fail_futex, interval 1, probability 0, space 0, times 0 [ 247.035295][ T8263] CPU: 1 UID: 0 PID: 8263 Comm: syz.3.507 Tainted: G L syzkaller #0 PREEMPT(full) [ 247.035346][ T8263] Tainted: [L]=SOFTLOCKUP [ 247.035356][ T8263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 247.035374][ T8263] Call Trace: [ 247.035384][ T8263] [ 247.035396][ T8263] dump_stack_lvl+0x100/0x190 [ 247.035446][ T8263] should_fail_ex.cold+0x5/0xa [ 247.035480][ T8263] get_futex_key+0x1d2/0x1620 [ 247.035522][ T8263] ? __pfx_get_futex_key+0x10/0x10 [ 247.035562][ T8263] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.035626][ T8263] futex_wake+0xea/0x530 [ 247.035674][ T8263] ? __pfx_futex_wake+0x10/0x10 [ 247.035736][ T8263] do_futex+0x32b/0x350 [ 247.035775][ T8263] ? __pfx_do_futex+0x10/0x10 [ 247.035810][ T8263] ? fput+0x79/0x100 [ 247.035843][ T8263] ? __sys_sendmsg+0x18f/0x220 [ 247.035880][ T8263] __x64_sys_futex+0x34f/0x4d0 [ 247.035924][ T8263] ? __pfx___x64_sys_futex+0x10/0x10 [ 247.035979][ T8263] do_syscall_64+0x106/0xf80 [ 247.036013][ T8263] ? clear_bhb_loop+0x40/0x90 [ 247.036049][ T8263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.036079][ T8263] RIP: 0033:0x7fa70c39c799 [ 247.036104][ T8263] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 247.036132][ T8263] RSP: 002b:00007fa70d1bc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 247.036160][ T8263] RAX: ffffffffffffffda RBX: 00007fa70c615fa8 RCX: 00007fa70c39c799 [ 247.036179][ T8263] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa70c615fac [ 247.036197][ T8263] RBP: 00007fa70c615fa0 R08: 0000000000000000 R09: 0000000000000000 [ 247.036214][ T8263] R10: 000000000000003c R11: 0000000000000246 R12: 0000000000000000 [ 247.036231][ T8263] R13: 00007fa70c616038 R14: 00007ffcd3400b40 R15: 00007ffcd3400c28 [ 247.036271][ T8263] [ 247.635306][ T8274] FAULT_INJECTION: forcing a failure. [ 247.635306][ T8274] name failslab, interval 1, probability 0, space 0, times 0 [ 247.687678][ T8274] CPU: 1 UID: 0 PID: 8274 Comm: syz.1.510 Tainted: G L syzkaller #0 PREEMPT(full) [ 247.687731][ T8274] Tainted: [L]=SOFTLOCKUP [ 247.687743][ T8274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 247.687760][ T8274] Call Trace: [ 247.687771][ T8274] [ 247.687783][ T8274] dump_stack_lvl+0x100/0x190 [ 247.687837][ T8274] should_fail_ex.cold+0x5/0xa [ 247.687874][ T8274] should_failslab+0xc2/0x120 [ 247.687906][ T8274] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 247.687951][ T8274] ? security_inode_alloc+0x3b/0x2c0 [ 247.687999][ T8274] ? lockdep_init_map_type+0x5c/0x250 [ 247.688049][ T8274] security_inode_alloc+0x3b/0x2c0 [ 247.688097][ T8274] inode_init_always_gfp+0xced/0x1040 [ 247.688133][ T8274] alloc_inode+0x8e/0x250 [ 247.688171][ T8274] sock_alloc+0x44/0x280 [ 247.688210][ T8274] ? security_socket_create+0x7f/0x250 [ 247.688256][ T8274] __sock_create+0xc2/0x860 [ 247.688311][ T8274] __sys_socket+0x14d/0x260 [ 247.688341][ T8274] ? __pfx___sys_socket+0x10/0x10 [ 247.688402][ T8274] __x64_sys_socket+0x72/0xb0 [ 247.688430][ T8274] ? lockdep_hardirqs_on+0x78/0x100 [ 247.688469][ T8274] do_syscall_64+0x106/0xf80 [ 247.688504][ T8274] ? clear_bhb_loop+0x40/0x90 [ 247.688543][ T8274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.688576][ T8274] RIP: 0033:0x7fb8dff9e007 [ 247.688602][ T8274] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 247.688631][ T8274] RSP: 002b:00007fb8e0e1cf98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 247.688674][ T8274] RAX: ffffffffffffffda RBX: 00007fb8e0215fa0 RCX: 00007fb8dff9e007 [ 247.688694][ T8274] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 247.688712][ T8274] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 247.688729][ T8274] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 247.688746][ T8274] R13: 00007fb8e0216038 R14: 00007fb8e0215fa0 R15: 00007fffb144fca8 [ 247.688787][ T8274] [ 247.688826][ T8274] socket: no more sockets [ 253.875979][ T8344] capability: warning: `syz.3.519' uses 32-bit capabilities (legacy support in use) [ 255.334626][ T8377] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 255.850459][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.860138][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.254623][ T8368] sd 0:0:1:0: PR command failed: 1026 [ 256.260112][ T8368] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 256.430432][ T8368] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 257.873382][ T8410] delete_channel: no stack [ 259.276112][ T8439] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 260.247695][ T8449] usb usb2: usbfs: process 8449 (syz.0.539) did not claim interface 4 before use [ 261.206613][ T8463] netlink: 'syz.3.544': attribute type 1 has an invalid length. [ 261.249630][ T8463] netlink: 306 bytes leftover after parsing attributes in process `syz.3.544'. [ 261.425054][ T8470] FAULT_INJECTION: forcing a failure. [ 261.425054][ T8470] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 261.486118][ T8470] CPU: 1 UID: 0 PID: 8470 Comm: syz.0.547 Tainted: G L syzkaller #0 PREEMPT(full) [ 261.486169][ T8470] Tainted: [L]=SOFTLOCKUP [ 261.486182][ T8470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 261.486200][ T8470] Call Trace: [ 261.486210][ T8470] [ 261.486223][ T8470] dump_stack_lvl+0x100/0x190 [ 261.486283][ T8470] should_fail_ex.cold+0x5/0xa [ 261.486320][ T8470] ? prepare_alloc_pages+0x16d/0x5f0 [ 261.486358][ T8470] should_fail_alloc_page+0xeb/0x140 [ 261.486390][ T8470] prepare_alloc_pages+0x1f0/0x5f0 [ 261.486428][ T8470] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 261.486474][ T8470] ? __pfx_futex_wake_mark+0x10/0x10 [ 261.486522][ T8470] ? futex_hash+0x2c5/0x380 [ 261.486561][ T8470] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 261.486608][ T8470] ? futex_wait+0x125/0x380 [ 261.486660][ T8470] ? __pfx_futex_wait+0x10/0x10 [ 261.486712][ T8470] ? ksys_write+0x190/0x250 [ 261.486737][ T8470] ? ksys_write+0x190/0x250 [ 261.486765][ T8470] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 261.486815][ T8470] ? policy_nodemask+0xed/0x4f0 [ 261.486849][ T8470] alloc_pages_mpol+0x1fb/0x550 [ 261.486879][ T8470] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 261.486911][ T8470] ? __x64_sys_futex+0x34f/0x4d0 [ 261.486946][ T8470] ? __x64_sys_futex+0x358/0x4d0 [ 261.486987][ T8470] alloc_pages_noprof+0x131/0x390 [ 261.487018][ T8470] get_free_pages_noprof+0x10/0xb0 [ 261.487047][ T8470] __do_sys_mincore+0xf7/0x610 [ 261.487093][ T8470] do_syscall_64+0x106/0xf80 [ 261.487128][ T8470] ? clear_bhb_loop+0x40/0x90 [ 261.487163][ T8470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.487193][ T8470] RIP: 0033:0x7fef3d99c799 [ 261.487216][ T8470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 261.487243][ T8470] RSP: 002b:00007fef3e899028 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 261.487272][ T8470] RAX: ffffffffffffffda RBX: 00007fef3dc16090 RCX: 00007fef3d99c799 [ 261.487290][ T8470] RDX: 0000000000000000 RSI: 0000000004000000 RDI: 0000000000001000 [ 261.487307][ T8470] RBP: 00007fef3da32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 261.487323][ T8470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 261.487350][ T8470] R13: 00007fef3dc16128 R14: 00007fef3dc16090 R15: 00007ffccd1d32a8 [ 261.487387][ T8470] [ 262.135408][ T8480] [U] [ 262.138192][ T8480] [U] [ 262.140929][ T8480] [U] [ 262.143773][ T8480] [U] [ 262.147287][ T8480] [U] [ 262.150055][ T8480] [U] [ 262.152806][ T8480] [U] [ 262.155593][ T8480] [U] [ 262.161466][ T8480] [U] [ 262.164235][ T8480] [U] [ 262.167062][ T8480] [U] [ 262.169799][ T8480] [U] [ 262.173426][ T8480] [U] [ 262.176170][ T8480] [U] [ 262.178903][ T8480] [U] [ 262.181640][ T8480] [U] [ 262.208384][ T8480] [U] [ 262.211168][ T8480] [U] [ 262.213906][ T8480] [U] [ 262.213904][ T29] audit: type=1804 audit(1772876764.066:5): pid=8465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.546" name="/newroot/sys/kernel/tracing/trace" dev="tracefs" ino=368 res=1 errno=0 [ 262.216627][ T8480] [U] [ 262.225358][ T8480] [U] [ 262.244023][ T8480] [U] [ 262.246771][ T8480] [U] [ 262.249515][ T8480] [U] [ 262.385345][ T8480] [U] [ 265.165460][ T8515] [U] [ 265.168243][ T8515] [U] [ 265.171074][ T8515] [U] [ 265.173835][ T8515] [U] [ 265.245508][ T8515] [U] [ 265.248276][ T8515] [U] [ 265.250972][ T8515] [U] [ 265.253689][ T8515] [U] [ 265.366471][ T8515] [U] [ 266.710041][ T8532] ovs_: entered promiscuous mode [ 268.061510][ T8544] netlink: 354 bytes leftover after parsing attributes in process `syz.3.566'. [ 268.288632][ T8552] [U] [ 268.291429][ T8552] [U] [ 268.294175][ T8552] [U] [ 268.296917][ T8552] [U] [ 268.434809][ T8552] [U] [ 268.437689][ T8552] [U] [ 268.440436][ T8552] [U] [ 268.443170][ T8552] [U] [ 268.487308][ T8552] [U] [ 268.490098][ T8552] [U] [ 268.492847][ T8552] [U] [ 268.495677][ T8552] [U] [ 268.597910][ T8552] [U] [ 268.608157][ T8554] [U] [ 268.610946][ T8554] [U] [ 268.613691][ T8554] [U] [ 268.616438][ T8554] [U] [ 268.669265][ T8554] [U] [ 268.672056][ T8554] [U] [ 268.674902][ T8554] [U] [ 268.677644][ T8554] [U] [ 268.784597][ T8554] [U] [ 268.787467][ T8554] [U] [ 268.790220][ T8554] [U] [ 268.792961][ T8554] [U] [ 268.905045][ T8554] [U] [ 269.087746][ T8565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.573'. [ 269.955485][ T8579] FAULT_INJECTION: forcing a failure. [ 269.955485][ T8579] name fail_futex, interval 1, probability 0, space 0, times 0 [ 270.045146][ T8579] CPU: 0 UID: 0 PID: 8579 Comm: syz.1.578 Tainted: G L syzkaller #0 PREEMPT(full) [ 270.045198][ T8579] Tainted: [L]=SOFTLOCKUP [ 270.045209][ T8579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 270.045228][ T8579] Call Trace: [ 270.045238][ T8579] [ 270.045250][ T8579] dump_stack_lvl+0x100/0x190 [ 270.045301][ T8579] should_fail_ex.cold+0x5/0xa [ 270.045339][ T8579] get_futex_key+0x1d2/0x1620 [ 270.045378][ T8579] ? __pfx_get_futex_key+0x10/0x10 [ 270.045429][ T8579] futex_wait_setup+0x83/0x510 [ 270.045487][ T8579] __futex_wait+0x19f/0x300 [ 270.045536][ T8579] ? __pfx___futex_wait+0x10/0x10 [ 270.045589][ T8579] ? __pfx_futex_wake_mark+0x10/0x10 [ 270.045637][ T8579] ? futex_hash+0x2c5/0x380 [ 270.045685][ T8579] futex_wait+0xed/0x380 [ 270.045734][ T8579] ? __pfx_futex_wait+0x10/0x10 [ 270.045802][ T8579] do_futex+0x1ef/0x350 [ 270.045843][ T8579] ? __pfx_do_futex+0x10/0x10 [ 270.045893][ T8579] ? fput+0x79/0x100 [ 270.045931][ T8579] ? __sys_sendmsg+0x18f/0x220 [ 270.045970][ T8579] __x64_sys_futex+0x34f/0x4d0 [ 270.046017][ T8579] ? __pfx___x64_sys_futex+0x10/0x10 [ 270.046073][ T8579] do_syscall_64+0x106/0xf80 [ 270.046109][ T8579] ? clear_bhb_loop+0x40/0x90 [ 270.046148][ T8579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.046181][ T8579] RIP: 0033:0x7fb8dff9c799 [ 270.046209][ T8579] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 270.046237][ T8579] RSP: 002b:00007fb8e0e1e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 270.046268][ T8579] RAX: ffffffffffffffda RBX: 00007fb8e0215fa8 RCX: 00007fb8dff9c799 [ 270.046288][ T8579] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb8e0215fa8 [ 270.046307][ T8579] RBP: 00007fb8e0215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 270.046325][ T8579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 270.046343][ T8579] R13: 00007fb8e0216038 R14: 00007fffb144fbc0 R15: 00007fffb144fca8 [ 270.046384][ T8579] [ 271.597848][ T8589] FAULT_INJECTION: forcing a failure. [ 271.597848][ T8589] name fail_futex, interval 1, probability 0, space 0, times 0 [ 271.800132][ T8589] CPU: 0 UID: 0 PID: 8589 Comm: syz.1.580 Tainted: G L syzkaller #0 PREEMPT(full) [ 271.800184][ T8589] Tainted: [L]=SOFTLOCKUP [ 271.800194][ T8589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 271.800212][ T8589] Call Trace: [ 271.800222][ T8589] [ 271.800234][ T8589] dump_stack_lvl+0x100/0x190 [ 271.800284][ T8589] should_fail_ex.cold+0x5/0xa [ 271.800321][ T8589] get_futex_key+0x1d2/0x1620 [ 271.800364][ T8589] ? __pfx_get_futex_key+0x10/0x10 [ 271.800415][ T8589] futex_wake+0xea/0x530 [ 271.800465][ T8589] ? __pfx_futex_wake+0x10/0x10 [ 271.800514][ T8589] ? putname+0xb1/0x110 [ 271.800544][ T8589] ? kmem_cache_free+0x124/0x6a0 [ 271.800601][ T8589] do_futex+0x32b/0x350 [ 271.800639][ T8589] ? __pfx_do_futex+0x10/0x10 [ 271.800671][ T8589] ? __pfx_do_sys_openat2+0x10/0x10 [ 271.800706][ T8589] ? __fget_files+0x21f/0x3d0 [ 271.800748][ T8589] __x64_sys_futex+0x34f/0x4d0 [ 271.800788][ T8589] ? __x64_sys_openat+0x12d/0x210 [ 271.800827][ T8589] ? __pfx___x64_sys_futex+0x10/0x10 [ 271.800878][ T8589] do_syscall_64+0x106/0xf80 [ 271.800912][ T8589] ? clear_bhb_loop+0x40/0x90 [ 271.800947][ T8589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.800979][ T8589] RIP: 0033:0x7fb8dff9c799 [ 271.801004][ T8589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 271.801033][ T8589] RSP: 002b:00007fb8e0e1e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 271.801063][ T8589] RAX: ffffffffffffffda RBX: 00007fb8e0215fa8 RCX: 00007fb8dff9c799 [ 271.801081][ T8589] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb8e0215fac [ 271.801098][ T8589] RBP: 00007fb8e0215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 271.801115][ T8589] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 271.801132][ T8589] R13: 00007fb8e0216038 R14: 00007fffb144fbc0 R15: 00007fffb144fca8 [ 271.801170][ T8589] [ 272.414582][ T8606] vivid-007: ================= START STATUS ================= [ 272.464577][ T8606] vivid-007: Generate PTS: true [ 272.487397][ T8606] vivid-007: Generate SCR: true [ 272.492358][ T8606] tpg source WxH: 320x240 (Y'CbCr) [ 272.570955][ T8600] [U] [ 272.573742][ T8600] [U] [ 272.576490][ T8600] [U] [ 272.579238][ T8600] [U] [ 272.602603][ T8606] tpg field: 1 [ 272.602706][ T8600] [U] [ 272.702514][ T8606] tpg crop: (0,0)/320x240 [ 272.759215][ T8606] tpg compose: (0,0)/320x240 [ 272.763852][ T8606] tpg colorspace: 8 [ 272.904753][ T8606] tpg transfer function: 0/0 [ 272.909416][ T8606] tpg Y'CbCr encoding: 0/0 [ 272.954417][ T8606] tpg quantization: 0/0 [ 272.968101][ T8606] tpg RGB range: 0/2 [ 272.972070][ T8606] vivid-007: ================== END STATUS ================== [ 273.291922][ T8618] FAULT_INJECTION: forcing a failure. [ 273.291922][ T8618] name failslab, interval 1, probability 0, space 0, times 0 [ 273.395003][ T8618] CPU: 0 UID: 0 PID: 8618 Comm: syz.0.587 Tainted: G L syzkaller #0 PREEMPT(full) [ 273.395058][ T8618] Tainted: [L]=SOFTLOCKUP [ 273.395068][ T8618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 273.395086][ T8618] Call Trace: [ 273.395097][ T8618] [ 273.395110][ T8618] dump_stack_lvl+0x100/0x190 [ 273.395162][ T8618] should_fail_ex.cold+0x5/0xa [ 273.395199][ T8618] should_failslab+0xc2/0x120 [ 273.395232][ T8618] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 273.395277][ T8618] ? security_inode_alloc+0x3b/0x2c0 [ 273.395323][ T8618] ? lockdep_init_map_type+0x5c/0x250 [ 273.395369][ T8618] security_inode_alloc+0x3b/0x2c0 [ 273.395417][ T8618] inode_init_always_gfp+0xced/0x1040 [ 273.395454][ T8618] alloc_inode+0x8e/0x250 [ 273.395495][ T8618] sock_alloc+0x44/0x280 [ 273.395533][ T8618] ? security_socket_create+0x7f/0x250 [ 273.395579][ T8618] __sock_create+0xc2/0x860 [ 273.395642][ T8618] __sys_socket+0x14d/0x260 [ 273.395671][ T8618] ? __pfx___sys_socket+0x10/0x10 [ 273.395732][ T8618] __x64_sys_socket+0x72/0xb0 [ 273.395760][ T8618] ? lockdep_hardirqs_on+0x78/0x100 [ 273.395798][ T8618] do_syscall_64+0x106/0xf80 [ 273.395832][ T8618] ? clear_bhb_loop+0x40/0x90 [ 273.395869][ T8618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.395900][ T8618] RIP: 0033:0x7fef3d99c799 [ 273.395925][ T8618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 273.395954][ T8618] RSP: 002b:00007fef3e8ba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 273.395989][ T8618] RAX: ffffffffffffffda RBX: 00007fef3dc15fa0 RCX: 00007fef3d99c799 [ 273.396009][ T8618] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 273.396028][ T8618] RBP: 00007fef3da32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 273.396046][ T8618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 273.396063][ T8618] R13: 00007fef3dc16038 R14: 00007fef3dc15fa0 R15: 00007ffccd1d32a8 [ 273.396104][ T8618] [ 273.396180][ T8618] socket: no more sockets [ 274.413776][ T8628] FAULT_INJECTION: forcing a failure. [ 274.413776][ T8628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 274.524504][ T8628] CPU: 0 UID: 0 PID: 8628 Comm: syz.4.589 Tainted: G L syzkaller #0 PREEMPT(full) [ 274.524553][ T8628] Tainted: [L]=SOFTLOCKUP [ 274.524563][ T8628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 274.524579][ T8628] Call Trace: [ 274.524589][ T8628] [ 274.524599][ T8628] dump_stack_lvl+0x100/0x190 [ 274.524646][ T8628] should_fail_ex.cold+0x5/0xa [ 274.524689][ T8628] _copy_from_iter+0x1f4/0x1690 [ 274.524722][ T8628] ? __asan_memset+0x23/0x50 [ 274.524763][ T8628] ? __pfx__copy_from_iter+0x10/0x10 [ 274.524791][ T8628] ? __pfx___alloc_skb+0x10/0x10 [ 274.524839][ T8628] netlink_sendmsg+0x808/0xda0 [ 274.524885][ T8628] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.524919][ T8628] ? __import_iovec+0x1d2/0x640 [ 274.524952][ T8628] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 274.525006][ T8628] ____sys_sendmsg+0x9e1/0xb70 [ 274.525043][ T8628] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.525082][ T8628] ? __pfx_____sys_sendmsg+0x10/0x10 [ 274.525129][ T8628] ? __pfx__kstrtoull+0x10/0x10 [ 274.525171][ T8628] ___sys_sendmsg+0x190/0x1e0 [ 274.525217][ T8628] ? __pfx____sys_sendmsg+0x10/0x10 [ 274.525277][ T8628] ? find_held_lock+0x2b/0x80 [ 274.525330][ T8628] __sys_sendmmsg+0x205/0x430 [ 274.525369][ T8628] ? __pfx___sys_sendmmsg+0x10/0x10 [ 274.525418][ T8628] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 274.525471][ T8628] ? fput+0x79/0x100 [ 274.525504][ T8628] ? ksys_write+0x1ac/0x250 [ 274.525529][ T8628] ? __pfx_ksys_write+0x10/0x10 [ 274.525562][ T8628] __x64_sys_sendmmsg+0x9c/0x100 [ 274.525597][ T8628] ? lockdep_hardirqs_on+0x78/0x100 [ 274.525628][ T8628] do_syscall_64+0x106/0xf80 [ 274.525661][ T8628] ? clear_bhb_loop+0x40/0x90 [ 274.525705][ T8628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.525735][ T8628] RIP: 0033:0x7f576959c799 [ 274.525759][ T8628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 274.525784][ T8628] RSP: 002b:00007f576a43a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 274.525810][ T8628] RAX: ffffffffffffffda RBX: 00007f5769815fa0 RCX: 00007f576959c799 [ 274.525828][ T8628] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 274.525844][ T8628] RBP: 00007f576a43a090 R08: 0000000000000000 R09: 0000000000000000 [ 274.525860][ T8628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.525875][ T8628] R13: 00007f5769816038 R14: 00007f5769815fa0 R15: 00007fff4ad23bb8 [ 274.525914][ T8628] [ 275.456501][ T8631] netlink: 4 bytes leftover after parsing attributes in process `syz.4.591'. [ 276.860758][ T8645] [U] [ 276.863591][ T8645] [U] [ 276.866329][ T8645] [U] [ 276.869063][ T8645] [U] [ 277.054582][ T8645] [U] [ 277.057322][ T8645] [U] [ 277.060013][ T8645] [U] [ 277.062793][ T8645] [U] [ 277.080016][ T8645] [U] [ 277.082796][ T8645] [U] [ 277.085525][ T8645] [U] [ 277.088247][ T8645] [U] [ 277.329317][ T8645] [U] [ 277.332100][ T8645] [U] [ 277.334834][ T8645] [U] [ 277.337583][ T8645] [U] [ 277.627673][ T8645] [U] [ 278.757662][ T8669] FAULT_INJECTION: forcing a failure. [ 278.757662][ T8669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 278.794879][ T8669] CPU: 1 UID: 0 PID: 8669 Comm: syz.4.599 Tainted: G L syzkaller #0 PREEMPT(full) [ 278.794925][ T8669] Tainted: [L]=SOFTLOCKUP [ 278.794936][ T8669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 278.794950][ T8669] Call Trace: [ 278.794959][ T8669] [ 278.794971][ T8669] dump_stack_lvl+0x100/0x190 [ 278.795017][ T8669] should_fail_ex.cold+0x5/0xa [ 278.795052][ T8669] _copy_from_user+0x2e/0xd0 [ 278.795083][ T8669] __sys_bpf+0x243/0x4b90 [ 278.795120][ T8669] ? __pfx___sys_bpf+0x10/0x10 [ 278.795148][ T8669] ? proc_fail_nth_write+0x9f/0x220 [ 278.795182][ T8669] ? find_held_lock+0x2b/0x80 [ 278.795215][ T8669] ? find_held_lock+0x2b/0x80 [ 278.795241][ T8669] ? ksys_write+0x190/0x250 [ 278.795276][ T8669] ? __mutex_unlock_slowpath+0x15c/0x790 [ 278.795314][ T8669] ? __fget_files+0x215/0x3d0 [ 278.795360][ T8669] ? fput+0x79/0x100 [ 278.795392][ T8669] ? ksys_write+0x1ac/0x250 [ 278.795417][ T8669] ? __pfx_ksys_write+0x10/0x10 [ 278.795450][ T8669] __x64_sys_bpf+0x7b/0xc0 [ 278.795482][ T8669] ? lockdep_hardirqs_on+0x78/0x100 [ 278.795514][ T8669] do_syscall_64+0x106/0xf80 [ 278.795546][ T8669] ? clear_bhb_loop+0x40/0x90 [ 278.795580][ T8669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.795607][ T8669] RIP: 0033:0x7f576959c799 [ 278.795632][ T8669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 278.795659][ T8669] RSP: 002b:00007f576a43a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 278.795688][ T8669] RAX: ffffffffffffffda RBX: 00007f5769815fa0 RCX: 00007f576959c799 [ 278.795707][ T8669] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 278.795724][ T8669] RBP: 00007f576a43a090 R08: 0000000000000000 R09: 0000000000000000 [ 278.795740][ T8669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.795757][ T8669] R13: 00007f5769816038 R14: 00007f5769815fa0 R15: 00007fff4ad23bb8 [ 278.795794][ T8669] [ 280.188958][ T8686] can: request_module (can-proto-0) failed. [ 282.324018][ T8714] sctp: [Deprecated]: syz.4.605 (pid 8714) Use of struct sctp_assoc_value in delayed_ack socket option. [ 282.324018][ T8714] Use struct sctp_sack_info instead [ 284.556107][ T8748] netlink: 28 bytes leftover after parsing attributes in process `syz.3.611'. [ 284.851883][ T8751] FAULT_INJECTION: forcing a failure. [ 284.851883][ T8751] name failslab, interval 1, probability 0, space 0, times 0 [ 284.945105][ T8751] CPU: 0 UID: 0 PID: 8751 Comm: syz.4.612 Tainted: G L syzkaller #0 PREEMPT(full) [ 284.945156][ T8751] Tainted: [L]=SOFTLOCKUP [ 284.945167][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 284.945185][ T8751] Call Trace: [ 284.945196][ T8751] [ 284.945208][ T8751] dump_stack_lvl+0x100/0x190 [ 284.945261][ T8751] should_fail_ex.cold+0x5/0xa [ 284.945300][ T8751] should_failslab+0xc2/0x120 [ 284.945334][ T8751] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 284.945378][ T8751] ? anon_vma_fork+0x19a/0x6b0 [ 284.945425][ T8751] anon_vma_fork+0x19a/0x6b0 [ 284.945470][ T8751] dup_mmap+0x141f/0x2180 [ 284.945520][ T8751] ? __pfx_dup_mmap+0x10/0x10 [ 284.945554][ T8751] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 284.945606][ T8751] ? __lock_acquire+0x4a5/0x2630 [ 284.945648][ T8751] ? find_held_lock+0x2b/0x80 [ 284.945675][ T8751] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 284.945756][ T8751] copy_process+0x73d7/0x7a10 [ 284.945791][ T8751] ? __pfx___schedule+0x10/0x10 [ 284.945843][ T8751] ? __pfx_copy_process+0x10/0x10 [ 284.945889][ T8751] ? _copy_from_user+0x59/0xd0 [ 284.945923][ T8751] kernel_clone+0xfc/0x9a0 [ 284.945961][ T8751] ? __pfx_kernel_clone+0x10/0x10 [ 284.945992][ T8751] ? futex_private_hash_put+0x107/0x1c0 [ 284.946038][ T8751] ? __pfx_futex_wake+0x10/0x10 [ 284.946085][ T8751] __do_sys_clone3+0x214/0x290 [ 284.946119][ T8751] ? __pfx___do_sys_clone3+0x10/0x10 [ 284.946211][ T8751] do_syscall_64+0x106/0xf80 [ 284.946247][ T8751] ? clear_bhb_loop+0x40/0x90 [ 284.946285][ T8751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.946317][ T8751] RIP: 0033:0x7f576959c799 [ 284.946345][ T8751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 284.946374][ T8751] RSP: 002b:00007f576a439ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 284.946407][ T8751] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f576959c799 [ 284.946428][ T8751] RDX: 00007f576a439f10 RSI: 0000000000000058 RDI: 00007f576a439f10 [ 284.946448][ T8751] RBP: 00007f5769632bd9 R08: 0000000000000000 R09: 0000000000000058 [ 284.946468][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.946487][ T8751] R13: 00007f5769816038 R14: 00007f5769815fa0 R15: 00007fff4ad23bb8 [ 284.946530][ T8751] [ 286.632136][ T8771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 286.699405][ T8771] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 286.735112][ T8771] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 286.765644][ T8771] page_type: f5(slab) [ 286.774832][ T8771] raw: 00fff00000000040 ffff88813fe3cb40 dead000000000100 dead000000000122 [ 286.834657][ T8771] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 286.843333][ T8771] head: 00fff00000000040 ffff88813fe3cb40 dead000000000100 dead000000000122 [ 286.968731][ T8771] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 287.146686][ T8771] head: 00fff00000000001 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 287.341678][ T8771] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 287.415639][ T8771] page dumped because: unmovable page [ 287.484906][ T8771] page_owner tracks the page as allocated [ 287.539859][ T8771] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5824, tgid 5824 (syz-executor), ts 87108311508, free_ts 87096407367 [ 287.688436][ T8771] post_alloc_hook+0x153/0x170 [ 287.745020][ T8771] get_page_from_freelist+0x111d/0x3140 [ 287.750677][ T8771] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 287.812465][ T8771] new_slab+0xa6/0x6c0 [ 287.818109][ T8771] refill_objects+0x26b/0x400 [ 287.847735][ T8771] __pcs_replace_empty_main+0x1ab/0x600 [ 287.853398][ T8771] __kmalloc_noprof+0x688/0x850 [ 287.923791][ T8771] __register_sysctl_table+0xbe4/0x1650 [ 287.933981][ T8771] __devinet_sysctl_register+0x1b9/0x360 [ 287.974487][ T8771] devinet_sysctl_register+0x17b/0x210 [ 287.980060][ T8771] inetdev_event+0xefb/0x17f0 [ 288.075353][ T8771] notifier_call_chain+0x99/0x420 [ 288.079271][ T8784] netlink: 'syz.1.619': attribute type 1 has an invalid length. [ 288.094554][ T8771] call_netdevice_notifiers_info+0xbe/0x110 [ 288.100624][ T8771] netif_change_name+0x4d9/0x830 [ 288.218605][ T8771] do_setlink.isra.0+0x31db/0x3e50 [ 288.223909][ T8771] rtnl_newlink+0x11bd/0x2380 [ 288.277594][ T8771] page last free pid 5819 tgid 5819 stack trace: [ 288.284096][ T8771] __free_frozen_pages+0x7e1/0x10d0 [ 288.409014][ T8771] qlist_free_all+0x47/0xe0 [ 288.443469][ T8771] kasan_quarantine_reduce+0x1a0/0x1f0 [ 288.479346][ T8771] __kasan_slab_alloc+0x69/0x90 [ 288.514477][ T8771] __kmalloc_cache_noprof+0x243/0x6f0 [ 288.519961][ T8771] __kthread_create_on_node+0xce/0x3f0 [ 288.560792][ T8771] kthread_create_on_node+0xc7/0x100 [ 288.576784][ T8771] napi_kthread_create+0x8f/0x130 [ 288.622418][ T8771] netif_napi_add_weight_locked+0x992/0xca0 [ 288.653571][ T8771] wg_peer_create+0x5be/0x9f0 [ 288.674541][ T8771] set_peer+0x8e7/0x1430 [ 288.678890][ T8771] wg_set_device_doit+0xa6e/0x1300 [ 288.684075][ T8771] genl_family_rcv_msg_doit+0x214/0x300 [ 288.759915][ T8771] genl_rcv_msg+0x560/0x800 [ 288.774687][ T8771] netlink_rcv_skb+0x159/0x420 [ 288.779733][ T8771] genl_rcv+0x28/0x40 [ 289.189357][ T8787] futex_wake_op: syz.1.620 tries to shift op by -2048; fix this program [ 289.209582][ T8787] futex_wake_op: syz.1.620 tries to shift op by -2048; fix this program [ 289.885242][ T8793] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 295.178046][ T8830] mkiss: ax0: crc mode is auto. [ 297.113777][ T8835] netlink: 330 bytes leftover after parsing attributes in process `syz.4.632'. [ 297.763876][ T8857] netlink: 12 bytes leftover after parsing attributes in process `syz.4.637'. [ 298.776398][ T8871] __vm_enough_memory: pid: 8871, comm: syz.3.639, bytes: 4398046511104 not enough memory for the allocation [ 298.900912][ T8866] [U] [ 298.903694][ T8866] [U] [ 298.906455][ T8866] [U] [ 298.909198][ T8866] [U] [ 298.950358][ T8866] [U] [ 298.953127][ T8866] [U] [ 298.955884][ T8866] [U] [ 298.958645][ T8866] [U] [ 299.009669][ T8866] [U] [ 299.012454][ T8866] [U] [ 299.015297][ T8866] [U] [ 299.018015][ T8866] [U] [ 299.033632][ T8866] [U] [ 299.036414][ T8866] [U] [ 299.039145][ T8866] [U] [ 299.041839][ T8866] [U] [ 299.057069][ T8866] [U] [ 299.059847][ T8866] [U] [ 299.062604][ T8866] [U] [ 299.065360][ T8866] [U] [ 299.113290][ T8866] [U] [ 299.116076][ T8866] [U] [ 299.118821][ T8866] [U] [ 299.121567][ T8866] [U] [ 299.153918][ T8866] [U] [ 299.156706][ T8866] [U] [ 299.159441][ T8866] [U] [ 299.162258][ T8866] [U] [ 299.253196][ T8866] [U] [ 302.080441][ T8892] FAULT_INJECTION: forcing a failure. [ 302.080441][ T8892] name failslab, interval 1, probability 0, space 0, times 0 [ 302.093211][ T8892] CPU: 0 UID: 0 PID: 8892 Comm: syz.4.644 Tainted: G L syzkaller #0 PREEMPT(full) [ 302.093241][ T8892] Tainted: [L]=SOFTLOCKUP [ 302.093247][ T8892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 302.093259][ T8892] Call Trace: [ 302.093265][ T8892] [ 302.093272][ T8892] dump_stack_lvl+0x100/0x190 [ 302.093304][ T8892] should_fail_ex.cold+0x5/0xa [ 302.093325][ T8892] should_failslab+0xc2/0x120 [ 302.093346][ T8892] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 302.093373][ T8892] ? __kernfs_new_node+0xd2/0x960 [ 302.093398][ T8892] ? kstrdup+0xb3/0xe0 [ 302.093427][ T8892] __kernfs_new_node+0xd2/0x960 [ 302.093449][ T8892] ? __kernel_text_address+0xd/0x30 [ 302.093477][ T8892] ? arch_stack_walk+0xa6/0xf0 [ 302.093494][ T8892] ? __pfx___kernfs_new_node+0x10/0x10 [ 302.093525][ T8892] ? find_held_lock+0x2b/0x80 [ 302.093540][ T8892] ? kernfs_root+0xee/0x2a0 [ 302.093564][ T8892] ? kernfs_root+0xee/0x2a0 [ 302.093592][ T8892] kernfs_new_node+0x11b/0x1a0 [ 302.093623][ T8892] kernfs_create_dir_ns+0x4c/0x1a0 [ 302.093654][ T8892] sysfs_create_dir_ns+0x13a/0x2b0 [ 302.093678][ T8892] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 302.093701][ T8892] ? find_held_lock+0x2b/0x80 [ 302.093717][ T8892] ? kobject_add_internal+0x25f/0x930 [ 302.093743][ T8892] ? kobject_add_internal+0x25f/0x930 [ 302.093769][ T8892] ? class_dir_child_ns_type+0xd/0x60 [ 302.093789][ T8892] kobject_add_internal+0x2c8/0x930 [ 302.093818][ T8892] kobject_add+0x16a/0x1e0 [ 302.093844][ T8892] ? __pfx_kobject_add+0x10/0x10 [ 302.093873][ T8892] ? kobject_put+0xb9/0x640 [ 302.093909][ T8892] device_add+0x294/0x1950 [ 302.093928][ T8892] ? kfree_const+0x5a/0x70 [ 302.093954][ T8892] ? __pfx_device_add+0x10/0x10 [ 302.093969][ T8892] ? kfree_const+0x5a/0x70 [ 302.093993][ T8892] ? kfree+0x2ec/0x6b0 [ 302.094022][ T8892] device_create_groups_vargs+0x1f8/0x270 [ 302.094044][ T8892] device_create+0xed/0x130 [ 302.094063][ T8892] ? __pfx_device_create+0x10/0x10 [ 302.094079][ T8892] ? lockdep_init_map_type+0x5c/0x250 [ 302.094103][ T8892] ? timer_init_key+0x150/0x340 [ 302.094125][ T8892] ? ieee80211_roc_setup+0x136/0x270 [ 302.094145][ T8892] ? ieee80211_alloc_hw_nm+0x19c3/0x22a0 [ 302.094173][ T8892] mac80211_hwsim_new_radio+0x37f/0x57d0 [ 302.094209][ T8892] ? __asan_memset+0x23/0x50 [ 302.094233][ T8892] ? __nla_validate_parse+0x1e7/0x28b0 [ 302.094257][ T8892] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 302.094289][ T8892] hwsim_new_radio_nl+0xc1f/0x1340 [ 302.094316][ T8892] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 302.094364][ T8892] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 302.094408][ T8892] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 302.094456][ T8892] genl_family_rcv_msg_doit+0x214/0x300 [ 302.094486][ T8892] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 302.094514][ T8892] ? genl_get_cmd+0x3ef/0x720 [ 302.094544][ T8892] ? bpf_lsm_capable+0x9/0x10 [ 302.094562][ T8892] ? security_capable+0x80/0x260 [ 302.094588][ T8892] ? ns_capable+0xd2/0xf0 [ 302.094607][ T8892] genl_rcv_msg+0x560/0x800 [ 302.094640][ T8892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 302.094676][ T8892] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 302.094709][ T8892] netlink_rcv_skb+0x159/0x420 [ 302.094732][ T8892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 302.094760][ T8892] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 302.094793][ T8892] ? netlink_deliver_tap+0x1ae/0xcc0 [ 302.094819][ T8892] genl_rcv+0x28/0x40 [ 302.094842][ T8892] netlink_unicast+0x5aa/0x870 [ 302.094869][ T8892] ? __pfx_netlink_unicast+0x10/0x10 [ 302.094908][ T8892] netlink_sendmsg+0x8b0/0xda0 [ 302.094936][ T8892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.094959][ T8892] ? __import_iovec+0x1d2/0x640 [ 302.094979][ T8892] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 302.095008][ T8892] ____sys_sendmsg+0x9e1/0xb70 [ 302.095033][ T8892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.095059][ T8892] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.095092][ T8892] ? __pfx_futex_wake_mark+0x10/0x10 [ 302.095122][ T8892] ___sys_sendmsg+0x190/0x1e0 [ 302.095151][ T8892] ? __pfx____sys_sendmsg+0x10/0x10 [ 302.095207][ T8892] __sys_sendmsg+0x170/0x220 [ 302.095229][ T8892] ? __pfx___sys_sendmsg+0x10/0x10 [ 302.095250][ T8892] ? __x64_sys_futex+0x34f/0x4d0 [ 302.095287][ T8892] do_syscall_64+0x106/0xf80 [ 302.095308][ T8892] ? clear_bhb_loop+0x40/0x90 [ 302.095331][ T8892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.095349][ T8892] RIP: 0033:0x7f576959c799 [ 302.095366][ T8892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 302.095384][ T8892] RSP: 002b:00007f576a43a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 302.095402][ T8892] RAX: ffffffffffffffda RBX: 00007f5769815fa0 RCX: 00007f576959c799 [ 302.095413][ T8892] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 302.095424][ T8892] RBP: 00007f5769632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 302.095434][ T8892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 302.095445][ T8892] R13: 00007f5769816038 R14: 00007f5769815fa0 R15: 00007fff4ad23bb8 [ 302.095468][ T8892] [ 302.754621][ T8892] kobject: kobject_add_internal failed for hwsim27 (error: -12 parent: mac80211_hwsim) [ 303.697657][ T8907] netlink: 4 bytes leftover after parsing attributes in process `syz.4.649'. [ 303.715537][ T8907] netlink: 21 bytes leftover after parsing attributes in process `syz.4.649'. [ 304.808149][ T8902] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 304.859399][ T8902] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 306.183872][ T8925] openvswitch: netlink: IP tunnel dst address not specified [ 309.887169][ T8963] sp0: Synchronizing with TNC [ 309.891303][ T8966] netlink: 12 bytes leftover after parsing attributes in process `syz.3.661'. [ 311.702855][ T8981] futex_wake_op: syz.1.665 tries to shift op by -2048; fix this program [ 311.713671][ T8981] futex_wake_op: syz.1.665 tries to shift op by -2048; fix this program [ 311.767396][ T8988] 0x000000000001-0x000000020000 : "" [ 311.854984][ T8988] ftl_cs: FTL header corrupt! [ 312.483112][ T8988] ------------[ cut here ]------------ [ 312.489245][ T8988] !rwb [ 312.489266][ T8988] WARNING: block/blk-wbt.c:785 at wbt_init_enable_default+0x164/0x1c0, CPU#0: syz.1.665/8988 [ 312.502798][ T8988] Modules linked in: [ 312.507023][ T8988] CPU: 0 UID: 0 PID: 8988 Comm: syz.1.665 Tainted: G L syzkaller #0 PREEMPT(full) [ 312.518083][ T8988] Tainted: [L]=SOFTLOCKUP [ 312.522581][ T8988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 312.532700][ T8988] RIP: 0010:wbt_init_enable_default+0x164/0x1c0 [ 312.539037][ T8988] Code: 5a 22 fd 5b 5d 41 5c 41 5d 41 5e e9 86 66 aa 06 4c 89 f7 e8 ee e3 8d fd eb 83 4c 89 f7 e8 e4 e3 8d fd eb d0 e8 2d 5a 22 fd 90 <0f> 0b 90 e9 e9 fe ff ff e8 1f 5a 22 fd 90 0f 0b 90 48 b8 00 00 00 [ 312.559405][ T8988] RSP: 0018:ffffc9000ce5f570 EFLAGS: 00010283 [ 312.565933][ T8988] RAX: 000000000001cec2 RBX: ffff88802d78d000 RCX: ffffc9000d281000 [ 312.573921][ T8988] RDX: 0000000000080000 RSI: ffffffff84e5b573 RDI: ffffffff8c1af920 [ 312.582260][ T8988] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 312.590386][ T8988] R10: 0000000000000001 R11: ffffffff82736854 R12: ffff88802abbafa8 [ 312.598410][ T8988] R13: ffff8880336f3d2c R14: ffff88802d78d390 R15: ffff88802abbafb8 [ 312.606589][ T8988] FS: 00007fb8e0dfd6c0(0000) GS:ffff88812434b000(0000) knlGS:0000000000000000 [ 312.615647][ T8988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 312.622234][ T8988] CR2: 0000001b309ddff8 CR3: 00000000377e0000 CR4: 00000000003526f0 [ 312.630235][ T8988] Call Trace: [ 312.633514][ T8988] [ 312.636476][ T8988] blk_register_queue+0x42c/0x590 [ 312.641524][ T8988] __add_disk+0x73f/0xe40 [ 312.645964][ T8988] add_disk_fwnode+0x118/0x5c0 [ 312.650764][ T8988] add_mtd_blktrans_dev+0xd0b/0x1520 [ 312.656102][ T8988] ? __pfx_add_mtd_blktrans_dev+0x10/0x10 [ 312.661855][ T8988] mtdblock_add_mtd+0x1cc/0x270 [ 312.666985][ T8988] blktrans_notify_add+0xa2/0xf0 [ 312.671941][ T8988] add_mtd_device+0xb1a/0x17a0 [ 312.677169][ T8988] ? __pfx_add_mtd_device+0x10/0x10 [ 312.682443][ T8988] mtd_add_partition+0x30a/0x660 [ 312.688581][ T8988] ? __pfx_mtd_add_partition+0x10/0x10 [ 312.694117][ T8988] ? __might_fault+0xc5/0x140 [ 312.698951][ T8988] ? __might_fault+0xc5/0x140 [ 312.703717][ T8988] mtdchar_blkpg_ioctl+0x207/0x250 [ 312.709069][ T8988] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 312.714846][ T8988] mtdchar_ioctl+0x1670/0x1fd0 [ 312.719674][ T8988] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 312.725115][ T8988] ? lock_acquire+0x1cf/0x380 [ 312.729869][ T8988] ? trace_contention_end+0x140/0x180 [ 312.735374][ T8988] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 312.740805][ T8988] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 312.745945][ T8988] ? __pfx___mutex_lock+0x10/0x10 [ 312.751028][ T8988] ? find_held_lock+0x2b/0x80 [ 312.755866][ T8988] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 312.761118][ T8988] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 312.767664][ T8988] __x64_sys_ioctl+0x18e/0x210 [ 312.772506][ T8988] do_syscall_64+0x106/0xf80 [ 312.777601][ T8988] ? clear_bhb_loop+0x40/0x90 [ 312.782363][ T8988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.788461][ T8988] RIP: 0033:0x7fb8dff9c799 [ 312.793104][ T8988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 312.812926][ T8988] RSP: 002b:00007fb8e0dfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 312.821406][ T8988] RAX: ffffffffffffffda RBX: 00007fb8e0216090 RCX: 00007fb8dff9c799 [ 312.829537][ T8988] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000006 [ 312.837619][ T8988] RBP: 00007fb8e0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 312.845724][ T8988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 312.853749][ T8988] R13: 00007fb8e0216128 R14: 00007fb8e0216090 R15: 00007fffb144fca8 [ 312.861843][ T8988] [ 312.864923][ T8988] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 312.872230][ T8988] CPU: 0 UID: 0 PID: 8988 Comm: syz.1.665 Tainted: G L syzkaller #0 PREEMPT(full) [ 312.883006][ T8988] Tainted: [L]=SOFTLOCKUP [ 312.887345][ T8988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 312.897439][ T8988] Call Trace: [ 312.900742][ T8988] [ 312.903684][ T8988] dump_stack_lvl+0x100/0x190 [ 312.908386][ T8988] vpanic+0x552/0x970 [ 312.912560][ T8988] ? __pfx_vpanic+0x10/0x10 [ 312.917129][ T8988] panic+0xd1/0xe0 [ 312.920859][ T8988] ? __pfx_panic+0x10/0x10 [ 312.925294][ T8988] check_panic_on_warn.cold+0x19/0x34 [ 312.930678][ T8988] ? wbt_init_enable_default+0x164/0x1c0 [ 312.936406][ T8988] __warn.cold+0x191/0x348 [ 312.940848][ T8988] __report_bug+0x296/0x3d0 [ 312.945389][ T8988] ? wbt_init_enable_default+0x164/0x1c0 [ 312.951041][ T8988] ? __pfx___report_bug+0x10/0x10 [ 312.956292][ T8988] ? wbt_init_enable_default+0x164/0x1c0 [ 312.962114][ T8988] report_bug+0xb2/0x220 [ 312.966375][ T8988] ? wbt_init_enable_default+0x164/0x1c0 [ 312.972036][ T8988] handle_bug+0x16a/0x2a0 [ 312.976384][ T8988] exc_invalid_op+0x17/0x50 [ 312.980901][ T8988] asm_exc_invalid_op+0x1a/0x20 [ 312.985761][ T8988] RIP: 0010:wbt_init_enable_default+0x164/0x1c0 [ 312.992013][ T8988] Code: 5a 22 fd 5b 5d 41 5c 41 5d 41 5e e9 86 66 aa 06 4c 89 f7 e8 ee e3 8d fd eb 83 4c 89 f7 e8 e4 e3 8d fd eb d0 e8 2d 5a 22 fd 90 <0f> 0b 90 e9 e9 fe ff ff e8 1f 5a 22 fd 90 0f 0b 90 48 b8 00 00 00 [ 313.011993][ T8988] RSP: 0018:ffffc9000ce5f570 EFLAGS: 00010283 [ 313.018076][ T8988] RAX: 000000000001cec2 RBX: ffff88802d78d000 RCX: ffffc9000d281000 [ 313.026242][ T8988] RDX: 0000000000080000 RSI: ffffffff84e5b573 RDI: ffffffff8c1af920 [ 313.034227][ T8988] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 313.042220][ T8988] R10: 0000000000000001 R11: ffffffff82736854 R12: ffff88802abbafa8 [ 313.050214][ T8988] R13: ffff8880336f3d2c R14: ffff88802d78d390 R15: ffff88802abbafb8 [ 313.058281][ T8988] ? kasan_save_track+0x14/0x30 [ 313.063154][ T8988] ? wbt_init_enable_default+0x163/0x1c0 [ 313.069144][ T8988] blk_register_queue+0x42c/0x590 [ 313.074189][ T8988] __add_disk+0x73f/0xe40 [ 313.078534][ T8988] add_disk_fwnode+0x118/0x5c0 [ 313.083321][ T8988] add_mtd_blktrans_dev+0xd0b/0x1520 [ 313.088633][ T8988] ? __pfx_add_mtd_blktrans_dev+0x10/0x10 [ 313.094423][ T8988] mtdblock_add_mtd+0x1cc/0x270 [ 313.099283][ T8988] blktrans_notify_add+0xa2/0xf0 [ 313.104228][ T8988] add_mtd_device+0xb1a/0x17a0 [ 313.109000][ T8988] ? __pfx_add_mtd_device+0x10/0x10 [ 313.114558][ T8988] mtd_add_partition+0x30a/0x660 [ 313.119505][ T8988] ? __pfx_mtd_add_partition+0x10/0x10 [ 313.124985][ T8988] ? __might_fault+0xc5/0x140 [ 313.129670][ T8988] ? __might_fault+0xc5/0x140 [ 313.134472][ T8988] mtdchar_blkpg_ioctl+0x207/0x250 [ 313.139653][ T8988] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 313.145336][ T8988] mtdchar_ioctl+0x1670/0x1fd0 [ 313.150131][ T8988] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 313.155311][ T8988] ? lock_acquire+0x1cf/0x380 [ 313.160002][ T8988] ? trace_contention_end+0x140/0x180 [ 313.165390][ T8988] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 313.170777][ T8988] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 313.175828][ T8988] ? __pfx___mutex_lock+0x10/0x10 [ 313.180904][ T8988] ? find_held_lock+0x2b/0x80 [ 313.185608][ T8988] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 313.190860][ T8988] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 313.196803][ T8988] __x64_sys_ioctl+0x18e/0x210 [ 313.201666][ T8988] do_syscall_64+0x106/0xf80 [ 313.206269][ T8988] ? clear_bhb_loop+0x40/0x90 [ 313.210951][ T8988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.216855][ T8988] RIP: 0033:0x7fb8dff9c799 [ 313.221274][ T8988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 313.240883][ T8988] RSP: 002b:00007fb8e0dfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 313.249323][ T8988] RAX: ffffffffffffffda RBX: 00007fb8e0216090 RCX: 00007fb8dff9c799 [ 313.257297][ T8988] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000006 [ 313.265362][ T8988] RBP: 00007fb8e0032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 313.273329][ T8988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.281311][ T8988] R13: 00007fb8e0216128 R14: 00007fb8e0216090 R15: 00007fffb144fca8 [ 313.289296][ T8988] [ 313.293395][ T8988] Kernel Offset: disabled [ 313.297808][ T8988] Rebooting in 86400 seconds..