last executing test programs: 32.320216371s ago: executing program 0 (id=3902): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/softnet_stat\x00', 0x62142, 0x0) socket(0x22, 0x2, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket(0xa, 0x2, 0x3a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x603, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/user\x00') openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0x0, 0x0) ustat$auto(0x801, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/lru_gen_full\x00', 0x900, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) 32.083490475s ago: executing program 2 (id=3906): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x30000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) lsm_list_modules$auto(0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0) socket(0x10, 0x2, 0xfffffffc) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) r1 = socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) ioctl$auto(r1, 0x89f0, 0x24) r2 = socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) ioctl$auto_AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f00000002c0)=0x7) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) getsockopt$auto(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x7ffe) 31.766854937s ago: executing program 0 (id=3908): write$auto(0xffffffffffffffff, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82902, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0xa, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000002c0)={{0x0, 0x9, &(0x7f0000000080)={&(0x7f0000000180)="cb7978ababe605edf078e6f2726ae03e663c080c0d6c169eec931ca2ea579299bf44495b1fe078f2e9c5586ae69caa8135493b25", 0x1}, 0xfffffffffffffff7, 0x0, 0x5, 0x24b}, 0x800}, 0x8, 0xff) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4400ae8f, &(0x7f00000000c0)={0xdd}) ioctl$auto_MEMGETREGIONINFO(0xffffffffffffffff, 0xc0104d08, &(0x7f0000000040)={0x0, 0x8, 0x23c0, 0x2f99}) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) 31.467652563s ago: executing program 0 (id=3910): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) r1 = prctl$auto_PR_SCHED_CORE_SHARE_TO(0x3, 0x2, 0xffffffffffffffff, 0x8, 0x6) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0xc, 0x28, 0x0, 0x1, [@typed={0x8, 0x9e, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc080}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x138, r2, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8}, @NL802154_ATTR_SEC_KEY={0xec, 0x30, 0x0, 0x1, [@nested={0xc, 0xa3, 0x0, 0x1, [@nested={0x4, 0xf9}, @nested={0x4, 0x4e}]}, @generic="83a64f3b9481967d6c013c75e08d1be26fb6f04b96859273507147e64ae08336399a8ac626e8c09b85accd2bd4a4516386d0aed221b93894e4a472f57523ee1c41ed894da9ff9db83de09fda367d68d37f704bc73a78f6f11e0230698c06b417776ede53a165abb071cd4926ae800744fe2b90a17eac6225e2370c35518ed04c9dbcaaf4b93f3c62ba7c5db4e62fbf736874b1b51a6bb7854b6052a255dde275c1042da7b57974a9fbc13a52de8fc1bd933d957506caa55a7cf1023c8952725c5f0b27ea5adaa2f81a277122e9e4adf1682f58ccf43c2f6c99009c9c"]}, @NL802154_ATTR_SEC_DEVICE={0x2d, 0x2e, 0x0, 0x1, [@generic="e2fda2f5790095478bddb722f0c73c7c482cf3f8afabf2dfaedef2496038c4806b09aafff2514f52d5"]}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) r3 = socket(0x28, 0x1, 0x0) getsockopt$auto(r3, 0x28, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r4, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0xffffffff, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r4, 0x0, 0x8587) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r5 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/projid_map\x00', 0x450301, 0x0) read$auto_proc_projid_map_operations_base(r5, &(0x7f00000003c0), 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r6, &(0x7f0000000000)=""/39, 0x27) 30.630489895s ago: executing program 2 (id=3920): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x30000, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) lsm_list_modules$auto(0x0, 0x0, 0x0) socket(0x10, 0x2, 0xfffffffc) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="be2f136f7860f53f19143299dcb74ab9fc6b6ff8ebf64bd6f49d27ce1c009b964f96be0d2907c76e2611079477b71db422c0616b800df377361c4e30b3fd59366399b17990386621c30630c1467af37c1534a5fcd4046605cd178041c0", @ANYRES16=r0, @ANYBLOB="00082dbd7000fbdbdf253d00000004003b018b003a01e158c182a46db274ed0dd0c2b61d844682a34150cd4c00a31a89b0a8bdd5a5401d4f858a9bacae45bff744feda7b00b37f8c4227e94bad3b28d28d7a810b3477506b59a36a9fe8613b24da6dd8c4eb740c34efb58589ed4e4e1967eb9ee4a0e69389ed76146f3f68a9162efcf696ca9cbaecf4ca2ed027dc0cc89b72054039659108d38b9608c300"], 0xa4}, 0x1, 0x0, 0x0, 0x10000000}, 0x4004810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) r1 = socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) ioctl$auto(r1, 0x89f0, 0x24) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) 30.378536967s ago: executing program 0 (id=3914): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x30000, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) lsm_list_modules$auto(0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0) socket(0x10, 0x2, 0xfffffffc) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) socket(0x10, 0x2, 0x0) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) getsockopt$auto(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x7ffe) 29.817547133s ago: executing program 2 (id=3915): sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f0000000140), 0x24c0fd7f8ac747bb, 0x0) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000180)="b877365e0da949078a5ab36b6d3a26e530e8c308da", 0x85, &(0x7f00000002c0)="d3c7efc6da1196c546556ea9db589a80a7921916e3cad7a47ffca8e85a7c7abb13960161763cbdd579b299ef03f1f1c364ffe1cb675683e3bb612a31a30405facfba102f36e72cc89de1ddcf20374976852f6889352af0535d8a8af37ae4d98e4de3680085b1f3146de82e41ffdcab5c81c49e3a2fcb4177aa088b7cbb562a767387cb750f430d0a16704c976c7b8258bde377a5b6bd025a37831a2fbe4d6459bd20ae5737c0ef9dee652f17763dbda448bec4424f0c715274a4706fcacb71c94cd2bb3633dedbcbca1029289e2ed5b600b1e6aa8df1dd2a7847068f", 0x7, &(0x7f00000003c0)="b68a6c4bd4be7ab2df8a8412e1c31813ed3751a584bfa1ca11aae4b8c4b48dd403d844cf1ddf210a8e4452797cf610fb4c48d876448260d55fd60f3ec9005beb3b7d0e50ecf053d0b11aaa850b77e4bca2f812a36cd9052f29dd92bfac942bb237565edcc28593a5e9dc56848c6bf699eef4cf72e9a38ba79dd895aaade94d29d3c6f3f1849fef0c50ff7bb12bfecb22915a14353fcc09f9a1a520deafca401e5bbece632fd027f171f10b4d004b854d1accc93b39f22982543ff3c8cc323f", 0x0}) sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(r0, &(0x7f0000000740)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x80) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x240882, 0x0) ioctl$auto_SG_GET_PACK_ID(r1, 0x227c, 0x0) write$auto_sg_fops_sg(r1, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) io_uring_setup$auto(0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x20082, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x201, 0x0) read$auto(0x3, 0x0, 0x8080) close_range$auto(0x2, 0xa, 0x0) 29.622961126s ago: executing program 2 (id=3917): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/softnet_stat\x00', 0x62142, 0x0) socket(0x22, 0x2, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket(0xa, 0x2, 0x3a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x603, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/user\x00') openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0x0, 0x0) ustat$auto(0x801, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) 29.540767994s ago: executing program 0 (id=3918): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x30000, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) lsm_list_modules$auto(0x0, 0x0, 0x0) socket(0x10, 0x2, 0xfffffffc) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="be2f136f7860f53f19143299dcb74ab9fc6b6ff8ebf64bd6f49d27ce1c009b964f96be0d2907c76e2611079477b71db422c0616b800df377361c4e30b3fd59366399b17990386621c30630c1467af37c1534a5fcd4046605cd178041c0", @ANYRES16=r0, @ANYBLOB="00082dbd7000fbdbdf253d00000004003b018b003a01e158c182a46db274ed0dd0c2b61d844682a34150cd4c00a31a89b0a8bdd5a5401d4f858a9bacae45bff744feda7b00b37f8c4227e94bad3b28d28d7a810b3477506b59a36a9fe8613b24da6dd8c4eb740c34efb58589ed4e4e1967eb9ee4a0e69389ed76146f3f68a9162efcf696ca9cbaecf4ca2ed027dc0cc89b72054039659108d38b9608c300"], 0xa4}, 0x1, 0x0, 0x0, 0x10000000}, 0x4004810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) r1 = socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) ioctl$auto(r1, 0x89f0, 0x24) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) 28.84637428s ago: executing program 2 (id=3921): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x403, 0x2, 0x40007, 0x49, 0x7ff, 0x5, 0x5, 0x4, 0x6, 0x8, 0x3, 0x5, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x81, 0x100000004, 0x800000, 0x7, 0x8, 0x200, 0x401, 0x1, 0x0, 0x6, 0x6, 0x0, 0x0, [0x0, 0x3fffffff800, 0x1, 0xfffffffffffffffe, 0x1000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8003, 0x4000000, 0x8001, 0x0, 0xfffffffffffffffd, 0x10000000000000, 0x0, 0x80000000, 0x0, 0x6, 0x5, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xffff, 0x0, 0xfffffffffffffffd, 0xec4e, 0x0, 0x8000000000000001, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x100, 0x9a]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x24, 0x4008) 28.238135s ago: executing program 2 (id=3924): mmap$auto(0x0, 0x20005, 0xa, 0x200eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x2000c840) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)="3290b800009c550d22350f737ca2dd0af0d849aec832ec49c034169af8fa9231c143b1a8dd292977588a83400445ddc508f3aef64488936413adba3a9cc99bdfd8e7000000", 0x45) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 27.609867816s ago: executing program 0 (id=3928): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) r3 = waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000380)={@_si_pad}, 0x1, &(0x7f00000004c0)={{0x5, 0x8000000000000001}, {0x4, 0x79}, 0x4, 0x9, 0xb, 0x9, 0xffffffff80000001, 0x8, 0x8, 0x3, 0x3, 0x81, 0x9, 0x8000000000000001, 0x9, 0x9}) pidfd_send_signal$auto_SIGCONT(r0, 0x12, &(0x7f0000000580)={@siginfo_0_0={0x3, 0x1, 0x1, @_timer={r3, 0x5, @sival_int=0x5, 0x7}}}, 0x10) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) r4 = ioctl$auto_TUNSETVNETBE2(0xffffffffffffffff, 0x400454de, &(0x7f00000000c0)=0xff) fadvise64$auto_POSIX_FADV_DONTNEED(r4, 0x1, 0x1, 0x4) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) r5 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r5, &(0x7f0000000000)="632d1bfe595046ab5c40bd7563307acb6d16baef6176e669a216aae183cccafdd80500ffffffff0600"/56, 0x38) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x3, 0x80000, 0x65) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0xb, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) pwrite64$auto(r4, &(0x7f0000000140)='/dev/sequencer2\x00', 0x40, 0x3ff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) r6 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bdi/7:2/stable_pages_required\x00', 0x80000, 0x0) read$auto(r7, 0x0, 0x20) setsockopt$auto(r6, 0x1, 0xb, 0x0, 0x4) ptrace$auto(0x4206, 0x1, 0x0, 0x200005) r8 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r8, &(0x7f0000000200)={{0x0, 0x1f00, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) 13.195062809s ago: executing program 32 (id=3924): mmap$auto(0x0, 0x20005, 0xa, 0x200eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x2000c840) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)="3290b800009c550d22350f737ca2dd0af0d849aec832ec49c034169af8fa9231c143b1a8dd292977588a83400445ddc508f3aef64488936413adba3a9cc99bdfd8e7000000", 0x45) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 12.391682068s ago: executing program 33 (id=3928): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) r3 = waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000380)={@_si_pad}, 0x1, &(0x7f00000004c0)={{0x5, 0x8000000000000001}, {0x4, 0x79}, 0x4, 0x9, 0xb, 0x9, 0xffffffff80000001, 0x8, 0x8, 0x3, 0x3, 0x81, 0x9, 0x8000000000000001, 0x9, 0x9}) pidfd_send_signal$auto_SIGCONT(r0, 0x12, &(0x7f0000000580)={@siginfo_0_0={0x3, 0x1, 0x1, @_timer={r3, 0x5, @sival_int=0x5, 0x7}}}, 0x10) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) r4 = ioctl$auto_TUNSETVNETBE2(0xffffffffffffffff, 0x400454de, &(0x7f00000000c0)=0xff) fadvise64$auto_POSIX_FADV_DONTNEED(r4, 0x1, 0x1, 0x4) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) r5 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r5, &(0x7f0000000000)="632d1bfe595046ab5c40bd7563307acb6d16baef6176e669a216aae183cccafdd80500ffffffff0600"/56, 0x38) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x3, 0x80000, 0x65) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0xb, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) pwrite64$auto(r4, &(0x7f0000000140)='/dev/sequencer2\x00', 0x40, 0x3ff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) r6 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bdi/7:2/stable_pages_required\x00', 0x80000, 0x0) read$auto(r7, 0x0, 0x20) setsockopt$auto(r6, 0x1, 0xb, 0x0, 0x4) ptrace$auto(0x4206, 0x1, 0x0, 0x200005) r8 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r8, &(0x7f0000000200)={{0x0, 0x1f00, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) 3.640605289s ago: executing program 1 (id=3969): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) r1 = prctl$auto_PR_SCHED_CORE_SHARE_TO(0x3, 0x2, 0xffffffffffffffff, 0x8, 0x6) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0xc, 0x28, 0x0, 0x1, [@typed={0x8, 0x9e, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc080}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x138, r2, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8}, @NL802154_ATTR_SEC_KEY={0xec, 0x30, 0x0, 0x1, [@nested={0xc, 0xa3, 0x0, 0x1, [@nested={0x4, 0xf9}, @nested={0x4, 0x4e}]}, @generic="83a64f3b9481967d6c013c75e08d1be26fb6f04b96859273507147e64ae08336399a8ac626e8c09b85accd2bd4a4516386d0aed221b93894e4a472f57523ee1c41ed894da9ff9db83de09fda367d68d37f704bc73a78f6f11e0230698c06b417776ede53a165abb071cd4926ae800744fe2b90a17eac6225e2370c35518ed04c9dbcaaf4b93f3c62ba7c5db4e62fbf736874b1b51a6bb7854b6052a255dde275c1042da7b57974a9fbc13a52de8fc1bd933d957506caa55a7cf1023c8952725c5f0b27ea5adaa2f81a277122e9e4adf1682f58ccf43c2f6c99009c9c"]}, @NL802154_ATTR_SEC_DEVICE={0x2d, 0x2e, 0x0, 0x1, [@generic="e2fda2f5790095478bddb722f0c73c7c482cf3f8afabf2dfaedef2496038c4806b09aafff2514f52d5"]}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) r3 = socket(0x28, 0x1, 0x0) getsockopt$auto(r3, 0x28, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r4, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0xffffffff, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r4, 0x0, 0x8587) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) r5 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/projid_map\x00', 0x450301, 0x0) read$auto_proc_projid_map_operations_base(r5, &(0x7f00000003c0), 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x7) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r6, &(0x7f0000000000)=""/39, 0x27) 3.557848587s ago: executing program 3 (id=3970): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) r1 = prctl$auto_PR_SCHED_CORE_SHARE_TO(0x3, 0x2, 0xffffffffffffffff, 0x8, 0x6) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0xc, 0x28, 0x0, 0x1, [@typed={0x8, 0x9e, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc080}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x138, r2, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8}, @NL802154_ATTR_SEC_KEY={0xec, 0x30, 0x0, 0x1, [@nested={0xc, 0xa3, 0x0, 0x1, [@nested={0x4, 0xf9}, @nested={0x4, 0x4e}]}, @generic="83a64f3b9481967d6c013c75e08d1be26fb6f04b96859273507147e64ae08336399a8ac626e8c09b85accd2bd4a4516386d0aed221b93894e4a472f57523ee1c41ed894da9ff9db83de09fda367d68d37f704bc73a78f6f11e0230698c06b417776ede53a165abb071cd4926ae800744fe2b90a17eac6225e2370c35518ed04c9dbcaaf4b93f3c62ba7c5db4e62fbf736874b1b51a6bb7854b6052a255dde275c1042da7b57974a9fbc13a52de8fc1bd933d957506caa55a7cf1023c8952725c5f0b27ea5adaa2f81a277122e9e4adf1682f58ccf43c2f6c99009c9c"]}, @NL802154_ATTR_SEC_DEVICE={0x2d, 0x2e, 0x0, 0x1, [@generic="e2fda2f5790095478bddb722f0c73c7c482cf3f8afabf2dfaedef2496038c4806b09aafff2514f52d5"]}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) r3 = socket(0x28, 0x1, 0x0) getsockopt$auto(r3, 0x28, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r4, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0xffffffff, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r4, 0x0, 0x8587) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/projid_map\x00', 0x450301, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x7) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r5, &(0x7f0000000000)=""/39, 0x27) 3.010123676s ago: executing program 1 (id=3971): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) r1 = prctl$auto_PR_SCHED_CORE_SHARE_TO(0x3, 0x2, 0xffffffffffffffff, 0x8, 0x6) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0xc, 0x28, 0x0, 0x1, [@typed={0x8, 0x9e, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc080}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x138, r2, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8}, @NL802154_ATTR_SEC_KEY={0xec, 0x30, 0x0, 0x1, [@nested={0xc, 0xa3, 0x0, 0x1, [@nested={0x4, 0xf9}, @nested={0x4, 0x4e}]}, @generic="83a64f3b9481967d6c013c75e08d1be26fb6f04b96859273507147e64ae08336399a8ac626e8c09b85accd2bd4a4516386d0aed221b93894e4a472f57523ee1c41ed894da9ff9db83de09fda367d68d37f704bc73a78f6f11e0230698c06b417776ede53a165abb071cd4926ae800744fe2b90a17eac6225e2370c35518ed04c9dbcaaf4b93f3c62ba7c5db4e62fbf736874b1b51a6bb7854b6052a255dde275c1042da7b57974a9fbc13a52de8fc1bd933d957506caa55a7cf1023c8952725c5f0b27ea5adaa2f81a277122e9e4adf1682f58ccf43c2f6c99009c9c"]}, @NL802154_ATTR_SEC_DEVICE={0x2d, 0x2e, 0x0, 0x1, [@generic="e2fda2f5790095478bddb722f0c73c7c482cf3f8afabf2dfaedef2496038c4806b09aafff2514f52d5"]}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) r3 = socket(0x28, 0x1, 0x0) getsockopt$auto(r3, 0x28, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r4, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0xffffffff, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r4, 0x0, 0x8587) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_proc_projid_map_operations_base(0xffffffffffffffff, &(0x7f00000003c0), 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x7) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r5, &(0x7f0000000000)=""/39, 0x27) 2.619308346s ago: executing program 3 (id=3972): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x30000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) getsockopt$auto(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x7ffe) 2.483298819s ago: executing program 3 (id=3973): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) r1 = prctl$auto_PR_SCHED_CORE_SHARE_TO(0x3, 0x2, 0xffffffffffffffff, 0x8, 0x6) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0xc, 0x28, 0x0, 0x1, [@typed={0x8, 0x9e, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc080}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x138, r2, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8}, @NL802154_ATTR_SEC_KEY={0xec, 0x30, 0x0, 0x1, [@nested={0xc, 0xa3, 0x0, 0x1, [@nested={0x4, 0xf9}, @nested={0x4, 0x4e}]}, @generic="83a64f3b9481967d6c013c75e08d1be26fb6f04b96859273507147e64ae08336399a8ac626e8c09b85accd2bd4a4516386d0aed221b93894e4a472f57523ee1c41ed894da9ff9db83de09fda367d68d37f704bc73a78f6f11e0230698c06b417776ede53a165abb071cd4926ae800744fe2b90a17eac6225e2370c35518ed04c9dbcaaf4b93f3c62ba7c5db4e62fbf736874b1b51a6bb7854b6052a255dde275c1042da7b57974a9fbc13a52de8fc1bd933d957506caa55a7cf1023c8952725c5f0b27ea5adaa2f81a277122e9e4adf1682f58ccf43c2f6c99009c9c"]}, @NL802154_ATTR_SEC_DEVICE={0x2d, 0x2e, 0x0, 0x1, [@generic="e2fda2f5790095478bddb722f0c73c7c482cf3f8afabf2dfaedef2496038c4806b09aafff2514f52d5"]}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) r3 = socket(0x28, 0x1, 0x0) getsockopt$auto(r3, 0x28, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r4, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0xffffffff, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r4, 0x0, 0x8587) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) r5 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/projid_map\x00', 0x450301, 0x0) read$auto_proc_projid_map_operations_base(r5, &(0x7f00000003c0), 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x7) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r6, &(0x7f0000000000)=""/39, 0x27) 2.021422516s ago: executing program 1 (id=3974): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) r1 = prctl$auto_PR_SCHED_CORE_SHARE_TO(0x3, 0x2, 0xffffffffffffffff, 0x8, 0x6) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0xc, 0x28, 0x0, 0x1, [@typed={0x8, 0x9e, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc080}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x138, r2, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8}, @NL802154_ATTR_SEC_KEY={0xec, 0x30, 0x0, 0x1, [@nested={0xc, 0xa3, 0x0, 0x1, [@nested={0x4, 0xf9}, @nested={0x4, 0x4e}]}, @generic="83a64f3b9481967d6c013c75e08d1be26fb6f04b96859273507147e64ae08336399a8ac626e8c09b85accd2bd4a4516386d0aed221b93894e4a472f57523ee1c41ed894da9ff9db83de09fda367d68d37f704bc73a78f6f11e0230698c06b417776ede53a165abb071cd4926ae800744fe2b90a17eac6225e2370c35518ed04c9dbcaaf4b93f3c62ba7c5db4e62fbf736874b1b51a6bb7854b6052a255dde275c1042da7b57974a9fbc13a52de8fc1bd933d957506caa55a7cf1023c8952725c5f0b27ea5adaa2f81a277122e9e4adf1682f58ccf43c2f6c99009c9c"]}, @NL802154_ATTR_SEC_DEVICE={0x2d, 0x2e, 0x0, 0x1, [@generic="e2fda2f5790095478bddb722f0c73c7c482cf3f8afabf2dfaedef2496038c4806b09aafff2514f52d5"]}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) r3 = socket(0x28, 0x1, 0x0) getsockopt$auto(r3, 0x28, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r4, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0xffffffff, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r4, 0x0, 0x8587) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) r5 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/projid_map\x00', 0x450301, 0x0) read$auto_proc_projid_map_operations_base(r5, &(0x7f00000003c0), 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x7) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r6, &(0x7f0000000000)=""/39, 0x27) 1.938914262s ago: executing program 3 (id=3975): sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f0000000140), 0x24c0fd7f8ac747bb, 0x0) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000180)="b877365e0da949078a5ab36b6d3a26e530e8c308da", 0x85, &(0x7f00000002c0)="d3c7efc6da1196c546556ea9db589a80a7921916e3cad7a47ffca8e85a7c7abb13960161763cbdd579b299ef03f1f1c364ffe1cb675683e3bb612a31a30405facfba102f36e72cc89de1ddcf20374976852f6889352af0535d8a8af37ae4d98e4de3680085b1f3146de82e41ffdcab5c81c49e3a2fcb4177aa088b7cbb562a767387cb750f430d0a16704c976c7b8258bde377a5b6bd025a37831a2fbe4d6459bd20ae5737c0ef9dee652f17763dbda448bec4424f0c715274a4706fcacb71c94cd2bb3633dedbcbca1029289e2ed5b600b1e6aa8df1dd2a7847068f", 0x7, &(0x7f00000003c0)="b68a6c4bd4be7ab2df8a8412e1c31813ed3751a584bfa1ca11aae4b8c4b48dd403d844cf1ddf210a8e4452797cf610fb4c48d876448260d55fd60f3ec9005beb3b7d0e50ecf053d0b11aaa850b77e4bca2f812a36cd9052f29dd92bfac942bb237565edcc28593a5e9dc56848c6bf699eef4cf72e9a38ba79dd895aaade94d29d3c6f3f1849fef0c50ff7bb12bfecb22915a14353fcc09f9a1a520deafca401e5bbece632fd027f171f10b4d004b854d1accc93b39f22982543ff3c8cc323f", 0x0}) sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(r0, &(0x7f0000000740)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x80) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x240882, 0x0) ioctl$auto_SG_GET_PACK_ID(r1, 0x227c, 0x0) write$auto_sg_fops_sg(r1, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) io_uring_setup$auto(0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) read$auto(0x3, 0x0, 0x8080) close_range$auto(0x2, 0xa, 0x0) 1.803667816s ago: executing program 3 (id=3976): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x30000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) lsm_list_modules$auto(0x0, 0x0, 0x0) socket(0x10, 0x2, 0xfffffffc) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="be2f136f7860f53f19143299dcb74ab9fc6b6ff8ebf64bd6f49d27ce1c009b964f96be0d2907c76e2611079477b71db422c0616b800df377361c4e30b3fd59366399b17990386621c30630c1467af37c1534a5fcd4046605cd178041c0", @ANYRES16=r0, @ANYBLOB="00082dbd7000fbdbdf253d00000004003b018b003a01e158c182a46db274ed0dd0c2b61d844682a34150cd4c00a31a89b0a8bdd5a5401d4f858a9bacae45bff744feda7b00b37f8c4227e94bad3b28d28d7a810b3477506b59a36a9fe8613b24da6dd8c4eb740c34efb58589ed4e4e1967eb9ee4a0e69389ed76146f3f68a9162efcf696ca9cbaecf4ca2ed027dc0cc89b72054039659108d38b9608c300"], 0xa4}, 0x1, 0x0, 0x0, 0x10000000}, 0x4004810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) r1 = socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) ioctl$auto(r1, 0x89f0, 0x24) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) 1.360968742s ago: executing program 1 (id=3977): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) r1 = prctl$auto_PR_SCHED_CORE_SHARE_TO(0x3, 0x2, 0xffffffffffffffff, 0x8, 0x6) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0xc, 0x28, 0x0, 0x1, [@typed={0x8, 0x9e, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc080}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x138, r2, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8}, @NL802154_ATTR_SEC_KEY={0xec, 0x30, 0x0, 0x1, [@nested={0xc, 0xa3, 0x0, 0x1, [@nested={0x4, 0xf9}, @nested={0x4, 0x4e}]}, @generic="83a64f3b9481967d6c013c75e08d1be26fb6f04b96859273507147e64ae08336399a8ac626e8c09b85accd2bd4a4516386d0aed221b93894e4a472f57523ee1c41ed894da9ff9db83de09fda367d68d37f704bc73a78f6f11e0230698c06b417776ede53a165abb071cd4926ae800744fe2b90a17eac6225e2370c35518ed04c9dbcaaf4b93f3c62ba7c5db4e62fbf736874b1b51a6bb7854b6052a255dde275c1042da7b57974a9fbc13a52de8fc1bd933d957506caa55a7cf1023c8952725c5f0b27ea5adaa2f81a277122e9e4adf1682f58ccf43c2f6c99009c9c"]}, @NL802154_ATTR_SEC_DEVICE={0x2d, 0x2e, 0x0, 0x1, [@generic="e2fda2f5790095478bddb722f0c73c7c482cf3f8afabf2dfaedef2496038c4806b09aafff2514f52d5"]}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) r3 = socket(0x28, 0x1, 0x0) getsockopt$auto(r3, 0x28, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r4, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0xffffffff, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r4, 0x0, 0x8587) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/projid_map\x00', 0x450301, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x7) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r5, &(0x7f0000000000)=""/39, 0x27) 1.347369478s ago: executing program 3 (id=3978): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim1/psample/out_tc\x00', 0x101002, 0x0) write$auto(r0, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x03\x00\x00\x00\xc7\xd9\x88t?$\xe4W\x88Q\xe6e\xb2\xa5\xbbZ$\xc9\xa4@\xfb\xca|I\xb9\xdf\xb9\x81K\x02\xcb\t\x9f\x80\x187\xab\b\xd22\x14\xacj\x11\xd0\xa5E\x14\xc4n\xb7\xa4C\xb2C\x02\xb5L!\xc9_8\xe0r\xa8\a\x1d\x03/\xb0x\x83\xd8\x1d\xd3\x1e\xd0\xdd\x131\xca\x98\x96\xbc`\x06\a,\x88\x9dhT\xc6\x88\xa1\xd7\xe0\xb7\n\xbc\xbc\xf3\xd6\xf4g&\xed\xc2n\xee\x89\xfc\xf7F@\xf2\xddW;/%@\x185\x1ab\xf4*\xb8\x9a`D\xa3\xd0\xc3\x10\xff>\x87(\xba\xb4\xa0\x84\x89n9\x85\xa1\x8a\xce\x00'/176, 0x100081) r1 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x2, 0x0) writev$auto(r1, &(0x7f0000001900)={0x0, 0x100000000}, 0x8) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec7\x00', 0x80001, 0x0) r2 = getsockopt$auto(0xffffffffffffffff, 0x84, 0xe, 0x0, &(0x7f0000000040)=0xb0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r3, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) close_range$auto(0xffffffffffffffff, 0x8, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) sendfile$auto(r3, r2, 0x0, 0x4c) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x25, 0xcfdb, 0xba79, 0xfffffffffffffffa, 0x3) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000003d40), 0xffffffffffffffff) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) msgrcv$auto(0x5, 0x0, 0x4, 0x9, 0x6) msgctl$auto(0x0, 0x1, 0x0) openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, &(0x7f0000000040), 0x494001, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x1e, 0x4, 0x0) 441.100451ms ago: executing program 1 (id=3979): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) getsockopt$auto(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x7ffe) 0s ago: executing program 1 (id=3980): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x403, 0x2, 0x40007, 0x49, 0x7ff, 0x5, 0x5, 0x4, 0x6, 0x8, 0x3, 0x5, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x81, 0x100000004, 0x800000, 0x7, 0x8, 0x200, 0x401, 0x1, 0x0, 0x6, 0x6, 0x0, 0x0, [0x0, 0x3fffffff800, 0x1, 0xfffffffffffffffe, 0x1000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8003, 0x4000000, 0x8001, 0x0, 0xfffffffffffffffd, 0x10000000000000, 0x0, 0x80000000, 0x0, 0x6, 0x5, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xffff, 0x0, 0xfffffffffffffffd, 0xec4e, 0x0, 0x8000000000000001, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x100, 0x9a]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x24, 0x4008) kernel console output (not intermixed with test programs): 10 [ 746.179643][T15274] do_syscall_64+0x106/0xf80 [ 746.179677][T15274] ? clear_bhb_loop+0x40/0x90 [ 746.179718][T15274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.179753][T15274] RIP: 0033:0x7f305f79c819 [ 746.179780][T15274] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 746.179811][T15274] RSP: 002b:00007f30605d2028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 746.179841][T15274] RAX: ffffffffffffffda RBX: 00007f305fa16180 RCX: 00007f305f79c819 [ 746.179863][T15274] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 746.179883][T15274] RBP: 00007f30605d2090 R08: 0000000000000000 R09: 0000000000000000 [ 746.179904][T15274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 746.179924][T15274] R13: 00007f305fa16218 R14: 00007f305fa16180 R15: 00007fff384228b8 [ 746.179967][T15274] [ 746.449417][T15276] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 747.392609][T15294] FAULT_INJECTION: forcing a failure. [ 747.392609][T15294] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 747.406196][T15294] CPU: 1 UID: 0 PID: 15294 Comm: syz.0.1708 Not tainted syzkaller #0 PREEMPT(full) [ 747.406239][T15294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 747.406261][T15294] Call Trace: [ 747.406272][T15294] [ 747.406284][T15294] dump_stack_lvl+0x100/0x190 [ 747.406346][T15294] should_fail_ex.cold+0x5/0xa [ 747.406387][T15294] _copy_from_user+0x2e/0xd0 [ 747.406430][T15294] copy_msghdr_from_user+0x9f/0x4f0 [ 747.406476][T15294] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 747.406530][T15294] ? __lock_acquire+0x4a5/0x2630 [ 747.406582][T15294] ___sys_recvmsg+0xdd/0x1a0 [ 747.406627][T15294] ? __pfx____sys_recvmsg+0x10/0x10 [ 747.406675][T15294] ? find_held_lock+0x2b/0x80 [ 747.406733][T15294] do_recvmmsg+0x301/0x760 [ 747.406781][T15294] ? __pfx_do_recvmmsg+0x10/0x10 [ 747.406821][T15294] ? ksys_write+0x190/0x250 [ 747.406852][T15294] ? ksys_write+0x190/0x250 [ 747.406900][T15294] ? __mutex_unlock_slowpath+0x15c/0x790 [ 747.406953][T15294] ? __fget_files+0x21f/0x3d0 [ 747.406997][T15294] __x64_sys_recvmmsg+0x22a/0x280 [ 747.407035][T15294] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 747.407083][T15294] do_syscall_64+0x106/0xf80 [ 747.407116][T15294] ? clear_bhb_loop+0x40/0x90 [ 747.407158][T15294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.407192][T15294] RIP: 0033:0x7f298279c819 [ 747.407220][T15294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.407254][T15294] RSP: 002b:00007f29836eb028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 747.407285][T15294] RAX: ffffffffffffffda RBX: 00007f2982a15fa0 RCX: 00007f298279c819 [ 747.407307][T15294] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 747.407327][T15294] RBP: 00007f29836eb090 R08: 0000000000000000 R09: 0000000000000000 [ 747.407347][T15294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 747.407367][T15294] R13: 00007f2982a16038 R14: 00007f2982a15fa0 R15: 00007fffd99b8118 [ 747.407412][T15294] [ 747.625227][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.631688][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.289630][T15331] FAULT_INJECTION: forcing a failure. [ 750.289630][T15331] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 750.318891][T15331] CPU: 1 UID: 0 PID: 15331 Comm: syz.1.1719 Not tainted syzkaller #0 PREEMPT(full) [ 750.318934][T15331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 750.318949][T15331] Call Trace: [ 750.318958][T15331] [ 750.318967][T15331] dump_stack_lvl+0x100/0x190 [ 750.319009][T15331] should_fail_ex.cold+0x5/0xa [ 750.319038][T15331] _copy_from_user+0x2e/0xd0 [ 750.319070][T15331] copy_msghdr_from_user+0x9f/0x4f0 [ 750.319104][T15331] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 750.319141][T15331] ? __lock_acquire+0x4a5/0x2630 [ 750.319179][T15331] ___sys_recvmsg+0xdd/0x1a0 [ 750.319210][T15331] ? __pfx____sys_recvmsg+0x10/0x10 [ 750.319245][T15331] ? find_held_lock+0x2b/0x80 [ 750.319286][T15331] do_recvmmsg+0x301/0x760 [ 750.319321][T15331] ? __pfx_do_recvmmsg+0x10/0x10 [ 750.319350][T15331] ? ksys_write+0x190/0x250 [ 750.319373][T15331] ? ksys_write+0x190/0x250 [ 750.319400][T15331] ? __mutex_unlock_slowpath+0x15c/0x790 [ 750.319437][T15331] ? __fget_files+0x21f/0x3d0 [ 750.319468][T15331] __x64_sys_recvmmsg+0x22a/0x280 [ 750.319494][T15331] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 750.319528][T15331] do_syscall_64+0x106/0xf80 [ 750.319552][T15331] ? clear_bhb_loop+0x40/0x90 [ 750.319581][T15331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.319606][T15331] RIP: 0033:0x7f621659c819 [ 750.319626][T15331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 750.319650][T15331] RSP: 002b:00007f621747c028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 750.319673][T15331] RAX: ffffffffffffffda RBX: 00007f6216816090 RCX: 00007f621659c819 [ 750.319689][T15331] RDX: 000000000000fffe RSI: 0000000000000000 RDI: 0000000000000003 [ 750.319704][T15331] RBP: 00007f621747c090 R08: 0000000000000000 R09: 0000000000000000 [ 750.319719][T15331] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 750.319732][T15331] R13: 00007f6216816128 R14: 00007f6216816090 R15: 00007fffbbdffd58 [ 750.319762][T15331] [ 750.875004][T15342] FAULT_INJECTION: forcing a failure. [ 750.875004][T15342] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 750.905400][T15342] CPU: 0 UID: 0 PID: 15342 Comm: syz.3.1722 Not tainted syzkaller #0 PREEMPT(full) [ 750.905442][T15342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 750.905462][T15342] Call Trace: [ 750.905474][T15342] [ 750.905486][T15342] dump_stack_lvl+0x100/0x190 [ 750.905548][T15342] should_fail_ex.cold+0x5/0xa [ 750.905587][T15342] _copy_from_user+0x2e/0xd0 [ 750.905631][T15342] copy_msghdr_from_user+0x9f/0x4f0 [ 750.905678][T15342] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 750.905731][T15342] ? __lock_acquire+0x4a5/0x2630 [ 750.905784][T15342] ___sys_recvmsg+0xdd/0x1a0 [ 750.905827][T15342] ? __pfx____sys_recvmsg+0x10/0x10 [ 750.905876][T15342] ? find_held_lock+0x2b/0x80 [ 750.905934][T15342] do_recvmmsg+0x301/0x760 [ 750.905982][T15342] ? __pfx_do_recvmmsg+0x10/0x10 [ 750.906022][T15342] ? ksys_write+0x190/0x250 [ 750.906052][T15342] ? ksys_write+0x190/0x250 [ 750.906091][T15342] ? __mutex_unlock_slowpath+0x15c/0x790 [ 750.906140][T15342] ? __fget_files+0x21f/0x3d0 [ 750.906183][T15342] __x64_sys_recvmmsg+0x22a/0x280 [ 750.906219][T15342] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 750.906261][T15342] do_syscall_64+0x106/0xf80 [ 750.906292][T15342] ? clear_bhb_loop+0x40/0x90 [ 750.906328][T15342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.906360][T15342] RIP: 0033:0x7f305f79c819 [ 750.906383][T15342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 750.906409][T15342] RSP: 002b:00007f30605f3028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 750.906437][T15342] RAX: ffffffffffffffda RBX: 00007f305fa16090 RCX: 00007f305f79c819 [ 750.906456][T15342] RDX: 000000000000fffe RSI: 0000000000000000 RDI: 0000000000000003 [ 750.906472][T15342] RBP: 00007f30605f3090 R08: 0000000000000000 R09: 0000000000000000 [ 750.906489][T15342] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 750.906505][T15342] R13: 00007f305fa16128 R14: 00007f305fa16090 R15: 00007fff384228b8 [ 750.906548][T15342] [ 752.935909][T15378] FAULT_INJECTION: forcing a failure. [ 752.935909][T15378] name failslab, interval 1, probability 0, space 0, times 0 [ 752.961791][T15378] CPU: 0 UID: 0 PID: 15378 Comm: syz.3.1736 Not tainted syzkaller #0 PREEMPT(full) [ 752.961823][T15378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 752.961838][T15378] Call Trace: [ 752.961846][T15378] [ 752.961855][T15378] dump_stack_lvl+0x100/0x190 [ 752.961895][T15378] should_fail_ex.cold+0x5/0xa [ 752.961924][T15378] ? tomoyo_realpath_from_path+0xb6/0x690 [ 752.961959][T15378] should_failslab+0xc2/0x120 [ 752.961987][T15378] __kmalloc_noprof+0xe0/0x850 [ 752.962031][T15378] tomoyo_realpath_from_path+0xb6/0x690 [ 752.962074][T15378] tomoyo_path_number_perm+0x23c/0x580 [ 752.962103][T15378] ? tomoyo_path_number_perm+0x22e/0x580 [ 752.962135][T15378] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 752.962194][T15378] ? find_held_lock+0x2b/0x80 [ 752.962216][T15378] ? __fget_files+0x215/0x3d0 [ 752.962239][T15378] ? hook_file_ioctl_common+0x146/0x410 [ 752.962275][T15378] ? __fget_files+0x21f/0x3d0 [ 752.962303][T15378] security_file_ioctl+0xd3/0x230 [ 752.962335][T15378] __x64_sys_ioctl+0xb7/0x210 [ 752.962374][T15378] do_syscall_64+0x106/0xf80 [ 752.962399][T15378] ? clear_bhb_loop+0x40/0x90 [ 752.962429][T15378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.962453][T15378] RIP: 0033:0x7f305f79c819 [ 752.962473][T15378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 752.962497][T15378] RSP: 002b:00007f3060614028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 752.962520][T15378] RAX: ffffffffffffffda RBX: 00007f305fa15fa0 RCX: 00007f305f79c819 [ 752.962536][T15378] RDX: 0000200000000080 RSI: 000000004008ae90 RDI: 0000000000000004 [ 752.962551][T15378] RBP: 00007f3060614090 R08: 0000000000000000 R09: 0000000000000000 [ 752.962566][T15378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 752.962581][T15378] R13: 00007f305fa16038 R14: 00007f305fa15fa0 R15: 00007fff384228b8 [ 752.962612][T15378] [ 752.962628][T15378] ERROR: Out of memory at tomoyo_realpath_from_path. [ 755.075712][T15419] FAULT_INJECTION: forcing a failure. [ 755.075712][T15419] name failslab, interval 1, probability 0, space 0, times 0 [ 755.125589][T15419] CPU: 0 UID: 0 PID: 15419 Comm: syz.2.1747 Not tainted syzkaller #0 PREEMPT(full) [ 755.125637][T15419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 755.125658][T15419] Call Trace: [ 755.125669][T15419] [ 755.125682][T15419] dump_stack_lvl+0x100/0x190 [ 755.125736][T15419] should_fail_ex.cold+0x5/0xa [ 755.125775][T15419] should_failslab+0xc2/0x120 [ 755.125812][T15419] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 755.125863][T15419] ? create_new_namespaces+0x30/0xac0 [ 755.125898][T15419] ? rcu_is_watching+0x12/0xc0 [ 755.125956][T15419] create_new_namespaces+0x30/0xac0 [ 755.125992][T15419] ? bpf_lsm_capable+0x9/0x10 [ 755.126028][T15419] ? security_capable+0x80/0x260 [ 755.126067][T15419] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 755.126107][T15419] ksys_unshare+0x473/0xad0 [ 755.126157][T15419] ? __pfx_ksys_unshare+0x10/0x10 [ 755.126200][T15419] ? ksys_write+0x1ac/0x250 [ 755.126245][T15419] __x64_sys_unshare+0x31/0x40 [ 755.126289][T15419] do_syscall_64+0x106/0xf80 [ 755.126328][T15419] ? clear_bhb_loop+0x40/0x90 [ 755.126368][T15419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.126402][T15419] RIP: 0033:0x7f75f5d9c819 [ 755.126429][T15419] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 755.126460][T15419] RSP: 002b:00007f75f6bf1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 755.126492][T15419] RAX: ffffffffffffffda RBX: 00007f75f6015fa0 RCX: 00007f75f5d9c819 [ 755.126513][T15419] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 755.126534][T15419] RBP: 00007f75f6bf1090 R08: 0000000000000000 R09: 0000000000000000 [ 755.126554][T15419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 755.126575][T15419] R13: 00007f75f6016038 R14: 00007f75f6015fa0 R15: 00007fff6f759178 [ 755.126621][T15419] [ 756.632611][T15439] FAULT_INJECTION: forcing a failure. [ 756.632611][T15439] name failslab, interval 1, probability 0, space 0, times 0 [ 756.650197][T15439] CPU: 1 UID: 0 PID: 15439 Comm: syz.0.1752 Not tainted syzkaller #0 PREEMPT(full) [ 756.650239][T15439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 756.650267][T15439] Call Trace: [ 756.650278][T15439] [ 756.650290][T15439] dump_stack_lvl+0x100/0x190 [ 756.650349][T15439] should_fail_ex.cold+0x5/0xa [ 756.650390][T15439] ? tomoyo_realpath_from_path+0xb6/0x690 [ 756.650441][T15439] should_failslab+0xc2/0x120 [ 756.650479][T15439] __kmalloc_noprof+0xe0/0x850 [ 756.650543][T15439] tomoyo_realpath_from_path+0xb6/0x690 [ 756.650603][T15439] tomoyo_path_number_perm+0x23c/0x580 [ 756.650645][T15439] ? tomoyo_path_number_perm+0x22e/0x580 [ 756.650690][T15439] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 756.650775][T15439] ? find_held_lock+0x2b/0x80 [ 756.650809][T15439] ? __fget_files+0x215/0x3d0 [ 756.650842][T15439] ? hook_file_ioctl_common+0x146/0x410 [ 756.650895][T15439] ? __fget_files+0x21f/0x3d0 [ 756.650937][T15439] security_file_ioctl+0xd3/0x230 [ 756.650983][T15439] __x64_sys_ioctl+0xb7/0x210 [ 756.651037][T15439] do_syscall_64+0x106/0xf80 [ 756.651072][T15439] ? clear_bhb_loop+0x40/0x90 [ 756.651114][T15439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.651150][T15439] RIP: 0033:0x7f298279c819 [ 756.651177][T15439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.651210][T15439] RSP: 002b:00007f29836eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 756.651242][T15439] RAX: ffffffffffffffda RBX: 00007f2982a15fa0 RCX: 00007f298279c819 [ 756.651272][T15439] RDX: 0000200000001480 RSI: 00000000c4c85513 RDI: 0000000000000003 [ 756.651294][T15439] RBP: 00007f29836eb090 R08: 0000000000000000 R09: 0000000000000000 [ 756.651315][T15439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 756.651335][T15439] R13: 00007f2982a16038 R14: 00007f2982a15fa0 R15: 00007fffd99b8118 [ 756.651381][T15439] [ 756.651396][T15439] ERROR: Out of memory at tomoyo_realpath_from_path. [ 757.042443][T15443] sg_write: data in/out 1534298128/86 bytes for SCSI command 0xac-- guessing data in; [ 757.042443][T15443] program syz.3.1755 not setting count and/or reply_len properly [ 758.285563][T15452] ima: policy update failed [ 758.334468][ T30] audit: type=1802 audit(1775421300.874:2): pid=15452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1757" res=0 errno=0 [ 759.620165][T15480] FAULT_INJECTION: forcing a failure. [ 759.620165][T15480] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 759.633505][T15480] CPU: 1 UID: 0 PID: 15480 Comm: syz.1.1764 Not tainted syzkaller #0 PREEMPT(full) [ 759.633545][T15480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 759.633565][T15480] Call Trace: [ 759.633576][T15480] [ 759.633588][T15480] dump_stack_lvl+0x100/0x190 [ 759.633645][T15480] should_fail_ex.cold+0x5/0xa [ 759.633685][T15480] _copy_from_user+0x2e/0xd0 [ 759.633728][T15480] copy_msghdr_from_user+0x9f/0x4f0 [ 759.633775][T15480] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 759.633830][T15480] ? __lock_acquire+0x4a5/0x2630 [ 759.633892][T15480] ___sys_recvmsg+0xdd/0x1a0 [ 759.633937][T15480] ? __pfx____sys_recvmsg+0x10/0x10 [ 759.633985][T15480] ? find_held_lock+0x2b/0x80 [ 759.634041][T15480] do_recvmmsg+0x301/0x760 [ 759.634089][T15480] ? __pfx_do_recvmmsg+0x10/0x10 [ 759.634130][T15480] ? ksys_write+0x190/0x250 [ 759.634163][T15480] ? ksys_write+0x190/0x250 [ 759.634203][T15480] ? __mutex_unlock_slowpath+0x15c/0x790 [ 759.634257][T15480] ? __fget_files+0x21f/0x3d0 [ 759.634301][T15480] __x64_sys_recvmmsg+0x22a/0x280 [ 759.634339][T15480] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 759.634387][T15480] do_syscall_64+0x106/0xf80 [ 759.634422][T15480] ? clear_bhb_loop+0x40/0x90 [ 759.634463][T15480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.634497][T15480] RIP: 0033:0x7f621659c819 [ 759.634525][T15480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 759.634557][T15480] RSP: 002b:00007f621747c028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 759.634590][T15480] RAX: ffffffffffffffda RBX: 00007f6216816090 RCX: 00007f621659c819 [ 759.634613][T15480] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 759.634633][T15480] RBP: 00007f621747c090 R08: 0000000000000000 R09: 0000000000000000 [ 759.634654][T15480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 759.634675][T15480] R13: 00007f6216816128 R14: 00007f6216816090 R15: 00007fffbbdffd58 [ 759.634719][T15480] [ 760.723863][T15494] sg_write: data in/out 1534298128/86 bytes for SCSI command 0xac-- guessing data in; [ 760.723863][T15494] program syz.0.1767 not setting count and/or reply_len properly [ 760.762519][T15496] FAULT_INJECTION: forcing a failure. [ 760.762519][T15496] name failslab, interval 1, probability 0, space 0, times 0 [ 760.776303][T15496] CPU: 0 UID: 0 PID: 15496 Comm: syz.2.1769 Not tainted syzkaller #0 PREEMPT(full) [ 760.776353][T15496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 760.776374][T15496] Call Trace: [ 760.776384][T15496] [ 760.776397][T15496] dump_stack_lvl+0x100/0x190 [ 760.776452][T15496] should_fail_ex.cold+0x5/0xa [ 760.776491][T15496] should_failslab+0xc2/0x120 [ 760.776528][T15496] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 760.776581][T15496] ? __d_alloc+0x34/0xa80 [ 760.776620][T15496] ? __pfx_stack_trace_save+0x10/0x10 [ 760.776664][T15496] __d_alloc+0x34/0xa80 [ 760.776707][T15496] d_alloc_parallel+0x111/0x14e0 [ 760.776771][T15496] ? find_held_lock+0x2b/0x80 [ 760.776809][T15496] ? __d_lookup+0x25c/0x4a0 [ 760.776858][T15496] ? __pfx_d_alloc_parallel+0x10/0x10 [ 760.776926][T15496] ? __d_lookup+0x266/0x4a0 [ 760.776987][T15496] lookup_open.isra.0+0x57c/0x11b0 [ 760.777040][T15496] ? kernfs_iop_getattr+0xd0/0xf0 [ 760.777089][T15496] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 760.777161][T15496] ? lookup_fast+0x2da/0x600 [ 760.777215][T15496] path_openat+0xa98/0x31a0 [ 760.777264][T15496] ? __pfx_path_openat+0x10/0x10 [ 760.777316][T15496] do_file_open+0x20e/0x430 [ 760.777356][T15496] ? __pfx_do_file_open+0x10/0x10 [ 760.777422][T15496] ? alloc_fd+0x476/0x790 [ 760.777460][T15496] ? do_getname+0x191/0x390 [ 760.777507][T15496] do_sys_openat2+0x10d/0x1e0 [ 760.777554][T15496] ? __pfx_do_sys_openat2+0x10/0x10 [ 760.777615][T15496] __x64_sys_openat+0x12d/0x210 [ 760.777662][T15496] ? __pfx___x64_sys_openat+0x10/0x10 [ 760.777725][T15496] do_syscall_64+0x106/0xf80 [ 760.777758][T15496] ? clear_bhb_loop+0x40/0x90 [ 760.777799][T15496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.777833][T15496] RIP: 0033:0x7f75f5d9c819 [ 760.777860][T15496] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 760.777907][T15496] RSP: 002b:00007f75f6bf1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 760.777940][T15496] RAX: ffffffffffffffda RBX: 00007f75f6015fa0 RCX: 00007f75f5d9c819 [ 760.777963][T15496] RDX: 00000000000a0000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 760.777985][T15496] RBP: 00007f75f5e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 760.778005][T15496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 760.778025][T15496] R13: 00007f75f6016038 R14: 00007f75f6015fa0 R15: 00007fff6f759178 [ 760.778068][T15496] [ 761.646440][T15512] FAULT_INJECTION: forcing a failure. [ 761.646440][T15512] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 761.808068][T15512] CPU: 1 UID: 0 PID: 15512 Comm: syz.3.1770 Not tainted syzkaller #0 PREEMPT(full) [ 761.808113][T15512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 761.808134][T15512] Call Trace: [ 761.808145][T15512] [ 761.808158][T15512] dump_stack_lvl+0x100/0x190 [ 761.808215][T15512] should_fail_ex.cold+0x5/0xa [ 761.808253][T15512] _copy_from_user+0x2e/0xd0 [ 761.808302][T15512] copy_msghdr_from_user+0x9f/0x4f0 [ 761.808347][T15512] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 761.808396][T15512] ? __pfx__kstrtoull+0x10/0x10 [ 761.808453][T15512] ___sys_sendmsg+0x106/0x1e0 [ 761.808497][T15512] ? __pfx____sys_sendmsg+0x10/0x10 [ 761.808557][T15512] ? find_held_lock+0x2b/0x80 [ 761.808623][T15512] __sys_sendmmsg+0x205/0x430 [ 761.808664][T15512] ? __pfx___sys_sendmmsg+0x10/0x10 [ 761.808710][T15512] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 761.808765][T15512] ? fput+0x79/0x100 [ 761.808802][T15512] ? ksys_write+0x1ac/0x250 [ 761.808834][T15512] ? __pfx_ksys_write+0x10/0x10 [ 761.808873][T15512] __x64_sys_sendmmsg+0x9c/0x100 [ 761.808904][T15512] ? lockdep_hardirqs_on+0x78/0x100 [ 761.808937][T15512] do_syscall_64+0x106/0xf80 [ 761.808969][T15512] ? clear_bhb_loop+0x40/0x90 [ 761.809009][T15512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.809042][T15512] RIP: 0033:0x7f305f79c819 [ 761.809069][T15512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 761.809102][T15512] RSP: 002b:00007f30605b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 761.809133][T15512] RAX: ffffffffffffffda RBX: 00007f305fa16270 RCX: 00007f305f79c819 [ 761.809153][T15512] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000004 [ 761.809171][T15512] RBP: 00007f30605b1090 R08: 0000000000000000 R09: 0000000000000000 [ 761.809191][T15512] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001 [ 761.809211][T15512] R13: 00007f305fa16308 R14: 00007f305fa16270 R15: 00007fff384228b8 [ 761.809253][T15512] [ 763.049188][T15536] FAULT_INJECTION: forcing a failure. [ 763.049188][T15536] name failslab, interval 1, probability 0, space 0, times 0 [ 763.076378][T15536] CPU: 1 UID: 0 PID: 15536 Comm: syz.3.1774 Not tainted syzkaller #0 PREEMPT(full) [ 763.076425][T15536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 763.076448][T15536] Call Trace: [ 763.076460][T15536] [ 763.076474][T15536] dump_stack_lvl+0x100/0x190 [ 763.076537][T15536] should_fail_ex.cold+0x5/0xa [ 763.076579][T15536] ? tomoyo_encode2+0xfb/0x3c0 [ 763.076627][T15536] should_failslab+0xc2/0x120 [ 763.076666][T15536] __kmalloc_noprof+0xe0/0x850 [ 763.076729][T15536] ? rcu_is_watching+0x12/0xc0 [ 763.076792][T15536] tomoyo_encode2+0xfb/0x3c0 [ 763.076848][T15536] tomoyo_encode+0x29/0x50 [ 763.076896][T15536] tomoyo_realpath_from_path+0x18c/0x690 [ 763.076958][T15536] tomoyo_check_open_permission+0x2af/0x3c0 [ 763.077006][T15536] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 763.077095][T15536] ? do_raw_spin_lock+0x128/0x260 [ 763.077152][T15536] ? path_get+0x61/0x80 [ 763.077198][T15536] tomoyo_file_open+0x6b/0x90 [ 763.077234][T15536] security_file_open+0xb5/0x1e0 [ 763.077283][T15536] do_dentry_open+0x5aa/0x1660 [ 763.077323][T15536] ? security_inode_permission+0xbf/0x250 [ 763.077375][T15536] vfs_open+0x82/0x3f0 [ 763.077433][T15536] path_openat+0x208c/0x31a0 [ 763.077487][T15536] ? __pfx_path_openat+0x10/0x10 [ 763.077544][T15536] do_file_open+0x20e/0x430 [ 763.077586][T15536] ? __pfx_do_file_open+0x10/0x10 [ 763.077658][T15536] ? alloc_fd+0x476/0x790 [ 763.077706][T15536] ? do_getname+0x191/0x390 [ 763.077757][T15536] do_sys_openat2+0x10d/0x1e0 [ 763.077805][T15536] ? __pfx_do_sys_openat2+0x10/0x10 [ 763.077870][T15536] __x64_sys_openat+0x12d/0x210 [ 763.077920][T15536] ? __pfx___x64_sys_openat+0x10/0x10 [ 763.077987][T15536] do_syscall_64+0x106/0xf80 [ 763.078023][T15536] ? clear_bhb_loop+0x40/0x90 [ 763.078068][T15536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.078104][T15536] RIP: 0033:0x7f305f79c819 [ 763.078134][T15536] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 763.078169][T15536] RSP: 002b:00007f30605d2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 763.078202][T15536] RAX: ffffffffffffffda RBX: 00007f305fa16180 RCX: 00007f305f79c819 [ 763.078226][T15536] RDX: 0000000000080200 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 763.078250][T15536] RBP: 00007f305f832c91 R08: 0000000000000000 R09: 0000000000000000 [ 763.078272][T15536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.078293][T15536] R13: 00007f305fa16218 R14: 00007f305fa16180 R15: 00007fff384228b8 [ 763.078340][T15536] [ 763.078505][T15536] ERROR: Out of memory at tomoyo_realpath_from_path. [ 773.817171][ T5144] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 773.826625][ T5144] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 773.835275][ T5144] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 773.860745][ T5144] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 773.869176][ T5144] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 774.644187][ T9964] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.718217][T16205] chnl_net:caif_netlink_parms(): no params data found [ 774.840010][ T9964] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.978002][ T9964] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 775.082077][ T9964] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 775.202509][T16205] bridge0: port 1(bridge_slave_0) entered blocking state [ 775.220093][T16205] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.227496][T16205] bridge_slave_0: entered allmulticast mode [ 775.236312][T16205] bridge_slave_0: entered promiscuous mode [ 775.246089][T16205] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.253727][T16205] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.263387][T16205] bridge_slave_1: entered allmulticast mode [ 775.271717][T16205] bridge_slave_1: entered promiscuous mode [ 775.326541][T16205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 775.347705][T16205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 775.522210][T16205] team0: Port device team_slave_0 added [ 775.566122][T16205] team0: Port device team_slave_1 added [ 775.683035][ T9964] bridge_slave_1: left allmulticast mode [ 775.703737][ T9964] bridge_slave_1: left promiscuous mode [ 775.712209][ T9964] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.761119][ T9964] bridge_slave_0: left allmulticast mode [ 775.766847][ T9964] bridge_slave_0: left promiscuous mode [ 775.800136][ T9964] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.950204][ T5144] Bluetooth: hci4: command tx timeout [ 776.507573][ T9964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 776.554122][ T9964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 776.597198][ T9964] bond0 (unregistering): Released all slaves [ 776.644534][T16205] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 776.658821][T16205] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 776.750228][T16205] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 776.813246][ T9964] HfR: left promiscuous mode [ 776.865103][T16205] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 776.904717][T16205] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 776.965781][T16205] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 777.087552][T16205] hsr_slave_0: entered promiscuous mode [ 777.119618][T16205] hsr_slave_1: entered promiscuous mode [ 777.131571][T16205] debugfs: 'hsr0' already exists in 'hsr' [ 777.143638][T16205] Cannot create hsr debugfs directory [ 777.921014][ T9964] hsr_slave_0: left promiscuous mode [ 777.953370][ T9964] hsr_slave_1: left promiscuous mode [ 777.966954][ T9964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 777.999158][ T9964] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 778.019683][ T5144] Bluetooth: hci4: command tx timeout [ 778.027323][ T9964] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 778.060928][ T9964] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 778.125491][ T9964] veth1_macvtap: left promiscuous mode [ 778.142174][ T9964] veth0_macvtap: left promiscuous mode [ 778.148371][ T9964] veth1_vlan: left promiscuous mode [ 778.169646][ T9964] veth0_vlan: left promiscuous mode [ 778.969371][ T9964] team0 (unregistering): Port device team_slave_1 removed [ 779.014918][ T9964] team0 (unregistering): Port device team_slave_0 removed [ 780.100477][ T5144] Bluetooth: hci4: command tx timeout [ 780.539111][T16205] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 780.567890][T16205] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 780.601265][T16205] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 780.645997][T16205] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 780.923583][T16205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 780.975950][T16205] 8021q: adding VLAN 0 to HW filter on device team0 [ 781.011443][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 781.018728][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 781.075193][ T9964] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.082514][ T9964] bridge0: port 2(bridge_slave_1) entered forwarding state [ 781.738038][T16205] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 781.902068][T16205] veth0_vlan: entered promiscuous mode [ 781.934968][T16205] veth1_vlan: entered promiscuous mode [ 782.035359][T16205] veth0_macvtap: entered promiscuous mode [ 782.062631][T16205] veth1_macvtap: entered promiscuous mode [ 782.126763][T16205] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 782.156980][T16205] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 782.179334][ T5144] Bluetooth: hci4: command tx timeout [ 782.236281][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 782.279337][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 782.311721][ T106] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 782.329812][ T106] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 782.471317][ T106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 782.479770][ T106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 782.570479][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 782.578382][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 783.111357][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 783.121809][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 783.130084][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 783.138471][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 783.158976][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 783.948603][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.238566][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.316381][T16676] chnl_net:caif_netlink_parms(): no params data found [ 784.443411][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.646062][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.882418][T16676] bridge0: port 1(bridge_slave_0) entered blocking state [ 784.890778][T16676] bridge0: port 1(bridge_slave_0) entered disabled state [ 784.898078][T16676] bridge_slave_0: entered allmulticast mode [ 784.907292][T16676] bridge_slave_0: entered promiscuous mode [ 784.998848][T16676] bridge0: port 2(bridge_slave_1) entered blocking state [ 785.006079][T16676] bridge0: port 2(bridge_slave_1) entered disabled state [ 785.055756][T16676] bridge_slave_1: entered allmulticast mode [ 785.071542][T16676] bridge_slave_1: entered promiscuous mode [ 785.119054][T16766] syz.3.2777 uses obsolete (PF_INET,SOCK_PACKET) [ 785.222290][ T5144] Bluetooth: hci3: command tx timeout [ 785.351854][T16676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 785.393892][ T13] bridge_slave_1: left allmulticast mode [ 785.402721][ T13] bridge_slave_1: left promiscuous mode [ 785.408682][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 785.472918][ T13] bridge_slave_0: left allmulticast mode [ 785.500588][ T13] bridge_slave_0: left promiscuous mode [ 785.506489][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.335998][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 786.386823][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 786.434872][ T13] bond0 (unregistering): Released all slaves [ 786.550971][T16676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 786.590009][ T13] HfR: left promiscuous mode [ 786.766896][T16676] team0: Port device team_slave_0 added [ 786.793721][T16676] team0: Port device team_slave_1 added [ 787.021047][T16676] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 787.036719][T16676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 787.067361][T16676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 787.088007][T16676] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 787.095576][T16676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 787.131208][T16676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 787.220165][ T13] hsr_slave_0: left promiscuous mode [ 787.233587][ T13] hsr_slave_1: left promiscuous mode [ 787.255623][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 787.271536][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 787.290579][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 787.302140][ T5144] Bluetooth: hci3: command tx timeout [ 787.318758][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 787.337913][ T13] veth1_macvtap: left promiscuous mode [ 787.343713][ T13] veth0_macvtap: left promiscuous mode [ 787.349747][ T13] veth1_vlan: left promiscuous mode [ 787.355086][ T13] veth0_vlan: left promiscuous mode [ 787.794781][ T13] team0 (unregistering): Port device team_slave_1 removed [ 787.830014][ T13] team0 (unregistering): Port device team_slave_0 removed [ 788.201587][T16676] hsr_slave_0: entered promiscuous mode [ 788.223253][T16676] hsr_slave_1: entered promiscuous mode [ 789.380944][ T5144] Bluetooth: hci3: command tx timeout [ 789.680733][T16676] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 789.743437][T16676] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 789.790345][T16676] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 789.817667][T16676] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 790.106107][T16676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 790.187762][T16676] 8021q: adding VLAN 0 to HW filter on device team0 [ 790.272180][ T106] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.279452][ T106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 790.306023][ T106] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.313375][ T106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 791.459297][ T5144] Bluetooth: hci3: command tx timeout [ 791.536851][T16676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 791.647298][T16676] veth0_vlan: entered promiscuous mode [ 791.667393][T16676] veth1_vlan: entered promiscuous mode [ 791.787188][T16676] veth0_macvtap: entered promiscuous mode [ 791.823448][T16676] veth1_macvtap: entered promiscuous mode [ 791.864168][T16676] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 791.902885][T16676] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 791.998042][ T66] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.012711][ T66] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.034177][ T66] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.058449][ T66] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.143992][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 792.153662][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 792.205246][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 792.216889][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 792.624944][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 792.638960][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 792.651271][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 792.689992][T16207] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 792.700659][T16207] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 793.369468][T17060] chnl_net:caif_netlink_parms(): no params data found [ 793.731537][T17060] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.739008][T17060] bridge0: port 1(bridge_slave_0) entered disabled state [ 793.763776][T17084] block2mtd: illegal erase size [ 793.770173][T17060] bridge_slave_0: entered allmulticast mode [ 793.785454][T17060] bridge_slave_0: entered promiscuous mode [ 793.901439][T17060] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.925983][T17060] bridge0: port 2(bridge_slave_1) entered disabled state [ 793.959402][T17060] bridge_slave_1: entered allmulticast mode [ 793.977280][T17060] bridge_slave_1: entered promiscuous mode [ 794.120576][ T9964] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.219157][ T9964] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.253696][T17060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 794.282376][T17060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 794.312878][ T9964] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.458772][T17060] team0: Port device team_slave_0 added [ 794.744500][T16207] Bluetooth: hci2: command tx timeout [ 794.840381][ T9964] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.891270][T17060] team0: Port device team_slave_1 added [ 795.041696][T17060] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 795.059109][T17060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 795.103190][T17060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 795.129326][T17060] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 795.136560][T17060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 795.179160][T17060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 795.472142][T17060] hsr_slave_0: entered promiscuous mode [ 795.489793][T17060] hsr_slave_1: entered promiscuous mode [ 795.504999][T17060] debugfs: 'hsr0' already exists in 'hsr' [ 795.528813][T17060] Cannot create hsr debugfs directory [ 795.539915][ T9964] bridge_slave_1: left allmulticast mode [ 795.549062][ T9964] bridge_slave_1: left promiscuous mode [ 795.561653][ T9964] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.591449][ T9964] bridge_slave_0: left allmulticast mode [ 795.597189][ T9964] bridge_slave_0: left promiscuous mode [ 795.624952][ T9964] bridge0: port 1(bridge_slave_0) entered disabled state [ 796.053441][ T9964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 796.068406][ T9964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 796.082892][ T9964] bond0 (unregistering): Released all slaves [ 796.603362][ T9964] hsr_slave_0: left promiscuous mode [ 796.626776][ T9964] hsr_slave_1: left promiscuous mode [ 796.636589][ T9964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 796.647321][ T9964] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 796.656036][ T9964] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 796.664008][ T9964] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 796.686070][ T9964] veth1_macvtap: left promiscuous mode [ 796.693342][ T9964] veth0_macvtap: left promiscuous mode [ 796.699487][ T9964] veth1_vlan: left promiscuous mode [ 796.704912][ T9964] veth0_vlan: left promiscuous mode [ 796.819536][T16207] Bluetooth: hci2: command tx timeout [ 796.961198][T17161] program syz.3.3037 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 797.184357][ T9964] team0 (unregistering): Port device team_slave_1 removed [ 797.206279][ T9964] team0 (unregistering): Port device team_slave_0 removed [ 798.145793][T17190] sg_write: data in/out 1534298128/86 bytes for SCSI command 0xac-- guessing data in; [ 798.145793][T17190] program syz.2.3058 not setting count and/or reply_len properly [ 798.582512][T17060] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 798.605968][T17060] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 798.650642][T17060] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 798.692708][T17060] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 798.908727][T16207] Bluetooth: hci2: command tx timeout [ 799.071022][T17060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 799.161609][T17060] 8021q: adding VLAN 0 to HW filter on device team0 [ 799.232854][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 799.240136][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 799.313015][ T1015] bridge0: port 2(bridge_slave_1) entered blocking state [ 799.320334][ T1015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 799.660224][T17256] Unable to find swap-space signature [ 800.027101][T17274] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 800.172330][ T5179] ERROR: Out of memory at tomoyo_memory_ok. [ 800.459383][T17279] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 800.610214][T17060] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 800.962528][T17060] veth0_vlan: entered promiscuous mode [ 800.984814][T16207] Bluetooth: hci2: command tx timeout [ 801.054849][T17060] veth1_vlan: entered promiscuous mode [ 801.229844][T17060] veth0_macvtap: entered promiscuous mode [ 801.266868][T17060] veth1_macvtap: entered promiscuous mode [ 801.340629][T17060] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 801.386541][T17060] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 801.444149][ T66] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.487793][ T66] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.519384][ T66] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.528440][ T66] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.824859][ T9964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 801.859409][ T9964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 802.033657][ T1015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 802.080403][ T1015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 803.038482][ T5144] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 803.059011][ T5144] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 803.073316][ T5144] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 803.109271][ T5144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 803.122262][ T5144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 803.733369][ T1015] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 803.979787][ T1015] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.218963][ T1015] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.296604][T17349] chnl_net:caif_netlink_parms(): no params data found [ 804.392128][ T1015] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.684435][T17349] bridge0: port 1(bridge_slave_0) entered blocking state [ 804.695263][T17349] bridge0: port 1(bridge_slave_0) entered disabled state [ 804.706670][T17349] bridge_slave_0: entered allmulticast mode [ 804.716677][T17349] bridge_slave_0: entered promiscuous mode [ 804.747915][T17390] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 804.773704][T17349] bridge0: port 2(bridge_slave_1) entered blocking state [ 804.792081][T17349] bridge0: port 2(bridge_slave_1) entered disabled state [ 804.800525][T17349] bridge_slave_1: entered allmulticast mode [ 804.810054][T17349] bridge_slave_1: entered promiscuous mode [ 804.857801][ T1015] bridge_slave_1: left allmulticast mode [ 804.869745][ T1015] bridge_slave_1: left promiscuous mode [ 804.875901][ T1015] bridge0: port 2(bridge_slave_1) entered disabled state [ 804.888956][ T1015] bridge_slave_0: left allmulticast mode [ 804.894820][ T1015] bridge_slave_0: left promiscuous mode [ 804.902680][ T1015] bridge0: port 1(bridge_slave_0) entered disabled state [ 805.225886][T16207] Bluetooth: hci1: command tx timeout [ 805.384893][ T1015] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 805.409444][ T1015] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 805.430746][ T1015] bond0 (unregistering): Released all slaves [ 805.525760][T17391] ovs_: entered promiscuous mode [ 805.534775][T17349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 805.598890][T17349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 805.639741][ T1015] HfR: left promiscuous mode [ 805.875086][T17349] team0: Port device team_slave_0 added [ 805.910711][T17349] team0: Port device team_slave_1 added [ 806.089795][T17349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 806.105226][T17349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 806.139364][T17349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 806.170937][T17349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 806.201310][T17349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 806.286973][T17349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 806.524541][ T1015] hsr_slave_0: left promiscuous mode [ 806.553026][ T1015] hsr_slave_1: left promiscuous mode [ 806.589553][ T1015] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 806.597205][ T1015] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 806.637755][ T1015] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 806.655911][ T1015] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 806.699808][ T1015] veth1_macvtap: left promiscuous mode [ 806.705390][ T1015] veth0_macvtap: left promiscuous mode [ 806.729723][ T1015] veth1_vlan: left promiscuous mode [ 806.735088][ T1015] veth0_vlan: left promiscuous mode [ 807.165476][ T1015] team0 (unregistering): Port device team_slave_1 removed [ 807.194377][ T1015] team0 (unregistering): Port device team_slave_0 removed [ 807.315088][T16207] Bluetooth: hci1: command tx timeout [ 807.486844][T17349] hsr_slave_0: entered promiscuous mode [ 807.501322][T17349] hsr_slave_1: entered promiscuous mode [ 807.508050][T17349] debugfs: 'hsr0' already exists in 'hsr' [ 807.516897][T17349] Cannot create hsr debugfs directory [ 808.632584][T17472] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3147'. [ 809.064026][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.074276][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.088447][T17349] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 809.135436][T17349] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 809.168458][T17349] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 809.196208][T17349] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 809.381084][T16207] Bluetooth: hci1: command tx timeout [ 809.778102][T17349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 809.855583][T17349] 8021q: adding VLAN 0 to HW filter on device team0 [ 809.913481][ T1015] bridge0: port 1(bridge_slave_0) entered blocking state [ 809.920818][ T1015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 809.992306][ T1015] bridge0: port 2(bridge_slave_1) entered blocking state [ 809.999620][ T1015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 810.853828][ T1330] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.031968][T17349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 811.342780][T17349] veth0_vlan: entered promiscuous mode [ 811.419378][T17349] veth1_vlan: entered promiscuous mode [ 811.458915][T16207] Bluetooth: hci1: command tx timeout [ 811.671412][T17349] veth0_macvtap: entered promiscuous mode [ 811.731905][T17349] veth1_macvtap: entered promiscuous mode [ 811.791175][T17349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 811.823664][T17349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 811.869225][ T30] audit: type=1326 audit(1775421354.394:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17555 comm="syz.0.3155" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb15fb9c819 code=0x0 [ 811.896909][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.916376][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.973231][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.001243][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.327309][ T9964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.327361][ T9964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.474455][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.497111][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 813.214081][T17592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3163'. [ 813.738949][T17603] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 814.095647][T17581] kexec: Could not allocate control_code_buffer [ 814.795692][T17640] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 814.863755][T17640] ovs_: entered promiscuous mode [ 817.403328][T17693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3187'. [ 817.416298][T17693] netlink: 'syz.0.3187': attribute type 1 has an invalid length. [ 817.434385][T17693] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3187'. [ 817.445541][T17693] netlink: 'syz.0.3187': attribute type 1 has an invalid length. [ 817.780453][T17710] program syz.1.3192 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 818.526252][T17729] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3197'. [ 818.527372][T17729] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3197'. [ 820.929937][T17781] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 821.092938][T17783] program syz.3.3212 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 823.521755][T17821] program syz.1.3232 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 823.641662][T17829] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 823.653241][T17829] futex_wake_op: syz.2.3226 tries to shift op by -2048; fix this program [ 823.670425][T17829] nfs4: Unknown parameter '/dev/snd/timer' [ 827.718944][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 828.382781][T17929] program syz.2.3248 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 829.429064][T17946] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 829.445481][T17946] futex_wake_op: syz.3.3253 tries to shift op by -2048; fix this program [ 829.461222][T17946] nfs4: Unknown parameter '/dev/snd/timer' [ 830.061600][T17969] random: crng reseeded on system resumption [ 830.267456][T17974] QAT: Device 250 not found [ 831.759616][T18010] QAT: Device 250 not found [ 833.040298][T18040] program syz.0.3283 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 836.594291][T18113] program syz.2.3310 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 838.612559][T18156] program syz.2.3321 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 842.559738][T18215] FAULT_INJECTION: forcing a failure. [ 842.559738][T18215] name failslab, interval 1, probability 0, space 0, times 0 [ 842.583716][T18215] CPU: 1 UID: 0 PID: 18215 Comm: syz.2.3338 Not tainted syzkaller #0 PREEMPT(full) [ 842.583750][T18215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 842.583766][T18215] Call Trace: [ 842.583774][T18215] [ 842.583784][T18215] dump_stack_lvl+0x100/0x190 [ 842.583826][T18215] should_fail_ex.cold+0x5/0xa [ 842.583854][T18215] should_failslab+0xc2/0x120 [ 842.583882][T18215] __kmalloc_cache_noprof+0x7a/0x6f0 [ 842.583915][T18215] ? alloc_pipe_info+0x10e/0x590 [ 842.583942][T18215] ? find_held_lock+0x2b/0x80 [ 842.583970][T18215] alloc_pipe_info+0x10e/0x590 [ 842.583999][T18215] splice_direct_to_actor+0x78f/0xa30 [ 842.584028][T18215] ? __lock_acquire+0x4a5/0x2630 [ 842.584058][T18215] ? __pfx_direct_splice_actor+0x10/0x10 [ 842.584085][T18215] ? __pfx_aa_file_perm+0x10/0x10 [ 842.584123][T18215] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 842.584157][T18215] do_splice_direct+0x174/0x240 [ 842.584183][T18215] ? __pfx_do_splice_direct+0x10/0x10 [ 842.584210][T18215] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 842.584255][T18215] ? rw_verify_area+0xce/0x6d0 [ 842.584295][T18215] do_sendfile+0xadc/0xe20 [ 842.584339][T18215] ? __pfx_do_sendfile+0x10/0x10 [ 842.584378][T18215] ? __fget_files+0x21f/0x3d0 [ 842.584410][T18215] __x64_sys_sendfile64+0x1d8/0x220 [ 842.584449][T18215] ? ksys_write+0x1ac/0x250 [ 842.584473][T18215] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 842.584511][T18215] do_syscall_64+0x106/0xf80 [ 842.584537][T18215] ? clear_bhb_loop+0x40/0x90 [ 842.584566][T18215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.584591][T18215] RIP: 0033:0x7f8f1719c819 [ 842.584612][T18215] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 842.584636][T18215] RSP: 002b:00007f8f1809d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 842.584660][T18215] RAX: ffffffffffffffda RBX: 00007f8f17415fa0 RCX: 00007f8f1719c819 [ 842.584723][T18215] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 842.584742][T18215] RBP: 00007f8f1809d090 R08: 0000000000000000 R09: 0000000000000000 [ 842.584763][T18215] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 842.584782][T18215] R13: 00007f8f17416038 R14: 00007f8f17415fa0 R15: 00007ffc75004ff8 [ 842.584824][T18215] [ 846.623674][T18271] FAULT_INJECTION: forcing a failure. [ 846.623674][T18271] name failslab, interval 1, probability 0, space 0, times 0 [ 846.646735][T18271] CPU: 1 UID: 0 PID: 18271 Comm: syz.2.3351 Not tainted syzkaller #0 PREEMPT(full) [ 846.646782][T18271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 846.646804][T18271] Call Trace: [ 846.646817][T18271] [ 846.646841][T18271] dump_stack_lvl+0x100/0x190 [ 846.646900][T18271] should_fail_ex.cold+0x5/0xa [ 846.646944][T18271] should_failslab+0xc2/0x120 [ 846.646984][T18271] __kmalloc_cache_noprof+0x7a/0x6f0 [ 846.647029][T18271] ? vkms_plane_duplicate_state+0x45/0x130 [ 846.647077][T18271] vkms_plane_duplicate_state+0x45/0x130 [ 846.647121][T18271] drm_atomic_get_plane_state+0x279/0x760 [ 846.647173][T18271] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 846.647229][T18271] ? trace_contention_end+0x140/0x180 [ 846.647287][T18271] ? __mutex_lock+0x26a/0x1b90 [ 846.647326][T18271] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 846.647383][T18271] ? drm_master_internal_acquire+0x21/0x80 [ 846.647474][T18271] drm_client_modeset_commit_locked+0x14d/0x580 [ 846.647538][T18271] drm_client_modeset_commit+0x4f/0x80 [ 846.647595][T18271] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 846.647658][T18271] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 846.647723][T18271] drm_fbdev_client_restore+0x1b/0x30 [ 846.647769][T18271] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 846.647811][T18271] drm_client_dev_restore+0x205/0x2a0 [ 846.647880][T18271] drm_release+0x2c6/0x360 [ 846.647928][T18271] ? __pfx_drm_release+0x10/0x10 [ 846.647975][T18271] __fput+0x3ff/0xb40 [ 846.648030][T18271] task_work_run+0x150/0x240 [ 846.648085][T18271] ? __pfx_task_work_run+0x10/0x10 [ 846.648151][T18271] exit_to_user_mode_loop+0x100/0x4a0 [ 846.648205][T18271] do_syscall_64+0x668/0xf80 [ 846.648242][T18271] ? clear_bhb_loop+0x40/0x90 [ 846.648287][T18271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 846.648323][T18271] RIP: 0033:0x7f8f1719c819 [ 846.648355][T18271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 846.648391][T18271] RSP: 002b:00007f8f1807c028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 846.648426][T18271] RAX: 0000000000000000 RBX: 00007f8f17416090 RCX: 00007f8f1719c819 [ 846.648449][T18271] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 846.648470][T18271] RBP: 00007f8f17232c91 R08: 0000000000000000 R09: 0000000000000000 [ 846.648492][T18271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 846.648512][T18271] R13: 00007f8f17416128 R14: 00007f8f17416090 R15: 00007ffc75004ff8 [ 846.648558][T18271] [ 846.910852][T18274] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3352'. [ 846.920387][T18274] openvswitch: netlink: IP tunnel attribute has 3 unknown bytes. [ 854.603209][ T30] audit: type=1800 audit(1775421397.144:4): pid=18387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3379" name="discovery_nqn" dev="configfs" ino=83561 res=0 errno=0 [ 856.157452][T18419] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3394'. [ 859.378000][T18482] program syz.3.3404 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 859.574140][T18489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3405'. [ 860.879150][T18521] FAULT_INJECTION: forcing a failure. [ 860.879150][T18521] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 860.897255][T18521] CPU: 0 UID: 0 PID: 18521 Comm: syz.0.3413 Not tainted syzkaller #0 PREEMPT(full) [ 860.897300][T18521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 860.897321][T18521] Call Trace: [ 860.897332][T18521] [ 860.897345][T18521] dump_stack_lvl+0x100/0x190 [ 860.897401][T18521] should_fail_ex.cold+0x5/0xa [ 860.897435][T18521] ? prepare_alloc_pages+0x16d/0x5f0 [ 860.897479][T18521] should_fail_alloc_page+0xeb/0x140 [ 860.897522][T18521] prepare_alloc_pages+0x1f0/0x5f0 [ 860.897562][T18521] ? kernel_text_address+0x8d/0x100 [ 860.897618][T18521] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 860.897685][T18521] ? copy_splice_read+0x1a3/0xb90 [ 860.897719][T18521] ? stack_trace_save+0x8e/0xc0 [ 860.897761][T18521] ? __pfx_stack_trace_save+0x10/0x10 [ 860.897799][T18521] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 860.897856][T18521] ? copy_splice_read+0x1a3/0xb90 [ 860.897888][T18521] ? kasan_save_stack+0x3f/0x50 [ 860.897917][T18521] ? kasan_save_stack+0x30/0x50 [ 860.897946][T18521] ? kasan_save_track+0x14/0x30 [ 860.897976][T18521] ? __kasan_kmalloc+0xaa/0xb0 [ 860.898005][T18521] ? __kmalloc_noprof+0x301/0x850 [ 860.898056][T18521] ? copy_splice_read+0x1a3/0xb90 [ 860.898087][T18521] ? do_splice_read+0x285/0x370 [ 860.898122][T18521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.898181][T18521] alloc_pages_bulk_noprof+0x782/0x1490 [ 860.898251][T18521] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 860.898317][T18521] ? __kmalloc_noprof+0x320/0x850 [ 860.898378][T18521] copy_splice_read+0x1e1/0xb90 [ 860.898423][T18521] ? __pfx_copy_splice_read+0x10/0x10 [ 860.898476][T18521] ? look_up_lock_class+0x55/0x120 [ 860.898520][T18521] ? lockdep_init_map_type+0x5c/0x250 [ 860.898567][T18521] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 860.898608][T18521] ? __pfx_copy_splice_read+0x10/0x10 [ 860.898641][T18521] do_splice_read+0x285/0x370 [ 860.898679][T18521] splice_direct_to_actor+0x2a1/0xa30 [ 860.898715][T18521] ? __pfx_direct_splice_actor+0x10/0x10 [ 860.898758][T18521] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 860.898808][T18521] do_splice_direct+0x174/0x240 [ 860.898845][T18521] ? __pfx_do_splice_direct+0x10/0x10 [ 860.898882][T18521] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 860.898946][T18521] ? rw_verify_area+0xce/0x6d0 [ 860.899000][T18521] do_sendfile+0xadc/0xe20 [ 860.899062][T18521] ? __pfx_do_sendfile+0x10/0x10 [ 860.899115][T18521] ? __fget_files+0x21f/0x3d0 [ 860.899158][T18521] __x64_sys_sendfile64+0x1d8/0x220 [ 860.899205][T18521] ? ksys_write+0x1ac/0x250 [ 860.899236][T18521] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 860.899289][T18521] do_syscall_64+0x106/0xf80 [ 860.899323][T18521] ? clear_bhb_loop+0x40/0x90 [ 860.899364][T18521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.899399][T18521] RIP: 0033:0x7fb15fb9c819 [ 860.899427][T18521] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 860.899459][T18521] RSP: 002b:00007fb160b1a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 860.899492][T18521] RAX: ffffffffffffffda RBX: 00007fb15fe15fa0 RCX: 00007fb15fb9c819 [ 860.899514][T18521] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 860.899535][T18521] RBP: 00007fb160b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 860.899556][T18521] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 860.899576][T18521] R13: 00007fb15fe16038 R14: 00007fb15fe15fa0 R15: 00007ffd3b8164b8 [ 860.899621][T18521] [ 862.232591][T18532] ima: Unable to open file: /surit‹¯Ròy/integrity?iqa/policy (-2) [ 862.267150][T18528] ima: policy update failed [ 862.291449][ T30] audit: type=1802 audit(1775421404.834:5): pid=18528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.3415" res=0 errno=0 [ 867.363521][T18618] ima: Unable to open file: /surit‹¯Ròy/integrity?iqa/policy (-2) [ 867.426077][T18612] ima: policy update failed [ 867.439871][ T30] audit: type=1802 audit(1775421409.984:6): pid=18612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.3440" res=0 errno=0 [ 870.400288][T18667] FAULT_INJECTION: forcing a failure. [ 870.400288][T18667] name failslab, interval 1, probability 0, space 0, times 0 [ 870.438773][T18667] CPU: 1 UID: 0 PID: 18667 Comm: syz.3.3455 Not tainted syzkaller #0 PREEMPT(full) [ 870.438817][T18667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 870.438836][T18667] Call Trace: [ 870.438848][T18667] [ 870.438861][T18667] dump_stack_lvl+0x100/0x190 [ 870.438917][T18667] should_fail_ex.cold+0x5/0xa [ 870.438956][T18667] should_failslab+0xc2/0x120 [ 870.438993][T18667] __kvmalloc_node_noprof+0xfa/0xa00 [ 870.439026][T18667] ? seq_read_iter+0x819/0x1270 [ 870.439090][T18667] seq_read_iter+0x819/0x1270 [ 870.439147][T18667] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 870.439215][T18667] kernfs_fop_read_iter+0x46c/0x610 [ 870.439266][T18667] copy_splice_read+0x4ba/0xb90 [ 870.439312][T18667] ? __pfx_copy_splice_read+0x10/0x10 [ 870.439351][T18667] ? look_up_lock_class+0x55/0x120 [ 870.439396][T18667] ? lockdep_init_map_type+0x5c/0x250 [ 870.439445][T18667] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 870.439482][T18667] ? __pfx_copy_splice_read+0x10/0x10 [ 870.439517][T18667] do_splice_read+0x285/0x370 [ 870.439557][T18667] splice_direct_to_actor+0x2a1/0xa30 [ 870.439606][T18667] ? __pfx_direct_splice_actor+0x10/0x10 [ 870.439651][T18667] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 870.439700][T18667] do_splice_direct+0x174/0x240 [ 870.439738][T18667] ? __pfx_do_splice_direct+0x10/0x10 [ 870.439776][T18667] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 870.439839][T18667] ? rw_verify_area+0xce/0x6d0 [ 870.439894][T18667] do_sendfile+0xadc/0xe20 [ 870.439957][T18667] ? __pfx_do_sendfile+0x10/0x10 [ 870.440013][T18667] ? __fget_files+0x21f/0x3d0 [ 870.440058][T18667] __x64_sys_sendfile64+0x1d8/0x220 [ 870.440098][T18667] ? ksys_write+0x1ac/0x250 [ 870.440131][T18667] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 870.440185][T18667] do_syscall_64+0x106/0xf80 [ 870.440220][T18667] ? clear_bhb_loop+0x40/0x90 [ 870.440262][T18667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.440298][T18667] RIP: 0033:0x7f602e99c819 [ 870.440327][T18667] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 870.440361][T18667] RSP: 002b:00007f602f867028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 870.440394][T18667] RAX: ffffffffffffffda RBX: 00007f602ec15fa0 RCX: 00007f602e99c819 [ 870.440417][T18667] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 870.440438][T18667] RBP: 00007f602f867090 R08: 0000000000000000 R09: 0000000000000000 [ 870.440460][T18667] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 870.440480][T18667] R13: 00007f602ec16038 R14: 00007f602ec15fa0 R15: 00007fff26463118 [ 870.440525][T18667] [ 870.846689][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.853209][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.120208][T18678] FAULT_INJECTION: forcing a failure. [ 871.120208][T18678] name failslab, interval 1, probability 0, space 0, times 0 [ 871.143073][T18678] CPU: 1 UID: 0 PID: 18678 Comm: syz.3.3456 Not tainted syzkaller #0 PREEMPT(full) [ 871.143121][T18678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 871.143142][T18678] Call Trace: [ 871.143153][T18678] [ 871.143167][T18678] dump_stack_lvl+0x100/0x190 [ 871.143225][T18678] should_fail_ex.cold+0x5/0xa [ 871.143267][T18678] should_failslab+0xc2/0x120 [ 871.143308][T18678] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 871.143365][T18678] ? proc_alloc_inode+0x25/0x200 [ 871.143423][T18678] ? __pfx_proc_alloc_inode+0x10/0x10 [ 871.143478][T18678] proc_alloc_inode+0x25/0x200 [ 871.143529][T18678] alloc_inode+0x68/0x250 [ 871.143577][T18678] new_inode+0x22/0x1c0 [ 871.143629][T18678] proc_pid_make_inode+0x22/0x160 [ 871.143683][T18678] proc_pident_instantiate+0x85/0x310 [ 871.143739][T18678] proc_pident_lookup+0x1e3/0x270 [ 871.143801][T18678] __lookup_slow+0x251/0x460 [ 871.143869][T18678] ? __pfx___lookup_slow+0x10/0x10 [ 871.143954][T18678] lookup_slow+0x50/0x70 [ 871.144010][T18678] link_path_walk+0x1377/0x1cc0 [ 871.144084][T18678] path_openat+0x1be/0x31a0 [ 871.144120][T18678] ? kasan_save_stack+0x3f/0x50 [ 871.144151][T18678] ? kasan_save_stack+0x30/0x50 [ 871.144183][T18678] ? kasan_save_track+0x14/0x30 [ 871.144216][T18678] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 871.144283][T18678] ? __pfx_path_openat+0x10/0x10 [ 871.144339][T18678] do_file_open+0x20e/0x430 [ 871.144382][T18678] ? __pfx_do_file_open+0x10/0x10 [ 871.144465][T18678] ? __pfx_kfree_link+0x10/0x10 [ 871.144526][T18678] ? alloc_fd+0x476/0x790 [ 871.144577][T18678] ? do_getname+0x191/0x390 [ 871.144672][T18678] do_sys_openat2+0x10d/0x1e0 [ 871.144722][T18678] ? __pfx_do_sys_openat2+0x10/0x10 [ 871.144786][T18678] __x64_sys_openat+0x12d/0x210 [ 871.144845][T18678] ? __pfx___x64_sys_openat+0x10/0x10 [ 871.144913][T18678] do_syscall_64+0x106/0xf80 [ 871.144951][T18678] ? clear_bhb_loop+0x40/0x90 [ 871.144995][T18678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 871.145031][T18678] RIP: 0033:0x7f602e95d04e [ 871.145060][T18678] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 871.145095][T18678] RSP: 002b:00007f602f845ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 871.145127][T18678] RAX: ffffffffffffffda RBX: 00007f602f8466c0 RCX: 00007f602e95d04e [ 871.145151][T18678] RDX: 0000000000000002 RSI: 00007f602f845f90 RDI: ffffffffffffff9c [ 871.145173][T18678] RBP: 00007f602ea32c91 R08: 0000000000000000 R09: 0000000000000000 [ 871.145194][T18678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 871.145214][T18678] R13: 00007f602ec16128 R14: 00007f602ec16090 R15: 00007fff26463118 [ 871.145258][T18678] [ 871.993510][T18690] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3458'. [ 872.206822][T18689] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 874.127718][T18719] FAULT_INJECTION: forcing a failure. [ 874.127718][T18719] name failslab, interval 1, probability 0, space 0, times 0 [ 874.190745][T18719] CPU: 1 UID: 0 PID: 18719 Comm: syz.1.3468 Not tainted syzkaller #0 PREEMPT(full) [ 874.190797][T18719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 874.190814][T18719] Call Trace: [ 874.190822][T18719] [ 874.190832][T18719] dump_stack_lvl+0x100/0x190 [ 874.190875][T18719] should_fail_ex.cold+0x5/0xa [ 874.190905][T18719] should_failslab+0xc2/0x120 [ 874.190933][T18719] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 874.190975][T18719] ? zswap_store+0xc42/0x29d0 [ 874.191014][T18719] zswap_store+0xc42/0x29d0 [ 874.191050][T18719] ? __pfx___up_read+0x10/0x10 [ 874.191086][T18719] ? rmap_walk_anon+0x561/0x870 [ 874.191122][T18719] ? __pfx_zswap_store+0x10/0x10 [ 874.191153][T18719] ? do_raw_spin_lock+0x128/0x260 [ 874.191191][T18719] ? find_held_lock+0x2b/0x80 [ 874.191214][T18719] ? folio_free_swap+0x3d9/0xb50 [ 874.191243][T18719] ? folio_free_swap+0x3d9/0xb50 [ 874.191272][T18719] ? do_raw_spin_unlock+0x145/0x1e0 [ 874.191311][T18719] ? _raw_spin_unlock+0x28/0x50 [ 874.191349][T18719] ? folio_free_swap+0x39/0xb50 [ 874.191375][T18719] ? __pfx_try_to_unmap+0x10/0x10 [ 874.191414][T18719] swap_writeout+0x49d/0x12b0 [ 874.191455][T18719] shrink_folio_list+0x5c4a/0x6000 [ 874.191502][T18719] ? __lock_acquire+0x4a5/0x2630 [ 874.191542][T18719] ? __pfx_shrink_folio_list+0x10/0x10 [ 874.191586][T18719] ? __lock_acquire+0x4a5/0x2630 [ 874.191628][T18719] ? __lock_acquire+0x4a5/0x2630 [ 874.191687][T18719] ? mark_held_locks+0x40/0x70 [ 874.191719][T18719] ? smp_call_function_many_cond+0x120b/0x1500 [ 874.191748][T18719] ? lockdep_hardirqs_on+0x78/0x100 [ 874.191777][T18719] reclaim_folio_list+0xdc/0x600 [ 874.191811][T18719] ? __pfx_flush_tlb_func+0x10/0x10 [ 874.191854][T18719] ? __pfx_reclaim_folio_list+0x10/0x10 [ 874.191902][T18719] ? lru_gen_update_size+0x431/0xe40 [ 874.191943][T18719] ? lru_gen_del_folio+0x382/0x5f0 [ 874.191979][T18719] reclaim_pages+0x428/0x5e0 [ 874.192019][T18719] ? __pfx_reclaim_pages+0x10/0x10 [ 874.192054][T18719] ? find_held_lock+0x2b/0x80 [ 874.192079][T18719] ? madvise_cold_or_pageout_pte_range+0xb49/0x2720 [ 874.192118][T18719] madvise_cold_or_pageout_pte_range+0x1635/0x2720 [ 874.192164][T18719] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 874.192198][T18719] ? __lock_acquire+0x4a5/0x2630 [ 874.192233][T18719] ? tomoyo_check_open_permission+0x1a2/0x3c0 [ 874.192267][T18719] ? css_rstat_updated+0x1ce/0x5a0 [ 874.192295][T18719] ? stack_trace_save+0x8e/0xc0 [ 874.192322][T18719] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 874.192356][T18719] walk_pgd_range+0xc1a/0x1dd0 [ 874.192417][T18719] ? __pfx_walk_pgd_range+0x10/0x10 [ 874.192460][T18719] ? folios_put_refs+0x66d/0x840 [ 874.192503][T18719] __walk_page_range+0x163/0x820 [ 874.192547][T18719] walk_page_range_vma_unsafe+0x209/0x8f0 [ 874.192578][T18719] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 874.192609][T18719] ? find_held_lock+0x2b/0x80 [ 874.192633][T18719] ? mlock_drain_local+0x254/0x4e0 [ 874.192671][T18719] ? mlock_drain_local+0x254/0x4e0 [ 874.192714][T18719] walk_page_range_vma+0x63/0x90 [ 874.192742][T18719] madvise_pageout+0x259/0x540 [ 874.192771][T18719] ? __pfx_madvise_pageout+0x10/0x10 [ 874.192823][T18719] madvise_vma_behavior+0x3e6/0x3050 [ 874.192855][T18719] ? mt_find+0x687/0x8e0 [ 874.192881][T18719] ? mt_find+0x687/0x8e0 [ 874.192908][T18719] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 874.192943][T18719] ? mt_find+0x45e/0x8e0 [ 874.192972][T18719] ? __pfx_mt_find+0x10/0x10 [ 874.193006][T18719] ? find_vma_prev+0xd8/0x150 [ 874.193033][T18719] ? futex_unqueue+0x133/0x2c0 [ 874.193072][T18719] ? find_vma+0xbf/0x140 [ 874.193097][T18719] ? __pfx_find_vma+0x10/0x10 [ 874.193120][T18719] ? __futex_wait+0x256/0x300 [ 874.193166][T18719] madvise_walk_vmas+0x2fe/0xa90 [ 874.193202][T18719] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 874.193242][T18719] madvise_do_behavior+0x1ea/0x510 [ 874.193277][T18719] ? __pfx_madvise_do_behavior+0x10/0x10 [ 874.193309][T18719] ? down_read+0x13b/0x460 [ 874.193353][T18719] do_madvise+0x195/0x240 [ 874.193383][T18719] ? __pfx_do_madvise+0x10/0x10 [ 874.193413][T18719] ? do_futex+0x192/0x350 [ 874.193474][T18719] __x64_sys_madvise+0xa9/0x110 [ 874.193505][T18719] ? lockdep_hardirqs_on+0x78/0x100 [ 874.193530][T18719] do_syscall_64+0x106/0xf80 [ 874.193560][T18719] ? clear_bhb_loop+0x40/0x90 [ 874.193591][T18719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.193618][T18719] RIP: 0033:0x7fce0159c819 [ 874.193640][T18719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.193665][T18719] RSP: 002b:00007fce023e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 874.193688][T18719] RAX: ffffffffffffffda RBX: 00007fce01816090 RCX: 00007fce0159c819 [ 874.193705][T18719] RDX: 0000000000000015 RSI: ff7fffffffff0001 RDI: 0000000000000000 [ 874.193721][T18719] RBP: 00007fce01632c91 R08: 0000000000000000 R09: 0000000000000000 [ 874.193736][T18719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 874.193751][T18719] R13: 00007fce01816128 R14: 00007fce01816090 R15: 00007fff051ee6c8 [ 874.193783][T18719] [ 875.188909][T18723] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 877.439991][T18762] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 877.727998][T18774] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3479'. [ 877.934819][T18779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3481'. [ 878.382981][T18792] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3485'. [ 881.270936][T18821] tc_dump_action: action bad kind [ 881.522572][T18829] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3493'. [ 882.705663][T18847] FAULT_INJECTION: forcing a failure. [ 882.705663][T18847] name failslab, interval 1, probability 0, space 0, times 0 [ 882.735296][T18847] CPU: 0 UID: 0 PID: 18847 Comm: syz.0.3502 Not tainted syzkaller #0 PREEMPT(full) [ 882.735340][T18847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 882.735368][T18847] Call Trace: [ 882.735376][T18847] [ 882.735386][T18847] dump_stack_lvl+0x100/0x190 [ 882.735429][T18847] should_fail_ex.cold+0x5/0xa [ 882.735459][T18847] should_failslab+0xc2/0x120 [ 882.735488][T18847] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 882.735529][T18847] ? zswap_store+0xc42/0x29d0 [ 882.735568][T18847] zswap_store+0xc42/0x29d0 [ 882.735611][T18847] ? __pfx___up_read+0x10/0x10 [ 882.735648][T18847] ? rmap_walk_anon+0x561/0x870 [ 882.735684][T18847] ? __pfx_zswap_store+0x10/0x10 [ 882.735715][T18847] ? do_raw_spin_lock+0x128/0x260 [ 882.735752][T18847] ? find_held_lock+0x2b/0x80 [ 882.735775][T18847] ? folio_free_swap+0x3d9/0xb50 [ 882.735801][T18847] ? folio_free_swap+0x3d9/0xb50 [ 882.735829][T18847] ? do_raw_spin_unlock+0x145/0x1e0 [ 882.735871][T18847] ? _raw_spin_unlock+0x28/0x50 [ 882.735909][T18847] ? folio_free_swap+0x39/0xb50 [ 882.735935][T18847] ? __pfx_try_to_unmap+0x10/0x10 [ 882.735975][T18847] swap_writeout+0x49d/0x12b0 [ 882.736017][T18847] shrink_folio_list+0x5c4a/0x6000 [ 882.736067][T18847] ? __pfx_shrink_folio_list+0x10/0x10 [ 882.736159][T18847] reclaim_folio_list+0xdc/0x600 [ 882.736199][T18847] ? __pfx_reclaim_folio_list+0x10/0x10 [ 882.736247][T18847] ? lru_gen_update_size+0x431/0xe40 [ 882.736288][T18847] ? lru_gen_del_folio+0x382/0x5f0 [ 882.736324][T18847] reclaim_pages+0x428/0x5e0 [ 882.736369][T18847] ? __pfx_reclaim_pages+0x10/0x10 [ 882.736405][T18847] ? find_held_lock+0x2b/0x80 [ 882.736429][T18847] ? madvise_cold_or_pageout_pte_range+0xb49/0x2720 [ 882.736484][T18847] madvise_cold_or_pageout_pte_range+0x1635/0x2720 [ 882.736531][T18847] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 882.736565][T18847] ? debug_check_no_obj_freed+0x31f/0x630 [ 882.736608][T18847] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 882.736642][T18847] walk_pgd_range+0xc1a/0x1dd0 [ 882.736689][T18847] ? do_raw_spin_unlock+0x145/0x1e0 [ 882.736738][T18847] ? __pfx_walk_pgd_range+0x10/0x10 [ 882.736781][T18847] ? folios_put_refs+0x66d/0x840 [ 882.736824][T18847] __walk_page_range+0x163/0x820 [ 882.736863][T18847] walk_page_range_vma_unsafe+0x209/0x8f0 [ 882.736893][T18847] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 882.736923][T18847] ? find_held_lock+0x2b/0x80 [ 882.736947][T18847] ? mlock_drain_local+0x254/0x4e0 [ 882.736985][T18847] ? mlock_drain_local+0x254/0x4e0 [ 882.737028][T18847] walk_page_range_vma+0x63/0x90 [ 882.737055][T18847] madvise_pageout+0x259/0x540 [ 882.737085][T18847] ? __pfx_madvise_pageout+0x10/0x10 [ 882.737136][T18847] madvise_vma_behavior+0x3e6/0x3050 [ 882.737168][T18847] ? mt_find+0x687/0x8e0 [ 882.737195][T18847] ? mt_find+0x687/0x8e0 [ 882.737222][T18847] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 882.737257][T18847] ? mt_find+0x45e/0x8e0 [ 882.737286][T18847] ? __pfx_mt_find+0x10/0x10 [ 882.737320][T18847] ? find_vma_prev+0xd8/0x150 [ 882.737347][T18847] ? futex_unqueue+0x133/0x2c0 [ 882.737386][T18847] ? find_vma+0xbf/0x140 [ 882.737411][T18847] ? __pfx_find_vma+0x10/0x10 [ 882.737435][T18847] ? __futex_wait+0x256/0x300 [ 882.737480][T18847] madvise_walk_vmas+0x2fe/0xa90 [ 882.737516][T18847] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 882.737604][T18847] madvise_do_behavior+0x1ea/0x510 [ 882.737654][T18847] ? __pfx_madvise_do_behavior+0x10/0x10 [ 882.737699][T18847] ? down_read+0x13b/0x460 [ 882.737757][T18847] do_madvise+0x195/0x240 [ 882.737798][T18847] ? __pfx_do_madvise+0x10/0x10 [ 882.737841][T18847] ? do_futex+0x192/0x350 [ 882.737929][T18847] __x64_sys_madvise+0xa9/0x110 [ 882.737973][T18847] ? lockdep_hardirqs_on+0x78/0x100 [ 882.738010][T18847] do_syscall_64+0x106/0xf80 [ 882.738045][T18847] ? clear_bhb_loop+0x40/0x90 [ 882.738088][T18847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 882.738124][T18847] RIP: 0033:0x7fb15fb9c819 [ 882.738154][T18847] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 882.738189][T18847] RSP: 002b:00007fb160af9028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 882.738223][T18847] RAX: ffffffffffffffda RBX: 00007fb15fe16090 RCX: 00007fb15fb9c819 [ 882.738247][T18847] RDX: 0000000000000015 RSI: ff7fffffffff0001 RDI: 0000000000000000 [ 882.738269][T18847] RBP: 00007fb15fc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 882.738292][T18847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 882.738314][T18847] R13: 00007fb15fe16128 R14: 00007fb15fe16090 R15: 00007ffd3b8164b8 [ 882.738362][T18847] [ 883.248557][T18852] tc_dump_action: action bad kind [ 883.539150][T18858] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3505'. [ 884.601269][T18880] tc_dump_action: action bad kind [ 888.152568][T18935] Invalid ELF header magic: != ELF [ 888.224151][T18944] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 888.684966][T18951] program syz.2.3527 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 888.774298][T18954] FAULT_INJECTION: forcing a failure. [ 888.774298][T18954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 888.787716][T18954] CPU: 0 UID: 0 PID: 18954 Comm: syz.2.3528 Not tainted syzkaller #0 PREEMPT(full) [ 888.787748][T18954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 888.787763][T18954] Call Trace: [ 888.787773][T18954] [ 888.787783][T18954] dump_stack_lvl+0x100/0x190 [ 888.787825][T18954] should_fail_ex.cold+0x5/0xa [ 888.787854][T18954] _copy_from_user+0x2e/0xd0 [ 888.787887][T18954] do_sys_poll+0x345/0xeb0 [ 888.787910][T18954] ? bpf_ksym_find+0x124/0x1c0 [ 888.787942][T18954] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 888.787969][T18954] ? is_bpf_text_address+0x94/0x1a0 [ 888.788008][T18954] ? kernel_text_address+0x8d/0x100 [ 888.788045][T18954] ? __pfx_do_sys_poll+0x10/0x10 [ 888.788068][T18954] ? arch_stack_walk+0xa6/0xf0 [ 888.788171][T18954] ? __mutex_unlock_slowpath+0x15c/0x790 [ 888.788200][T18954] ? __fget_files+0x215/0x3d0 [ 888.788222][T18954] ? set_user_sigmask+0x1e1/0x270 [ 888.788252][T18954] ? __pfx_set_user_sigmask+0x10/0x10 [ 888.788282][T18954] __x64_sys_ppoll+0x2b5/0x350 [ 888.788310][T18954] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 888.788334][T18954] ? ksys_write+0x1ac/0x250 [ 888.788358][T18954] ? __pfx_ksys_write+0x10/0x10 [ 888.788380][T18954] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 888.788412][T18954] ? syscall_user_dispatch+0x76/0x130 [ 888.788452][T18954] do_syscall_64+0x106/0xf80 [ 888.788476][T18954] ? clear_bhb_loop+0x40/0x90 [ 888.788506][T18954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.788530][T18954] RIP: 0033:0x7f8f1719c819 [ 888.788550][T18954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 888.788580][T18954] RSP: 002b:00007f8f1809d028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 888.788635][T18954] RAX: ffffffffffffffda RBX: 00007f8f17415fa0 RCX: 00007f8f1719c819 [ 888.788656][T18954] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000200000000080 [ 888.788676][T18954] RBP: 00007f8f1809d090 R08: 0000000000000008 R09: 0000000000000000 [ 888.788695][T18954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 888.788714][T18954] R13: 00007f8f17416038 R14: 00007f8f17415fa0 R15: 00007ffc75004ff8 [ 888.788758][T18954] [ 890.988440][T18996] FAULT_INJECTION: forcing a failure. [ 890.988440][T18996] name failslab, interval 1, probability 0, space 0, times 0 [ 891.002294][T18996] CPU: 1 UID: 0 PID: 18996 Comm: syz.3.3540 Not tainted syzkaller #0 PREEMPT(full) [ 891.002338][T18996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 891.002359][T18996] Call Trace: [ 891.002371][T18996] [ 891.002384][T18996] dump_stack_lvl+0x100/0x190 [ 891.002439][T18996] should_fail_ex.cold+0x5/0xa [ 891.002479][T18996] ? tomoyo_encode2+0xfb/0x3c0 [ 891.002525][T18996] should_failslab+0xc2/0x120 [ 891.002563][T18996] __kmalloc_noprof+0xe0/0x850 [ 891.002613][T18996] ? d_absolute_path+0x136/0x1b0 [ 891.002669][T18996] tomoyo_encode2+0xfb/0x3c0 [ 891.002734][T18996] tomoyo_encode+0x29/0x50 [ 891.002782][T18996] tomoyo_realpath_from_path+0x18c/0x690 [ 891.002840][T18996] tomoyo_path_number_perm+0x23c/0x580 [ 891.002881][T18996] ? tomoyo_path_number_perm+0x22e/0x580 [ 891.002925][T18996] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 891.003011][T18996] ? find_held_lock+0x2b/0x80 [ 891.003044][T18996] ? __fget_files+0x215/0x3d0 [ 891.003076][T18996] ? hook_file_ioctl_common+0x146/0x410 [ 891.003130][T18996] ? __fget_files+0x21f/0x3d0 [ 891.003171][T18996] security_file_ioctl+0xd3/0x230 [ 891.003215][T18996] __x64_sys_ioctl+0xb7/0x210 [ 891.003270][T18996] do_syscall_64+0x106/0xf80 [ 891.003304][T18996] ? clear_bhb_loop+0x40/0x90 [ 891.003346][T18996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.003379][T18996] RIP: 0033:0x7f602e99c819 [ 891.003407][T18996] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 891.003439][T18996] RSP: 002b:00007f602f867028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 891.003468][T18996] RAX: ffffffffffffffda RBX: 00007f602ec15fa0 RCX: 00007f602e99c819 [ 891.003489][T18996] RDX: 0000000000000081 RSI: 000000004008556c RDI: 0000000000000003 [ 891.003509][T18996] RBP: 00007f602f867090 R08: 0000000000000000 R09: 0000000000000000 [ 891.003529][T18996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 891.003549][T18996] R13: 00007f602ec16038 R14: 00007f602ec15fa0 R15: 00007fff26463118 [ 891.003594][T18996] [ 891.003623][T18996] ERROR: Out of memory at tomoyo_realpath_from_path. [ 892.307371][T19008] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 892.352141][ T30] audit: type=1800 audit(1775421434.894:7): pid=19008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3554" name="lu_gp_id" dev="configfs" ino=89230 res=0 errno=0 [ 892.425908][T19016] Invalid ELF header magic: != ELF [ 892.879026][ T30] audit: type=1800 audit(1775421435.424:8): pid=19026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3548" name="sr0" dev="devtmpfs" ino=2817 res=0 errno=0 [ 893.404983][T19035] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3550'. [ 894.892295][T19062] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 895.613317][T19076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3561'. [ 896.804044][T19094] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 896.870393][ T30] audit: type=1800 audit(1775421439.404:9): pid=19094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3566" name="lu_gp_id" dev="configfs" ino=90295 res=0 errno=0 [ 898.178973][T16207] Bluetooth: hci4: command 0x0406 tx timeout [ 898.696860][T19126] Invalid ELF header magic: != ELF [ 900.363266][T19161] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3580'. [ 900.722620][T19172] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 901.669575][T19190] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3588'. [ 902.811466][T19214] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3594'. [ 902.921200][T19211] Invalid ELF header magic: != ELF [ 903.420697][T19224] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 905.203292][T19249] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3601'. [ 905.602043][T19254] FAULT_INJECTION: forcing a failure. [ 905.602043][T19254] name failslab, interval 1, probability 0, space 0, times 0 [ 905.645766][T19254] CPU: 1 UID: 0 PID: 19254 Comm: syz.3.3602 Not tainted syzkaller #0 PREEMPT(full) [ 905.645807][T19254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 905.645832][T19254] Call Trace: [ 905.645840][T19254] [ 905.645850][T19254] dump_stack_lvl+0x100/0x190 [ 905.645891][T19254] should_fail_ex.cold+0x5/0xa [ 905.645920][T19254] should_failslab+0xc2/0x120 [ 905.645947][T19254] __kmalloc_cache_noprof+0x7a/0x6f0 [ 905.645981][T19254] ? input_allocate_device+0x44/0x350 [ 905.646012][T19254] input_allocate_device+0x44/0x350 [ 905.646038][T19254] uinput_ioctl_handler.isra.0+0x3c8/0x1d10 [ 905.646074][T19254] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 905.646110][T19254] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 905.646151][T19254] ? find_held_lock+0x2b/0x80 [ 905.646174][T19254] ? __fget_files+0x215/0x3d0 [ 905.646211][T19254] ? __pfx_uinput_ioctl+0x10/0x10 [ 905.646245][T19254] __x64_sys_ioctl+0x18e/0x210 [ 905.646283][T19254] do_syscall_64+0x106/0xf80 [ 905.646308][T19254] ? clear_bhb_loop+0x40/0x90 [ 905.646339][T19254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.646363][T19254] RIP: 0033:0x7f602e99c819 [ 905.646391][T19254] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 905.646420][T19254] RSP: 002b:00007f602f867028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 905.646444][T19254] RAX: ffffffffffffffda RBX: 00007f602ec15fa0 RCX: 00007f602e99c819 [ 905.646461][T19254] RDX: 0000000000000081 RSI: 000000004008556c RDI: 0000000000000003 [ 905.646476][T19254] RBP: 00007f602f867090 R08: 0000000000000000 R09: 0000000000000000 [ 905.646491][T19254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 905.646506][T19254] R13: 00007f602ec16038 R14: 00007f602ec15fa0 R15: 00007fff26463118 [ 905.646536][T19254] [ 906.795877][T19275] syz.2.3610(19275): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 906.848118][T19277] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 907.533791][T19294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3616'. [ 908.071078][T19303] FAULT_INJECTION: forcing a failure. [ 908.071078][T19303] name fail_futex, interval 1, probability 0, space 0, times 0 [ 908.084562][T19303] CPU: 0 UID: 0 PID: 19303 Comm: syz.1.3625 Not tainted syzkaller #0 PREEMPT(full) [ 908.084594][T19303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 908.084608][T19303] Call Trace: [ 908.084617][T19303] [ 908.084626][T19303] dump_stack_lvl+0x100/0x190 [ 908.084672][T19303] should_fail_ex.cold+0x5/0xa [ 908.084702][T19303] get_futex_key+0x295/0x1620 [ 908.084735][T19303] ? __pfx_get_futex_key+0x10/0x10 [ 908.084763][T19303] ? lock_acquire+0x1cf/0x380 [ 908.084805][T19303] futex_wake+0xea/0x530 [ 908.084845][T19303] ? __pfx_futex_wake+0x10/0x10 [ 908.084882][T19303] ? exit_mm_release+0x19/0x30 [ 908.084921][T19303] do_futex+0x32b/0x350 [ 908.084954][T19303] ? __pfx_do_futex+0x10/0x10 [ 908.084984][T19303] ? __might_fault+0xc5/0x140 [ 908.085027][T19303] mm_release+0x24a/0x2f0 [ 908.085053][T19303] do_exit+0x704/0x2b60 [ 908.085090][T19303] ? __pfx_do_exit+0x10/0x10 [ 908.085123][T19303] ? do_raw_spin_lock+0x128/0x260 [ 908.085158][T19303] ? find_held_lock+0x2b/0x80 [ 908.085181][T19303] ? get_signal+0x7e0/0x21e0 [ 908.085213][T19303] do_group_exit+0xd5/0x2a0 [ 908.085273][T19303] get_signal+0x1ec7/0x21e0 [ 908.085330][T19303] ? __pfx_get_signal+0x10/0x10 [ 908.085359][T19303] ? do_futex+0x192/0x350 [ 908.085394][T19303] arch_do_signal_or_restart+0x91/0x770 [ 908.085426][T19303] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 908.085471][T19303] ? __pfx___x64_sys_futex+0x10/0x10 [ 908.085510][T19303] exit_to_user_mode_loop+0x86/0x4a0 [ 908.085546][T19303] do_syscall_64+0x668/0xf80 [ 908.085570][T19303] ? clear_bhb_loop+0x40/0x90 [ 908.085599][T19303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.085623][T19303] RIP: 0033:0x7fce0159c819 [ 908.085643][T19303] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 908.085667][T19303] RSP: 002b:00007fce024050e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 908.085689][T19303] RAX: fffffffffffffe00 RBX: 00007fce01815fa8 RCX: 00007fce0159c819 [ 908.085706][T19303] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fce01815fa8 [ 908.085720][T19303] RBP: 00007fce01815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 908.085734][T19303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 908.085749][T19303] R13: 00007fce01816038 R14: 00007fff051ee5e0 R15: 00007fff051ee6c8 [ 908.085779][T19303] [ 908.422076][T16207] Bluetooth: hci3: command 0x0406 tx timeout [ 908.876804][T19315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3621'. [ 909.300585][T19330] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3626'. [ 911.279346][T19379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3638'. [ 915.836349][T19487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3667'. [ 916.445875][T19502] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3672'. [ 916.864105][T19516] ERROR: Out of memory at tomoyo_memory_ok. [ 916.883269][T19516] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/181/file0' not defined. [ 918.393943][T19559] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3686'. [ 918.658766][ T5144] Bluetooth: hci2: command 0x0406 tx timeout [ 921.609330][T19647] FAULT_INJECTION: forcing a failure. [ 921.609330][T19647] name failslab, interval 1, probability 0, space 0, times 0 [ 921.665777][T19647] CPU: 1 UID: 0 PID: 19647 Comm: syz.2.3709 Not tainted syzkaller #0 PREEMPT(full) [ 921.665821][T19647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 921.665840][T19647] Call Trace: [ 921.665851][T19647] [ 921.665864][T19647] dump_stack_lvl+0x100/0x190 [ 921.665918][T19647] should_fail_ex.cold+0x5/0xa [ 921.665960][T19647] should_failslab+0xc2/0x120 [ 921.666008][T19647] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 921.666065][T19647] ? __alloc_skb+0x140/0x710 [ 921.666125][T19647] __alloc_skb+0x140/0x710 [ 921.666176][T19647] ? __alloc_skb+0x5b7/0x710 [ 921.666228][T19647] ? __pfx___alloc_skb+0x10/0x10 [ 921.666292][T19647] netlink_alloc_large_skb+0x69/0x150 [ 921.666333][T19647] netlink_sendmsg+0x680/0xda0 [ 921.666383][T19647] ? __pfx_netlink_sendmsg+0x10/0x10 [ 921.666419][T19647] ? __import_iovec+0x1d2/0x640 [ 921.666469][T19647] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 921.666512][T19647] ____sys_sendmsg+0x9e1/0xb70 [ 921.666552][T19647] ? __pfx_netlink_sendmsg+0x10/0x10 [ 921.666592][T19647] ? __pfx_____sys_sendmsg+0x10/0x10 [ 921.666653][T19647] ___sys_sendmsg+0x190/0x1e0 [ 921.666702][T19647] ? __pfx____sys_sendmsg+0x10/0x10 [ 921.666797][T19647] __sys_sendmsg+0x170/0x220 [ 921.666831][T19647] ? __pfx___sys_sendmsg+0x10/0x10 [ 921.666891][T19647] do_syscall_64+0x106/0xf80 [ 921.666927][T19647] ? clear_bhb_loop+0x40/0x90 [ 921.666969][T19647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 921.667011][T19647] RIP: 0033:0x7f8f1719c819 [ 921.667039][T19647] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 921.667072][T19647] RSP: 002b:00007f8f1809d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 921.667104][T19647] RAX: ffffffffffffffda RBX: 00007f8f17415fa0 RCX: 00007f8f1719c819 [ 921.667127][T19647] RDX: 0000000000000014 RSI: 0000200000000000 RDI: 0000000000000003 [ 921.667149][T19647] RBP: 00007f8f1809d090 R08: 0000000000000000 R09: 0000000000000000 [ 921.667169][T19647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 921.667195][T19647] R13: 00007f8f17416038 R14: 00007f8f17415fa0 R15: 00007ffc75004ff8 [ 921.667241][T19647] [ 922.214301][T19655] ERROR: Out of memory at tomoyo_memory_ok. [ 923.475877][T19669] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3713'. [ 928.907838][ T5144] Bluetooth: hci1: command 0x0406 tx timeout [ 931.971760][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.987037][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.751346][T19899] ERROR: Out of memory at tomoyo_memory_ok. [ 934.378861][T19915] FAULT_INJECTION: forcing a failure. [ 934.378861][T19915] name failslab, interval 1, probability 0, space 0, times 0 [ 934.392058][T19915] CPU: 1 UID: 0 PID: 19915 Comm: syz.0.3773 Not tainted syzkaller #0 PREEMPT(full) [ 934.392098][T19915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 934.392117][T19915] Call Trace: [ 934.392130][T19915] [ 934.392142][T19915] dump_stack_lvl+0x100/0x190 [ 934.392193][T19915] should_fail_ex.cold+0x5/0xa [ 934.392230][T19915] should_failslab+0xc2/0x120 [ 934.392264][T19915] __kmalloc_cache_noprof+0x7a/0x6f0 [ 934.392305][T19915] ? proc_thread_self_get_link+0x1a6/0x210 [ 934.392359][T19915] proc_thread_self_get_link+0x1a6/0x210 [ 934.392408][T19915] pick_link+0xac2/0x13c0 [ 934.392452][T19915] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 934.392503][T19915] step_into_slowpath+0x9ba/0xf90 [ 934.392556][T19915] ? __pfx_step_into_slowpath+0x10/0x10 [ 934.392608][T19915] ? lookup_fast+0x2da/0x600 [ 934.392649][T19915] ? inode_permission+0x374/0x620 [ 934.392694][T19915] link_path_walk+0xf28/0x1cc0 [ 934.392764][T19915] path_openat+0x1be/0x31a0 [ 934.392794][T19915] ? kasan_save_stack+0x3f/0x50 [ 934.392820][T19915] ? kasan_save_stack+0x30/0x50 [ 934.392845][T19915] ? kasan_save_track+0x14/0x30 [ 934.392871][T19915] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 934.392926][T19915] ? __pfx_path_openat+0x10/0x10 [ 934.392971][T19915] do_file_open+0x20e/0x430 [ 934.393006][T19915] ? __pfx_do_file_open+0x10/0x10 [ 934.393066][T19915] ? alloc_fd+0x476/0x790 [ 934.393101][T19915] ? do_getname+0x191/0x390 [ 934.393142][T19915] do_sys_openat2+0x10d/0x1e0 [ 934.393183][T19915] ? __pfx_do_sys_openat2+0x10/0x10 [ 934.393237][T19915] __x64_sys_openat+0x12d/0x210 [ 934.393279][T19915] ? __pfx___x64_sys_openat+0x10/0x10 [ 934.393334][T19915] do_syscall_64+0x106/0xf80 [ 934.393365][T19915] ? clear_bhb_loop+0x40/0x90 [ 934.393401][T19915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.393432][T19915] RIP: 0033:0x7fb15fb5d04e [ 934.393457][T19915] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 934.393485][T19915] RSP: 002b:00007fb160b19f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 934.393514][T19915] RAX: ffffffffffffffda RBX: 00007fb160b1a6c0 RCX: 00007fb15fb5d04e [ 934.393534][T19915] RDX: 0000000000000002 RSI: 00007fb15fc32598 RDI: ffffffffffffff9c [ 934.393553][T19915] RBP: 00007fb15fc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 934.393572][T19915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 934.393590][T19915] R13: 00007fb15fe16038 R14: 00007fb15fe15fa0 R15: 00007ffd3b8164b8 [ 934.393630][T19915] [ 934.394553][T19915] FAULT_INJECTION: forcing a failure. [ 934.394553][T19915] name failslab, interval 1, probability 0, space 0, times 0 [ 934.747315][T19915] CPU: 1 UID: 0 PID: 19915 Comm: syz.0.3773 Not tainted syzkaller #0 PREEMPT(full) [ 934.747359][T19915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 934.747381][T19915] Call Trace: [ 934.747392][T19915] [ 934.747405][T19915] dump_stack_lvl+0x100/0x190 [ 934.747461][T19915] should_fail_ex.cold+0x5/0xa [ 934.747501][T19915] should_failslab+0xc2/0x120 [ 934.747538][T19915] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 934.747595][T19915] ? zswap_store+0xc42/0x29d0 [ 934.747645][T19915] zswap_store+0xc42/0x29d0 [ 934.747694][T19915] ? __pfx___up_read+0x10/0x10 [ 934.747750][T19915] ? rmap_walk_anon+0x561/0x870 [ 934.747799][T19915] ? __pfx_zswap_store+0x10/0x10 [ 934.747839][T19915] ? do_raw_spin_lock+0x128/0x260 [ 934.747887][T19915] ? find_held_lock+0x2b/0x80 [ 934.747935][T19915] ? folio_free_swap+0x3d9/0xb50 [ 934.747969][T19915] ? folio_free_swap+0x3d9/0xb50 [ 934.748008][T19915] ? do_raw_spin_unlock+0x145/0x1e0 [ 934.748059][T19915] ? _raw_spin_unlock+0x28/0x50 [ 934.748108][T19915] ? folio_free_swap+0x39/0xb50 [ 934.748144][T19915] ? __pfx_try_to_unmap+0x10/0x10 [ 934.748195][T19915] swap_writeout+0x49d/0x12b0 [ 934.748251][T19915] shrink_folio_list+0x5c4a/0x6000 [ 934.748320][T19915] ? __pfx_shrink_folio_list+0x10/0x10 [ 934.748388][T19915] ? check_pointer+0xb3/0x460 [ 934.748438][T19915] ? __pfx_check_pointer+0x10/0x10 [ 934.748524][T19915] ? mark_held_locks+0x40/0x70 [ 934.748564][T19915] ? smp_call_function_many_cond+0x120b/0x1500 [ 934.748601][T19915] ? lockdep_hardirqs_on+0x78/0x100 [ 934.748640][T19915] reclaim_folio_list+0xdc/0x600 [ 934.748684][T19915] ? __pfx_flush_tlb_func+0x10/0x10 [ 934.748748][T19915] ? __pfx_reclaim_folio_list+0x10/0x10 [ 934.748814][T19915] ? lru_gen_update_size+0x431/0xe40 [ 934.748871][T19915] ? lru_gen_del_folio+0x382/0x5f0 [ 934.748920][T19915] reclaim_pages+0x428/0x5e0 [ 934.748974][T19915] ? __pfx_reclaim_pages+0x10/0x10 [ 934.749021][T19915] ? find_held_lock+0x2b/0x80 [ 934.749055][T19915] ? madvise_cold_or_pageout_pte_range+0xb49/0x2720 [ 934.749108][T19915] madvise_cold_or_pageout_pte_range+0x1635/0x2720 [ 934.749171][T19915] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 934.749216][T19915] ? debug_check_no_obj_freed+0x31f/0x630 [ 934.749269][T19915] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 934.749317][T19915] walk_pgd_range+0xc1a/0x1dd0 [ 934.749379][T19915] ? do_raw_spin_unlock+0x145/0x1e0 [ 934.749448][T19915] ? __pfx_walk_pgd_range+0x10/0x10 [ 934.749505][T19915] ? folios_put_refs+0x66d/0x840 [ 934.749564][T19915] __walk_page_range+0x163/0x820 [ 934.749617][T19915] walk_page_range_vma_unsafe+0x209/0x8f0 [ 934.749658][T19915] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 934.749701][T19915] ? find_held_lock+0x2b/0x80 [ 934.749740][T19915] ? mlock_drain_local+0x254/0x4e0 [ 934.749789][T19915] ? mlock_drain_local+0x254/0x4e0 [ 934.749845][T19915] walk_page_range_vma+0x63/0x90 [ 934.749882][T19915] madvise_pageout+0x259/0x540 [ 934.749922][T19915] ? __pfx_madvise_pageout+0x10/0x10 [ 934.749991][T19915] madvise_vma_behavior+0x3e6/0x3050 [ 934.750035][T19915] ? mt_find+0x687/0x8e0 [ 934.750070][T19915] ? mt_find+0x687/0x8e0 [ 934.750105][T19915] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 934.750151][T19915] ? mt_find+0x45e/0x8e0 [ 934.750188][T19915] ? __pfx_mt_find+0x10/0x10 [ 934.750233][T19915] ? find_vma_prev+0xd8/0x150 [ 934.750268][T19915] ? _kstrtoull+0x13c/0x1f0 [ 934.750327][T19915] ? find_vma+0xbf/0x140 [ 934.750360][T19915] ? __pfx_find_vma+0x10/0x10 [ 934.750401][T19915] madvise_walk_vmas+0x2fe/0xa90 [ 934.750449][T19915] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 934.750502][T19915] madvise_do_behavior+0x1ea/0x510 [ 934.750549][T19915] ? __pfx_madvise_do_behavior+0x10/0x10 [ 934.750592][T19915] ? down_read+0x13b/0x460 [ 934.750652][T19915] do_madvise+0x195/0x240 [ 934.750693][T19915] ? __pfx_do_madvise+0x10/0x10 [ 934.750740][T19915] ? __mutex_unlock_slowpath+0x15c/0x790 [ 934.750805][T19915] ? ksys_write+0x1ac/0x250 [ 934.750837][T19915] ? __pfx_ksys_write+0x10/0x10 [ 934.750878][T19915] __x64_sys_madvise+0xa9/0x110 [ 934.750915][T19915] ? lockdep_hardirqs_on+0x78/0x100 [ 934.750946][T19915] do_syscall_64+0x106/0xf80 [ 934.750974][T19915] ? clear_bhb_loop+0x40/0x90 [ 934.751012][T19915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.751043][T19915] RIP: 0033:0x7fb15fb9c819 [ 934.751068][T19915] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 934.751098][T19915] RSP: 002b:00007fb160b1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 934.751126][T19915] RAX: ffffffffffffffda RBX: 00007fb15fe15fa0 RCX: 00007fb15fb9c819 [ 934.751147][T19915] RDX: 0000000000000015 RSI: ff7fffffffff0001 RDI: 0000000000000000 [ 934.751166][T19915] RBP: 00007fb160b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 934.751184][T19915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 934.751202][T19915] R13: 00007fb15fe16038 R14: 00007fb15fe15fa0 R15: 00007ffd3b8164b8 [ 934.751240][T19915] [ 955.962305][T20402] program syz.1.3874 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 958.963015][T20465] zswap: compressor not available [ 959.423412][T20484] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 959.622411][T20489] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3894'. [ 961.100073][T20530] sd 0:0:1:0: PR command failed: 1026 [ 961.136251][T20530] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 961.177158][T20530] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 962.092208][T20548] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3909'. [ 964.072373][T20601] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 964.905461][T20618] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.099954][T20618] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.367085][T20618] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.552416][T20618] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.573454][T20630] bond0: invalid ARP target specified [ 965.740192][T20618] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 966.144631][T20630] bdi 7:2: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 966.176474][T20630] ptrace attach of "./syz-executor exec"[17060] was attempted by "./syz-executor exec"[20630] [ 980.068076][ T5144] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 980.078470][ T5144] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 980.089128][ T5144] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 980.110282][ T5144] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 980.129000][ T5144] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 980.638971][T20676] chnl_net:caif_netlink_parms(): no params data found [ 980.937804][ T5144] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 980.952451][ T5144] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 980.961913][ T5144] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 980.971487][ T5144] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 980.980031][ T5144] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 981.120134][T20676] bridge0: port 1(bridge_slave_0) entered blocking state [ 981.127541][T20676] bridge0: port 1(bridge_slave_0) entered disabled state [ 981.135339][T20676] bridge_slave_0: entered allmulticast mode [ 981.146784][T20676] bridge_slave_0: entered promiscuous mode [ 981.184405][T20676] bridge0: port 2(bridge_slave_1) entered blocking state [ 981.191790][T20676] bridge0: port 2(bridge_slave_1) entered disabled state [ 981.199496][T20676] bridge_slave_1: entered allmulticast mode [ 981.209905][T20676] bridge_slave_1: entered promiscuous mode [ 981.326326][T20676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 981.342276][T20676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 981.404890][T20676] team0: Port device team_slave_0 added [ 981.431425][T20676] team0: Port device team_slave_1 added [ 981.476796][T20676] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 981.484242][T20676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 981.511304][T20676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 981.617187][T20676] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 981.625109][T20676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 981.656432][T20676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 981.809456][T20676] hsr_slave_0: entered promiscuous mode [ 981.816544][T20676] hsr_slave_1: entered promiscuous mode [ 981.823478][T20676] debugfs: 'hsr0' already exists in 'hsr' [ 981.829669][T20676] Cannot create hsr debugfs directory [ 982.314625][T16207] Bluetooth: hci0: command tx timeout [ 982.453605][T20699] chnl_net:caif_netlink_parms(): no params data found [ 982.903840][T20699] bridge0: port 1(bridge_slave_0) entered blocking state [ 982.923535][T20699] bridge0: port 1(bridge_slave_0) entered disabled state [ 982.936623][T20699] bridge_slave_0: entered allmulticast mode [ 982.967623][T20699] bridge_slave_0: entered promiscuous mode [ 983.058858][T16207] Bluetooth: hci5: command tx timeout [ 983.065505][T20699] bridge0: port 2(bridge_slave_1) entered blocking state [ 983.078753][T20699] bridge0: port 2(bridge_slave_1) entered disabled state [ 983.085992][T20699] bridge_slave_1: entered allmulticast mode [ 983.109120][T20699] bridge_slave_1: entered promiscuous mode [ 983.199891][T20699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 983.221014][T20699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 983.283067][T20699] team0: Port device team_slave_0 added [ 983.292466][T20699] team0: Port device team_slave_1 added [ 983.345441][T20699] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 983.352802][T20699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 983.388667][T20699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 983.411611][T20699] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 983.428744][T20699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 983.488651][T20699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 983.607585][T20699] hsr_slave_0: entered promiscuous mode [ 983.620409][T20699] hsr_slave_1: entered promiscuous mode [ 983.627976][T20699] debugfs: 'hsr0' already exists in 'hsr' [ 983.634179][T20699] Cannot create hsr debugfs directory [ 984.441735][T16207] Bluetooth: hci0: command tx timeout [ 985.138812][T16207] Bluetooth: hci5: command tx timeout [ 986.499765][T16207] Bluetooth: hci0: command tx timeout [ 987.224554][T16207] Bluetooth: hci5: command tx timeout [ 988.634036][T16207] Bluetooth: hci0: command tx timeout [ 989.299947][T16207] Bluetooth: hci5: command tx timeout [ 993.067002][T20885] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3980'. [ 993.382562][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.390569][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1040.441420][ T5144] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1040.451262][ T5144] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1040.464140][ T5144] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1040.472722][ T5144] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1040.480557][ T5144] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1040.655296][T20893] chnl_net:caif_netlink_parms(): no params data found [ 1040.742193][T20893] bridge0: port 1(bridge_slave_0) entered blocking state [ 1040.754625][T20893] bridge0: port 1(bridge_slave_0) entered disabled state [ 1040.762297][T20893] bridge_slave_0: entered allmulticast mode [ 1040.770021][T20893] bridge_slave_0: entered promiscuous mode [ 1040.779471][T20893] bridge0: port 2(bridge_slave_1) entered blocking state [ 1040.786663][T20893] bridge0: port 2(bridge_slave_1) entered disabled state [ 1040.794218][T20893] bridge_slave_1: entered allmulticast mode [ 1040.803036][T20893] bridge_slave_1: entered promiscuous mode [ 1040.846513][T20893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1040.860127][T20893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1040.915918][T20893] team0: Port device team_slave_0 added [ 1040.927183][T20893] team0: Port device team_slave_1 added [ 1040.970192][T20893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1040.977305][T20893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1041.004353][T20893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1041.018494][T20893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1041.027510][T20893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1041.054035][T20893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1041.088740][T16207] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1041.098299][T16207] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1041.107235][T16207] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1041.119786][T16207] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1041.131450][T16207] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1041.166687][T20893] hsr_slave_0: entered promiscuous mode [ 1041.173439][T20893] hsr_slave_1: entered promiscuous mode [ 1041.180362][T20893] debugfs: 'hsr0' already exists in 'hsr' [ 1041.186221][T20893] Cannot create hsr debugfs directory [ 1041.473270][T20903] chnl_net:caif_netlink_parms(): no params data found [ 1041.563649][T20903] bridge0: port 1(bridge_slave_0) entered blocking state [ 1041.571007][T20903] bridge0: port 1(bridge_slave_0) entered disabled state [ 1041.578989][T20903] bridge_slave_0: entered allmulticast mode [ 1041.586620][T20903] bridge_slave_0: entered promiscuous mode [ 1041.594982][T20903] bridge0: port 2(bridge_slave_1) entered blocking state [ 1041.602302][T20903] bridge0: port 2(bridge_slave_1) entered disabled state [ 1041.609799][T20903] bridge_slave_1: entered allmulticast mode [ 1041.617257][T20903] bridge_slave_1: entered promiscuous mode [ 1041.656102][T20903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1041.668616][T20903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1041.704515][T20903] team0: Port device team_slave_0 added [ 1041.713049][T20903] team0: Port device team_slave_1 added [ 1041.743102][T20903] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1041.750166][T20903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1041.776216][T20903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1041.790222][T20903] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1041.797754][T20903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1041.824563][T20903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1041.875763][T20903] hsr_slave_0: entered promiscuous mode [ 1041.882611][T20903] hsr_slave_1: entered promiscuous mode [ 1041.889409][T20903] debugfs: 'hsr0' already exists in 'hsr' [ 1041.895189][T20903] Cannot create hsr debugfs directory [ 1042.498708][T16207] Bluetooth: hci6: command tx timeout [ 1043.218775][T16207] Bluetooth: hci7: command tx timeout [ 1044.579842][T16207] Bluetooth: hci6: command tx timeout [ 1045.299069][T16207] Bluetooth: hci7: command tx timeout [ 1046.668780][T16207] Bluetooth: hci6: command tx timeout [ 1047.379583][T16207] Bluetooth: hci7: command tx timeout [ 1048.739657][T16207] Bluetooth: hci6: command tx timeout [ 1049.458708][T16207] Bluetooth: hci7: command tx timeout [ 1054.826009][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.832653][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1100.514044][ T5144] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1100.523847][ T5144] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1100.532500][ T5144] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1100.540752][ T5144] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1100.548620][ T5144] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1100.741319][T20919] chnl_net:caif_netlink_parms(): no params data found [ 1100.835085][T20919] bridge0: port 1(bridge_slave_0) entered blocking state [ 1100.842790][T20919] bridge0: port 1(bridge_slave_0) entered disabled state [ 1100.850207][T20919] bridge_slave_0: entered allmulticast mode [ 1100.857812][T20919] bridge_slave_0: entered promiscuous mode [ 1100.870520][T20919] bridge0: port 2(bridge_slave_1) entered blocking state [ 1100.877739][T20919] bridge0: port 2(bridge_slave_1) entered disabled state [ 1100.887231][T20919] bridge_slave_1: entered allmulticast mode [ 1100.895786][T20919] bridge_slave_1: entered promiscuous mode [ 1100.955444][T20919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1100.969843][T20919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1101.025869][T20919] team0: Port device team_slave_0 added [ 1101.039133][T20919] team0: Port device team_slave_1 added [ 1101.094563][T20919] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1101.101944][T20919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1101.103479][T20922] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1101.130443][T20919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1101.136853][T20919] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1101.155812][T20919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1101.156143][T20922] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1101.181957][T20919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1101.200572][T20922] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1101.217549][T20922] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1101.229767][T20922] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1101.286601][T20919] hsr_slave_0: entered promiscuous mode [ 1101.293873][T20919] hsr_slave_1: entered promiscuous mode [ 1101.301186][T20919] debugfs: 'hsr0' already exists in 'hsr' [ 1101.307077][T20919] Cannot create hsr debugfs directory [ 1101.596590][T20932] chnl_net:caif_netlink_parms(): no params data found [ 1101.689544][T20932] bridge0: port 1(bridge_slave_0) entered blocking state [ 1101.697841][T20932] bridge0: port 1(bridge_slave_0) entered disabled state [ 1101.706880][T20932] bridge_slave_0: entered allmulticast mode [ 1101.714590][T20932] bridge_slave_0: entered promiscuous mode [ 1101.723578][T20932] bridge0: port 2(bridge_slave_1) entered blocking state [ 1101.730915][T20932] bridge0: port 2(bridge_slave_1) entered disabled state [ 1101.738808][T20932] bridge_slave_1: entered allmulticast mode [ 1101.748101][T20932] bridge_slave_1: entered promiscuous mode [ 1101.789636][T20932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1101.802208][T20932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1101.837348][T20932] team0: Port device team_slave_0 added [ 1101.847302][T20932] team0: Port device team_slave_1 added [ 1101.878338][T20932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1101.885548][T20932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1101.911853][T20932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1101.924561][T20932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1101.931854][T20932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1101.959940][T20932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1102.011275][T20932] hsr_slave_0: entered promiscuous mode [ 1102.018032][T20932] hsr_slave_1: entered promiscuous mode [ 1102.025022][T20932] debugfs: 'hsr0' already exists in 'hsr' [ 1102.030913][T20932] Cannot create hsr debugfs directory [ 1102.578751][T20922] Bluetooth: hci8: command tx timeout [ 1102.978751][T20922] Bluetooth: hci0: command 0x0406 tx timeout [ 1103.309237][ T5144] Bluetooth: hci9: command tx timeout [ 1104.658764][ T5144] Bluetooth: hci8: command tx timeout [ 1105.378971][ T5144] Bluetooth: hci9: command tx timeout [ 1106.738769][T20922] Bluetooth: hci8: command tx timeout [ 1107.458914][T20922] Bluetooth: hci9: command tx timeout [ 1108.100753][T20922] Bluetooth: hci5: command 0x0406 tx timeout [ 1108.818703][ T5144] Bluetooth: hci8: command tx timeout [ 1109.538865][ T5144] Bluetooth: hci9: command tx timeout [ 1115.629228][ T31] INFO: task syz.2.3924:20618 blocked for more than 143 seconds. [ 1115.637172][ T31] Not tainted syzkaller #0 [ 1115.642319][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1115.651082][ T31] task:syz.2.3924 state:D stack:24856 pid:20618 tgid:20617 ppid:16676 task_flags:0x480140 flags:0x00080002 [ 1115.663239][ T31] Call Trace: [ 1115.666541][ T31] [ 1115.669851][ T31] __schedule+0xfee/0x6120 [ 1115.674359][ T31] ? __lock_acquire+0x4a5/0x2630 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1115.679421][ T31] ? __pfx___schedule+0x10/0x10 [ 1115.685380][ T31] ? find_held_lock+0x2b/0x80 [ 1115.691104][ T31] ? schedule+0x2bf/0x390 [ 1115.695952][ T31] schedule+0xdd/0x390 [ 1115.700243][ T31] schedule_timeout+0x1b2/0x280 [ 1115.705186][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1115.710762][ T31] ? mark_held_locks+0x40/0x70 [ 1115.715615][ T31] __wait_for_common+0x2e7/0x4c0 [ 1115.720695][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1115.726243][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1115.732327][ T31] remove_one+0x312/0x420 [ 1115.736753][ T31] ? find_next_child+0x18f/0x280 [ 1115.742125][ T31] __simple_recursive_removal+0x148/0x5c0 [ 1115.748316][ T31] ? __pfx_remove_one+0x10/0x10 [ 1115.753496][ T31] debugfs_remove+0x5d/0x80 [ 1115.758194][ T31] nsim_dev_health_exit+0x3b/0xe0 [ 1115.763783][ T31] nsim_dev_reload_destroy+0x144/0x4a0 [ 1115.769928][ T31] nsim_drv_remove+0x52/0x1e0 [ 1115.774694][ T31] ? __pfx_nsim_bus_remove+0x10/0x10 [ 1115.785909][ T31] device_remove+0xcb/0x180 [ 1115.790616][ T31] device_release_driver_internal+0x44e/0x620 [ 1115.796784][ T31] bus_remove_device+0x2bc/0x560 [ 1115.801972][ T31] ? __pfx_bus_remove_device+0x10/0x10 [ 1115.807553][ T31] ? __pfx_device_remove_attrs+0x10/0x10 [ 1115.813505][ T31] ? up_write+0x290/0x4f0 [ 1115.817941][ T31] device_del+0x376/0x9b0 [ 1115.822564][ T31] ? __pfx_device_del+0x10/0x10 [ 1115.828212][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1115.858776][ T31] device_unregister+0x1d/0xe0 [ 1115.863658][ T31] del_device_store+0x346/0x480 [ 1115.888783][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1115.894285][ T31] ? find_held_lock+0x2b/0x80 [ 1115.938796][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1115.943868][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1115.968612][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1115.974191][ T31] bus_attr_store+0x74/0xb0 [ 1115.980822][ T31] ? __pfx_bus_attr_store+0x10/0x10 [ 1115.986145][ T31] sysfs_kf_write+0xf2/0x150 [ 1115.991105][ T31] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1115.996489][ T31] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1116.001942][ T31] vfs_write+0x6ac/0x1070 [ 1116.006351][ T31] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1116.012616][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1116.017474][ T31] ksys_write+0x12a/0x250 [ 1116.021958][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1116.026896][ T31] do_syscall_64+0x106/0xf80 [ 1116.031696][ T31] ? clear_bhb_loop+0x40/0x90 [ 1116.036442][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1116.042439][ T31] RIP: 0033:0x7f8f1719c819 [ 1116.046943][ T31] RSP: 002b:00007f8f1809d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1116.055557][ T31] RAX: ffffffffffffffda RBX: 00007f8f17415fa0 RCX: 00007f8f1719c819 [ 1116.063620][ T31] RDX: 0000000000000045 RSI: 0000200000000040 RDI: 0000000000000003 [ 1116.071775][ T31] RBP: 00007f8f17232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1116.080393][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1116.088764][ T31] R13: 00007f8f17416038 R14: 00007f8f17415fa0 R15: 00007ffc75004ff8 [ 1116.096817][ T31] [ 1116.100204][ T31] INFO: task syz.0.3928:20633 blocked for more than 143 seconds. [ 1116.107984][ T31] Not tainted syzkaller #0 [ 1116.119143][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1116.128004][ T31] task:syz.0.3928 state:D stack:29000 pid:20633 tgid:20629 ppid:17060 task_flags:0x400040 flags:0x00080002 [ 1116.155158][ T31] Call Trace: [ 1116.158620][ T31] [ 1116.161712][ T31] __schedule+0xfee/0x6120 [ 1116.166222][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1116.171497][ T31] ? __pfx___schedule+0x10/0x10 [ 1116.176440][ T31] ? find_held_lock+0x2b/0x80 [ 1116.183658][ T31] ? schedule+0x2bf/0x390 [ 1116.188466][ T31] schedule+0xdd/0x390 [ 1116.192764][ T31] schedule_preempt_disabled+0x13/0x30 [ 1116.198303][ T31] __mutex_lock+0xc9a/0x1b90 [ 1116.203658][ T31] ? __pfx___alloc_skb+0x10/0x10 [ 1116.208840][ T31] ? devlink_health_report+0x681/0xb50 [ 1116.214641][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1116.219971][ T31] ? devlink_recover_notify.constprop.0+0x4d7/0x670 [ 1116.226631][ T31] ? devlink_recover_notify.constprop.0+0x200/0x670 [ 1116.233427][ T31] ? devlink_health_report+0x681/0xb50 [ 1116.239033][ T31] devlink_health_report+0x681/0xb50 [ 1116.244495][ T31] ? __pfx_devlink_health_report+0x10/0x10 [ 1116.250643][ T31] ? _copy_from_user+0x59/0xd0 [ 1116.255597][ T31] nsim_dev_health_break_write+0x166/0x210 [ 1116.267765][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.274833][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.284374][ T31] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 1116.290953][ T31] full_proxy_write+0x135/0x1a0 [ 1116.295901][ T31] vfs_write+0x2aa/0x1070 [ 1116.300375][ T31] ? __pfx_full_proxy_write+0x10/0x10 [ 1116.305850][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1116.310803][ T31] ? __fget_files+0x215/0x3d0 [ 1116.315563][ T31] ? __fget_files+0x21f/0x3d0 [ 1116.320397][ T31] ksys_write+0x12a/0x250 [ 1116.324795][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1116.329801][ T31] do_syscall_64+0x106/0xf80 [ 1116.334462][ T31] ? clear_bhb_loop+0x40/0x90 [ 1116.339335][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1116.345305][ T31] RIP: 0033:0x7fb15fb9c819 [ 1116.349841][ T31] RSP: 002b:00007fb160af9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1116.358317][ T31] RAX: ffffffffffffffda RBX: 00007fb15fe16090 RCX: 00007fb15fb9c819 [ 1116.366429][ T31] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000005 [ 1116.374504][ T31] RBP: 00007fb15fc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1116.382632][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1116.391118][ T31] R13: 00007fb15fe16128 R14: 00007fb15fe16090 R15: 00007ffd3b8164b8 [ 1116.399264][ T31] [ 1116.402479][ T31] [ 1116.402479][ T31] Showing all locks held in the system: [ 1116.428595][ T31] 3 locks held by kworker/1:1/29: [ 1116.433710][ T31] 1 lock held by khungtaskd/31: [ 1116.448537][ T31] #0: ffffffff8e7e7760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1116.468580][ T31] 2 locks held by getty/5586: [ 1116.473354][ T31] #0: ffff8880388c20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1116.499832][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1116.518604][ T31] 1 lock held by syz-executor/16205: [ 1116.523980][ T31] 1 lock held by kworker/u8:10/18448: [ 1116.548600][ T31] #0: ffff8880b853b360 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x140 [ 1116.568577][ T31] 8 locks held by syz.2.3924/20618: [ 1116.573884][ T31] #0: ffff888050bf7278 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1116.592859][ T31] #1: ffff888034a58420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1116.618562][ T31] #2: ffff88807ba83888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1116.628468][ T31] #3: ffff888028d155a8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1116.668778][ T31] #4: ffffffff8fb6f108 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1116.680017][ T31] #5: ffff88805abcc130 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb2/0x620 [ 1116.692225][ T31] #6: ffff88805abc9250 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1e0 [ 1116.704119][ T31] #7: ffff88805beca988 (&sb->s_type->i_mutex_key#10/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0 [ 1116.716776][ T31] 3 locks held by syz.0.3928/20633: [ 1116.722462][ T31] #0: ffff888078e202b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1116.732052][ T31] #1: ffff8880202a0420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1116.742903][ T31] #2: ffff88805abc9250 (&devlink->lock_key#6){+.+.}-{4:4}, at: devlink_health_report+0x681/0xb50 [ 1116.754618][ T31] 4 locks held by syz-executor/20676: [ 1116.760406][ T31] #0: ffff888034a58420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1116.769841][ T31] #1: ffff88807e980888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1116.780151][ T31] #2: ffff888028d155a8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1116.790931][ T31] #3: ffffffff8fb6f108 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1116.802635][ T31] 4 locks held by syz-executor/20699: [ 1116.808073][ T31] #0: ffff888034a58420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1116.824976][ T31] #1: ffff888026068488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1116.841387][ T31] #2: ffff888028d155a8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1116.852892][ T31] #3: ffffffff8fb6f108 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1116.863767][ T31] 4 locks held by syz-executor/20893: [ 1116.869500][ T31] #0: ffff888034a58420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1116.879005][ T31] #1: ffff88807e8a3488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1116.891010][ T31] #2: ffff888028d155a8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1116.902358][ T31] #3: ffffffff8fb6f108 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1116.913076][ T31] 4 locks held by syz-executor/20903: [ 1116.918849][ T31] #0: ffff888034a58420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1116.927942][ T31] #1: ffff88807e98e888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1116.941536][ T31] #2: ffff888028d155a8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1116.952018][ T31] #3: ffffffff8fb6f108 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1116.962771][ T31] 4 locks held by syz-executor/20919: [ 1116.968207][ T31] #0: ffff888034a58420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1116.977432][ T31] #1: ffff888032c3c088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1116.987454][ T31] #2: ffff888028d155a8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1116.998028][ T31] #3: ffffffff8fb6f108 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1117.009557][ T31] 4 locks held by syz-executor/20932: [ 1117.015091][ T31] #0: ffff888034a58420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1117.024615][ T31] #1: ffff888032c93888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1117.034515][ T31] #2: ffff888028d155a8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1117.044701][ T31] #3: ffffffff8fb6f108 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1117.055391][ T31] [ 1117.057760][ T31] ============================================= [ 1117.057760][ T31] [ 1117.070145][ T31] NMI backtrace for cpu 1 [ 1117.070170][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 1117.070203][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1117.070219][ T31] Call Trace: [ 1117.070228][ T31] [ 1117.070238][ T31] dump_stack_lvl+0x100/0x190 [ 1117.070285][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1117.070333][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1117.070377][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1117.070438][ T31] sys_info+0x141/0x190 [ 1117.070474][ T31] watchdog+0xd25/0x1050 [ 1117.070516][ T31] ? __pfx_watchdog+0x10/0x10 [ 1117.070547][ T31] ? __kthread_parkme+0x18c/0x230 [ 1117.070587][ T31] ? kthread+0x13a/0x450 [ 1117.070630][ T31] ? __pfx_watchdog+0x10/0x10 [ 1117.070661][ T31] kthread+0x370/0x450 [ 1117.070704][ T31] ? __pfx_kthread+0x10/0x10 [ 1117.070751][ T31] ret_from_fork+0x754/0xd80 [ 1117.070802][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1117.070855][ T31] ? __switch_to+0x7b4/0x1120 [ 1117.070893][ T31] ? __pfx_kthread+0x10/0x10 [ 1117.070940][ T31] ret_from_fork_asm+0x1a/0x30 [ 1117.070997][ T31] [ 1117.071015][ T31] Sending NMI from CPU 1 to CPUs 0: [ 1117.195801][ C0] NMI backtrace for cpu 0 [ 1117.195824][ C0] CPU: 0 UID: 0 PID: 20944 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) [ 1117.195856][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1117.195873][ C0] RIP: 0010:set_pte_range+0x6f1/0xb10 [ 1117.195913][ C0] Code: ff e8 43 0b b0 ff 48 89 df 48 83 e7 fd 48 81 cf 00 04 00 00 e8 10 f5 fd ff 48 89 c3 e9 35 fb ff ff e8 23 0b b0 ff 48 83 c4 30 <5b> 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 0b 0b b0 ff 90 0f [ 1117.195939][ C0] RSP: 0000:ffffc9000431fa38 EFLAGS: 00000282 [ 1117.195961][ C0] RAX: 0000000000000000 RBX: 000000000b995025 RCX: ffffffff82583a0b [ 1117.195979][ C0] RDX: ffff8880320d9e80 RSI: ffffffff82583ddd RDI: ffff8880320d9e80 [ 1117.195997][ C0] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 1117.196012][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880893f0348 [ 1117.196029][ C0] R13: ffff8880254a8000 R14: dffffc0000000000 R15: ffffc9000431fd80 [ 1117.196047][ C0] FS: 00007f8778d94880(0000) GS:ffff888124340000(0000) knlGS:0000000000000000 [ 1117.196079][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1117.196096][ C0] CR2: 00007f8778662490 CR3: 00000000773d2000 CR4: 00000000003526f0 [ 1117.196114][ C0] Call Trace: [ 1117.196123][ C0] [ 1117.196135][ C0] filemap_map_pages+0x7ea/0x2020 [ 1117.196183][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1117.196220][ C0] ? do_wp_page+0x1918/0x4e90 [ 1117.196252][ C0] ? __pfx_filemap_map_pages+0x10/0x10 [ 1117.196301][ C0] ? __pfx_filemap_map_pages+0x10/0x10 [ 1117.196349][ C0] do_fault+0x9a7/0x18e0 [ 1117.196382][ C0] __handle_mm_fault+0x1815/0x2b60 [ 1117.196423][ C0] ? reacquire_held_locks+0xce/0x1e0 [ 1117.196458][ C0] ? __pfx___handle_mm_fault+0x10/0x10 [ 1117.196503][ C0] ? lock_vma_under_rcu+0x17c/0x590 [ 1117.196551][ C0] handle_mm_fault+0x36d/0xa20 [ 1117.196592][ C0] do_user_addr_fault+0x5a3/0x12f0 [ 1117.196624][ C0] exc_page_fault+0x6f/0xd0 [ 1117.196651][ C0] asm_exc_page_fault+0x26/0x30 [ 1117.196677][ C0] RIP: 0033:0x7f8778662490 [ 1117.196697][ C0] Code: 40 00 c3 0f 1f 80 00 00 00 00 48 83 c4 08 48 89 ef 5b 5d e9 a2 57 04 00 66 90 48 89 ef e8 e8 56 04 00 eb 91 66 0f 1f 44 00 00 05 e6 0f 19 00 00 00 00 00 c3 0f 1f 44 00 00 31 c9 e9 e9 f9 ff [ 1117.196723][ C0] RSP: 002b:00007ffd79d6d1e8 EFLAGS: 00010246 [ 1117.196742][ C0] RAX: 0000000000000000 RBX: 00007ffd79d6d1f8 RCX: 00007f87786f1670 [ 1117.196760][ C0] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 00007f8778d94b60 [ 1117.196776][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 00005651318978e0 [ 1117.196792][ C0] R10: 00007f8778d94b50 R11: 0000000000000246 R12: 00007ffd79d6d5b0 [ 1117.196809][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1117.196836][ C0] [ 1117.471149][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1117.478141][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 1117.487353][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1117.497701][ T31] Call Trace: [ 1117.501081][ T31] [ 1117.504037][ T31] dump_stack_lvl+0x100/0x190 [ 1117.508774][ T31] vpanic+0x552/0x970 [ 1117.512801][ T31] ? __pfx_vpanic+0x10/0x10 [ 1117.517367][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1117.523578][ T31] panic+0xd1/0xe0 [ 1117.527336][ T31] ? __pfx_panic+0x10/0x10 [ 1117.531775][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1117.538053][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1117.544279][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1117.550552][ T31] ? watchdog.cold+0x198/0x1ca [ 1117.555372][ T31] ? watchdog+0xd35/0x1050 [ 1117.559848][ T31] watchdog.cold+0x1a9/0x1ca [ 1117.564476][ T31] ? __pfx_watchdog+0x10/0x10 [ 1117.569180][ T31] ? __kthread_parkme+0x18c/0x230 [ 1117.574373][ T31] ? kthread+0x13a/0x450 [ 1117.579139][ T31] ? __pfx_watchdog+0x10/0x10 [ 1117.583887][ T31] kthread+0x370/0x450 [ 1117.588070][ T31] ? __pfx_kthread+0x10/0x10 [ 1117.593012][ T31] ret_from_fork+0x754/0xd80 [ 1117.597675][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1117.602829][ T31] ? __switch_to+0x7b4/0x1120 [ 1117.607538][ T31] ? __pfx_kthread+0x10/0x10 [ 1117.612169][ T31] ret_from_fork_asm+0x1a/0x30 [ 1117.616999][ T31] [ 1117.620808][ T31] Kernel Offset: disabled [ 1117.625279][ T31] Rebooting in 86400 seconds..