last executing test programs: 11m50.662246441s ago: executing program 3 (id=4036): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2048000}, 0x40014) kexec_load$auto(0xffffffff, 0x2, &(0x7f0000000080)={@buf=0x0, 0x0, 0x8000, 0x403000}, 0x4) 11m49.609529983s ago: executing program 3 (id=4042): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4010ae67, &(0x7f0000000080)={0xa8}) 11m49.393855082s ago: executing program 3 (id=4045): mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xc) socket(0x2, 0x1, 0x0) setsockopt$auto(0x6, 0x8000000000000006, 0x10, 0x0, 0x7ffffc) 11m49.264180034s ago: executing program 3 (id=4047): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 11m48.948511314s ago: executing program 3 (id=4048): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x28, 0x1, 0x0) r0 = socket(0x10, 0x2, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/mm/transparent_hugepage/khugepaged/pages_to_scan\x00', 0x88282, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec\x00', 0x0, 0x0) sendfile$auto(r0, r1, 0x0, 0x3) 11m48.289999786s ago: executing program 3 (id=4050): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 11m47.829470295s ago: executing program 32 (id=4050): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 6.972194509s ago: executing program 2 (id=8208): r0 = socket(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO2(r2, 0x80184132, &(0x7f0000000240)={0x5, 0x7fff, 0x4, 0xde}) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000200), r1) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="2000d907b2aa0cd13ae5c0aaef8f07ce109d2b74fae935575ffe4ec91484a0a492d0feed22e019b19d763d124d655babf0231029243549e1b21d31aff2fab550780128cf42c636b69367", @ANYRES16=r4, @ANYBLOB="00082cbd7000fcdbdf250f0000000a0005000000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x400c850}, 0x10) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) read$auto_page_owner_stack_operations_page_owner(r2, &(0x7f0000000040)=""/224, 0xe0) ioctl$auto(0x3, 0xae41, r5) r6 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$auto_IMADDTIMER(r6, 0x80044940, &(0x7f0000000140)=0x200000) r7 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/usb/usbmon/37t\x00', 0x80800, 0x0) close_range$auto(r0, r7, 0x9c) ioctl$auto_KVM_GET_MSRS(r3, 0x8004ae98, &(0x7f0000000180)={0x7}) 6.512164288s ago: executing program 0 (id=8212): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x4000000008000) r0 = socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) r1 = socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(r0, 0x0, 0x5c8) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x4a401, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000d80), 0x0) close_range$auto(r1, 0xfffffffffffff000, 0x4000000000002) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) close_range$auto(0x2, 0x8, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x18, 0x80000, 0x8) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), r3) r4 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/kernel/debug/ieee80211/phy7/netdev:wlan0/stations/08:02:11:00:00:01/aid\x00', 0x149080, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r4, 0x0, 0x0) 5.866362589s ago: executing program 2 (id=8214): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x50) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) munmap$auto(0x8000, 0xffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = timerfd_create$auto(0x1, 0x0) timerfd_settime$auto(r1, 0x3, &(0x7f0000000000)={{0x10, 0x3ff}, {0x10, 0x9}}, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x5) 5.424330013s ago: executing program 1 (id=8215): openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x1c1000, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xffd8) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev6\x00', 0x200, 0x0) ioctl$auto(r1, 0xc0945662, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NCSI_CMD_PKG_INFO(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r3, 0x20, 0x70bd2c, 0x25dfdbff, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x5e70}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x40080) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xd, 0x10000, 0x7, 0x3, 0x7ffffffd, 0xffffffffffffffff, [], {0x6, 0x1ff, 0x8c48, 0x2a2, 0x100, 0x7ffffffb, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x0, 0x5, 0x3, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8300f000) r4 = timerfd_create$auto(0x9, 0x0) timerfd_settime$auto(r4, 0x0, &(0x7f0000000000)={{0x10, 0x3ff}, {0x10, 0x9}}, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x541b, 0x38) 5.123919747s ago: executing program 2 (id=8216): sendmsg$auto_NL80211_CMD_REMOVE_LINK(0xffffffffffffffff, 0x0, 0x40804) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) rt_sigqueueinfo$auto(0x0, 0x4004, 0x0) prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x6, 0x6d80, 0x1, 0xffffffffffff0000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x10, 0x2, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @my=0x1}, 0x55) socket(0x2, 0x1, 0x106) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd11/hctx0/busy\x00', 0x60000, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_XFS_IOC_ALLOCSP(r0, 0x4030580a, &(0x7f0000000040)={0x400, 0x1, 0x1, 0x73, 0x6, 0xffffffffffffffff}) getpid() select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r2) 5.040409014s ago: executing program 4 (id=8217): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0) ioctl$auto_SOUND_MIXER_READ_RECMASK2(r1, 0x80044dfd, &(0x7f00000014c0)) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x8, 0x100000001) 4.726017488s ago: executing program 0 (id=8218): socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x20582, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 4.539039796s ago: executing program 1 (id=8219): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77ef907d, 0x0) socket(0xa, 0x5, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 3.931093284s ago: executing program 2 (id=8220): mmap$auto(0x0, 0x420009, 0xfff, 0xeb1, 0x401, 0x7ffd) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0xa, 0x1, 0xfffffeff) r3 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, &(0x7f00000000c0)="873302e301e0b01ae9e5d8a7401b66e72e4857fababb0070dec76e27ea1c71b7f8b800abcfb9974f59c538ef55") pread64$auto(r3, 0x0, 0x2, 0x3) prctl$auto(0x3e, 0x4a, r1, 0x6, 0x80000001) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\x97U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_FICLONERANGE(r4, 0x4020940d, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x1000000009, r0, 0x0) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 3.922992724s ago: executing program 4 (id=8221): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mem\x00', 0x20401, 0x0) write$auto_proc_mem_operations_base(r0, &(0x7f0000001680)="a7", 0x80000) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) sysfs$auto(0x2, 0x20, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) ioperm$auto(0x7, 0x6, 0x2) 3.7520317s ago: executing program 1 (id=8222): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x100) socket(0xa, 0x3, 0x73) socket(0x10, 0x2, 0x0) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket(0x1d, 0x2, 0x6) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x1, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x404, 0x0, 0x80000000, 0xf, 0xb, 0x5}, 0x7) 3.571392541s ago: executing program 0 (id=8223): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) socket(0x2c, 0x3, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x8, @old_prog_fd=r0}, 0xa3) bpf$auto(0x2, &(0x7f0000000040)=@query={@target_ifindex, 0xff, 0x7, 0x9, 0x7f, @count=0xfffffff1, 0x0, 0x80000000, 0xc, 0xb, 0x7}, 0x9) 2.960176097s ago: executing program 0 (id=8224): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) r1 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r2) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="ffff2abd7000fedbdf25010000000c0006001000000000000000"], 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setxattrat$auto(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x1000, &(0x7f00000000c0)='ns/mnt\x00', 0x0, 0xa7) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090027bd7000fbdbdf250200000008000800", @ANYRES32=r5, @ANYBLOB="140001800800020006000000080001"], 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0xc050) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x3, 0x0, 0x7, 0xa505}, 0x8800}, 0x7, 0x4008) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:01.3/power/control\x00', 0xe3102, 0x0) sendfile$auto(r6, r6, 0x0, 0x2) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x80002, 0x0) write$auto_proc_reg_file_ops_compat_inode(r7, &(0x7f0000000280)="a458f4e5e5f4bcc7fad26fd67f02b7cd05e6589800c28ef8f8202c09b2638f3653c6ed3b849812627a484d93e7ca38bb6c75b1d0f95ba576d7f2aba7a6e17d8a748fa2c2b65445121fdb006e371bc9da60cdd2378cf6a100a75f14aee91714b49cf0714f88fa5e59aae9bcf9c237ad19523f31da1c288cdf6281c4b2abd40ce043cd48819ea9eaa38e675e316b30542f9931634b3a830a7b54d420ab67826dddb406fed3bed2b77ecb0a7d4e2af6b59bab4910255fc1c235940b6f7f253131c3cd2ac263c02923997e0d75105d0d2cf679ea39a73b46233a7ae8e3bbfb0d80046e233f9d8c5560fe1c960668ebcbe0f83692592c77c17cd13221d12f7101576ebed9672885ab88780d1e19fac43722706ec0ba321cbad1a4655b89cf162edf24d1fefcae46d1249c3454cec842f32115775e6874e5cd7ded5dd35826f4cd5305cb3ef22976a7038ab5b6c2f47ab885ca72fac9790238d313859fab15b48ac55d1f572eedc5696e7699164709ec83e685df236a03296471157171e45fc876d86da156922a730e921b1db59737aa99d3c340400112561338a371d1046b32398ad4d770d08435561793bb629ea9c546540c8f54fed75b9e2e96a93bbbe986a8f4979193d7542319a3420287a1ac0a39444fc1abbf0a42bcff5cfa283d15f6c6e299a21abb3a375b3e1ddbb02e6159c9457952209b24c1bf943c54670ae8c2e47f56c96fddee1f2e1632fabde9bcd0bf1ae29eaa6cd2eba33477d8c8731f44173d7c9f6671a951d3e53e696f8f9879f9a974f7e2966e75142cda07e655b6d2eabea316f895785acf3bc931bf224e07110af85ec024d81e326efd5d258d42f731858bb0cb93c93b9030cb34b2a95e7844c018230d92b285d8cbe8bee6a92fd4243e53fa90f4635ecfdb49081d198b4146014cfc4419497fb921b2f61e23ce527374349012778e08f814df03867fee8247ee26c549c0597f94afc17d785b61e1725fa64bc12f1affe87e9117e71290bce5f75ad394817234f97c49fbc63a4d811719871c0a2d5db42d5f8ec45959a8464af57cca0566f6bd41d693f1fb5c96e4c6a6f97f50f459f7793e6046d1b535de78802b9fd9953dafe263ab3d693c0fee0283e70c610e2cfc0e3cb3854dd9d02d700eb666d80dadef740e5f274c2a8ba5fafe1898378022c3d51249710e4f4081b3e2f53670250d3ad7a06eeb02ee94505f7fc8d2c5e9a984a6ab7c1b761f517919a2f44c6bfeaf840c359627be82c08c5769921720bbd883aa74003d8dafec23f539b6b26205d931dcbd381c61430e58954ccd8bef6e8ff18243d769b9139e86d83ee72e5a8c7ac6dc0c997faf9b347947a40e7ef33686c2ee0b49d7c58148e4c8f73fcab6c5597f71feef03fc47db06955299b166bff481c71499fe92fde4e754db5ac71e1c8471ecd1d15fc9c48ce2d01fcdec9b8a9c4cd5d591f590a521dd39d3354e7e2750f7260fe89c02bb3bddd30f11be772eb95752246632df16474832514493cb6c50e8fc6b37dbc263cf970f0ab0d1221245082e91e90f55ad8354eb735038335b42e2571267b07cf71225010aab65145e443b50099b2bd4bfbf546a411e733e97d54db91e84448f966469b796425bbd144f83694b9e05b756fbba36cc6075ad8f30edb0847be6934482d6e19950af47db60a96ca5eef83faf4a1f628daa8dafc78cc2607fa0fcf6fc0ad00c64efb2c223c70bf7a8414c290d13793a5fc81b10a5bb5e8dd7ca2f81f5556d231bf2cfbf1923285aba060c1c88882107e14fddcaaf3eaea37a0bb7216050585c886b6c3fad247d85ccd458dfb746d3d0f6e517adf50a31fc96530950f186943de01ff77d98273875b727cfaf927820d52ee3a63fea63b2d39b1f2c6c2d985e62b96e4ec129207e488a2f91356ba91a8d8bd5b63718d087dfc183e56ceb924afae5f3a12d8c53bb21b8593965b1d68aa52ca985fa510d279ffc470468e3aec2d7524d80826a94e48a6ca4d11e5fc3d5776efc1a696b04c391c872eb2f42fcf6b84e6498f5d0520600f9f68a36d3c535b9d7cfc1d45415374adb90f1e6d300a99f2b5f6f77594c336ddc9b171c4875247201b05ab171a7d4418dcfffcee9996be2cd77e9d7e92965d28e1458df6d184ba7d9cd55d5994a00e692d7674f2ae01d6dd56c3e4b5aa1c0f27ae4c4cbbfe7289743b7c5f9ba7300891f4c83f414318e77de74d84d33b7f83c456e198b99d64e8b7caad5bcd618993764bb24178a990d736edf4965346c2ac76c99b22a5114ec39bc818d6a469b0d4f1aeaf955c14d7a3a5b787141d465a55d71b6138a8dc8cb1d303371c97d8479cb09545bf4a08fa99ab7ea21b3b3a95f4b052e261baf2be0131ce619ecd352904fc2486735edf6d2df283f1e2dae7432557bd8c899b397e769088797f337b3aa1867a9728148f9c63f643ce41f19906640e50764b1a6286beabe9f9e074ca60552f1212aad80b22cbbb45c6e6f00f51020df928756caa3cf374342257807d6daea4e74a79c6144fae4f78915303542b7a5d48a17179a4a43ab18631b06d81c01409277dac0d58ff48c86f679e9c0c56aa8ca6c7591078d6bee3ff9857e099145cf0775ef0ee006f9697e4c69efe0ff72543d7028f5ef18c1d814d1a9f9a3e30fa5d324ba137aaa7175a529c13a8fc321d92472c9b19c941e701f7225664b05613cb07b0705112105ab3c28b00af1b6f930f3d903ee6cc164d77d5d2a0b16667cfb6b329b53b30d8d9a826ba7430d519b1b7f537ed2df08845eb5df7737fe3554f3d96144b42bfd92cc5daab42446f3d46272a00f2457d39ef3e9ea37362d402f6287ea6f485f68ffbe383e21089c313171f6c33f8a7055299ab7cfc5d974c487d992cac1ca53c05c1e9bdb38f6ca0ed6d4e0d8ab7b6197fdd1b4b95e6a466c8d9336c571ea1743e96e0b88da75520b8adddcaa932336fa02f63ce1a7eb909507f778ca3b5f2a736f396528d06ea86f63d3e45f545d262cadd337d321023ae0e5052ba4c0028dbd19765b0097039a64d58a8998ef7afba341b42d6b227cad8f4c4025a766de872a0cfde5f8c0581d4442a7aac906a0db5fad825611e487228aed5eec17f08d887a34d2b7c6c25f77412ee9941d5dec68a0464a1b0fd6eede1aa1b50579a93f205943dfd626204b9ca493c5aaececd17df71ac200cf7331a8bfbeddb6cd95b0b3016e56de0a9eeadf8d8c3591ae061e743f7c1ca4522bf55b2d80f3ba5df92d81433552dad6fd744ea71903b15a6374613b2a64a533cf6fa974273e7e5359f47428d7620d98d877faadad739a9a761713832ea70da990271b575e7cff075714d563b5b752ab50a7e1a1b5e689ff210503faabb37b8aa1d845825ab2488cfcb6a22010a55c4c045745f186ba8f42bc5a4dd06831da770670209ba568016459c50aef30c8aba754e341183817ad9b386e6b4e194cf66b76c9ea6313491d99d7e7a6d5c92bcec000c58794de2acfc4c490392a68f61e60bf664287e7020e4f30d897d916eb73dd4965b100f3c528cf2a46d43fca6351fc8c6c50fee04340b1f2fdf382a257eab0d964e7a2f0b1b7b9bc017117d8ebb40816b5515c88f7682c02b92b01d9fe884c963846f64800463830d83605a2ea32510dfbaaa29af264f60e8f72f307880f595715637dd799de8d77b0c7131bc04d44ce06b82a0f355e09e3d580124167e62fb12c584dc9553f3f91c86afffe6d871784c56c687b48b14bc974c65f18468eb3806be61c563a8af3075e4d9ff2c55ebab74ac4d384bc7f012dd39e373f74bab4ec597caa798112958890c00de56da95293e578490fb0e1e8fa63e1db877e75c7da1e394e37f8a971f7fe1354a800fff0c23aa66d990acf8fc7524d52a0c4f7b66459cb1811719afec92b7bd88e43569559f7f5fd41196c8ead0c70e13cb05b1155aab093a58b0d4652ce5ca005f868cf38fbefd401ddc9a747447ca6ea90b277688ef780461d14c5186b5a724cf50e5e3a7453e7ac4e79f07851317ae57911529daaa03d6745df50c78b868cb60757828b00d5215b0967733e2ab1366afacbec2fae934460a1e364275715fc2fe5b911240d59d94084b3386d130c9f52d844858bd36c866b2ca215c02aaff1c4be7a5d2329e00e5ad58de3e87c862402ff5d3632b1f871461f57f6194057ccde4d1d4adc08b0da2778896aa95ef376c53818fafa74872e2f99af03edfe5e8d8e030816a01fa193007f84a627991f24f9054d0347082c2c27294d8bea1422b5847a3bfd2684f5708013d6f3c4d41baca139ebab799b0f2d15eeb4a5fd195b892d331bd1db3f0ec4ddc225e52ef8a326ccd4b86995bf90ceffd0a18d37806ee49d09f072ddab15df82556c459daf45705ebfd358c4eb7547add41da3364d90fcdd36759e0000a88080a7f6d24ebb0e29e3a1b830e773a2c6d312472375b0428a221e03e2a1810a1c3cc8cde61e5359eefbb7324f4a6b04a2da87bce311a319ae8a842a518135750779d022b1a5321eb779d318d17387a7b7a739620594b090a2e550442c3debdc07a7a5283acc99539834c47ccf7635557a3066b81b32135df2e34c509dbf66dc0276e1e57977b45d77d41db78981883cf8ce8a738c04753911e957bf044e0bdbb1e9a72a7b5f884b61293e2f2756a32f6ef292a95e8484e101194a8c7e90f1e41fddf7d6af09dff5e308a2fbf5f0158d45bc87341ce3414c4b26cbc47ba43b2c2ad9ce6068df85d30fa994bf55cca9c327501c5335711988d3b4b5552c4fb9e9b6601a63cbb0a72ecdac3848ca4870814e0b8dee48a0ab5b14224c71f12cd648a3a39cba8e68f1562c1ad4966b7099015039518de65178c6a5e409166cc49d53b0f053773535421dfe289bd7c7fc2172dd4c5820ea3d2bbfd5bfd056a4d249a803440eada02f46e6fb9db13c74dad1303ca88b0a5091e196837eedd6a1dcd00e95fee39f252e3fb3afcb28d1db702bec482f19f7a5a327a522354e7bdbb3619697cd5c6e5b098b9a3c11478ef2b6467d22d0409e43bcb6552aaf47890c30077e56e77bfc53bc77fba63a324586f3172014b98dfac4ad686c83e611b89b1591a88dc4402d5cb60366455174cf0b84d0685454265a4a7d023b588ae491e6dac119433b2610170a8dc52a0c9f60cec85fe7fea415bf61e50c315b00c70a240a56345e1030731c4144d128e8dab606b1bda54874452af20ed7d6f3350b477417857884a6a6972b9696e92464b762da5739e400850df7ad82c63efb359d3a96b5a4a2f385432b6fa54c54a37678013d1774107b168b32225172d1081aa093def6e5ed6c05767128a4ebd0913ab03d200de072e81dbbc7b0c947ee3e34f6795211e632651852cb9cd7c2de1ef54d20ef625a193ed13061030c9a2e7f8c5674cbde924e25c8f97b6add0f4f89ef2b16ff418581aebd9f962f671a6adff28acf04edd01a96f69e0671780bdf40a19e9a3a235289771738cd32d1ef14509d11781d17608251fb7fa1b9d3c8646497ba0ce8890a2f0bd6e485959ceb8edf74981ef1c0ad7fc4f67bc4c941daef39fefbbdfa39979cf0e6454d565e8e90f8f4ac565a42dde87e16d4ad0977e1e67f88f560131ddaacc8a1f9db08441e6a9ddabae4b19441ef451ae9d9a854b193eb337d68830637f3ae81738bcc1a016077efe7692e146018b417d1199a14a79eecdcb00b0477f83627be935cc3a16a90b59b501d02be6091623c94f0fcf3e74616da0bbd767384c47fbe393c08c896979eef4cf1f200"/4092, 0xffc) listen$auto(r7, 0x8000) 2.914737876s ago: executing program 4 (id=8225): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) setsockopt$auto_SO_CNX_ADVICE(r0, 0xfff, 0x35, &(0x7f0000001500)='\x00', 0x9) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000025, 0x0) fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_ipvs(0x0, r1) sendmsg$auto_NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000005}, 0x40011) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x0, 0xfffffffffffff001, 0x2) process_vm_readv$auto(0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffd, 0x2) execveat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80) statx$auto(0xffffffffffffff9c, 0x0, 0x0, 0x9000000, &(0x7f0000001280)={0x4, 0xac, 0xfffffffffffffffb, 0x1, 0xee00, 0x0, 0x7, 0x100, 0xa, 0x8001, 0x2, 0x0, {0x4, 0x7}, {0x3, 0x3274925}, {0x1, 0x4}, {0x180000000000000, 0x400}, 0x10001, 0x3, 0x8, 0x727, 0x33, 0x8, 0xfffffffd, 0xfffffffffffffffd, 0xfffffffe, 0x401, 0x3, 0xc58, [0x5, 0xa71d, 0x7df5, 0x6, 0x9, 0x0, 0x8000, 0x6, 0x81]}) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 2.734649317s ago: executing program 1 (id=8226): mkdir$auto(&(0x7f0000000100)='./file0\x00', 0x8cd) rmdir$auto(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00') write$auto(0xffffffffffffffff, 0x0, 0xfffffdf1) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x108000) r0 = socket(0xa, 0x801, 0x106) setsockopt$auto(r0, 0x6, 0x24, 0x0, 0x9) select$auto(0x2, &(0x7f0000000300)={[0x3, 0xff, 0x8, 0x7, 0x8, 0x2, 0x26, 0x2, 0xfe2, 0x6, 0xe, 0x7, 0x100000001, 0xffffffff80000001, 0x2, 0x8c]}, 0x0, 0x0, &(0x7f0000000480)={0x9, 0x9}) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x200, 0x4) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(r3, &(0x7f0000002280)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000002200)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48800}, 0x4) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(0xffffffffffffffff, 0xc1004111, &(0x7f0000000380)={0x6, [0x1ff, 0xfff, 0x4], [{0x1, 0xff, 0x1, 0x1}, {0x7, 0x7, 0x1, 0x1}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x80, 0x0, 0x0, 0x1, 0x1}, {0x1ff, 0x7, 0x1, 0x1}, {0x7fff, 0x6, 0x1, 0x0, 0x0, 0x1}, {0x3590, 0x3, 0x1, 0x0, 0x1}, {0x0, 0x20, 0x0, 0x0, 0x1, 0x1}, {0x5d6, 0x7, 0x1, 0x1}, {0x80000000, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x5, 0xdf, 0x1}, {0x2, 0xe, 0x1, 0x1, 0x0, 0x1}], 0x7, 0x4, 0xc, 0x6, 0x200, 0x401, 0xfffffffffffffeff, "88a3e32921c700e8d189a7534ad6f347345887ce689fe346dc02809645f1f9764dec9ad2d83992be6dca670abe2c982f2ab6b63bb60a4bbeaac81d42794f97b1"}) 2.216502591s ago: executing program 0 (id=8227): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) r1 = waitid$auto(0xf739, 0xffffffffffffffff, &(0x7f00000001c0)={@siginfo_0_0={0xe, 0xdf, 0x200, @_timer={0xffffffffffffffff, 0x97fe, @sival_int=0x7, 0x80000001}}}, 0xa8, &(0x7f0000000280)={{0xa59, 0x1fffe00000000}, {0x2, 0x5}, 0x2, 0x9f88, 0xe87, 0x81, 0x0, 0x80, 0x6, 0x1ff, 0x2, 0x70000000, 0x9, 0xb7, 0xf2c, 0x4}) waitid$auto_P_PGID(0x2, r1, 0x0, 0x4, &(0x7f0000000380)={{0x5, 0xf}, {0x5, 0x13}, 0x7, 0x0, 0x1, 0x5, 0x2f9d1553, 0x6fa829e1, 0x3, 0x7, 0xf83b, 0x0, 0x8, 0x8, 0x0, 0xffffffff80000000}) write$auto(r0, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x1a1842, 0x0) r2 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000005c0), 0x56240, 0x0) sendfile$auto(0xffffffffffffffff, r2, 0x0, 0x407ffff000) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/ad_aggregator\x00', 0x80500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000080)=""/28, 0x1c) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x10001) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) r6 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') ioctl$auto(r6, 0x8004a70b, 0x1) write$auto_ocfs2_control_fops_stack_user(r5, &(0x7f0000000100)="fb", 0x1) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/kvm_intel/parameters/vmentry_l1d_flush\x00', 0x82942, 0x0) sendfile$auto(r7, r7, 0x0, 0x200) 2.058020399s ago: executing program 2 (id=8228): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0) ioctl$auto_SOUND_MIXER_READ_RECMASK2(r1, 0x80044dfd, &(0x7f00000014c0)) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) semop$auto(0x38c, &(0x7f0000000040)={0x3, 0x4, 0x10}, 0x4) 1.89184503s ago: executing program 4 (id=8229): keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x9, 0x600, 0x0, 0x75) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001880), r0) sendmsg$auto_NET_SHAPER_CMD_GET2(r0, &(0x7f0000001a80)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f00000019c0)={0x14, r1, 0x301, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0x5, 0x0) r2 = pipe$auto(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) open$dir(&(0x7f0000000000)='./file0\x00', 0x8000, 0x88) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000001040), 0x424000, 0x0) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r3, 0x7cb, 0x0) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/4096, 0x1000) write$auto(0x1, 0x0, 0x80000000) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0xffff, 0x4, 0x3, 0x8) 1.75285681s ago: executing program 0 (id=8230): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0) ioctl$auto_SOUND_MIXER_READ_RECMASK2(r1, 0x80044dfd, &(0x7f00000014c0)) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x8, 0x100000001) 1.090311395s ago: executing program 2 (id=8231): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r2, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000ac0)={0x14, r3, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000804}, 0x8880) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/01.3\x00', 0x40d01, 0x0) 898.07496ms ago: executing program 1 (id=8232): socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 380.602431ms ago: executing program 1 (id=8233): close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x0, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) lseek$auto(0x3, 0x48cb, 0x1) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x2, 0x0) read$auto(r0, 0x0, 0x5) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x305282, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000000100)={0xdd, 0x0, [{0x8ff, 0x4, 0x20000003}]}) 380.420934ms ago: executing program 4 (id=8234): memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x5) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sem\x00', 0xc8202, 0x0) socket(0x18, 0x80000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0xa, 0x9) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001280)='/dev/sequencer2\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 0s ago: executing program 4 (id=8235): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x3, 0x0) ioctl$auto_BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) lseek$auto(0x3, 0xffffffffff800002, 0x10) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) kernel console output (not intermixed with test programs): [ 753.226854][T22215] [U] [ 753.229565][T22215] [U] [ 753.232238][T22215] [U] [ 753.234905][T22215] [U] [ 753.300727][T22215] [U] [ 753.303434][T22215] [U] [ 753.306103][T22215] [U] [ 753.308773][T22215] [U] [ 753.385070][T22228] zero sized request [ 753.455986][T22215] [U] [ 753.458694][T22215] [U] [ 753.461363][T22215] [U] [ 753.464036][T22215] [U] [ 753.554248][T22215] [U] [ 753.580064][T22235] netlink: 318 bytes leftover after parsing attributes in process `syz.0.5697'. [ 755.188483][T22260] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5707'. [ 755.517277][T22273] netlink: 62 bytes leftover after parsing attributes in process `syz.1.5712'. [ 755.825076][T22288] random: crng reseeded on system resumption [ 755.857076][T22290] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5719'. [ 755.908273][T22290] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5719'. [ 756.500032][T22304] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5724'. [ 756.760992][T22313] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5730'. [ 758.070908][T22347] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5740'. [ 758.119436][T22347] netlink: 'syz.2.5740': attribute type 1 has an invalid length. [ 758.176057][T22351] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5742'. [ 758.192210][T22347] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5740'. [ 758.236795][T22351] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 758.301046][T22351] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.258874][T22390] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5754'. [ 760.553515][T22394] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5755'. [ 760.585793][T22394] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 760.641827][T22394] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.946024][ T5830] Bluetooth: hci3: unexpected event 0x09 length: 435 > 3 [ 761.425003][T22416] bond0: no command found in slaves file - use +ifname or -ifname [ 763.181317][T22445] ptp ptp0: delete virtual clock ptp1 [ 763.220282][T22445] ptp ptp0: only physical clock in use now [ 763.885799][T22429] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 764.117323][T22471] netlink: zone id is out of range [ 765.273264][T22515] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5798'. [ 766.511130][T22545] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5811'. [ 767.681821][T22560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5816'. [ 768.407672][T22587] netlink: 50 bytes leftover after parsing attributes in process `syz.2.5823'. [ 771.128243][T22621] netlink: 338 bytes leftover after parsing attributes in process `syz.0.5834'. [ 771.673975][T22625] FAULT_INJECTION: forcing a failure. [ 771.673975][T22625] name failslab, interval 1, probability 0, space 0, times 0 [ 771.724360][T22625] CPU: 0 UID: 0 PID: 22625 Comm: syz.4.5837 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 771.724396][T22625] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 771.724405][T22625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 771.724415][T22625] Call Trace: [ 771.724420][T22625] [ 771.724427][T22625] dump_stack_lvl+0x100/0x190 [ 771.724454][T22625] should_fail_ex.cold+0x5/0xa [ 771.724473][T22625] should_failslab+0xc2/0x120 [ 771.724489][T22625] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 771.724511][T22625] ? __kernfs_new_node+0xd2/0x960 [ 771.724536][T22625] __kernfs_new_node+0xd2/0x960 [ 771.724558][T22625] ? __pfx___kernfs_new_node+0x10/0x10 [ 771.724582][T22625] ? find_held_lock+0x2b/0x80 [ 771.724596][T22625] ? kernfs_root+0xee/0x2a0 [ 771.724614][T22625] ? kernfs_root+0xee/0x2a0 [ 771.724637][T22625] kernfs_new_node+0x11b/0x1a0 [ 771.724661][T22625] __kernfs_create_file+0x53/0x350 [ 771.724680][T22625] sysfs_add_file_mode_ns+0x207/0x3c0 [ 771.724704][T22625] internal_create_group+0x593/0xf40 [ 771.724728][T22625] ? __pfx_internal_create_group+0x10/0x10 [ 771.724752][T22625] ? kernfs_create_link+0x1bd/0x240 [ 771.724771][T22625] internal_create_groups+0x9d/0x150 [ 771.724793][T22625] device_add+0x71a/0x1950 [ 771.724813][T22625] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 771.724836][T22625] ? __pfx_device_add+0x10/0x10 [ 771.724852][T22625] ? lockdep_init_map_type+0x5c/0x250 [ 771.724871][T22625] ? __init_waitqueue_head+0xca/0x150 [ 771.724897][T22625] netdev_register_kobject+0x1a9/0x3d0 [ 771.725039][T22625] register_netdevice+0x12e0/0x2210 [ 771.725066][T22625] ? __pfx_register_netdevice+0x10/0x10 [ 771.725091][T22625] ? __pfx_loopback_net_init+0x10/0x10 [ 771.725143][T22625] register_netdev+0x34/0x50 [ 771.725165][T22625] loopback_net_init+0x7a/0x170 [ 771.725180][T22625] ? __pfx_loopback_net_init+0x10/0x10 [ 771.725195][T22625] ops_init+0x1e2/0x5f0 [ 771.725241][T22625] setup_net+0x118/0x3a0 [ 771.725263][T22625] ? __pfx_setup_net+0x10/0x10 [ 771.725283][T22625] ? lockdep_init_map_type+0x5c/0x250 [ 771.725303][T22625] ? mutex_init_lockep+0x110/0x150 [ 771.725325][T22625] copy_net_ns+0x46f/0x7c0 [ 771.725340][T22625] create_new_namespaces+0x3ea/0xac0 [ 771.725360][T22625] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 771.725378][T22625] ksys_unshare+0x473/0xad0 [ 771.725399][T22625] ? __pfx_ksys_unshare+0x10/0x10 [ 771.725424][T22625] __x64_sys_unshare+0x31/0x40 [ 771.725441][T22625] do_syscall_64+0x106/0xf80 [ 771.725461][T22625] ? clear_bhb_loop+0x40/0x90 [ 771.725480][T22625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.725496][T22625] RIP: 0033:0x7f8a1819c799 [ 771.725510][T22625] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 771.725524][T22625] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 771.725539][T22625] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 771.725549][T22625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 771.725559][T22625] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 771.725568][T22625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.725577][T22625] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 771.725597][T22625] [ 773.876547][T22643] mkiss: ax0: crc mode is auto. [ 774.561388][T22660] FAULT_INJECTION: forcing a failure. [ 774.561388][T22660] name failslab, interval 1, probability 0, space 0, times 0 [ 774.622505][T22660] CPU: 0 UID: 0 PID: 22660 Comm: syz.4.5848 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 774.622543][T22660] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 774.622551][T22660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 774.622561][T22660] Call Trace: [ 774.622567][T22660] [ 774.622573][T22660] dump_stack_lvl+0x100/0x190 [ 774.622601][T22660] should_fail_ex.cold+0x5/0xa [ 774.622619][T22660] should_failslab+0xc2/0x120 [ 774.622635][T22660] __kmalloc_cache_noprof+0x7a/0x6f0 [ 774.622654][T22660] ? cec_open+0xdb/0x690 [ 774.622791][T22660] ? __lock_acquire+0x4a5/0x2630 [ 774.622812][T22660] cec_open+0xdb/0x690 [ 774.622833][T22660] ? __pfx_cec_open+0x10/0x10 [ 774.622854][T22660] ? kobject_get_unless_zero+0x156/0x200 [ 774.622877][T22660] ? find_held_lock+0x2b/0x80 [ 774.622890][T22660] ? chrdev_open+0x10b/0x6a0 [ 774.622904][T22660] ? chrdev_open+0x10b/0x6a0 [ 774.622921][T22660] ? __pfx_cec_open+0x10/0x10 [ 774.622939][T22660] chrdev_open+0x234/0x6a0 [ 774.622954][T22660] ? __pfx_apparmor_file_open+0x10/0x10 [ 774.622977][T22660] ? __pfx_chrdev_open+0x10/0x10 [ 774.622992][T22660] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 774.623012][T22660] do_dentry_open+0x6d8/0x1660 [ 774.623026][T22660] ? __pfx_chrdev_open+0x10/0x10 [ 774.623045][T22660] vfs_open+0x82/0x3f0 [ 774.623067][T22660] path_openat+0x208c/0x31a0 [ 774.623088][T22660] ? __pfx_path_openat+0x10/0x10 [ 774.623109][T22660] do_file_open+0x20e/0x430 [ 774.623125][T22660] ? __pfx_do_file_open+0x10/0x10 [ 774.623153][T22660] ? alloc_fd+0x476/0x790 [ 774.623169][T22660] ? do_getname+0x191/0x390 [ 774.623188][T22660] do_sys_openat2+0x10d/0x1e0 [ 774.623206][T22660] ? __pfx_do_sys_openat2+0x10/0x10 [ 774.623226][T22660] ? __fget_files+0x21f/0x3d0 [ 774.623243][T22660] __x64_sys_openat+0x12d/0x210 [ 774.623262][T22660] ? __pfx___x64_sys_openat+0x10/0x10 [ 774.623288][T22660] do_syscall_64+0x106/0xf80 [ 774.623308][T22660] ? clear_bhb_loop+0x40/0x90 [ 774.623326][T22660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 774.623342][T22660] RIP: 0033:0x7f8a1819c799 [ 774.623357][T22660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 774.623371][T22660] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 774.623386][T22660] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 774.623396][T22660] RDX: 0000000000101901 RSI: 0000200000002c00 RDI: ffffffffffffff9c [ 774.623405][T22660] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 774.623414][T22660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 774.623423][T22660] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 774.623443][T22660] [ 775.844951][T22674] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5856'. [ 775.875210][T22674] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5856'. [ 776.022274][T22679] netlink: 'syz.2.5857': attribute type 27 has an invalid length. [ 776.062815][T22679] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5857'. [ 777.645804][T22710] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5870'. [ 777.802853][T22712] FAULT_INJECTION: forcing a failure. [ 777.802853][T22712] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 777.845644][T22712] CPU: 0 UID: 0 PID: 22712 Comm: syz.4.5871 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 777.845681][T22712] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 777.845689][T22712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 777.845699][T22712] Call Trace: [ 777.845704][T22712] [ 777.845710][T22712] dump_stack_lvl+0x100/0x190 [ 777.845739][T22712] should_fail_ex.cold+0x5/0xa [ 777.845755][T22712] ? prepare_alloc_pages+0x16d/0x5f0 [ 777.845774][T22712] should_fail_alloc_page+0xeb/0x140 [ 777.845790][T22712] prepare_alloc_pages+0x1f0/0x5f0 [ 777.845810][T22712] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 777.845836][T22712] ? __lock_acquire+0x4a5/0x2630 [ 777.845859][T22712] ? __lock_acquire+0x4a5/0x2630 [ 777.845877][T22712] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 777.845908][T22712] ? set_next_entity+0x11e/0x9c0 [ 777.845930][T22712] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 777.845956][T22712] ? policy_nodemask+0xed/0x4f0 [ 777.845973][T22712] alloc_pages_mpol+0x1fb/0x550 [ 777.845989][T22712] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 777.846005][T22712] ? lock_acquire+0x1cf/0x380 [ 777.846025][T22712] folio_alloc_mpol_noprof+0x36/0x340 [ 777.846044][T22712] shmem_alloc_folio+0x135/0x160 [ 777.846063][T22712] shmem_alloc_and_add_folio+0x371/0xd40 [ 777.846088][T22712] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 777.846111][T22712] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 777.846137][T22712] shmem_get_folio_gfp+0x6ab/0x1900 [ 777.846170][T22712] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 777.846197][T22712] shmem_write_begin+0x1a4/0x420 [ 777.846226][T22712] ? __pfx_shmem_write_begin+0x10/0x10 [ 777.846249][T22712] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 777.846266][T22712] ? __mark_inode_dirty+0xff5/0x1790 [ 777.846288][T22712] generic_perform_write+0x292/0xa40 [ 777.846315][T22712] ? __pfx_generic_perform_write+0x10/0x10 [ 777.846334][T22712] ? __mark_inode_dirty+0x55c/0x1790 [ 777.846355][T22712] ? mnt_put_write_access_file+0x4e/0x100 [ 777.846377][T22712] ? file_update_time_flags+0x373/0x500 [ 777.846399][T22712] shmem_file_write_iter+0x10e/0x140 [ 777.846416][T22712] vfs_write+0x6ac/0x1070 [ 777.846440][T22712] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 777.846458][T22712] ? __pfx_vfs_write+0x10/0x10 [ 777.846492][T22712] ksys_write+0x12a/0x250 [ 777.846505][T22712] ? __pfx_ksys_write+0x10/0x10 [ 777.846524][T22712] do_syscall_64+0x106/0xf80 [ 777.846544][T22712] ? clear_bhb_loop+0x40/0x90 [ 777.846562][T22712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 777.846577][T22712] RIP: 0033:0x7f8a1819c799 [ 777.846591][T22712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 777.846605][T22712] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 777.846619][T22712] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 777.846632][T22712] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 777.846640][T22712] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 777.846650][T22712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 777.846658][T22712] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 777.846679][T22712] [ 779.207770][T22723] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5875'. [ 779.362016][T22723] team0 (unregistering): Port device team_slave_0 removed [ 779.461853][T22723] team0 (unregistering): Port device team_slave_1 removed [ 780.554711][T22751] netlink: 'syz.2.5884': attribute type 33 has an invalid length. [ 780.795796][T22759] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5885'. [ 780.885696][T22759] team_slave_0: entered allmulticast mode [ 781.209777][T22765] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5888'. [ 781.308884][T22765]  (unregistering): Port device team_slave_0 removed [ 781.333162][T22765]  (unregistering): Port device team_slave_1 removed [ 782.695784][T22796] netlink: 54 bytes leftover after parsing attributes in process `syz.2.5901'. [ 782.738912][T22798] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5899'. [ 782.865612][T22798] team0 (unregistering): Port device team_slave_0 removed [ 782.969507][T22798] team0 (unregistering): Port device team_slave_1 removed [ 784.019402][T22828] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5909'. [ 785.032795][T22846] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5915'. [ 785.243981][T22846] team0 (unregistering): Port device team_slave_0 removed [ 785.317678][T22846] team0 (unregistering): Port device team_slave_1 removed [ 787.249916][T22887] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5928'. [ 789.909192][T22928] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 790.520251][T22935] FAULT_INJECTION: forcing a failure. [ 790.520251][T22935] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 790.764232][T22935] CPU: 0 UID: 0 PID: 22935 Comm: syz.4.5942 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 790.764270][T22935] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 790.764280][T22935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 790.764290][T22935] Call Trace: [ 790.764295][T22935] [ 790.764302][T22935] dump_stack_lvl+0x100/0x190 [ 790.764329][T22935] should_fail_ex.cold+0x5/0xa [ 790.764345][T22935] ? prepare_alloc_pages+0x16d/0x5f0 [ 790.764363][T22935] should_fail_alloc_page+0xeb/0x140 [ 790.764380][T22935] prepare_alloc_pages+0x1f0/0x5f0 [ 790.764400][T22935] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 790.764426][T22935] ? mas_next_slot+0x1003/0x18b0 [ 790.764453][T22935] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 790.764474][T22935] ? validate_mm+0x261/0x4e0 [ 790.764496][T22935] ? mas_prev_slot+0x67b/0x1c10 [ 790.764524][T22935] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 790.764550][T22935] ? policy_nodemask+0xed/0x4f0 [ 790.764566][T22935] alloc_pages_mpol+0x1fb/0x550 [ 790.764582][T22935] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 790.764603][T22935] alloc_pages_noprof+0x131/0x390 [ 790.764620][T22935] __pmd_alloc+0x3b/0x950 [ 790.764640][T22935] __handle_mm_fault+0xa99/0x2b60 [ 790.764662][T22935] ? mt_find+0x45e/0x8e0 [ 790.764683][T22935] ? __pfx___handle_mm_fault+0x10/0x10 [ 790.764701][T22935] ? __pfx_mt_find+0x10/0x10 [ 790.764736][T22935] handle_mm_fault+0x36d/0xa20 [ 790.764759][T22935] __get_user_pages+0xf9c/0x34d0 [ 790.764783][T22935] ? __pfx___get_user_pages+0x10/0x10 [ 790.764804][T22935] populate_vma_page_range+0x267/0x3f0 [ 790.764823][T22935] ? __pfx_populate_vma_page_range+0x10/0x10 [ 790.764840][T22935] ? __pfx_find_vma_intersection+0x10/0x10 [ 790.764856][T22935] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 790.764880][T22935] __mm_populate+0x107/0x3a0 [ 790.764897][T22935] ? __pfx___mm_populate+0x10/0x10 [ 790.764916][T22935] ? up_write+0x290/0x4f0 [ 790.764938][T22935] do_mlock+0x3f0/0x7f0 [ 790.764961][T22935] ? __pfx_do_mlock+0x10/0x10 [ 790.764979][T22935] ? __x64_sys_futex+0x34f/0x4d0 [ 790.764997][T22935] ? __x64_sys_futex+0x358/0x4d0 [ 790.765017][T22935] ? xfd_validate_state+0x129/0x190 [ 790.765051][T22935] __x64_sys_mlock+0x59/0x80 [ 790.765074][T22935] do_syscall_64+0x106/0xf80 [ 790.765094][T22935] ? clear_bhb_loop+0x40/0x90 [ 790.765113][T22935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.765128][T22935] RIP: 0033:0x7f8a1819c799 [ 790.765142][T22935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 790.765156][T22935] RSP: 002b:00007f8a163d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 790.765171][T22935] RAX: ffffffffffffffda RBX: 00007f8a18416090 RCX: 00007f8a1819c799 [ 790.765181][T22935] RDX: 0000000000000000 RSI: 0000000000080006 RDI: 0000000000000112 [ 790.765190][T22935] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 790.765199][T22935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.765209][T22935] R13: 00007f8a18416128 R14: 00007f8a18416090 R15: 00007ffcdd5e1c78 [ 790.765229][T22935] [ 791.742796][T22937] netlink: 'syz.2.5946': attribute type 1 has an invalid length. [ 791.802793][T22937] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5946'. [ 793.205408][T22952] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5951'. [ 793.569024][T22958] sp0: Synchronizing with TNC [ 795.796289][T22986] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5962'. [ 795.944274][T22986] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5962'. [ 796.520425][T22999] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5966'. [ 796.963376][T23003] mkiss: ax0: crc mode is auto. [ 799.170374][T23035] netlink: 186 bytes leftover after parsing attributes in process `syz.2.5980'. [ 805.530887][ T5830] Bluetooth: hci1: unexpected subevent 0x01 length: 3 < 18 [ 805.949312][T23116] vivid-007: ================= START STATUS ================= [ 805.987473][T23116] vivid-007: Enable Output Cropping: true grabbed [ 806.021816][T23116] vivid-007: Enable Output Composing: true grabbed [ 806.028348][T23116] vivid-007: Enable Output Scaler: true grabbed [ 806.122717][T23116] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 806.173570][T23116] vivid-007: Transmit Mode: HDMI grabbed [ 806.210168][T23116] vivid-007: Hotplug Present: 0x00000000 [ 806.251037][T23116] vivid-007: RxSense Present: 0x00000000 [ 806.278325][T23116] vivid-007: EDID Present: 0x00000000 [ 806.307370][T23116] vivid-007: ================== END STATUS ================== [ 806.316180][T23122] ubi3: attaching mtd1 [ 806.406437][ T5830] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 806.414910][ T5830] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 807.528204][T23152] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6021'. [ 807.560696][T23152] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6021'. [ 807.605095][T23154] netlink: 306 bytes leftover after parsing attributes in process `syz.2.6022'. [ 808.636573][T23183] netlink: 'syz.1.6032': attribute type 19 has an invalid length. [ 808.672381][T23183] netlink: 226 bytes leftover after parsing attributes in process `syz.1.6032'. [ 808.834213][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.840602][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.620458][T23235] netlink: 'syz.4.6049': attribute type 10 has an invalid length. [ 810.674933][T23235] netlink: 230 bytes leftover after parsing attributes in process `syz.4.6049'. [ 810.753247][T23235] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 811.459710][T23249] netlink: 'syz.1.6055': attribute type 10 has an invalid length. [ 811.490193][T23249] netlink: 230 bytes leftover after parsing attributes in process `syz.1.6055'. [ 811.881409][T23254] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 813.049123][T23280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6064'. [ 813.175095][T23280] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6064'. [ 813.443925][T23290] netlink: 13 bytes leftover after parsing attributes in process `syz.2.6067'. [ 813.559192][T23294] netlink: 62 bytes leftover after parsing attributes in process `syz.0.6068'. [ 813.861129][T23301] sp0: Synchronizing with TNC [ 814.200994][T23310] netlink: 146 bytes leftover after parsing attributes in process `syz.0.6073'. [ 816.385107][T23355] ubi3: attaching mtd1 [ 817.272813][T23372] zswap: compressor not available [ 817.583572][T23386] netlink: 252 bytes leftover after parsing attributes in process `syz.4.6095'. [ 817.726186][T23389] netlink: 252 bytes leftover after parsing attributes in process `syz.4.6095'. [ 819.311759][T23419] netlink: 'syz.4.6104': attribute type 28 has an invalid length. [ 819.377522][T23419] netlink: 'syz.4.6104': attribute type 3 has an invalid length. [ 819.425832][T23419] netlink: 306 bytes leftover after parsing attributes in process `syz.4.6104'. [ 820.537894][T23435] ima: policy update failed [ 820.557059][ T29] audit: type=1802 audit(1773498246.614:14): pid=23435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.6109" res=0 errno=0 [ 822.258269][T23487] netlink: 50 bytes leftover after parsing attributes in process `syz.4.6124'. [ 822.291849][ T5830] Bluetooth: hci2: Malformed LE Event: 0x1b [ 822.447282][T23498] binder: 23497:23498 ioctl c0306201 0 returned -14 [ 823.180535][T23509] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6131'. [ 823.987343][T23526] zswap: compressor not available [ 826.415741][T23583] zswap: compressor not available [ 826.767456][T23596] netlink: 'syz.1.6155': attribute type 15 has an invalid length. [ 826.819687][T23596] netlink: 'syz.1.6155': attribute type 16 has an invalid length. [ 826.889318][T23596] netlink: 194 bytes leftover after parsing attributes in process `syz.1.6155'. [ 827.547013][T23611] FAULT_INJECTION: forcing a failure. [ 827.547013][T23611] name failslab, interval 1, probability 0, space 0, times 0 [ 827.605129][T23611] CPU: 0 UID: 0 PID: 23611 Comm: syz.4.6161 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 827.605164][T23611] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 827.605173][T23611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 827.605182][T23611] Call Trace: [ 827.605188][T23611] [ 827.605194][T23611] dump_stack_lvl+0x100/0x190 [ 827.605222][T23611] should_fail_ex.cold+0x5/0xa [ 827.605241][T23611] should_failslab+0xc2/0x120 [ 827.605256][T23611] __kmalloc_cache_noprof+0x7a/0x6f0 [ 827.605275][T23611] ? call_usermodehelper_setup+0xaf/0x360 [ 827.605300][T23611] ? __pfx_free_modprobe_argv+0x10/0x10 [ 827.605321][T23611] call_usermodehelper_setup+0xaf/0x360 [ 827.605346][T23611] __request_module+0x3c7/0x6c0 [ 827.605366][T23611] ? __pfx___request_module+0x10/0x10 [ 827.605391][T23611] ? __get_fs_type+0x12c/0x170 [ 827.605406][T23611] ? __get_fs_type+0x12c/0x170 [ 827.605437][T23611] get_fs_type+0xd7/0x190 [ 827.605455][T23611] __x64_sys_fsopen+0xca/0x220 [ 827.605475][T23611] do_syscall_64+0x106/0xf80 [ 827.605495][T23611] ? clear_bhb_loop+0x40/0x90 [ 827.605512][T23611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.605527][T23611] RIP: 0033:0x7f8a1819c799 [ 827.605540][T23611] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 827.605555][T23611] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 827.605570][T23611] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 827.605579][T23611] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 827.605588][T23611] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 827.605596][T23611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 827.605605][T23611] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 827.605625][T23611] [ 828.088971][T23618] netlink: 186 bytes leftover after parsing attributes in process `syz.1.6162'. [ 830.487817][T23662] netlink: 504 bytes leftover after parsing attributes in process `syz.2.6175'. [ 833.023066][T23708] netlink: 354 bytes leftover after parsing attributes in process `syz.1.6191'. [ 833.908910][T23722] Invalid ELF header magic: != ELF [ 834.279799][T23728] netlink: 'syz.0.6198': attribute type 10 has an invalid length. [ 834.316986][T23728] netlink: 'syz.0.6198': attribute type 13 has an invalid length. [ 834.958028][T23744] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 834.989253][T23744] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 835.418012][T23751] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 837.349775][T23780] zswap: compressor  not available [ 837.375756][T23787] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 838.059283][T23806] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6222'. [ 838.357853][T23812] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6226'. [ 838.583528][T23819] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6228'. [ 838.766283][T23816] zswap: compressor not available [ 842.786673][T23907] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6254'. [ 842.869679][T23907] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6254'. [ 843.303659][T23915] FAULT_INJECTION: forcing a failure. [ 843.303659][T23915] name failslab, interval 1, probability 0, space 0, times 0 [ 843.335110][T23915] CPU: 0 UID: 0 PID: 23915 Comm: syz.4.6257 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 843.335148][T23915] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 843.335156][T23915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 843.335165][T23915] Call Trace: [ 843.335171][T23915] [ 843.335177][T23915] dump_stack_lvl+0x100/0x190 [ 843.335206][T23915] should_fail_ex.cold+0x5/0xa [ 843.335227][T23915] should_failslab+0xc2/0x120 [ 843.335244][T23915] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 843.335266][T23915] ? __kernfs_new_node+0xd2/0x960 [ 843.335291][T23915] __kernfs_new_node+0xd2/0x960 [ 843.335314][T23915] ? __pfx___kernfs_new_node+0x10/0x10 [ 843.335338][T23915] ? find_held_lock+0x2b/0x80 [ 843.335354][T23915] ? kernfs_root+0xee/0x2a0 [ 843.335373][T23915] ? kernfs_root+0xee/0x2a0 [ 843.335396][T23915] kernfs_new_node+0x11b/0x1a0 [ 843.335421][T23915] __kernfs_create_file+0x53/0x350 [ 843.335440][T23915] sysfs_add_file_mode_ns+0x207/0x3c0 [ 843.335464][T23915] internal_create_group+0x593/0xf40 [ 843.335489][T23915] ? __pfx_internal_create_group+0x10/0x10 [ 843.335517][T23915] sysfs_slab_add+0x1a4/0x1f0 [ 843.335533][T23915] do_kmem_cache_create+0x472/0x540 [ 843.335551][T23915] __kmem_cache_create_args+0x386/0x420 [ 843.335574][T23915] mon_text_open+0x333/0x510 [ 843.335689][T23915] ? __pfx_mon_text_open+0x10/0x10 [ 843.335706][T23915] ? __pfx_mon_text_ctor+0x10/0x10 [ 843.335750][T23915] ? find_held_lock+0x2b/0x80 [ 843.335765][T23915] ? __pfx_apparmor_file_open+0x10/0x10 [ 843.335788][T23915] ? lockdown_is_locked_down+0x3d/0x140 [ 843.335810][T23915] ? bpf_lsm_locked_down+0x9/0x10 [ 843.335828][T23915] ? __pfx_mon_text_open+0x10/0x10 [ 843.335841][T23915] full_proxy_open_regular+0x1b6/0x370 [ 843.335933][T23915] do_dentry_open+0x6d8/0x1660 [ 843.335949][T23915] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 843.335976][T23915] vfs_open+0x82/0x3f0 [ 843.335997][T23915] path_openat+0x208c/0x31a0 [ 843.336019][T23915] ? __pfx_path_openat+0x10/0x10 [ 843.336041][T23915] do_file_open+0x20e/0x430 [ 843.336057][T23915] ? __pfx_do_file_open+0x10/0x10 [ 843.336086][T23915] ? alloc_fd+0x476/0x790 [ 843.336103][T23915] ? do_getname+0x191/0x390 [ 843.336122][T23915] do_sys_openat2+0x10d/0x1e0 [ 843.336140][T23915] ? __pfx_do_sys_openat2+0x10/0x10 [ 843.336166][T23915] __x64_sys_openat+0x12d/0x210 [ 843.336185][T23915] ? __pfx___x64_sys_openat+0x10/0x10 [ 843.336212][T23915] do_syscall_64+0x106/0xf80 [ 843.336234][T23915] ? clear_bhb_loop+0x40/0x90 [ 843.336252][T23915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.336268][T23915] RIP: 0033:0x7f8a1819c799 [ 843.336282][T23915] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 843.336297][T23915] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 843.336311][T23915] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 843.336321][T23915] RDX: 0000000000022202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 843.336330][T23915] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 843.336339][T23915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 843.336348][T23915] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 843.336369][T23915] [ 843.338393][T23915] SLUB: Unable to add cache mon_text_ffff88802ae73400 to sysfs [ 845.790937][T23957] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6273'. [ 845.824772][T23961] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6274'. [ 846.284484][T23974] zswap: compressor not available [ 847.116338][T23991] netlink: 246 bytes leftover after parsing attributes in process `syz.1.6281'. [ 849.084913][ T29] audit: type=1326 audit(4294967335.570:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24027 comm="syz.1.6292" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3afa39c799 code=0x0 [ 849.696745][T24039] netlink: 'syz.2.6296': attribute type 21 has an invalid length. [ 849.736226][T24041] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6298'. [ 849.784628][T24039] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6296'. [ 849.967094][T24045] netlink: 'syz.0.6307': attribute type 4 has an invalid length. [ 850.025623][T24045] netlink: 'syz.0.6307': attribute type 32 has an invalid length. [ 850.065960][T24045] netlink: 46 bytes leftover after parsing attributes in process `syz.0.6307'. [ 850.447647][T24056] netlink: 54 bytes leftover after parsing attributes in process `syz.1.6301'. [ 850.756021][T24058] binder: BINDER_SET_CONTEXT_MGR already set [ 850.806061][T24058] binder: 24057:24058 ioctl 4018620d 2000000027c0 returned -16 [ 850.984170][T24067] zswap: compressor not available [ 851.214697][T24071] zswap: compressor not available [ 852.789526][T24113] input: 00 [ 852.789526][T24113] as /devices/virtual/input/input16 [ 854.024991][T24142] program syz.4.6329 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 855.921016][T24176] netlink: 186 bytes leftover after parsing attributes in process `syz.2.6337'. [ 855.970351][T24176] netlink: 186 bytes leftover after parsing attributes in process `syz.2.6337'. [ 856.177311][T24190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6340'. [ 856.231261][T24190] netlink: 13 bytes leftover after parsing attributes in process `syz.0.6340'. [ 856.415565][T24195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6342'. [ 856.452823][T24195] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6342'. [ 856.910618][T24182] kexec: Could not allocate control_code_buffer [ 857.298370][T24211] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6348'. [ 857.365528][T24211] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6348'. [ 857.433581][T24214] netlink: 290 bytes leftover after parsing attributes in process `syz.4.6348'. [ 857.616884][T24216] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6349'. [ 857.700312][T24216] netlink: 'syz.2.6349': attribute type 1 has an invalid length. [ 862.773556][T24335] __nla_validate_parse: 2 callbacks suppressed [ 862.773572][T24335] netlink: 13 bytes leftover after parsing attributes in process `syz.2.6389'. [ 867.440051][T24407] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6410'. [ 868.103115][T24419] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 868.488963][T24419] File: /dev/nullb0 PID: 24419 Comm: syz.1.6411 [ 868.507785][T24428] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6415'. [ 869.980725][T24445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6420'. [ 870.283619][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.290077][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.661193][T24460] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6423'. [ 873.472948][T24507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6437'. [ 873.511142][T24503] ptp ptp0: only physical clock in use now [ 873.522553][T24507] netlink: 'syz.2.6437': attribute type 1 has an invalid length. [ 873.564615][T24507] netlink: 13 bytes leftover after parsing attributes in process `syz.2.6437'. [ 873.833220][T24511] zswap: compressor  not available [ 875.549692][T24556] netlink: 186 bytes leftover after parsing attributes in process `syz.2.6453'. [ 876.860444][T24582] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 876.956061][T24580] zswap: compressor not available [ 877.284956][T24598] netlink: 13 bytes leftover after parsing attributes in process `syz.0.6463'. [ 877.324203][T24592] zswap: compressor not available [ 877.708879][ T5830] Bluetooth: hci3: Malformed Event: 0x02 [ 879.187770][T24630] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6469'. [ 879.510199][T24640] sg_read: process 4160 (syz.2.6471) changed security contexts after opening file descriptor, this is not allowed. [ 879.573962][T24641] netlink: 62 bytes leftover after parsing attributes in process `syz.4.6472'. [ 880.072628][T24654] netlink: 'syz.4.6475': attribute type 16 has an invalid length. [ 880.178118][T24654] netlink: 294 bytes leftover after parsing attributes in process `syz.4.6475'. [ 880.926462][ T29] audit: type=1326 audit(4294967367.410:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24671 comm="syz.2.6479" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdf5b59c799 code=0x0 [ 881.702800][ T5830] Bluetooth: hci2: ACL packet too small [ 881.988928][T24706] device-mapper: ioctl: name not supplied when creating device [ 882.391164][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802f98f000: rx timeout, send abort [ 882.899401][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802f98f000: abort rx timeout. Force session deactivation [ 883.020504][T24714] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6485'. [ 883.083906][T24714] netlink: 25 bytes leftover after parsing attributes in process `syz.2.6485'. [ 883.310003][T24719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6486'. [ 883.526326][T24723] FAULT_INJECTION: forcing a failure. [ 883.526326][T24723] name failslab, interval 1, probability 0, space 0, times 0 [ 883.575335][T24723] CPU: 0 UID: 0 PID: 24723 Comm: syz.4.6488 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 883.575374][T24723] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 883.575383][T24723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 883.575393][T24723] Call Trace: [ 883.575398][T24723] [ 883.575404][T24723] dump_stack_lvl+0x100/0x190 [ 883.575434][T24723] should_fail_ex.cold+0x5/0xa [ 883.575452][T24723] should_failslab+0xc2/0x120 [ 883.575468][T24723] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 883.575495][T24723] ? can_rx_register+0x582/0x6f0 [ 883.575610][T24723] can_rx_register+0x582/0x6f0 [ 883.575627][T24723] ? __pfx_raw_rcv+0x10/0x10 [ 883.575673][T24723] ? __pfx_can_rx_register+0x10/0x10 [ 883.575699][T24723] raw_enable_filters+0xe0/0x210 [ 883.575724][T24723] raw_enable_allfilters+0x8b/0x2b0 [ 883.575744][T24723] ? __local_bh_enable_ip+0x9e/0x120 [ 883.575764][T24723] raw_bind+0x1bd/0xdf0 [ 883.575783][T24723] ? apparmor_socket_bind+0x105/0x1e0 [ 883.575808][T24723] __sys_bind+0x1a9/0x260 [ 883.575829][T24723] ? __pfx___sys_bind+0x10/0x10 [ 883.575859][T24723] __x64_sys_bind+0x72/0xb0 [ 883.575874][T24723] ? lockdep_hardirqs_on+0x78/0x100 [ 883.575894][T24723] do_syscall_64+0x106/0xf80 [ 883.575913][T24723] ? clear_bhb_loop+0x40/0x90 [ 883.575931][T24723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.575946][T24723] RIP: 0033:0x7f8a1819c799 [ 883.575960][T24723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 883.575975][T24723] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 883.575990][T24723] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 883.576000][T24723] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 883.576009][T24723] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 883.576018][T24723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 883.576027][T24723] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 883.576048][T24723] [ 884.853829][T24745] queue_state_write: unsupported operation '' [ 884.896277][T24745] queue_state_write: use 'run', 'start' or 'kick' [ 885.514803][ T5830] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 886.658640][T24789] netlink: 'syz.2.6508': attribute type 5 has an invalid length. [ 886.731172][T24789] netlink: 'syz.2.6508': attribute type 1 has an invalid length. [ 886.766802][T24789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6508'. [ 886.809517][T24792] netlink: 'syz.2.6508': attribute type 5 has an invalid length. [ 886.846313][T24792] netlink: 'syz.2.6508': attribute type 1 has an invalid length. [ 886.898979][T24792] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6508'. [ 887.712491][T24820] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6519'. [ 887.785502][T24820] hsr_slave_0 (unregistering): left promiscuous mode [ 889.948991][T24875] netlink: 226 bytes leftover after parsing attributes in process `syz.2.6536'. [ 890.041561][T24870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6535'. [ 890.078581][T24870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6535'. [ 891.106153][T24896] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6542'. [ 891.136349][T24896] batadv0: left allmulticast mode [ 891.155212][T24896] batadv0: left promiscuous mode [ 891.174629][T24896] bridge0: port 3(batadv0) entered disabled state [ 891.214962][T24896] bridge_slave_1: left allmulticast mode [ 891.229107][T24896] bridge_slave_1: left promiscuous mode [ 891.254782][T24896] bridge0: port 2(bridge_slave_1) entered disabled state [ 891.290692][T24896] bridge_slave_0: left allmulticast mode [ 891.298626][T24896] bridge_slave_0: left promiscuous mode [ 891.316775][T24896] bridge0: port 1(bridge_slave_0) entered disabled state [ 891.778487][T24908] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6546'. [ 892.120361][ T5830] Bluetooth: hci1: unexpected event 0x1d length: 6 > 5 [ 892.484365][T24920] netlink: 202 bytes leftover after parsing attributes in process `syz.2.6550'. [ 894.007988][ T5830] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 894.193607][T24954] kvm: vcpu 4: requested lapic timer restore with starting count register 0x390=4294967104 (137438947328 ns) > initial count (6624 ns). Using initial count to start timer. [ 896.372331][T24979] netlink: 54 bytes leftover after parsing attributes in process `syz.2.6567'. [ 898.803517][T25012] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6576'. [ 899.314645][T25016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6577'. [ 899.422374][T25022] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6577'. [ 900.471670][T25032] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6583'. [ 900.546695][T25034] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6583'. [ 901.472182][ T5830] Bluetooth: hci3: ACL packet too small [ 903.745504][T25093] netlink: 'syz.2.6605': attribute type 27 has an invalid length. [ 903.801187][T25093] netlink: 'syz.2.6605': attribute type 28 has an invalid length. [ 903.880412][T25093] netlink: 'syz.2.6605': attribute type 29 has an invalid length. [ 903.942158][T25093] netlink: 'syz.2.6605': attribute type 30 has an invalid length. [ 904.008920][T25093] netlink: 'syz.2.6605': attribute type 31 has an invalid length. [ 904.080269][T25093] netlink: 'syz.2.6605': attribute type 32 has an invalid length. [ 904.139115][T25093] netlink: 'syz.2.6605': attribute type 33 has an invalid length. [ 904.210959][T25093] netlink: 'syz.2.6605': attribute type 35 has an invalid length. [ 904.277381][T25093] netlink: 'syz.2.6605': attribute type 37 has an invalid length. [ 904.354124][T25093] netlink: 'syz.2.6605': attribute type 39 has an invalid length. [ 904.405869][T25093] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6605'. [ 907.919059][T25145] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 907.919084][T25145] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 907.934122][T25145] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 907.934175][T25145] Bluetooth: hci1: adv larger than maximum supported [ 907.943226][T25145] Bluetooth: hci1: adv larger than maximum supported [ 907.950089][T25145] Bluetooth: hci1: Malformed LE Event: 0x0d [ 908.842722][ T5830] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 910.310053][T25206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6634'. [ 910.370877][T25206] netlink: 354 bytes leftover after parsing attributes in process `syz.2.6634'. [ 911.065533][ T5830] Bluetooth: hci1: unexpected subevent 0x03 length: 253 > 9 [ 912.444493][T25254] [U] [ 912.447297][T25254] [U] [ 912.449969][T25254] [U] [ 912.452643][T25254] [U] [ 912.531441][T25254] [U] [ 912.534181][T25254] [U] [ 912.536897][T25254] [U] [ 912.539564][T25254] [U] [ 912.607606][T25254] [U] [ 912.610339][T25254] [U] [ 912.613034][T25254] [U] [ 912.615719][T25254] [U] [ 912.680473][T25254] [U] [ 913.239013][T25261] cougar: G6 mapped to space [ 913.964052][ T5830] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 916.078392][ T5830] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 916.860654][ T5830] Bluetooth: hci2: unexpected subevent 0x03 length: 253 > 9 [ 919.729568][ T5830] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 920.088206][T25366] netlink: 294 bytes leftover after parsing attributes in process `syz.1.6673'. [ 921.179184][T25394] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6681'. [ 921.241703][ T5830] Bluetooth: hci0: unexpected subevent 0x03 length: 253 > 9 [ 921.674571][T25406] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6687'. [ 922.034296][T25417] netlink: 354 bytes leftover after parsing attributes in process `syz.1.6688'. [ 922.149032][T25412] zswap: compressor not available [ 923.498556][T25443] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6697'. [ 923.747194][T25445] netlink: 252 bytes leftover after parsing attributes in process `syz.0.6698'. [ 923.853692][T25450] netlink: 252 bytes leftover after parsing attributes in process `syz.0.6698'. [ 924.134612][T25458] validate_nla: 1 callbacks suppressed [ 924.134626][T25458] netlink: 'syz.1.6710': attribute type 1 has an invalid length. [ 924.201834][T25458] netlink: 'syz.1.6710': attribute type 2 has an invalid length. [ 924.240456][T25458] netlink: 294 bytes leftover after parsing attributes in process `syz.1.6710'. [ 924.481633][T25471] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6706'. [ 924.522498][T25471] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6706'. [ 925.385990][T25496] __nla_validate_parse: 3 callbacks suppressed [ 925.386005][T25496] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6714'. [ 926.012693][T25508] netlink: 186 bytes leftover after parsing attributes in process `syz.0.6720'. [ 926.778234][T25522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6726'. [ 926.811542][T25522] netlink: 354 bytes leftover after parsing attributes in process `syz.2.6726'. [ 927.089423][T25529] HfR: entered promiscuous mode [ 927.130526][T25529] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6728'. [ 927.192829][T25529] HfR: left promiscuous mode [ 927.226355][ T5830] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 927.226381][ T5830] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 927.241473][ T5830] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 927.241518][ T5830] Bluetooth: hci2: adv larger than maximum supported [ 927.248781][ T5830] Bluetooth: hci2: adv larger than maximum supported [ 927.256383][ T5830] Bluetooth: hci2: Malformed LE Event: 0x0d [ 927.701428][T25541] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6731'. [ 927.755789][T25545] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6732'. [ 928.836332][T25567] netlink: 306 bytes leftover after parsing attributes in process `syz.2.6742'. [ 930.649281][T25592] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6747'. [ 931.724638][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.735676][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.458965][T25663] zswap: compressor not available [ 934.917365][T25691] netlink: 186 bytes leftover after parsing attributes in process `syz.0.6778'. [ 936.159473][T25702] netlink: 306 bytes leftover after parsing attributes in process `syz.4.6781'. [ 937.040865][ T5830] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 938.139112][T25734] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6798'. [ 938.298717][T25741] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6792'. [ 939.566992][T25770] futex_wake_op: syz.2.6800 tries to shift op by -2048; fix this program [ 939.662852][T25772] misc userio: No port type given on /dev/userio [ 939.693203][T25770] futex_wake_op: syz.2.6800 tries to shift op by -2048; fix this program [ 941.489801][T25807] [U] ^\ [ 943.917214][T25852] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6825'. [ 944.609651][T25880] HfR: entered promiscuous mode [ 944.745958][T25880] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6834'. [ 944.767267][T25886] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6836'. [ 944.898381][T25880] HfR: left promiscuous mode [ 945.053908][T25893] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6838'. [ 945.096988][T25893] unsupported nlmsg_type 40 [ 946.299089][T25911] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6842'. [ 946.350779][T25907] netlink: 17 bytes leftover after parsing attributes in process `syz.1.6842'. [ 946.840036][ T5830] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 949.375292][T25951] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6852'. [ 950.379679][T25963] FAULT_INJECTION: forcing a failure. [ 950.379679][T25963] name failslab, interval 1, probability 0, space 0, times 0 [ 950.843264][T25963] CPU: 0 UID: 0 PID: 25963 Comm: syz.4.6857 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 950.843301][T25963] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 950.843310][T25963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 950.843319][T25963] Call Trace: [ 950.843324][T25963] [ 950.843331][T25963] dump_stack_lvl+0x100/0x190 [ 950.843359][T25963] should_fail_ex.cold+0x5/0xa [ 950.843378][T25963] should_failslab+0xc2/0x120 [ 950.843393][T25963] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 950.843414][T25963] ? __proc_create+0x2cb/0x8c0 [ 950.843441][T25963] __proc_create+0x2cb/0x8c0 [ 950.843463][T25963] ? __pfx___proc_create+0x10/0x10 [ 950.843488][T25963] ? mark_held_locks+0x40/0x70 [ 950.843508][T25963] _proc_mkdir+0xb9/0x210 [ 950.843522][T25963] ? __pfx__proc_mkdir+0x10/0x10 [ 950.843534][T25963] ? sctp_defaults_init+0x720/0xd90 [ 950.843662][T25963] sctp_proc_init+0x59/0x270 [ 950.843751][T25963] ? __pfx_sctp_defaults_init+0x10/0x10 [ 950.843776][T25963] sctp_defaults_init+0x758/0xd90 [ 950.843797][T25963] ? __pfx_sctp_defaults_init+0x10/0x10 [ 950.843817][T25963] ops_init+0x1e2/0x5f0 [ 950.843841][T25963] setup_net+0x118/0x3a0 [ 950.843862][T25963] ? __pfx_setup_net+0x10/0x10 [ 950.843882][T25963] ? lockdep_init_map_type+0x5c/0x250 [ 950.843901][T25963] ? mutex_init_lockep+0x110/0x150 [ 950.843924][T25963] copy_net_ns+0x46f/0x7c0 [ 950.843939][T25963] create_new_namespaces+0x3ea/0xac0 [ 950.843959][T25963] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 950.843976][T25963] ksys_unshare+0x473/0xad0 [ 950.843995][T25963] ? __pfx_ksys_unshare+0x10/0x10 [ 950.844019][T25963] __x64_sys_unshare+0x31/0x40 [ 950.844036][T25963] do_syscall_64+0x106/0xf80 [ 950.844056][T25963] ? clear_bhb_loop+0x40/0x90 [ 950.844074][T25963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.844089][T25963] RIP: 0033:0x7f8a1819c799 [ 950.844103][T25963] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 950.844117][T25963] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 950.844132][T25963] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 950.844142][T25963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 950.844150][T25963] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 950.844159][T25963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 950.844168][T25963] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 950.844189][T25963] [ 953.232679][T25987] zswap: compressor not available [ 954.576194][T26014] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6871'. [ 955.540800][T26039] netlink: 'syz.2.6881': attribute type 29 has an invalid length. [ 955.548642][T26039] netlink: 'syz.2.6881': attribute type 30 has an invalid length. [ 955.608832][T26039] netlink: 'syz.2.6881': attribute type 31 has an invalid length. [ 955.642459][T26039] netlink: 'syz.2.6881': attribute type 32 has an invalid length. [ 955.672837][T26039] netlink: 'syz.2.6881': attribute type 33 has an invalid length. [ 955.710076][T26039] netlink: 'syz.2.6881': attribute type 35 has an invalid length. [ 955.757739][T26039] netlink: 'syz.2.6881': attribute type 37 has an invalid length. [ 955.768386][T26041] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 955.797643][T26039] netlink: 18 bytes leftover after parsing attributes in process `syz.2.6881'. [ 956.007004][T26047] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6884'. [ 956.054533][T26047] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6884'. [ 956.190347][T26054] ubi0: attaching mtd0 [ 956.195586][T26054] ubi0: scanning is finished [ 956.296652][T26054] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 956.317390][T26058] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6888'. [ 956.348034][T26058] netlink: 13 bytes leftover after parsing attributes in process `syz.2.6888'. [ 956.572340][T26054] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 956.749355][T26061] random: crng reseeded on system resumption [ 956.811601][ T5830] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 958.014785][T26091] futex_wake_op: syz.1.6897 tries to shift op by -2048; fix this program [ 958.110268][T26092] misc userio: No port type given on /dev/userio [ 958.148445][T26091] futex_wake_op: syz.1.6897 tries to shift op by -2048; fix this program [ 961.263558][T26152] netlink: 13 bytes leftover after parsing attributes in process `syz.0.6913'. [ 961.567645][T26160] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6915'. [ 961.619385][T26160] netlink: 'syz.4.6915': attribute type 1 has an invalid length. [ 961.662214][T26160] netlink: 'syz.4.6915': attribute type 6 has an invalid length. [ 962.608194][T26176] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6921'. [ 962.652113][T26178] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6923'. [ 963.776352][T26206] netlink: 62 bytes leftover after parsing attributes in process `syz.0.6937'. [ 963.806671][T26206] netlink: 62 bytes leftover after parsing attributes in process `syz.0.6937'. [ 963.853580][T26206] netlink: 62 bytes leftover after parsing attributes in process `syz.0.6937'. [ 963.882533][T26206] netlink: 62 bytes leftover after parsing attributes in process `syz.0.6937'. [ 963.913902][T26206] netlink: 62 bytes leftover after parsing attributes in process `syz.0.6937'. [ 963.943817][T26206] netlink: 62 bytes leftover after parsing attributes in process `syz.0.6937'. [ 965.805672][T26253] netlink: 'syz.0.6952': attribute type 10 has an invalid length. [ 967.391670][T26289] __nla_validate_parse: 9 callbacks suppressed [ 967.391684][T26289] netlink: 246 bytes leftover after parsing attributes in process `syz.0.6953'. [ 967.944488][T26299] netlink: 86 bytes leftover after parsing attributes in process `syz.0.6958'. [ 970.093816][T26331] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6966'. [ 970.342578][T26337] netlink: 246 bytes leftover after parsing attributes in process `syz.4.6967'. [ 970.957351][T26349] netlink: 'syz.2.6971': attribute type 4 has an invalid length. [ 970.981667][T26349] netlink: 'syz.2.6971': attribute type 5 has an invalid length. [ 970.997411][T26349] netlink: 10 bytes leftover after parsing attributes in process `syz.2.6971'. [ 971.174979][T26354] netlink: 25 bytes leftover after parsing attributes in process `syz.2.6973'. [ 972.978177][T26388] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6982'. [ 973.023321][T26388] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6982'. [ 973.239106][T26391] netlink: 29 bytes leftover after parsing attributes in process `syz.1.6983'. [ 973.335946][ T5830] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 974.028794][T26404] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6987'. [ 974.136123][T26407] netlink: 'syz.1.6987': attribute type 1 has an invalid length. [ 974.209588][T26407] netlink: 13 bytes leftover after parsing attributes in process `syz.1.6987'. [ 974.295052][T26407] netlink: 'syz.1.6987': attribute type 1 has an invalid length. [ 980.010631][T26506] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 980.970934][T26521] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 981.747090][T26539] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7025'. [ 981.818220][T26539] netlink: 28905 bytes leftover after parsing attributes in process `syz.0.7025'. [ 982.720316][T26559] netlink: 246 bytes leftover after parsing attributes in process `syz.2.7032'. [ 983.978917][T26577] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 984.000475][T26577] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 984.033946][T26577] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 984.055722][T26577] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 984.919878][T26605] netlink: 246 bytes leftover after parsing attributes in process `syz.4.7043'. [ 985.800600][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 986.040119][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 986.046175][T25145] Bluetooth: hci0: command 0x0c1a tx timeout [ 986.120069][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout [ 987.415621][T26640] zswap: compressor not available [ 988.830328][T26671] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7060'. [ 988.887426][T26673] netlink: 25 bytes leftover after parsing attributes in process `syz.0.7061'. [ 990.111884][ T5830] Bluetooth: hci3: unexpected event 0x05 length: 43 > 4 [ 992.804685][T26740] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 993.163369][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.175167][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.265268][T26751] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7082'. [ 994.515190][T26771] block nbd0: shutting down sockets [ 996.342325][T26805] netlink: 504 bytes leftover after parsing attributes in process `syz.2.7098'. [ 996.402650][T26805] netlink: 350 bytes leftover after parsing attributes in process `syz.2.7098'. [ 997.881124][T26827] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1000.357088][T26882] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7118'. [ 1000.475309][T26888] netlink: 354 bytes leftover after parsing attributes in process `syz.4.7118'. [ 1001.970252][T26900] netlink: 'syz.1.7124': attribute type 4 has an invalid length. [ 1002.000036][T26900] netlink: 'syz.1.7124': attribute type 5 has an invalid length. [ 1002.039275][T26900] netlink: 10 bytes leftover after parsing attributes in process `syz.1.7124'. [ 1002.150663][T26905] netlink: 350 bytes leftover after parsing attributes in process `syz.0.7125'. [ 1002.470913][T26916] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input18 [ 1003.890949][T26936] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7134'. [ 1004.103114][T26941] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1004.127452][T26941] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1004.144243][T26941] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1004.160418][T26941] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1004.177007][T26941] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1004.196373][T26941] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1004.213019][T26941] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1004.506113][ T5830] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 1005.586700][T26970] netlink: 330 bytes leftover after parsing attributes in process `syz.4.7142'. [ 1006.596691][ T5830] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 1008.396888][T27014] zswap: compressor  not available [ 1008.412663][T27023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7154'. [ 1008.443264][T27023] netlink: 'syz.2.7154': attribute type 1 has an invalid length. [ 1008.473977][T27023] netlink: 'syz.2.7154': attribute type 6 has an invalid length. [ 1008.557629][T27025] netlink: 9 bytes leftover after parsing attributes in process `syz.1.7155'. [ 1008.825472][T27028] zswap: compressor not available [ 1009.320738][T27044] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7158'. [ 1009.467640][T27044] veth1_macvtap: left promiscuous mode [ 1010.399496][T27059] zswap: compressor  not available [ 1011.020131][T27084] netlink: 294 bytes leftover after parsing attributes in process `syz.1.7172'. [ 1011.649421][T27100] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7178'. [ 1011.695245][T27100] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7178'. [ 1012.931014][T27125] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7186'. [ 1012.996035][T27131] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.7187'. [ 1013.013955][T27127] HfR: entered promiscuous mode [ 1013.075244][T27125] i: entered promiscuous mode [ 1013.299620][T27139] netlink: Unknown conntrack attr (type=257, max=9) [ 1013.378771][ T29] audit: type=1326 audit(2147491532.119:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27137 comm="syz.0.7190" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a0e59c799 code=0x0 [ 1021.862889][T27273] random: crng reseeded on system resumption [ 1022.051292][ T5830] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 1023.531337][T27291] netlink: 158 bytes leftover after parsing attributes in process `syz.0.7229'. [ 1024.283740][T27307] futex_wake_op: syz.1.7237 tries to shift op by -2048; fix this program [ 1024.357605][T27307] futex_wake_op: syz.1.7237 tries to shift op by -2048; fix this program [ 1024.806468][T27314] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7246'. [ 1024.901143][T27315] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7239'. [ 1025.477338][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.513762][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.549001][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.583769][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.630358][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.668042][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.705911][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.742526][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.792412][T27330] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1025.970750][ T5830] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 1026.404281][T27341] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7243'. [ 1026.547052][T27341] bond0: (slave bond_slave_1): Releasing backup interface [ 1026.957519][T27347] netlink: 2468 bytes leftover after parsing attributes in process `syz.4.7245'. [ 1028.089733][T27365] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7250'. [ 1029.437883][T27383] zswap: compressor not available [ 1030.432293][T27409] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7264'. [ 1031.067349][T27422] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7276'. [ 1031.101017][T27416] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input19 [ 1031.853869][T27438] netlink: 354 bytes leftover after parsing attributes in process `syz.0.7271'. [ 1034.131570][T27482] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7282'. [ 1034.874137][T27495] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 1036.090417][T27516] netlink: 9 bytes leftover after parsing attributes in process `syz.0.7292'. [ 1036.753715][T27528] FAULT_INJECTION: forcing a failure. [ 1036.753715][T27528] name failslab, interval 1, probability 0, space 0, times 0 [ 1036.895678][T27528] CPU: 0 UID: 0 PID: 27528 Comm: syz.4.7295 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1036.895718][T27528] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1036.895735][T27528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1036.895745][T27528] Call Trace: [ 1036.895751][T27528] [ 1036.895758][T27528] dump_stack_lvl+0x100/0x190 [ 1036.895790][T27528] should_fail_ex.cold+0x5/0xa [ 1036.895812][T27528] should_failslab+0xc2/0x120 [ 1036.895830][T27528] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1036.895851][T27528] ? x509_cert_parse+0xfc/0x910 [ 1036.895965][T27528] x509_cert_parse+0xfc/0x910 [ 1036.895984][T27528] ? kasan_save_stack+0x3f/0x50 [ 1036.896007][T27528] ? kasan_save_stack+0x30/0x50 [ 1036.896029][T27528] ? kasan_save_track+0x14/0x30 [ 1036.896052][T27528] pkcs7_extract_cert+0xa4/0x380 [ 1036.896077][T27528] asn1_ber_decoder+0x12b3/0x2170 [ 1036.896146][T27528] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 1036.896182][T27528] pkcs7_parse_message+0x289/0x870 [ 1036.896209][T27528] verify_pkcs7_signature+0x30/0xa0 [ 1036.896238][T27528] valid_regdb+0x211/0x590 [ 1036.896343][T27528] ? __pfx___nla_validate_parse+0x10/0x10 [ 1036.896391][T27528] ? __pfx_valid_regdb+0x10/0x10 [ 1036.896433][T27528] ? rcu_is_watching+0x12/0xc0 [ 1036.896464][T27528] reg_reload_regdb+0x11a/0x460 [ 1036.896481][T27528] ? __pfx_reg_reload_regdb+0x10/0x10 [ 1036.896496][T27528] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1036.896570][T27528] ? nl80211_pre_doit+0x19a/0xae0 [ 1036.896592][T27528] genl_family_rcv_msg_doit+0x214/0x300 [ 1036.896650][T27528] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1036.896667][T27528] ? genl_get_cmd+0x3ef/0x720 [ 1036.896724][T27528] ? bpf_lsm_capable+0x9/0x10 [ 1036.896748][T27528] ? security_capable+0x80/0x260 [ 1036.896777][T27528] genl_rcv_msg+0x560/0x800 [ 1036.896796][T27528] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1036.896813][T27528] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1036.896831][T27528] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 1036.896878][T27528] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1036.896905][T27528] netlink_rcv_skb+0x159/0x420 [ 1036.896930][T27528] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1036.896948][T27528] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1036.896981][T27528] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1036.897006][T27528] genl_rcv+0x28/0x40 [ 1036.897033][T27528] netlink_unicast+0x5aa/0x870 [ 1036.897058][T27528] ? __pfx_netlink_unicast+0x10/0x10 [ 1036.897081][T27528] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 1036.897109][T27528] netlink_sendmsg+0x8b0/0xda0 [ 1036.897134][T27528] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1036.897155][T27528] ? __import_iovec+0x1d2/0x640 [ 1036.897202][T27528] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1036.897230][T27528] ____sys_sendmsg+0x9e1/0xb70 [ 1036.897247][T27528] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1036.897273][T27528] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1036.897292][T27528] ? __pfx_futex_wake_mark+0x10/0x10 [ 1036.897319][T27528] ___sys_sendmsg+0x190/0x1e0 [ 1036.897337][T27528] ? __pfx____sys_sendmsg+0x10/0x10 [ 1036.897377][T27528] __sys_sendmsg+0x170/0x220 [ 1036.897398][T27528] ? __pfx___sys_sendmsg+0x10/0x10 [ 1036.897418][T27528] ? __x64_sys_futex+0x34f/0x4d0 [ 1036.897449][T27528] do_syscall_64+0x106/0xf80 [ 1036.897490][T27528] ? clear_bhb_loop+0x40/0x90 [ 1036.897510][T27528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1036.897526][T27528] RIP: 0033:0x7f8a1819c799 [ 1036.897541][T27528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1036.897557][T27528] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1036.897574][T27528] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 1036.897589][T27528] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005 [ 1036.897598][T27528] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1036.897607][T27528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1036.897616][T27528] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 1036.897636][T27528] [ 1038.359477][ T29] audit: type=1800 audit(2147491557.089:18): pid=27550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7301" name="dbroot" dev="configfs" ino=111179 res=0 errno=0 [ 1039.580706][T27576] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7308'. [ 1039.680171][T27571] FAULT_INJECTION: forcing a failure. [ 1039.680171][T27571] name failslab, interval 1, probability 0, space 0, times 0 [ 1039.722851][T27576] veth1_macvtap: left promiscuous mode [ 1039.809218][T27571] CPU: 0 UID: 0 PID: 27571 Comm: syz.4.7306 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1039.809258][T27571] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1039.809267][T27571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1039.809278][T27571] Call Trace: [ 1039.809284][T27571] [ 1039.809292][T27571] dump_stack_lvl+0x100/0x190 [ 1039.809322][T27571] should_fail_ex.cold+0x5/0xa [ 1039.809342][T27571] should_failslab+0xc2/0x120 [ 1039.809360][T27571] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1039.809385][T27571] ? kstrdup_const+0x63/0x80 [ 1039.809414][T27571] kstrdup+0x51/0xe0 [ 1039.809437][T27571] kstrdup_const+0x63/0x80 [ 1039.809468][T27571] __kernfs_new_node+0x9b/0x960 [ 1039.809495][T27571] ? __pfx___kernfs_new_node+0x10/0x10 [ 1039.809523][T27571] ? find_held_lock+0x2b/0x80 [ 1039.809538][T27571] ? kernfs_root+0xee/0x2a0 [ 1039.809558][T27571] ? kernfs_root+0xee/0x2a0 [ 1039.809583][T27571] kernfs_new_node+0x11b/0x1a0 [ 1039.809609][T27571] kernfs_create_link+0xcc/0x240 [ 1039.809629][T27571] sysfs_do_create_link_sd+0x90/0x140 [ 1039.809652][T27571] sysfs_create_link+0x61/0xc0 [ 1039.809673][T27571] device_add+0x675/0x1950 [ 1039.809694][T27571] ? alloc_workqueue_noprof+0x198/0x200 [ 1039.809713][T27571] ? __pfx_device_add+0x10/0x10 [ 1039.809827][T27571] nfc_register_device+0x41/0x3e0 [ 1039.809980][T27571] nci_register_device+0x7f1/0xb80 [ 1039.810046][T27571] ? __pfx_nci_register_device+0x10/0x10 [ 1039.810067][T27571] ? lockdep_init_map_type+0x5c/0x250 [ 1039.810097][T27571] virtual_ncidev_open+0x141/0x220 [ 1039.810166][T27571] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1039.810188][T27571] misc_open+0x26d/0x450 [ 1039.810236][T27571] ? __pfx_misc_open+0x10/0x10 [ 1039.810254][T27571] chrdev_open+0x234/0x6a0 [ 1039.810272][T27571] ? __pfx_apparmor_file_open+0x10/0x10 [ 1039.810297][T27571] ? __pfx_chrdev_open+0x10/0x10 [ 1039.810313][T27571] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1039.810357][T27571] do_dentry_open+0x6d8/0x1660 [ 1039.810374][T27571] ? __pfx_chrdev_open+0x10/0x10 [ 1039.810395][T27571] vfs_open+0x82/0x3f0 [ 1039.810418][T27571] path_openat+0x208c/0x31a0 [ 1039.810443][T27571] ? __pfx_path_openat+0x10/0x10 [ 1039.810465][T27571] do_file_open+0x20e/0x430 [ 1039.810482][T27571] ? __pfx_do_file_open+0x10/0x10 [ 1039.810511][T27571] ? alloc_fd+0x476/0x790 [ 1039.810528][T27571] ? do_getname+0x191/0x390 [ 1039.810548][T27571] do_sys_openat2+0x10d/0x1e0 [ 1039.810567][T27571] ? __pfx_do_sys_openat2+0x10/0x10 [ 1039.810593][T27571] __x64_sys_openat+0x12d/0x210 [ 1039.810613][T27571] ? __pfx___x64_sys_openat+0x10/0x10 [ 1039.810639][T27571] do_syscall_64+0x106/0xf80 [ 1039.810660][T27571] ? clear_bhb_loop+0x40/0x90 [ 1039.810679][T27571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1039.810695][T27571] RIP: 0033:0x7f8a1819c799 [ 1039.810712][T27571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1039.810728][T27571] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1039.810746][T27571] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 1039.810757][T27571] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 1039.810767][T27571] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1039.810778][T27571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1039.810787][T27571] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 1039.810809][T27571] [ 1040.518736][T27584] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1041.748993][T27609] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input21 [ 1041.876620][T27612] netlink: 13 bytes leftover after parsing attributes in process `syz.0.7318'. [ 1042.762905][T27632] netlink: zone id is out of range [ 1042.789462][T27632] netlink: zone id is out of range [ 1042.825917][T27632] netlink: zone id is out of range [ 1042.866317][T27632] netlink: zone id is out of range [ 1042.875529][ T5830] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 1042.927968][T27632] netlink: zone id is out of range [ 1042.970727][T27628] netlink: zone id is out of range [ 1043.025262][T27628] netlink: zone id is out of range [ 1043.082933][T27628] netlink: zone id is out of range [ 1043.110232][T27632] netlink: set zone limit has 8 unknown bytes [ 1043.164257][T27628] netlink: zone id is out of range [ 1045.407415][T27666] netlink: 5 bytes leftover after parsing attributes in process `syz.4.7333'. [ 1045.449452][T27666] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7333'. [ 1045.736759][ T29] audit: type=1326 audit(2147491564.479:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27669 comm="syz.2.7334" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdf5b59c799 code=0x0 [ 1047.346162][T27699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7343'. [ 1047.389030][T27699] netlink: 28905 bytes leftover after parsing attributes in process `syz.2.7343'. [ 1047.931417][ T5830] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 1048.220169][T27713] Process accounting resumed [ 1048.943188][T27719] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input22 [ 1050.781383][T27754] net_ratelimit: 3 callbacks suppressed [ 1050.781401][T27754] netlink: Unknown conntrack attr (type=257, max=9) [ 1050.945856][ T29] audit: type=1326 audit(2147491569.689:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.1.7350" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3afa39c799 code=0x0 [ 1052.790849][T27774] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input23 [ 1054.200080][ T5830] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1054.590794][ T5830] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 1054.609032][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.615987][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.677390][T27826] [U] ^L [ 1057.008004][ T29] audit: type=1804 audit(2147491575.749:21): pid=27840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.7370" name="/newroot/768/file0" dev="tmpfs" ino=4023 res=1 errno=0 [ 1057.147018][ T29] audit: type=1804 audit(2147491575.809:22): pid=27842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.7370" name="/newroot/768/file0" dev="tmpfs" ino=4023 res=1 errno=0 [ 1058.299339][T27872] FAULT_INJECTION: forcing a failure. [ 1058.299339][T27872] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1058.362900][ T29] audit: type=1800 audit(2147491577.099:23): pid=27873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.7382" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1058.425500][T27872] CPU: 0 UID: 0 PID: 27872 Comm: syz.4.7381 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1058.425557][T27872] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1058.425566][T27872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1058.425576][T27872] Call Trace: [ 1058.425582][T27872] [ 1058.425589][T27872] dump_stack_lvl+0x100/0x190 [ 1058.425620][T27872] should_fail_ex.cold+0x5/0xa [ 1058.425638][T27872] _copy_from_user+0x2e/0xd0 [ 1058.425657][T27872] snd_pcm_oss_write2+0x1c2/0x400 [ 1058.425803][T27872] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 1058.425825][T27872] snd_pcm_oss_write+0x729/0xa30 [ 1058.425845][T27872] ? security_file_permission+0x76/0x210 [ 1058.425868][T27872] vfs_write+0x2aa/0x1070 [ 1058.425893][T27872] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1058.425911][T27872] ? __pfx_vfs_write+0x10/0x10 [ 1058.425931][T27872] ? find_held_lock+0x2b/0x80 [ 1058.425945][T27872] ? __fget_files+0x215/0x3d0 [ 1058.425958][T27872] ? __fget_files+0x215/0x3d0 [ 1058.425975][T27872] ? __fget_files+0x21f/0x3d0 [ 1058.425993][T27872] ksys_write+0x12a/0x250 [ 1058.426006][T27872] ? __pfx_ksys_write+0x10/0x10 [ 1058.426025][T27872] do_syscall_64+0x106/0xf80 [ 1058.426046][T27872] ? clear_bhb_loop+0x40/0x90 [ 1058.426064][T27872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1058.426080][T27872] RIP: 0033:0x7f8a1819c799 [ 1058.426101][T27872] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1058.426117][T27872] RSP: 002b:00007f8a163b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1058.426132][T27872] RAX: ffffffffffffffda RBX: 00007f8a18416180 RCX: 00007f8a1819c799 [ 1058.426142][T27872] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1058.426151][T27872] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1058.426161][T27872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1058.426169][T27872] R13: 00007f8a18416218 R14: 00007f8a18416180 R15: 00007ffcdd5e1c78 [ 1058.426190][T27872] [ 1059.030168][T27882] netlink: 93 bytes leftover after parsing attributes in process `syz.1.7383'. [ 1059.052202][T27878] netlink: 93 bytes leftover after parsing attributes in process `syz.1.7383'. [ 1060.224674][T27905] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input24 [ 1060.901225][T27917] netlink: 62 bytes leftover after parsing attributes in process `syz.0.7396'. [ 1062.614662][T27960] netlink: 'syz.1.7407': attribute type 3 has an invalid length. [ 1062.641294][T27960] netlink: 306 bytes leftover after parsing attributes in process `syz.1.7407'. [ 1062.836739][T27963] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input25 [ 1063.346403][T27972] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input26 [ 1065.772315][T28019] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input28 [ 1067.541755][ T5830] block nbd0: Receive control failed (result -32) [ 1067.814226][T28059] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input29 [ 1068.219337][T28049] delete_channel: no stack [ 1068.488959][ T29] audit: type=1804 audit(2147491587.229:24): pid=28060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.7433" name="/newroot/1817/file0" dev="tmpfs" ino=9342 res=1 errno=0 [ 1068.571976][ T29] audit: type=1804 audit(2147491587.319:25): pid=28064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.7433" name="/newroot/1817/file0" dev="tmpfs" ino=9342 res=1 errno=0 [ 1070.116841][T28089] random: crng reseeded on system resumption [ 1070.337610][T28094] syz.1.7441 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1073.683361][T28152] netlink: 266 bytes leftover after parsing attributes in process `syz.0.7456'. [ 1074.000486][T28154] netlink: 'syz.2.7457': attribute type 2 has an invalid length. [ 1074.070629][T28154] netlink: 'syz.2.7457': attribute type 3 has an invalid length. [ 1074.207842][T28154] netlink: 'syz.2.7457': attribute type 2 has an invalid length. [ 1074.234055][T28163] FAULT_INJECTION: forcing a failure. [ 1074.234055][T28163] name failslab, interval 1, probability 0, space 0, times 0 [ 1074.289364][T28154] netlink: 'syz.2.7457': attribute type 3 has an invalid length. [ 1074.297936][T28163] CPU: 0 UID: 0 PID: 28163 Comm: syz.4.7460 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1074.297971][T28163] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1074.297979][T28163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1074.297989][T28163] Call Trace: [ 1074.297995][T28163] [ 1074.298001][T28163] dump_stack_lvl+0x100/0x190 [ 1074.298032][T28163] should_fail_ex.cold+0x5/0xa [ 1074.298053][T28163] should_failslab+0xc2/0x120 [ 1074.298070][T28163] __kvmalloc_node_noprof+0xfa/0xa00 [ 1074.298098][T28163] ? io_alloc_cache_init+0x38/0x170 [ 1074.298226][T28163] ? lockdep_set_lock_cmp_fn+0x60/0xe0 [ 1074.298252][T28163] io_alloc_cache_init+0x38/0x170 [ 1074.298277][T28163] io_uring_setup.cold+0x3eb/0x1d79 [ 1074.298299][T28163] ? ksys_write+0x190/0x250 [ 1074.298314][T28163] ? __pfx_io_uring_setup+0x10/0x10 [ 1074.298379][T28163] ? do_futex+0x192/0x350 [ 1074.298399][T28163] ? __pfx_do_futex+0x10/0x10 [ 1074.298427][T28163] ? xfd_validate_state+0x129/0x190 [ 1074.298454][T28163] __x64_sys_io_uring_setup+0xc2/0x170 [ 1074.298475][T28163] do_syscall_64+0x106/0xf80 [ 1074.298497][T28163] ? clear_bhb_loop+0x40/0x90 [ 1074.298516][T28163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.298531][T28163] RIP: 0033:0x7f8a1819c799 [ 1074.298545][T28163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1074.298559][T28163] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1074.298573][T28163] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 1074.298583][T28163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001d48 [ 1074.298592][T28163] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1074.298602][T28163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1074.298610][T28163] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 1074.298630][T28163] [ 1074.746764][T28154] netlink: 30 bytes leftover after parsing attributes in process `syz.2.7457'. [ 1075.139113][T28173] FAULT_INJECTION: forcing a failure. [ 1075.139113][T28173] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.200581][T28173] CPU: 0 UID: 0 PID: 28173 Comm: syz.4.7464 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1075.200617][T28173] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1075.200625][T28173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1075.200635][T28173] Call Trace: [ 1075.200640][T28173] [ 1075.200647][T28173] dump_stack_lvl+0x100/0x190 [ 1075.200676][T28173] should_fail_ex.cold+0x5/0xa [ 1075.200693][T28173] ? __register_sysctl_table+0xbe4/0x1650 [ 1075.200717][T28173] should_failslab+0xc2/0x120 [ 1075.200733][T28173] __kmalloc_noprof+0xe0/0x850 [ 1075.200759][T28173] __register_sysctl_table+0xbe4/0x1650 [ 1075.200786][T28173] ? __pfx___register_sysctl_table+0x10/0x10 [ 1075.200808][T28173] ? is_module_address+0x69/0xf0 [ 1075.200826][T28173] ? register_net_sysctl_sz+0x222/0x430 [ 1075.200982][T28173] __devinet_sysctl_register+0x1b9/0x360 [ 1075.201065][T28173] ? trace_kmalloc+0x101/0x130 [ 1075.201082][T28173] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 1075.201109][T28173] ? __asan_memcpy+0x3c/0x60 [ 1075.201131][T28173] devinet_init_net+0x334/0x8d0 [ 1075.201154][T28173] ? __pfx_devinet_init_net+0x10/0x10 [ 1075.201176][T28173] ops_init+0x1e2/0x5f0 [ 1075.201201][T28173] setup_net+0x118/0x3a0 [ 1075.201221][T28173] ? __pfx_setup_net+0x10/0x10 [ 1075.201240][T28173] ? lockdep_init_map_type+0x5c/0x250 [ 1075.201260][T28173] ? mutex_init_lockep+0x110/0x150 [ 1075.201282][T28173] copy_net_ns+0x46f/0x7c0 [ 1075.201298][T28173] create_new_namespaces+0x3ea/0xac0 [ 1075.201318][T28173] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1075.201335][T28173] ksys_unshare+0x473/0xad0 [ 1075.201355][T28173] ? __pfx_ksys_unshare+0x10/0x10 [ 1075.201381][T28173] __x64_sys_unshare+0x31/0x40 [ 1075.201398][T28173] do_syscall_64+0x106/0xf80 [ 1075.201419][T28173] ? clear_bhb_loop+0x40/0x90 [ 1075.201437][T28173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1075.201452][T28173] RIP: 0033:0x7f8a1819c799 [ 1075.201466][T28173] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1075.201480][T28173] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1075.201495][T28173] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 1075.201505][T28173] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1075.201514][T28173] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1075.201524][T28173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1075.201533][T28173] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 1075.201553][T28173] [ 1075.201561][T28173] sysctl could not get directory: /net/ipv4/conf/default -12 [ 1076.442995][T28184] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1078.666938][T28217] HSR: entered promiscuous mode [ 1082.022540][T28285] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 1084.355597][T28321] netlink: 354 bytes leftover after parsing attributes in process `syz.1.7500'. [ 1084.895403][T28345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7504'. [ 1085.011027][T28351] netlink: 354 bytes leftover after parsing attributes in process `syz.1.7504'. [ 1086.271946][T28370] netlink: 186 bytes leftover after parsing attributes in process `syz.1.7507'. [ 1090.355639][T28456] nbd: must specify at least one socket [ 1091.760310][T28477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7543'. [ 1091.810622][T28477] netlink: 354 bytes leftover after parsing attributes in process `syz.1.7543'. [ 1092.443111][T28489] netlink: 50 bytes leftover after parsing attributes in process `syz.2.7537'. [ 1093.436488][ T29] audit: type=1800 audit(2147491612.179:26): pid=28501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.7544" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 1095.344445][T28530] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7560'. [ 1095.614348][T28530] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1095.642300][T28530] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1095.769824][T28530] batadv0 (unregistering): left allmulticast mode [ 1095.794908][T28530] batadv0 (unregistering): left promiscuous mode [ 1095.850114][T28530] bridge0: port 3(batadv0) entered disabled state [ 1097.150496][T28555] netlink: 25 bytes leftover after parsing attributes in process `syz.0.7561'. [ 1098.498838][T28584] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 1098.771244][T28594] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7572'. [ 1098.867543][T28594] bridge_slave_1 (unregistering): left allmulticast mode [ 1098.882288][T28594] bridge_slave_1 (unregistering): left promiscuous mode [ 1098.908807][T28594] bridge0: port 2(bridge_slave_1) entered disabled state [ 1102.228458][T28656] [U] [ 1102.503985][T28673] FAULT_INJECTION: forcing a failure. [ 1102.503985][T28673] name failslab, interval 1, probability 0, space 0, times 0 [ 1102.552626][T28673] CPU: 0 UID: 0 PID: 28673 Comm: syz.4.7594 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1102.552667][T28673] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1102.552676][T28673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1102.552686][T28673] Call Trace: [ 1102.552692][T28673] [ 1102.552699][T28673] dump_stack_lvl+0x100/0x190 [ 1102.552729][T28673] should_fail_ex.cold+0x5/0xa [ 1102.552750][T28673] should_failslab+0xc2/0x120 [ 1102.552775][T28673] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1102.552799][T28673] ? shmem_alloc_inode+0x25/0x50 [ 1102.552819][T28673] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 1102.552837][T28673] shmem_alloc_inode+0x25/0x50 [ 1102.552853][T28673] alloc_inode+0x68/0x250 [ 1102.552875][T28673] new_inode+0x22/0x1c0 [ 1102.552895][T28673] shmem_get_inode+0x212/0x1040 [ 1102.552917][T28673] ? __pfx_shmem_get_inode+0x10/0x10 [ 1102.552935][T28673] ? d_add+0x443/0x850 [ 1102.552954][T28673] ? do_raw_spin_unlock+0x145/0x1e0 [ 1102.552980][T28673] shmem_mknod+0x20c/0x470 [ 1102.553001][T28673] ? __pfx_shmem_mknod+0x10/0x10 [ 1102.553018][T28673] ? bpf_lsm_inode_create+0x9/0x10 [ 1102.553043][T28673] ? __pfx_shmem_create+0x10/0x10 [ 1102.553062][T28673] lookup_open.isra.0+0xc47/0x11b0 [ 1102.553089][T28673] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1102.553114][T28673] ? __pfx___might_resched+0x10/0x10 [ 1102.553135][T28673] ? mnt_get_write_access+0x52/0x2f0 [ 1102.553159][T28673] ? __pfx_down_write+0x10/0x10 [ 1102.553182][T28673] ? mnt_get_write_access+0x1e9/0x2f0 [ 1102.553205][T28673] path_openat+0x2291/0x31a0 [ 1102.553228][T28673] ? __pfx_path_openat+0x10/0x10 [ 1102.553250][T28673] do_file_open+0x20e/0x430 [ 1102.553271][T28673] ? __pfx_do_file_open+0x10/0x10 [ 1102.553300][T28673] ? alloc_fd+0x476/0x790 [ 1102.553317][T28673] ? do_getname+0x191/0x390 [ 1102.553337][T28673] do_sys_openat2+0x10d/0x1e0 [ 1102.553356][T28673] ? __pfx_do_sys_openat2+0x10/0x10 [ 1102.553377][T28673] ? __fget_files+0x21f/0x3d0 [ 1102.553395][T28673] __x64_sys_openat+0x12d/0x210 [ 1102.553416][T28673] ? __pfx___x64_sys_openat+0x10/0x10 [ 1102.553443][T28673] do_syscall_64+0x106/0xf80 [ 1102.553463][T28673] ? clear_bhb_loop+0x40/0x90 [ 1102.553482][T28673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1102.553498][T28673] RIP: 0033:0x7f8a1819c799 [ 1102.553512][T28673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1102.553527][T28673] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1102.553544][T28673] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 1102.553554][T28673] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 1102.553564][T28673] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1102.553574][T28673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1102.553586][T28673] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 1102.553607][T28673] [ 1103.795445][T28673] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1105.141155][ T29] audit: type=1807 audit(2147491623.882:27): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 1105.206839][ T29] audit: type=1802 audit(2147491623.902:28): pid=28714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.7604" res=0 errno=0 [ 1105.748196][T28713] ima: policy update failed [ 1105.770527][ T29] audit: type=1802 audit(2147491624.512:29): pid=28713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.7604" res=0 errno=0 [ 1105.935632][ T29] audit: type=1806 audit(2147491624.682:30): xattr="." res=0 [ 1107.087363][ T29] audit: type=1800 audit(2147491625.832:31): pid=28768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7613" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 1108.114282][T28781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7615'. [ 1108.558783][T28783] FAULT_INJECTION: forcing a failure. [ 1108.558783][T28783] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1108.736451][T28783] CPU: 0 UID: 0 PID: 28783 Comm: syz.4.7616 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1108.736490][T28783] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1108.736499][T28783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1108.736508][T28783] Call Trace: [ 1108.736514][T28783] [ 1108.736520][T28783] dump_stack_lvl+0x100/0x190 [ 1108.736548][T28783] should_fail_ex.cold+0x5/0xa [ 1108.736565][T28783] ? prepare_alloc_pages+0x16d/0x5f0 [ 1108.736584][T28783] should_fail_alloc_page+0xeb/0x140 [ 1108.736601][T28783] prepare_alloc_pages+0x1f0/0x5f0 [ 1108.736631][T28783] ? kernel_text_address+0x8d/0x100 [ 1108.736656][T28783] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1108.736679][T28783] ? __lock_acquire+0x4a5/0x2630 [ 1108.736699][T28783] ? __lock_acquire+0x4a5/0x2630 [ 1108.736721][T28783] ? __lock_acquire+0x4a5/0x2630 [ 1108.736740][T28783] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1108.736764][T28783] ? __lock_acquire+0x4a5/0x2630 [ 1108.736792][T28783] ? find_held_lock+0x2b/0x80 [ 1108.736805][T28783] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1108.736831][T28783] ? policy_nodemask+0xed/0x4f0 [ 1108.736848][T28783] alloc_pages_mpol+0x1fb/0x550 [ 1108.736869][T28783] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1108.736886][T28783] ? arch_stack_walk+0xa6/0xf0 [ 1108.736906][T28783] ? wiphy_new_nm+0x701/0x21a0 [ 1108.737024][T28783] ___kmalloc_large_node+0x104/0x150 [ 1108.737045][T28783] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 1108.737130][T28783] __kmalloc_large_node_noprof+0x1c/0x70 [ 1108.737150][T28783] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 1108.737185][T28783] __kmalloc_noprof+0x5be/0x850 [ 1108.737210][T28783] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 1108.737235][T28783] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 1108.737259][T28783] ? __pfx_mac80211_hwsim_link_info_changed+0x10/0x10 [ 1108.737343][T28783] wiphy_new_nm+0x701/0x21a0 [ 1108.737366][T28783] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 1108.737391][T28783] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 1108.737415][T28783] ? __pfx_mac80211_hwsim_link_info_changed+0x10/0x10 [ 1108.737436][T28783] ieee80211_alloc_hw_nm+0x1ac7/0x22a0 [ 1108.737459][T28783] ? __local_bh_enable_ip+0x9e/0x120 [ 1108.737478][T28783] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 1108.737537][T28783] ? __asan_memset+0x23/0x50 [ 1108.737559][T28783] ? __nla_validate_parse+0x1e7/0x28b0 [ 1108.737588][T28783] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1108.737618][T28783] hwsim_new_radio_nl+0xc1f/0x1340 [ 1108.737643][T28783] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1108.737672][T28783] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 1108.737690][T28783] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 1108.737710][T28783] genl_family_rcv_msg_doit+0x214/0x300 [ 1108.737729][T28783] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1108.737744][T28783] ? genl_get_cmd+0x3ef/0x720 [ 1108.737772][T28783] ? bpf_lsm_capable+0x9/0x10 [ 1108.737787][T28783] ? security_capable+0x80/0x260 [ 1108.737811][T28783] ? ns_capable+0xd2/0xf0 [ 1108.737827][T28783] genl_rcv_msg+0x560/0x800 [ 1108.737845][T28783] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1108.737861][T28783] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1108.737891][T28783] netlink_rcv_skb+0x159/0x420 [ 1108.737914][T28783] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1108.737930][T28783] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1108.737961][T28783] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1108.737984][T28783] genl_rcv+0x28/0x40 [ 1108.737997][T28783] netlink_unicast+0x5aa/0x870 [ 1108.738022][T28783] ? __pfx_netlink_unicast+0x10/0x10 [ 1108.738052][T28783] netlink_sendmsg+0x8b0/0xda0 [ 1108.738077][T28783] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1108.738098][T28783] ? __import_iovec+0x1d2/0x640 [ 1108.738118][T28783] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1108.738144][T28783] ____sys_sendmsg+0x9e1/0xb70 [ 1108.738167][T28783] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1108.738193][T28783] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1108.738212][T28783] ? try_to_wake_up+0x644/0x1a80 [ 1108.738232][T28783] ___sys_sendmsg+0x190/0x1e0 [ 1108.738251][T28783] ? __pfx____sys_sendmsg+0x10/0x10 [ 1108.738269][T28783] ? futex_private_hash_put+0x107/0x1c0 [ 1108.738309][T28783] __sys_sendmsg+0x170/0x220 [ 1108.738331][T28783] ? __pfx___sys_sendmsg+0x10/0x10 [ 1108.738351][T28783] ? __x64_sys_futex+0x34f/0x4d0 [ 1108.738381][T28783] do_syscall_64+0x106/0xf80 [ 1108.738402][T28783] ? clear_bhb_loop+0x40/0x90 [ 1108.738422][T28783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1108.738438][T28783] RIP: 0033:0x7f8a1819c799 [ 1108.738453][T28783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1108.738468][T28783] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1108.738484][T28783] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 1108.738495][T28783] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 1108.738506][T28783] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1108.738516][T28783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1108.738525][T28783] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 1108.738546][T28783] [ 1110.988939][T28818] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7626'. [ 1111.125486][T28824] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1112.231020][T28844] netlink: 17 bytes leftover after parsing attributes in process `syz.0.7634'. [ 1112.681466][T28849] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7635'. [ 1114.473663][T28871] FAULT_INJECTION: forcing a failure. [ 1114.473663][T28871] name failslab, interval 1, probability 0, space 0, times 0 [ 1114.473724][T28871] CPU: 0 UID: 0 PID: 28871 Comm: syz.4.7640 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1114.473758][T28871] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1114.473767][T28871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1114.473777][T28871] Call Trace: [ 1114.473783][T28871] [ 1114.473789][T28871] dump_stack_lvl+0x100/0x190 [ 1114.473818][T28871] should_fail_ex.cold+0x5/0xa [ 1114.473838][T28871] should_failslab+0xc2/0x120 [ 1114.473855][T28871] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1114.473874][T28871] ? vhost_worker_create+0xf7/0x310 [ 1114.474048][T28871] vhost_worker_create+0xf7/0x310 [ 1114.474069][T28871] ? __pfx_vhost_worker_create+0x10/0x10 [ 1114.474096][T28871] vhost_dev_set_owner+0x719/0xa30 [ 1114.474124][T28871] vhost_net_ioctl+0xfa3/0x1910 [ 1114.474168][T28871] ? do_vfs_ioctl+0x226/0x13e0 [ 1114.474192][T28871] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1114.474213][T28871] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1114.474240][T28871] ? find_held_lock+0x2b/0x80 [ 1114.474254][T28871] ? __fget_files+0x215/0x3d0 [ 1114.474267][T28871] ? hook_file_ioctl_common+0x146/0x410 [ 1114.474289][T28871] ? __fget_files+0x21f/0x3d0 [ 1114.474306][T28871] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1114.474330][T28871] __x64_sys_ioctl+0x18e/0x210 [ 1114.474353][T28871] do_syscall_64+0x106/0xf80 [ 1114.474374][T28871] ? clear_bhb_loop+0x40/0x90 [ 1114.474392][T28871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1114.474409][T28871] RIP: 0033:0x7f8a1819c799 [ 1114.474424][T28871] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1114.474438][T28871] RSP: 002b:00007f8a163d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1114.474454][T28871] RAX: ffffffffffffffda RBX: 00007f8a18416090 RCX: 00007f8a1819c799 [ 1114.474464][T28871] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000007 [ 1114.474473][T28871] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1114.474482][T28871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1114.474491][T28871] R13: 00007f8a18416128 R14: 00007f8a18416090 R15: 00007ffcdd5e1c78 [ 1114.474512][T28871] [ 1116.057026][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.057107][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1118.477288][T25145] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1120.212498][ T5830] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1120.523385][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 1121.019158][T28966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7664'. [ 1121.071513][T28969] input: f as /devices/virtual/input/input31 [ 1121.643328][ T5830] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1121.655545][ T5830] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 1121.665461][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: kworker/u9:3 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1121.665496][ T5830] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1121.665504][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1121.665533][ T5830] Workqueue: hci2 hci_rx_work [ 1121.665633][ T5830] Call Trace: [ 1121.665639][ T5830] [ 1121.665645][ T5830] dump_stack_lvl+0x100/0x190 [ 1121.665671][ T5830] sysfs_warn_dup.cold+0x1c/0x28 [ 1121.665705][ T5830] sysfs_create_dir_ns+0x24b/0x2b0 [ 1121.665727][ T5830] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1121.665745][ T5830] ? find_held_lock+0x2b/0x80 [ 1121.665760][ T5830] ? kobject_add_internal+0x25f/0x930 [ 1121.665785][ T5830] ? kobject_add_internal+0x25f/0x930 [ 1121.665819][ T5830] ? do_raw_spin_unlock+0x145/0x1e0 [ 1121.665842][ T5830] kobject_add_internal+0x2c8/0x930 [ 1121.665869][ T5830] kobject_add+0x16a/0x1e0 [ 1121.665883][ T5830] ? __pfx_kobject_add+0x10/0x10 [ 1121.665897][ T5830] ? class_to_subsys+0x10f/0x150 [ 1121.665920][ T5830] ? kobject_put+0xb9/0x640 [ 1121.665939][ T5830] ? _raw_spin_unlock+0x28/0x50 [ 1121.665962][ T5830] device_add+0x294/0x1950 [ 1121.665980][ T5830] ? __pfx_dev_set_name+0x10/0x10 [ 1121.666000][ T5830] ? __pfx_device_add+0x10/0x10 [ 1121.666017][ T5830] ? mgmt_send_event_skb+0x2fb/0x460 [ 1121.666075][ T5830] hci_conn_add_sysfs+0x1a3/0x260 [ 1121.666139][ T5830] le_conn_complete_evt+0x11cb/0x1f40 [ 1121.666205][ T5830] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1121.666223][ T5830] ? __pfx_bt_warn+0x10/0x10 [ 1121.666257][ T5830] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1121.666277][ T5830] ? skb_pull_data+0x15f/0x1e0 [ 1121.666296][ T5830] hci_le_meta_evt+0x34a/0x5f0 [ 1121.666340][ T5830] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1121.666360][ T5830] hci_event_packet+0x682/0x11c0 [ 1121.666379][ T5830] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1121.666399][ T5830] ? __pfx_hci_event_packet+0x10/0x10 [ 1121.666420][ T5830] ? kcov_remote_start+0x374/0x660 [ 1121.666434][ T5830] ? lockdep_hardirqs_on+0x78/0x100 [ 1121.666459][ T5830] hci_rx_work+0x451/0xfc0 [ 1121.666479][ T5830] process_one_work+0xa23/0x19a0 [ 1121.666508][ T5830] ? __pfx_process_one_work+0x10/0x10 [ 1121.666534][ T5830] ? __pfx_hci_rx_work+0x10/0x10 [ 1121.666552][ T5830] worker_thread+0x5ef/0xe50 [ 1121.666579][ T5830] ? kthread+0x13a/0x450 [ 1121.666596][ T5830] ? __pfx_worker_thread+0x10/0x10 [ 1121.666615][ T5830] kthread+0x370/0x450 [ 1121.666633][ T5830] ? __pfx_kthread+0x10/0x10 [ 1121.666652][ T5830] ret_from_fork+0x754/0xd80 [ 1121.666674][ T5830] ? __pfx_ret_from_fork+0x10/0x10 [ 1121.666696][ T5830] ? __switch_to+0x7b4/0x1120 [ 1121.666712][ T5830] ? __pfx_kthread+0x10/0x10 [ 1121.666731][ T5830] ret_from_fork_asm+0x1a/0x30 [ 1121.666757][ T5830] [ 1121.666783][ T5830] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1121.973844][ T5830] Bluetooth: hci2: failed to register connection device [ 1122.270583][T28975] netlink: 334 bytes leftover after parsing attributes in process `syz.4.7666'. [ 1122.470390][T28987] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1122.554645][T28984] serio: Serial port pty6 [ 1122.602410][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 1127.259350][T29044] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7684'. [ 1128.702681][T29069] netlink: 334 bytes leftover after parsing attributes in process `syz.1.7689'. [ 1130.865766][T29100] ubi0: attaching mtd0 [ 1130.886608][T29100] ubi0: scanning is finished [ 1130.910105][T29100] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1131.139975][T29100] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1134.350288][T29164] netlink: 25 bytes leftover after parsing attributes in process `syz.1.7712'. [ 1137.024532][T29203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7722'. [ 1137.091187][T29208] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7722'. [ 1137.221211][T29211] FAULT_INJECTION: forcing a failure. [ 1137.221211][T29211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1137.308533][T29211] CPU: 0 UID: 0 PID: 29211 Comm: syz.4.7724 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1137.308572][T29211] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1137.308581][T29211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1137.308591][T29211] Call Trace: [ 1137.308598][T29211] [ 1137.308605][T29211] dump_stack_lvl+0x100/0x190 [ 1137.308636][T29211] should_fail_ex.cold+0x5/0xa [ 1137.308656][T29211] _copy_from_user+0x2e/0xd0 [ 1137.308676][T29211] snd_pcm_oss_write2+0x1c2/0x400 [ 1137.308700][T29211] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 1137.308724][T29211] snd_pcm_oss_write+0x729/0xa30 [ 1137.308744][T29211] ? security_file_permission+0x76/0x210 [ 1137.308768][T29211] vfs_write+0x2aa/0x1070 [ 1137.308793][T29211] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1137.308817][T29211] ? __pfx_vfs_write+0x10/0x10 [ 1137.308838][T29211] ? find_held_lock+0x2b/0x80 [ 1137.308852][T29211] ? __fget_files+0x215/0x3d0 [ 1137.308867][T29211] ? __fget_files+0x215/0x3d0 [ 1137.308884][T29211] ? __fget_files+0x21f/0x3d0 [ 1137.308903][T29211] ksys_write+0x12a/0x250 [ 1137.308917][T29211] ? __pfx_ksys_write+0x10/0x10 [ 1137.308937][T29211] do_syscall_64+0x106/0xf80 [ 1137.308958][T29211] ? clear_bhb_loop+0x40/0x90 [ 1137.308977][T29211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1137.308994][T29211] RIP: 0033:0x7f8a1819c799 [ 1137.309008][T29211] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1137.309023][T29211] RSP: 002b:00007f8a163b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1137.309038][T29211] RAX: ffffffffffffffda RBX: 00007f8a18416180 RCX: 00007f8a1819c799 [ 1137.309048][T29211] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1137.309057][T29211] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1137.309066][T29211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1137.309075][T29211] R13: 00007f8a18416218 R14: 00007f8a18416180 R15: 00007ffcdd5e1c78 [ 1137.309095][T29211] [ 1141.181225][T29240] can: request_module (can-proto-3) failed. [ 1142.130542][T29255] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1142.165306][T29255] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1142.211657][T29255] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1142.239605][T29255] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1142.291655][T29255] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1142.920490][T25145] Bluetooth: hci1: command 0x0c1a tx timeout [ 1144.200242][T25145] Bluetooth: hci0: command 0x0c1a tx timeout [ 1144.280039][T25145] Bluetooth: hci2: command 0x0c1a tx timeout [ 1144.360098][T25145] Bluetooth: hci3: command 0x0c1a tx timeout [ 1144.403099][T29306] Process accounting resumed [ 1146.361490][T25145] Bluetooth: hci2: command 0x0c1a tx timeout [ 1148.861258][T29356] netlink: 'syz.0.7757': attribute type 2 has an invalid length. [ 1148.912058][T29356] netlink: 5 bytes leftover after parsing attributes in process `syz.0.7757'. [ 1151.185841][T29398] netlink: 'syz.0.7767': attribute type 1 has an invalid length. [ 1151.226855][T29398] netlink: 5 bytes leftover after parsing attributes in process `syz.0.7767'. [ 1152.228996][T25145] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1152.402483][T29421] netlink: 25 bytes leftover after parsing attributes in process `syz.1.7773'. [ 1153.911278][T29450] serio: Serial port pty6 [ 1154.280488][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 1155.439268][ T5830] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1156.364855][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 1157.481070][T28928] Bluetooth: hci3: command 0x0c1a tx timeout [ 1157.695565][T29517] ======================================================= [ 1157.695565][T29517] WARNING: The mand mount option has been deprecated and [ 1157.695565][T29517] and is ignored by this kernel. Remove the mand [ 1157.695565][T29517] option from the mount to silence this warning. [ 1157.695565][T29517] ======================================================= [ 1158.840053][T25145] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1159.441450][T29540] zswap: compressor G not available [ 1159.562490][T25145] Bluetooth: hci3: command 0x0c1a tx timeout [ 1164.109834][T29627] netlink: 25 bytes leftover after parsing attributes in process `syz.0.7823'. [ 1167.073464][T28928] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1167.124891][T29672] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7836'. [ 1169.159982][T25145] Bluetooth: hci1: command 0x0c1a tx timeout [ 1171.137244][T25145] Bluetooth: hci2: unexpected event 0x09 length: 435 > 3 [ 1171.241743][T25145] Bluetooth: hci1: command 0x0c1a tx timeout [ 1171.840238][T29771] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1172.595274][T29778] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1172.821111][T29785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7863'. [ 1172.864804][T29785] netlink: 'syz.4.7863': attribute type 1 has an invalid length. [ 1172.913161][T29785] netlink: 5 bytes leftover after parsing attributes in process `syz.4.7863'. [ 1177.485356][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.492179][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.522450][T29853] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7880'. [ 1178.573511][T29853] netlink: 354 bytes leftover after parsing attributes in process `syz.0.7880'. [ 1178.909498][T29856] ptrace attach of "./syz-executor exec"[5822] was attempted by ":H^ʧ}ɛQQ\x1b&PXSRK\x0aî*`]\x1b1Jy<'\x1b&O'a 4i/E)tFJ+>>[ȏx'7Y*j_#* f ); &to1a\x0aB{+k\x0d$8>u}5Bn_umKz<\x0akbC̓etC-2nգ,#űI(zpu̓Q+u!$ۃ:&a.Y֘yAyB~ Hz]„Vv\x0bbGUyI;bV^+ ̆aRm0.)0:U [ 1226.688669][T30713] dump_stack_lvl+0x100/0x190 [ 1226.688699][T30713] should_fail_ex.cold+0x5/0xa [ 1226.688719][T30713] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1226.688742][T30713] should_failslab+0xc2/0x120 [ 1226.688758][T30713] __kmalloc_noprof+0xe0/0x850 [ 1226.688780][T30713] ? ipcget+0xee/0xf50 [ 1226.688889][T30713] memcg_list_lru_alloc+0x4ec/0x740 [ 1226.688926][T30713] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1226.688949][T30713] ? rcu_read_unlock+0x17/0x60 [ 1226.688972][T30713] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1226.688997][T30713] __memcg_slab_post_alloc_hook+0x130/0x990 [ 1226.689020][T30713] ? kasan_save_track+0x14/0x30 [ 1226.689044][T30713] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1226.689068][T30713] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1226.689090][T30713] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1226.689104][T30713] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 1226.689120][T30713] alloc_inode+0x68/0x250 [ 1226.689140][T30713] new_inode+0x22/0x1c0 [ 1226.689161][T30713] hugetlbfs_get_inode+0x313/0x750 [ 1226.689179][T30713] hugetlb_file_setup+0x3cc/0x5b0 [ 1226.689197][T30713] newseg+0xabb/0xed0 [ 1226.689246][T30713] ? __pfx_newseg+0x10/0x10 [ 1226.689265][T30713] ? down_write+0x146/0x1f0 [ 1226.689291][T30713] ? ksys_write+0x190/0x250 [ 1226.689305][T30713] ? ksys_write+0x190/0x250 [ 1226.689322][T30713] ipcget+0xee/0xf50 [ 1226.689340][T30713] ? do_futex+0x192/0x350 [ 1226.689361][T30713] ? __pfx_do_futex+0x10/0x10 [ 1226.689383][T30713] ? __pfx_ipcget+0x10/0x10 [ 1226.689402][T30713] ? __x64_sys_futex+0x34f/0x4d0 [ 1226.689419][T30713] ? __x64_sys_futex+0x358/0x4d0 [ 1226.689441][T30713] __x64_sys_shmget+0x13b/0x1b0 [ 1226.689460][T30713] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1226.689485][T30713] do_syscall_64+0x106/0xf80 [ 1226.689505][T30713] ? clear_bhb_loop+0x40/0x90 [ 1226.689523][T30713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1226.689539][T30713] RIP: 0033:0x7f8a1819c799 [ 1226.689553][T30713] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1226.689574][T30713] RSP: 002b:00007f8a163f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1226.689590][T30713] RAX: ffffffffffffffda RBX: 00007f8a18415fa0 RCX: 00007f8a1819c799 [ 1226.689602][T30713] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1226.689612][T30713] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1226.689622][T30713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1226.689631][T30713] R13: 00007f8a18416038 R14: 00007f8a18415fa0 R15: 00007ffcdd5e1c78 [ 1226.689652][T30713] [ 1227.338136][T30712] Process accounting paused [ 1227.450104][T30726] can0 (unregistered): slcan off ttyS2. [ 1227.902113][T30745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8093'. [ 1227.937144][T30745] netlink: 'syz.2.8093': attribute type 1 has an invalid length. [ 1227.977330][T30745] netlink: 5 bytes leftover after parsing attributes in process `syz.2.8093'. [ 1229.901111][T30793] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8103'. [ 1229.981071][T30795] netlink: 'syz.4.8103': attribute type 1 has an invalid length. [ 1230.026869][T30795] netlink: 5 bytes leftover after parsing attributes in process `syz.4.8103'. [ 1230.450874][T30806] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8113'. [ 1230.511011][T30812] netlink: 'syz.4.8113': attribute type 1 has an invalid length. [ 1230.565751][T30812] netlink: 5 bytes leftover after parsing attributes in process `syz.4.8113'. [ 1233.219350][T30878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8117'. [ 1233.269538][T30878] netlink: 25 bytes leftover after parsing attributes in process `syz.0.8117'. [ 1233.850768][T30892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8121'. [ 1233.897099][T30892] netlink: 'syz.2.8121': attribute type 1 has an invalid length. [ 1233.942172][T30892] netlink: 5 bytes leftover after parsing attributes in process `syz.2.8121'. [ 1236.346289][T30122] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 1237.978018][T30966] zswap: compressor not available [ 1238.621862][T30984] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8141'. [ 1238.943106][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.949473][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.888544][T31030] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1240.902725][T31031] netlink: 25 bytes leftover after parsing attributes in process `syz.0.8162'. [ 1240.943943][T31030] input: f as /devices/virtual/input/input38 [ 1243.684233][T31088] device-mapper: ioctl: Unable to rename non-existent device,  to [ 1244.455899][T31103] random: crng reseeded on system resumption [ 1246.274348][T31111] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1246.534014][T31129] can: request_module (can-proto-0) failed. [ 1246.998896][T31145] FAULT_INJECTION: forcing a failure. [ 1246.998896][T31145] name failslab, interval 1, probability 0, space 0, times 0 [ 1247.102914][T31145] CPU: 0 UID: 0 PID: 31145 Comm: syz.4.8183 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1247.102952][T31145] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1247.102961][T31145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1247.102971][T31145] Call Trace: [ 1247.102977][T31145] [ 1247.102983][T31145] dump_stack_lvl+0x100/0x190 [ 1247.103013][T31145] should_fail_ex.cold+0x5/0xa [ 1247.103034][T31145] should_failslab+0xc2/0x120 [ 1247.103051][T31145] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1247.103073][T31145] ? vm_area_dup+0x27/0x8e0 [ 1247.103097][T31145] vm_area_dup+0x27/0x8e0 [ 1247.103119][T31145] __split_vma+0x18c/0xd90 [ 1247.103142][T31145] ? __pfx___split_vma+0x10/0x10 [ 1247.103166][T31145] ? __pfx_mas_prev+0x10/0x10 [ 1247.103195][T31145] vms_gather_munmap_vmas+0x39f/0x1500 [ 1247.103221][T31145] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 1247.103244][T31145] ? mas_walk+0x6ef/0x9b0 [ 1247.103271][T31145] __mmap_region+0x492/0x29e0 [ 1247.103293][T31145] ? rcu_is_watching+0x12/0xc0 [ 1247.103317][T31145] ? trace_pelt_se_tp+0x159/0x1b0 [ 1247.103337][T31145] ? __pfx___mmap_region+0x10/0x10 [ 1247.103361][T31145] ? update_cfs_rq_load_avg+0x51/0x550 [ 1247.103392][T31145] ? __lock_acquire+0x4a5/0x2630 [ 1247.103414][T31145] ? kvm_sched_clock_read+0x11/0x20 [ 1247.103433][T31145] ? sched_clock+0x38/0x60 [ 1247.103463][T31145] ? lockdep_hardirqs_on+0x78/0x100 [ 1247.103483][T31145] ? finish_task_switch.isra.0+0x205/0xb80 [ 1247.103500][T31145] ? rcu_is_watching+0x12/0xc0 [ 1247.103545][T31145] ? rcu_is_watching+0x12/0xc0 [ 1247.103565][T31145] ? cap_capable+0x107/0x460 [ 1247.103685][T31145] mmap_region+0x180/0x3e0 [ 1247.103711][T31145] do_mmap+0xc63/0x12f0 [ 1247.103732][T31145] ? __pfx_do_mmap+0x10/0x10 [ 1247.103749][T31145] ? __pfx_down_write_killable+0x10/0x10 [ 1247.103775][T31145] vm_mmap_pgoff+0x29e/0x470 [ 1247.103796][T31145] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1247.103813][T31145] ? do_futex+0x192/0x350 [ 1247.103832][T31145] ? __pfx_do_futex+0x10/0x10 [ 1247.103851][T31145] ? snd_pcm_oss_ioctl+0x2b6/0x3720 [ 1247.103873][T31145] ksys_mmap_pgoff+0xe1/0x650 [ 1247.103889][T31145] ? __x64_sys_futex+0x34f/0x4d0 [ 1247.103915][T31145] ? __x64_sys_futex+0x358/0x4d0 [ 1247.103935][T31145] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1247.103952][T31145] ? xfd_validate_state+0x129/0x190 [ 1247.103979][T31145] __x64_sys_mmap+0x125/0x190 [ 1247.104004][T31145] do_syscall_64+0x106/0xf80 [ 1247.104024][T31145] ? clear_bhb_loop+0x40/0x90 [ 1247.104042][T31145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1247.104058][T31145] RIP: 0033:0x7f8a1819c799 [ 1247.104072][T31145] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1247.104087][T31145] RSP: 002b:00007f8a163d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1247.104102][T31145] RAX: ffffffffffffffda RBX: 00007f8a18416090 RCX: 00007f8a1819c799 [ 1247.104113][T31145] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 1247.104123][T31145] RBP: 00007f8a18232c99 R08: 0000000000000002 R09: 0000000000008000 [ 1247.104133][T31145] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1247.104143][T31145] R13: 00007f8a18416128 R14: 00007f8a18416090 R15: 00007ffcdd5e1c78 [ 1247.104164][T31145] [ 1248.213008][T31160] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1248.352178][T31160] ptp ptp0: new virtual clock ptp1 [ 1248.429732][T31160] ptp ptp0: new virtual clock ptp2 [ 1248.459303][T31160] ptp ptp0: new virtual clock ptp3 [ 1248.471585][T31160] ptp ptp0: guarantee physical clock free running [ 1248.960233][T31184] bridge0: port 4(gretap0) entered blocking state [ 1248.987410][T31184] bridge0: port 4(gretap0) entered disabled state [ 1249.018754][T31184] gretap0: entered allmulticast mode [ 1249.041312][T31184] gretap0: entered promiscuous mode [ 1249.300972][T31177] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1250.989753][T31212] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input39 [ 1251.838342][T31212] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40 [ 1252.368387][T31235] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8206'. [ 1252.433026][T31239] netlink: 'syz.4.8206': attribute type 1 has an invalid length. [ 1252.470140][T31239] netlink: 5 bytes leftover after parsing attributes in process `syz.4.8206'. [ 1253.589809][T31248] Process accounting paused [ 1253.872805][T31263] device-mapper: ioctl: Unable to rename non-existent device,  to [ 1255.550879][T31284] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8219'. [ 1257.594381][T31302] Process accounting resumed [ 1259.347003][T31345] netlink: 'syz.4.8234': attribute type 1 has an invalid length. [ 1259.383470][T31345] netlink: 9 bytes leftover after parsing attributes in process `syz.4.8234'. [ 1259.865890][T31353] ================================================================== [ 1259.865908][T31353] BUG: KASAN: use-after-free in fbcon_prepare_logo+0x94e/0xc60 [ 1259.865971][T31353] Read of size 26 at addr ffff88806d3cafee by task syz.4.8235/31353 [ 1259.865985][T31353] [ 1259.865996][T31353] CPU: 0 UID: 0 PID: 31353 Comm: syz.4.8235 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1259.866026][T31353] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1259.866035][T31353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1259.866045][T31353] Call Trace: [ 1259.866051][T31353] [ 1259.866058][T31353] dump_stack_lvl+0x100/0x190 [ 1259.866080][T31353] print_report+0x156/0x4c9 [ 1259.866102][T31353] ? __virt_addr_valid+0x81/0x620 [ 1259.866122][T31353] ? __phys_addr+0xe8/0x180 [ 1259.866139][T31353] ? fbcon_prepare_logo+0x94e/0xc60 [ 1259.866154][T31353] kasan_report+0xdf/0x1e0 [ 1259.866170][T31353] ? fbcon_prepare_logo+0x94e/0xc60 [ 1259.866188][T31353] kasan_check_range+0x10f/0x1e0 [ 1259.866205][T31353] __asan_memcpy+0x23/0x60 [ 1259.866225][T31353] fbcon_prepare_logo+0x94e/0xc60 [ 1259.866244][T31353] fbcon_init+0x10a0/0x1820 [ 1259.866260][T31353] visual_init+0x320/0x620 [ 1259.866332][T31353] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1259.866355][T31353] store_bind+0x609/0x730 [ 1259.866376][T31353] ? __pfx_store_bind+0x10/0x10 [ 1259.866395][T31353] dev_attr_store+0x58/0x80 [ 1259.866413][T31353] ? __pfx_dev_attr_store+0x10/0x10 [ 1259.866429][T31353] sysfs_kf_write+0xf2/0x150 [ 1259.866448][T31353] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1259.866463][T31353] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1259.866481][T31353] vfs_write+0x6ac/0x1070 [ 1259.866503][T31353] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1259.866520][T31353] ? __pfx_vfs_write+0x10/0x10 [ 1259.866547][T31353] ksys_write+0x12a/0x250 [ 1259.866560][T31353] ? __pfx_ksys_write+0x10/0x10 [ 1259.866576][T31353] do_syscall_64+0x106/0xf80 [ 1259.866596][T31353] ? clear_bhb_loop+0x40/0x90 [ 1259.866613][T31353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1259.866629][T31353] RIP: 0033:0x7f8a1819c799 [ 1259.866642][T31353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1259.866658][T31353] RSP: 002b:00007f8a163b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1259.866673][T31353] RAX: ffffffffffffffda RBX: 00007f8a18416180 RCX: 00007f8a1819c799 [ 1259.866683][T31353] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1259.866701][T31353] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1259.866711][T31353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1259.866720][T31353] R13: 00007f8a18416218 R14: 00007f8a18416180 R15: 00007ffcdd5e1c78 [ 1259.866735][T31353] [ 1259.866740][T31353] [ 1259.866745][T31353] The buggy address belongs to the physical page: [ 1259.866752][T31353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x226 pfn:0x6d3ca [ 1259.866767][T31353] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1259.866780][T31353] page_type: f0(buddy) [ 1259.866794][T31353] raw: 00fff00000000000 ffffea000084f188 ffffea0002b85cc8 0000000000000000 [ 1259.866809][T31353] raw: 0000000000000226 0000000000000000 00000000f0000000 0000000000000000 [ 1259.866818][T31353] page dumped because: kasan: bad access detected [ 1259.866827][T31353] page_owner tracks the page as freed [ 1259.866832][T31353] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 30836, tgid 30828 (syz.1.8109), ts 1231284040839, free_ts 1232016990901 [ 1259.866858][T31353] post_alloc_hook+0x153/0x170 [ 1259.866877][T31353] get_page_from_freelist+0x111d/0x3140 [ 1259.866897][T31353] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1259.866917][T31353] __alloc_pages_noprof+0xb/0x1b0 [ 1259.866936][T31353] pcpu_populate_chunk+0x118/0x990 [ 1259.866956][T31353] pcpu_alloc_noprof+0x833/0x1c50 [ 1259.866976][T31353] bpf_map_alloc_percpu+0x9a/0xf0 [ 1259.866998][T31353] htab_map_alloc+0x1054/0x14e0 [ 1259.867033][T31353] map_create+0x84e/0x2ba0 [ 1259.867045][T31353] __sys_bpf+0x2091/0x4b90 [ 1259.867060][T31353] __x64_sys_bpf+0x7b/0xc0 [ 1259.867076][T31353] do_syscall_64+0x106/0xf80 [ 1259.867095][T31353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1259.867109][T31353] page last free pid 29801 tgid 29801 stack trace: [ 1259.867117][T31353] __free_frozen_pages+0x7e1/0x10d0 [ 1259.867134][T31353] pcpu_free_pages.isra.0+0x13c/0x1c0 [ 1259.867152][T31353] pcpu_balance_workfn+0x24e/0xdd0 [ 1259.867171][T31353] process_one_work+0xa23/0x19a0 [ 1259.867189][T31353] worker_thread+0x5ef/0xe50 [ 1259.867207][T31353] kthread+0x370/0x450 [ 1259.867224][T31353] ret_from_fork+0x754/0xd80 [ 1259.867243][T31353] ret_from_fork_asm+0x1a/0x30 [ 1259.867258][T31353] [ 1259.867261][T31353] Memory state around the buggy address: [ 1259.867269][T31353] ffff88806d3cae80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1259.867279][T31353] ffff88806d3caf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1259.867289][T31353] >ffff88806d3caf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1259.867297][T31353] ^ [ 1259.867305][T31353] ffff88806d3cb000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1259.867315][T31353] ffff88806d3cb080: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 1259.867323][T31353] ================================================================== [ 1259.867333][T31353] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1259.867346][T31353] CPU: 0 UID: 0 PID: 31353 Comm: syz.4.8235 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1259.867378][T31353] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1259.867387][T31353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1259.867397][T31353] Call Trace: [ 1259.867403][T31353] [ 1259.867408][T31353] dump_stack_lvl+0x100/0x190 [ 1259.867429][T31353] vpanic+0x552/0x970 [ 1259.867444][T31353] ? __pfx_vpanic+0x10/0x10 [ 1259.867459][T31353] ? __pfx_vprintk_emit+0x10/0x10 [ 1259.867475][T31353] ? fbcon_prepare_logo+0x94e/0xc60 [ 1259.867490][T31353] panic+0xd1/0xe0 [ 1259.867503][T31353] ? __pfx_panic+0x10/0x10 [ 1259.867519][T31353] ? fbcon_prepare_logo+0x94e/0xc60 [ 1259.867535][T31353] check_panic_on_warn.cold+0x19/0x34 [ 1259.867552][T31353] end_report.part.0+0x3a/0x90 [ 1259.867573][T31353] kasan_report.cold+0xe/0x18 [ 1259.867598][T31353] ? fbcon_prepare_logo+0x94e/0xc60 [ 1259.867616][T31353] kasan_check_range+0x10f/0x1e0 [ 1259.867636][T31353] __asan_memcpy+0x23/0x60 [ 1259.867656][T31353] fbcon_prepare_logo+0x94e/0xc60 [ 1259.867676][T31353] fbcon_init+0x10a0/0x1820 [ 1259.867699][T31353] visual_init+0x320/0x620 [ 1259.867717][T31353] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1259.867740][T31353] store_bind+0x609/0x730 [ 1259.867762][T31353] ? __pfx_store_bind+0x10/0x10 [ 1259.867781][T31353] dev_attr_store+0x58/0x80 [ 1259.867798][T31353] ? __pfx_dev_attr_store+0x10/0x10 [ 1259.867814][T31353] sysfs_kf_write+0xf2/0x150 [ 1259.867832][T31353] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1259.867847][T31353] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1259.867865][T31353] vfs_write+0x6ac/0x1070 [ 1259.867887][T31353] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1259.867904][T31353] ? __pfx_vfs_write+0x10/0x10 [ 1259.867931][T31353] ksys_write+0x12a/0x250 [ 1259.867944][T31353] ? __pfx_ksys_write+0x10/0x10 [ 1259.867959][T31353] do_syscall_64+0x106/0xf80 [ 1259.867979][T31353] ? clear_bhb_loop+0x40/0x90 [ 1259.867995][T31353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1259.868010][T31353] RIP: 0033:0x7f8a1819c799 [ 1259.868022][T31353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1259.868037][T31353] RSP: 002b:00007f8a163b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1259.868052][T31353] RAX: ffffffffffffffda RBX: 00007f8a18416180 RCX: 00007f8a1819c799 [ 1259.868062][T31353] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1259.868072][T31353] RBP: 00007f8a18232c99 R08: 0000000000000000 R09: 0000000000000000 [ 1259.868082][T31353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1259.868091][T31353] R13: 00007f8a18416218 R14: 00007f8a18416180 R15: 00007ffcdd5e1c78 [ 1259.868106][T31353] [ 1259.868184][T31353] Kernel Offset: disabled