last executing test programs: 14.870669026s ago: executing program 3 (id=764): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv6/conf/veth0_to_hsr/mc_forwarding\x00', 0x2, 0x0) r0 = openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x20000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/timer_source\x00', 0x20080, 0x0) unshare$auto(0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/zram-control/hot_remove\x00', 0x8001, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x68) ioctl$auto_FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000080)) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) execve$auto(&(0x7f0000000040)=':,\x00', &(0x7f00000000c0)=&(0x7f0000001340)='\x05\x00\x00\x00\x00i\x00\x00\x02\xac\xbc[:U\x8e\x03B\xfbPN\x00\x0e\x01\x00\x00\xfd7\x83\x85\x01\xd1\x86\xd5\xeb8m\xa8\xe7Z\xd0\xf1\x9e\xcc\x89\xbb\xec\x13_\xea/TK\xd9\xa8\xa5\x11\xe7\x98\xe8\x8b\xc4z\v\x85QZ\x84\xac\x00\x00\x03p\x8b\x93ix\x04\xaeK\xafr9\x8dqw\x00\"`M\x05\x9c\xadc\x11\xfa\xba#\xc8CYV\xe4@\xd1\xd8z),\x14B\x8c\xde7\xc1\xc0\x03\xd6\x1fi\x02\xeb\x1b\xac\xf4\xd5\xf6\x9d$zu\x00\xde\x8a*8\xf5iJ\xe7\x80\xb5\xfa\x97L\xd3\x05\xc2\x05B\x11\xb8\xfb\xf2\xaf\xb8\x82j\xb0j[\xe3\xb8M\xacu\x03k\x00\x00\x00\x00\x19\x19\x89\n\x92\xf4\xa8\xb7f I\x06$\xf5\xd3\xbfF\xca\x8f\x7f\xb0u?c\xea\xd3\x01\xf6\x1a\x13\xbd-\xdf\x06t\xd9\x97\x8f\x81Sd\xe5\xdc\x81\x91\x8e\xdc\xcb\xfd\xfd\x90\xf6\xcd\xca\xf6BD$\t\xfd\xbd\x058\xe7\xdb\xe0\xbda\x05+\xf0Qk<\xbfx\xf7\xacL\x9dJ\xa1E\xabZ\xba\xc5\x8e\xca\bx^fn\xd3\xc6\"\f\x90\x95~j\xb4\xdb\xf6\xe1f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xccT\fZq', 0x100000a3da) sendmsg$auto_SMC_PNETID_ADD(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x38, r4, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@SMC_PNETID_ETHNAME={0x5, 0x2, '\x00'}, @SMC_PNETID_IBNAME={0xb, 0x3, '\'[\':]%\x00'}, @SMC_PNETID_NAME={0x7, 0x1, '\xf8/\x00'}, @SMC_PNETID_ETHNAME={0x6, 0x2, '$\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0x801) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) r6 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000240)='/dev/cec25\x00', 0x40000, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/thermal/cooling_device0/max_state\x00', 0x500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f00000005c0)=""/8, 0x8) ioctl$auto_CEC_DQEVENT(r6, 0xc0506107, 0x0) madvise$auto(0x6, 0xeff, 0x15) writev$auto(r6, &(0x7f00000001c0)={&(0x7f00000000c0)="89e30f18a922824e9877dd38e1efdf5aa22b738f4d3b9b0014a6bc2a206b3726205d14c04f4801452e89411b2af59c1a5ed9cd95816d41d62558e9fd24d3798ad1d550d5939fa38e5bfbbf6276d3e882bd415486e6e70392b8287f7c32a8bd40a10ec083f94ad6a7d964e10b1fdacb02a3c460b89026c280e7ef95ec81c6ffebd2da2aad8226c4e9baee136b1c66e2ef2d0297374c2cb7a8970faf73dd38bfa2b434f1924a682b3570792ca2a24280974816cdf83b0be5cbdf730c97cbecaf1caddce62f8ad177799543808b57394836c0bdf34d2f802eeaa07d", 0x1}, 0x7ff) sendfile$auto(0x1, 0x3, 0x0, 0x400000) ioctl$auto_FS_IOC_SETFLAGS2(r0, 0x40086602, 0x0) 11.917238638s ago: executing program 0 (id=770): close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x102, 0x6, 0x801, 0x5, 0x0}) mmap$auto(0x0, 0x420009, 0xe2, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0xc) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x240202, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r2) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=r5, @ANYBLOB="200026bd7000ffdbdf25050000000500060004b7d591b41a18b5d790000000050c0000000000000800090000010000080009000400"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0xc001) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) socket(0x18, 0x3, 0x2) bind$auto(0x3, &(0x7f0000000180)=@l2={0x1f, 0xe, @none, 0x7fff, 0x2}, 0x6a) ioctl$auto_KVM_CREATE_VM(r3, 0x4048aecb, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r6) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002abd7000fbdbdf25040000002d0011"], 0x44}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x29}, 0x20100007}, 0x3, 0x0) 11.587547159s ago: executing program 2 (id=771): openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/options/overwrite\x00', 0x40800, 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) io_uring_setup$auto(0x59, 0x0) r0 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) ioctl$auto_BTRFS_IOC_SCAN_DEV(r0, 0x50009404, &(0x7f0000000140)={@inferred, "71daa36b4294d55267ed5c4127b5b33707ef003e90072d2b5e4bbecb31f338a9e3d894682fbec3953f127be7e455269d057f2fb34ae6c48a727217534cdf1df8f34f34ce006a4ac179d6108d2b144540edd86fbb8bd650b1f5a959bb46b97dc36bf559dee29900447f495c4f58e967cdd0eb84732c8ac93ec3996b10f2cf1357f773a4c40b6e8182e71cbc17db5543a1104db5bb4142dcd7c3ae47e45b4492f2ec82c9737141c5ff3f8236a15791a001ff120aac9a0d16b9332ff649fbf7ced47d486be59f6fb496fd229f4102f81918ece126cdfb35ba3ed2916c3b6b3c47a85f8bc8584600625b3850f3283ba8de944a25691a7663b01fe95ee6caca21adafa2858b7ac79973c1d6e7988af38ac9d7ed0cc5be7f8945ae609f89e6a03ef059594e8b1c01dfd299062d3e15aff3fdeafadce970bdcc7969ae2e0a9b2dc7de0e62bc951b285b16ab7c0dc6536acea810c7c843071f06362ec0fe86b41629f6f78590a5d74943d29d206daba87420c73d81b87c7c472167337d15ad4575931cbe13c1c55051340468b499ac66dc313ff583aa829536ae873c0d3cfab502acfa654f0ff0ab1d58b553ce48489d005a988d02d428fb66276cb2aa13b23b6be287ddf5d262c7efb4efa0ee9fdff2c7b7e4826fed94f51492fb83645e8d0f2f6b985c7c88107687ac28d9194f278791e4e58e1fb09edd36d5dd70549943c8d3aae5b06efda7a2e2045a80eee373c70d8c465442142c327d559aecc9bdbcbe657c2ae3b0e9e2309b1ade78473f2f288eace3f17c668fa2d9232d00d97eeab2b3c2c3d6707b50e2bbea9169ff38f38be24a75f128b3b8183c670c96387013f7d3d5c91aea6a33859cf5599e1c1d40ad6aca61fde686cf36df766f30e8de39dc9badc9aa151520ac3b0ab7a646f8fc929b9b30223e4374103615be76dacbedf945f9293345b77983ff816f00131dc925c948ede83ebeca7c816d0aaafd28038f577e1d03835bb30b94666cecfc07620b24d2b057c97a458f51b8f3b23a59b0d2c1db0edbf514b1a0639614e2a021756865720ca8a9324451b96484eb88613383cc24d7d211e924101ffcd41df28b3b9b5973abe5c279a941aff8bd8eafe42c6fbedb61c39caef9cba132eb970f69febfb67f9516c4d6b7de655559b10ab37a9a64d655437c44bed6a33b7e6650cda6265b91560efbd995c6456c097ac8e602bdad90fa1877b42d80b2b029e37ed1fb06819cadb726b028b20ee1a4b93da503e0ec5a23ba4b72a2d115b110755e26f4e8cf9997c487ff86dd79b57366d550932a5a7aaa93dfd35f9c6c4dc13b84a11e58c7ee0af0fb88be988a36af2ffe99d2e04fc03f7278e39513bf530a2a18a8d078af1ebb9fbcffd8fa2cfc99e901aa4dd89f4191c4198fca97c35620a74be6c08c0301d0918578a9e74eead3211e9ad6771560d75bb79add62aa6eb85233d1fe33de64b2d9a639e48a378cae7f30a4c6a77de151a1b8254099f69e99ac2e8fd7f426a35dd0b031a30e5e9cb550f69c792e2a4fdb129fd54d3f8a8d2f7200313b0c7f4a6574f31b22f5ab80abd3ff94957ad04142c50ba37c77cba0ecf85d3cad0f4af3e43c2ca4e6abd54d9cf3a03a8f6083ac805da009e0c4cdec59ebf96dce928cd04ba021db157cf443b2e9f448d9a8aa936f073fd7e141c80a1f739ec8db7574cf6cd24697ec9b0478e3f9ab9898f22d9009f45b2f0d5a8de3d4cc4c3f463caab0be26f94819748a2e84f20951846c2579c9d1b5ddac1405e4a2dfe1fe3ce974d063cf088e9f01ad82cdfb7238e006862d351649fffca869beebe63fe7c0a0bf0248161a82165ecfb519b57b376056b1fc6835355a4578f0a478ab8693b0eb7a2e381a1bfdb59251ea51d306de6299cf357e53e462d207a5727f55716b05dfa136f78544e42706a30e78b7d334b50731571c765e172c41f1809d9d5e3b2fefed7c26043eb5e52b6f892f9bdd8aab6ceaabb781ea267088ddc0e4ab5c9ff946e019c3453358e74519269e639f73073368e113c8e4e0b2b8b873a902b79a6f343901a16be1d49d27add285e85aa08688056ee8e48674189e4b2d5b61caa79e1a8fdb4730a583e11c3c329d1271501f3297ce6a09989c1a2f269aa4e219fd3a5405bd3d50d03bba25ca794a7830752897631e6343a2672b0b4f6ebd529c9191a7f5901d319e079787de19eeea8011c80f60ff75c1f9af95d5b2dae0325d4baf10746d9b24350e5472758a8d7a56d36b4f2c0bf252aae69578e972919cbac76b669aa0c704cc8e4a21f179949def48e31a3f7892af1f2146d2755b61ac88d268936ce430c3b042a264cda0ffce4225e2add03f1dde2a7f4fdbca08355d2bb47ed210487c67b38e34ce249211da48d5cd2395bb2b621a809772d348999e95db80877dcd5607e406d55d396446a9974d1440767bc7ad0e5d4b68c79acbe32407b0d17ceaab14896c1fedebe820fb9c5a0822c60f38e8398547af09961e967f3fe3ab03e36e8ce5ad190e72d884982bf2a6e5e775c47d27b17d8330eaede9410beb9c67d0f0aadb8f032f84336869ea3484be38fe857860ac62256bb3e53b29c74d72bf1e266e0a1324200436cce984e2b8d58a3d3e5101e2235a56186a6f7893bddf1f90dafae04ae842fbb66d04d59acdf293d0b61003c836b3dfdc60d385b0e8a31d888fad31358016878e11dce3e9281a8fd419661df5bb9208464b8661f3105cdc095939dce012a0c61bdb3b3c8d4e4e078e9c61c98595da41a3e883464db56e5a8d406f4741873b814c006dd34ae2b2de9944b41f1048c6ded602a4e5c73c02bc9c800663f389bbf1f736a86dcf749b7d336b953af9f4fdaed0947d9b95a1e83b8a556c4120cb61d6a7fabd0a87734b8d16ab536c9766d1811cdb3b339b27e0e689e0a651c5d92b56b6d24789c794f10b4fb5761ef32e4f5de0943310894f139a802e2bfc41c89e5708c5568b48fae5402a28bf0b24424abaa819e6e7be37bd92c78d0f8dbc07edd3a1909ae5a02a21fd82d37d620b5537b0b8090a966641c282b10155179b5015cccec6e0e44dbf49a39249885cc70b32f067c16f2893fa9d872bf94f757268301d96c0a25acc423d68ce5c041f7158fb1357b89502a8f3e8efce9368ef13a78753d541d7cb2a67f4e7ed3d60918e14fc97e2f8893f3bdd4e960f5df4f7c1741566dea445cac7740d41da7bab86b2cf53c42754615deca284e3f99a1f246fc8198fbfabdd5368b937a366ed6fecd9939fa96f468f988b0ef019e41e905941f59f36c8c6738947db9d5cae36ee039d2da0c52199f64f399910dcb6633ee33ee01a377ddb308e19ab1523d26967b044f1d134759f44966ef4fdc8afb60e6c2432b5233f4045d88da31e335745b5c00b4038d7c18ad1a5d13d91f1ee2caf0d653bda6a1822f33f1a2579c0082a61017ac1bbc8b109f0a732c07f68c901539c81e81069bd514551e06884dbc67dfa3198ccbf488705383517ac62ce43c93c4e07b454b2815c8e30d09a86b9a5de973126c78764b3a8c787b4cd857d769a6f9611a49c8ba9bfdc7368556d23b0767aeab3547c5bb2640638db2450179b13588b9853956f9f6391eeab3aa9137f5b64a4b94909bd7743f22a08d713c5e4d634b1741414ebaadc19da7b3ded8a5d993da0a208d475396dab3ac54a983adcb499e28c591f98fcca07c6c4d51643474c9d37d83b8feaccfb77c62f01e6a0783eaa887ca5c7792f33aacb09ba8213740223a6d3f6b4d2fe7a73e0006d8aa813fd977a993696eeaa0814993ac349e0a6654ba23bb498baff4c337c8e2dbffaee3326a3ca1918c48d089438a11701a990880c78decca2b983a43803889efb4c69d50ab73986a060d921ebd95f38aae5a2c02b48a33f640dbb8bf2f571921d38bafbf633813b93552b938d1447fe7017c6fff737a24495034c18e76f6d06dd981cffebec52e471121c54bfd37b188c1f739f33cae49366ed27356639e2942978a7e84a784c409cdeff4f0f1c92fdbf00024567c2c670acf6e4331c54b8cad4fce75291ff15b86fb21a7e3772aed38b72b6883a4bb1e01d47ec5d28f36848b810de66700c00f2ca4f96a94edf7f67a54d8de82b831b1b4f37bfbecc35dafad46631045c659c722c7c987203bbbc9dc938de020134a83afcb888a1584e324a9fff43e448898255ec16962fda4c28a450926356e46b949c4e8e63d29e032d9ee0b0609ff530aa94efe1fac87dc6a7a7d153911e9615f8725e61ebaac7bc17f02a981251cd90837ea97d2fafca0c1beb5325621bfd71f43c03455e1b3ac0d5c6663a191a9b781fb2ad5355916ac7d8f2e1a315173184b9112df9185489d77fdde7cfe9b0ed3b7e3846e849b66636d3694dcf573f19703fd3a44f87c6d7c4e9177a359b71db786762fc55b5c1a685aa25ed8473623d44549113221721b71297ffeb27860e14d39f474fbdaa7e4cd32d125c386b430b2a5609af429288d457b7922c8a23c19a9f982f07f914d8994873c78532ff6fa5fe6d70e865e943acc90654d8a6ed78e48e8dc8d2f8828f671c23488ee64ce11c21c41240b8110df60a4d0f44c9d10dde60105c157dc20d9da8beafb254b28345c8265f67ee5c6da97d34324fe45028982f4c8e60086a0043018060d0d0fd5df309441b38a9c9632c583adbe5425988bfc78a0d01914df354dcd8d670f7c225927a44c16c31f78e95f265d43f4b7820ce6a0b5972061a042ee90f29c2899014f8917ae34601733cacd7c9f0a108ca4e729babd329cfe314db1fc25a2f413592a87ebcfc66486d9d31148b87bd09845f4e9028c6a43077d7f4322b231f5ec6b9d9f866053577f310b72f68568a0320b5bc586af2e8af92a1a5665476932fcf8a8460104426ec2c302d511248c46c84906fbab6dc2302e421b65b9d91c78e2f28c4966eab0fbf56ab82d065dc596d4dbdee1c138f61d66260ed7571f35cd1b1fc90fa7c6093d43c8e4377a39215e4590fe9e13a53dbff606029651bfd6a2ee7525d416a4947e9a9c34e764c1f6014b546e7765e3131cfd9a3af54fd8b6d48983df35464d89b6463ecf6817ab887d196b8563d0f34a366f974543d9a3727d1690e36c7dc69bb5eb0e1c146d93ac1d4db5ea57b0f246075b13e49c7c31c160324c8bf66d8af1887eb1ed5b0e52894495bd10bc7306a4fbbdad76409066d2bd321b5e307a255bfbd8501ae740f12f2080eb3f55731aced7e2e59468b98b525e1423a26fb2b0f426f7569658f7eceac2fa0ab03ebc20c99dcadd3b6d87600cd37cfc2d5c34ccaff3b249b344d5b88b84e9d43fb63debe68ba3da27eafe3c115c4b159e74426c3d2f35f37b7a4079e7d80924c9c282a8359a7add5d6b73f28c41553fe0d565122b9c5430c2a2fbaf3a458a6cce0eb093d41ca7811df72bedb06adf6d267ab889ee943dccfaefd6341543f56779e04b079555e720194b5302c0d3955db807d9c762200d4a3f1886fea1c77f9023e82553d72255ef4e341a6aa0bbf31cf67ea9648cd2ad8dd9783a2a95e708ce38f4974d941657b3ffaad86561f576eee4b50899c9c464970cacadd46b8a3f3f020ef61145cd9c2b3eabe9dd19c831d06456f3a77ae61bbda31107c3abef02fb4d5d2cf55df2584508928e9ae10e2c24929c0e828550779dee74260340a51971d52fe89f0fa761218cd5f707ae67f08763b626813365bcaf5d2e7066ec5367a6db152370e726495059e0b1b9bcd4c0b17acad6d516f86d8db26e9ff039548a5c3b8c43375259de7f967"}) socket$nl_generic(0x11, 0x3, 0x10) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x6) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) socket(0x11, 0x80003, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) ioctl$auto(r3, 0xc038563c, r2) 11.037490624s ago: executing program 2 (id=772): mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/event0\x00', 0x68000, 0x0) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000001100)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0xa, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x8020009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = open(0x0, 0xe6a9030037b8afae, 0x69) fchdir$auto(r1) r2 = open(&(0x7f0000000100)='.\x00', 0x10000, 0x4c5) getdents64$auto(r2, 0x0, 0x18) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r4 = timerfd_create$auto(0x8, 0x800) ioctl$auto_MON_IOCX_GET(r4, 0x40189206, 0x0) read$auto_proc_pid_attr_operations_base(r4, &(0x7f0000000240)=""/126, 0x7e) request_key$auto_KEY_SPEC_PROCESS_KEYRING(&(0x7f00000006c0)='[{%\xbc::(\x00', 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe) r5 = syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) io_cancel$auto(0x1, &(0x7f0000000140)={0x9, 0x0, 0xe, 0x7, 0x1e, r3, 0x7fffffffffffffff, 0x7, 0xb5, 0x0, 0x8000, 0xffffffffffffffff}, &(0x7f0000000180)={0x7e, 0x180000000, 0x5, 0x80}) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r5, 0x200, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'macvlan1\x00'}, @NL802154_ATTR_MAX_ASSOCIATIONS={0x8, 0x27, 0xfffff800}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r5, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x14) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0xc090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4020090}, 0x40000) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) sendmsg$auto_NL80211_CMD_VENDOR(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r7, 0x1, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x400c800}, 0x814) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pwritev$auto(0xffffffffffffffff, 0x0, 0x2, 0xfffffffffffff274, 0x6) 10.805536622s ago: executing program 3 (id=773): r0 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="020027bd7000fddbdf2525000000050019009a000000060004000000000005002300080000003566ca2e7ce8e02b4f3aac6302c7fa3e483c90375aeb3d70008f14bae39cb08ee304e1ac864f6b96459a56356ead3f8f5d1b9f71288edad8ffe347074d3c703c0de2438c331b417fcdd06fb38aaac50b2505b4816590884e9cc67c2ce29515ca2b79c6b803bf98c6a1101619adeff3ae9226caa0e561e9d33b0d345f8e32c4f625926c97ca1c4075ac17714a09dbfbd8313ca91658e5bccad54b17d4803824f501943b540792e0363f7c2f08f2ee76834f08eea9d7a36a0c08c7e6216fbe48c0713d37478aa304fe0531be7c061c7f6e163e5041be29927f80ad0a764b"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r1, 0x0, 0x7, 0x4cbd5d) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec10\x00', 0x101901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000480)={'\x00', 0x8, 0x4, 0x10, 0x0, 0x20000001, "0573830014ae6d1c64f0c9cfc40a01", "354d40de", ' \x00', "0bea5a5a", ["8844f3d239ba5a2b00d1d4f1", "39eb04fad47fb285746e614c", '\x00', "19c57f7fee8d089a10cdd8c3"]}) write$auto(0x3, 0x0, 0x400000000000050) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x0, 0x53, 0x0, 0x0) mmap$auto(0xea88, 0x810004, 0xd, 0x10, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) socket(0x29, 0x2, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x800000005, &(0x7f0000000500)={&(0x7f0000000080), 0x1ffffffff}, 0x2, 0x0) setsockopt$auto(r2, 0x10000000084, 0x117, 0x0, 0x80) unshare$auto(0x40000080) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) setfsuid$auto(0xee00) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15a}, 0x6, 0x8, 0x5) prctl$auto(0x23, 0x6, 0x2009, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) 9.952662271s ago: executing program 0 (id=774): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x5, 0x84) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda\x00', 0x14fa02, 0x0) preadv2$auto(r1, 0x0, 0x6, 0xfffffffffffffffb, 0x4, 0x800) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = open$dir(0x0, 0x10000, 0x6) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES32=r2, @ANYRES16=0x0, @ANYRES8=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20008800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}, 0x1, 0x0, 0x0, 0x80}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfc0}, 0x8, 0x0, 0x8, 0x3}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) socketpair$auto(0x1, 0x5, 0x3b, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x8) mmap$auto(0x0, 0x861, 0x100001000000004, 0xfa31, 0x400, 0x8000) io_setup$auto(0x8000003, 0x0) kexec_load$auto(0x5b50, 0x2, 0x0, 0xe) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x88542, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000140), r0) socket$nl_generic(0x10, 0x3, 0x10) setresuid$auto(0x2, 0x7, 0x8080) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x2402, 0x0) ioctl$auto_EVIOCGMASK(r4, 0x80104592, &(0x7f00000000c0)={0x101, 0x8, 0x1}) inotify_init1$auto(0x3000000000000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) arch_prctl$auto_ARCH_GET_GS(0x1004, 0x8000000000000000) 9.154189658s ago: executing program 0 (id=775): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mlock$auto(0x1, 0x500) ioctl$auto_TIOCGDEV2(r1, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) socket(0x28, 0x4, 0x84) setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20) r3 = getpgid(0xffffffffffffffff) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f00000002c0)={{@inferred=0xffffffffffffffff, 0x4, 0x1, 0x0, "bfc956f7b829ea9bc64a831c54b927c5c84cdfcb6d840bf6034bbe162b339fcc0b9ad62f05f5e47256dc5c36", @raw=0x4}, 0x0, 0x5, 0xd77e, @inferred=r3, @integer={0x5, 0x2, 0x5}, "ff0931dc5a3fb879791acf380abcfd7f9f393a68114cc9d69244416e96525a166b971aae562cbc70472d48eb5f54d36edf407701d0d1c4e40409e86cafa60765"}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x800008000) getpid() socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) 9.043129228s ago: executing program 2 (id=776): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000000)="1c520b", 0x3) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x6) fsconfig$auto_SHMEM_HUGE_FORCE(0xffffffffffffffff, 0x7, 0x0, &(0x7f00000001c0)="5b0fdf8e7220ade733b697e361a312e8797cf9bc410c090dd180de688ae19ee0f7d3ce7f185fa1b9c9867d234fdb5c62c6e305f1df4ca134c6413371cb668566fc407fc2b99e953d74e9fe557dc0d6dd24b7fd497737dfcd44938915c5131197660e57624aba5b26b726415e50", 0xfffffffffffffffe) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = memfd_create$auto(0x0, 0x4) bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={r0, 0xffffffffffffffff, 0x4, 0xae30, 0x8, 0x9, 0xffffffffffffffff, 0x6, 0x7ff}, 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_STATION(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYRES64=r4], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40004) sendmsg$auto_NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000e40)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000e80)=ANY=[@ANYBLOB="b8090000", @ANYRES16=r6, @ANYBLOB="00042bbd7000fcdbdf25270000000400050151009d004b953e7a641037cb641e4599a6383a46dd98d1417ec4c9f6b2f1de6d3a38f58fd5a2268aae24f9ef04d27353c5827192cdf502bac4648c9a57bd87c2bfdc9fdce56fc6ed44bae62f10302a7589000000d105b20048d2c4fa9444af5649b57f098f269b21e5cb50b1b2fe7f9175fe58b18c506a3ab981e4d25fb812d42c5a927f2bbc8e9cbba70575753492aaa312835b79cc9ba9c7c340203da9c569238d47117799e71ab0e9ce235da3e1146c13864a7a85e53595045a5cf8f13323b329b34be74c4703cc326d6c9a920ccf18dce6f1565e7147219606093625caf97a7936a1f1e4d9b475132984d354748df78b5a0b461bb535c55be29243b9346bc6473a8d1169290414b03942787d5bfab92c5f23001efd5c8c1eca28472c7fb1c3c98502a533d801bac048edde246905132980acdf519e23025ebb43f581670d5bb82961309b94216cc2c1d3e48d2bae4269db1f6358490fbb4246565227f43e4b71b533ae96335935ac7734a1aef9acd63f5bff10a186c8b5dafe99a61b6ab114471e845f60494b0b4f25e946f08430dd0cfd43e3d8d12de5cabf6ab20bcf459b107956f5c185df69077b62697222d89af0a8ad8763b22ea062a8df7f8c8f560f57b0cda81e174381f4186c080e06a13b278b331c1f454572ca9754f38721235162246e6d538978a0ca3c67d2531e228a7561f7d9a4d0bc7875401a5ec0496210237111c90224bf7e04fcd66b274472d38132ca4ae0c757baf327038473460b84b7d4479e98d3d798247aa8866939b7bd6d0ef38c2f0b19d474caa9d9a94305ed7f1d8f7f823de407ecef639ddf1dd79fa12714bdecdc9e82f31b442433b39aaaa5b727b5a1d2ad1ff30eaa7498c19a7686b793cb80d7b11dfea22925801c33e5cbcf31a2372b35ecafca026b196e303486d9eb7a621b0db098ea7ca7cdb3440c7ce8e2b2a9c515e7cbfad09add81594bbed4a697335fceb12d010fa718c96c8d1afa38d4228498faf1145adeff1d045568093c1d1259d1c465c677241ae232fbcea6b7efaabb01ec77400d898631c536d4be9d3a08fc513be0ea7a1097bc42afd286d990c1bf80a646989dbd40d4b576966dec97ae38b9c4d860f4c89e4af89c87cd191791e4948a275fc19591435ee86aa82aa50fe0f46e9f2eb1ce5063b331f30f00d765e3802dfef99efd4e363a91478b64ab34b7033fe97f321dd14be41fda2e387de6f0f04ebc3694c2802d6cc70ac8b845b2fe5eccea1b55d7f4498464fb885dc7a382927265eb814d8f85305c6578ae83415a2e93a8f2c084d327cae85de70a870e8387cf726cce0ad27cf6aee79c4c3afcb981582d224df88f1bcdca01f1823dca8c947a2961a2bea0c49fabe9190bda5beb3a72f88aba7648b1324b73ec689d665e6420ea4f0d68a94abf3ff911898fc1d7a1cbace2f21959cbcdd6af2bb35fc0e86658b74353ed336f573258800e3c43ef5fe34e26182a4c96e40c2763160aaef2b9aedc456903cf3f861f28baea395dd6565e227b5349b7b495c10cd8167d2f8780beab060004ec72ed2992eae9a5a7215cf66d18575e47b1475e02595466d0f436083cc0ea5a61441f6551a57819453eaae376bfba08088cb1249b516650188a97824793a1bf11ab06f172ef148cd2bd56073d0ec52a909572b07af4f730c125621a820b909fa2abc66b0f71a5f763ad067bebb69102bd6c269b650f51ee0da9d87466d897e5b92a92538295bd03147ca9931c528722dad4a96b7a1bbc420590d7e93dfaf6d3e478e5b8255f67cbb9740ffd0b66f6da1ced563c27dcc43355d7be6dc67d7ccf9ab2168baa55c2e6be8e9a935ac6ea6bb69ffd712d915431c1dbe951f7a905184850ec4c166481296380b71f75546a84e6023b54c6dfaa94f55ec3ce9f2f05d97b7cea6a7faa131f7a80c360a9251698c12e22c0af6c7baa6428c8a38f0bd59833fc27ddcbeef0029e8ab80f69318988a45ae0a6336bbc0afed9c9d14238554b4c67741bccc6f775310df836b1f861f222c4dcf90172c67a7053ea5400db0c1461cb26ba3bdea02ce8c4654c99b52961eb86cba19a47ef8be753fbc3b17f78112f2a3331641d5404ec6b75c28fbcb08b2e3d8e8edce05c6185a7ee0f7f9da017a70b300fe3299efd9d34247fdcfd7fc9fbaf6143a02fe6764f40448169d970c857139b3ed97316c0ecd62fec8f13750ceb687d187d2d928d000000d30080008b30564be78a386bb01cfb4ee1dbb21f4ec97b9c5f397f02e887c8a1a16e82bd14cfa6413466506f6b6c962a70b091485fa449529a953309d307e0d97aa4fc124a0818617a40bea9be99c40b16c9a836222e17094e41e2f99ff458389554d23458c72b7908611da519e15538eb4d96810c00e12881f3e24426fdb1cca33cb2fd4d6510ee6fe4ea186d9bcc4a586d573953c5a82928138f4570201ecda10c840f8ba60aec1c46136134ca923772836c87819de14ecf82ca6e6d8e83eebc55317cc137342f017df06d2e1edbae2c1e440005003e0007000000d0018480a20066800400ea800400c280c526f82f367dbb00ad3b30a7091de525167c1f605fdac1c602477b7040f3e58bdcd18604c6af33c1bea14abb5d96c5ac07655dd90226e268102a83c4422a03f0ed2d61e311bbd5fdef5819c862a17433418f68c9ea06898e0c95ef6a9a821503c0cfc07f731b631fb2c30b5d1fac78ade9bf571b5b038040e80bb19a78a423d71a536ffc89eb4ba72b0602bfa7c01275c8534abe7c87000095636fda6443ef6c50ec86f5170492e4fad82d36d2960cb4e586b11f88021d5f0d93637aaad8b8d3e811fc1b957a409f7b86b99fb5b7249f86142e3174436add820930af072a5829fdd3d4f78aa4074225874be85cb4ce88a74063b5b8a4d10e9d1f196cb0b10c0b5868af131fa22f4e8fdf88db5375b2266cc40b97b54ff82c64c3b794c76b90e9a5efa14418a46473c1895b9b81b327f3d4f0a51799fba1172f85782db4ed9e65bcdc27ea709b7217930363394d4b8fd3522a82e58d1b6b656930c61a981f36ed14c777450b66e864f0b5df1d8afa0f7a9d9eb4ac9225c04de62fa7d426c19c37e69057771d31a214d46963b21346dc85e1da35da09a0813bb671db9e53d6de02115c851e2d40a17a39829a651e845a3b08002e00030000000800d400", @ANYRES32, @ANYBLOB="0600140106000000ae001700cd619d07417e1ed127fce886d0152860f229586c6c407493935da9c91ad89ba0d4919cd83832a9eca63732dd8d10bdd17d9bde0ccf37e95b9cc588884e38bb91fe254aa98be941e1263ced8149016718f30bfe2e267d1043cf98a91917ef3befb7d14f2961a662329c9fb3e73e4b5436e609ddb9fc926fca078f808d5b2aefaa00907be64f267a72e1fcef5b42e786ff4c7441c13be4e4392ed0393ee96f0929eb6c554b8c81d64da404000008003501090000000b000700d9753af4fd3dab0096bcb5014f5770b6164430668ff1a02266bcb687575f1840e9d26768e8c6235190dc4eef6b93168c5d7fec1b5d53c324e466cba674fbdd72c4a3370dd37a0d8698cb6455f0ed11fcba7f2092faee76a242493d76cac7dea21e9881194fe577cb95a7fd1d8afd409312c1e5710214987ad71a311eb8dd93fce3edd8d44215e645155c9a0445aa774b4cff449788f032ee1e26d9f6f3afc788da1b23eceb7bd79cfe4b49a10880"], 0x9b8}, 0x1, 0x0, 0x0, 0x10}, 0x20040885) statx$auto(r3, 0x0, 0x1000, 0xbdfc, 0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r7, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r8, &(0x7f0000000080)={0x0, 0x1000}, 0x3) syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(0xffffffffffffffff, 0x0, 0x30004850) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0xffffffffffffffff, 0x4b47, 0x1) 7.53588466s ago: executing program 3 (id=777): pidfd_open$auto(0x1, 0x0) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x143382, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) setsockopt$auto_SO_PREFER_BUSY_POLL(0xffffffffffffffff, 0xfffffffa, 0x45, &(0x7f0000000180), 0x9) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/pagemap\x00', 0x80240, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000000)={0x60, 0x2, 0x100000, 0xfffffffffffffffc, 0x100000000000002, 0x0, 0x0, 0x50b301a, 0x87, 0x2c, 0x4, 0x3}) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-touch8\x00', 0x80f00, 0x0) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(r1, 0x5646, r1) read$auto_v4l2_fops_v4l2_dev(r1, &(0x7f0000000280)=""/40, 0x28) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x1, 0x10d3, 0x3ff) socketpair$auto(0x2, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(r1, 0x14, 0x1, 0x0, 0x8) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000003f40)=""/156, 0x9c) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, 0x0, 0x80) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180)=@batch={0x9, 0x2, 0xb2, 0x9b7, 0x100, 0xffffffffffffffff, 0x400000365}, 0x6) sendfile$auto(r2, r2, 0x0, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/power/disk\x00', 0xc0082, 0x0) 7.201262059s ago: executing program 1 (id=778): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x5, 0x84) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(0xffffffffffffffff, 0x0, 0x6, 0xfffffffffffffffb, 0x4, 0x800) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = open$dir(0x0, 0x10000, 0x6) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES32=r1, @ANYRES16=0x0, @ANYRES8=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20008800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}, 0x1, 0x0, 0x0, 0x80}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfc0}, 0x8, 0x0, 0x8, 0x3}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) socketpair$auto(0x1, 0x5, 0x3b, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x8) mmap$auto(0x0, 0x861, 0x100001000000004, 0xfa31, 0x400, 0x8000) io_setup$auto(0x8000003, 0x0) kexec_load$auto(0x5b50, 0x2, 0x0, 0xe) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x88542, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000140), r0) socket$nl_generic(0x10, 0x3, 0x10) setresuid$auto(0x2, 0x7, 0x8080) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x2402, 0x0) ioctl$auto_EVIOCGMASK(r3, 0x80104592, &(0x7f00000000c0)={0x101, 0x8, 0x1}) inotify_init1$auto(0x3000000000000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) arch_prctl$auto_ARCH_GET_GS(0x1004, 0x8000000000000000) 6.463577174s ago: executing program 2 (id=779): r0 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="020027bd7000fddbdf2525000000050019009a000000060004000000000005002300080000003566ca2e7ce8e02b4f3aac6302c7fa3e483c90375aeb3d70008f14bae39cb08ee304e1ac864f6b96459a56356ead3f8f5d1b9f71288edad8ffe347074d3c703c0de2438c331b417fcdd06fb38aaac50b2505b4816590884e9cc67c2ce29515ca2b79c6b803bf98c6a1101619adeff3ae9226caa0e561e9d33b0d345f8e32c4f625926c97ca1c4075ac17714a09dbfbd8313ca91658e5bccad54b17d4803824f501943b540792e0363f7c2f08f2ee76834f08eea9d7a36a0c08c7e6216fbe48c0713d37478aa304fe0531be7c061c7f6e163e5041be29927f80ad0a764b"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r1, 0x0, 0x7, 0x4cbd5d) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec10\x00', 0x101901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) ioctl$auto_CEC_TRANSMIT(r1, 0xc0386105, 0x0) write$auto(0x3, 0x0, 0x400000000000050) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x0, 0x53, 0x0, 0x0) mmap$auto(0xea88, 0x810004, 0xd, 0x10, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) socket(0x29, 0x2, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x800000005, &(0x7f0000000500)={&(0x7f0000000080), 0x1ffffffff}, 0x2, 0x0) setsockopt$auto(r2, 0x10000000084, 0x117, 0x0, 0x80) unshare$auto(0x40000080) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) setfsuid$auto(0xee00) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15a}, 0x6, 0x8, 0x5) prctl$auto(0x23, 0x6, 0x2009, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) 5.687748793s ago: executing program 1 (id=780): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, &(0x7f0000004440)) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/smaps_rollup\x00', 0x0, 0x0) lseek$auto(r0, 0x7fd, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x400000000038, 0xffffffffffffffff, 0x8000) mmap$auto(0x4, 0x8004, 0x4000000000df, 0x100040eb5, 0x401, 0x300000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001140)=""/4093, 0xffd) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000040), 0x200080, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) mremap$auto(0x9, 0x3ff, 0x5d, 0x80000000, 0x100) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0xa, 0x2, 0x8) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e20, @multicast1}, 0xf) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) 5.415208934s ago: executing program 0 (id=781): close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x102, 0x6, 0x801, 0x5, 0x0}) mmap$auto(0x0, 0x420009, 0xe2, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0xc) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x240202, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r2) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r5, @ANYBLOB="200026bd7000ffdbdf25050000000500060004b7d591b41a18b5d790000000050c0000000000000800090000010000080009000400"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0xc001) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) socket(0x18, 0x3, 0x2) bind$auto(0x3, &(0x7f0000000180)=@l2={0x1f, 0xe, @none, 0x7fff, 0x2}, 0x6a) ioctl$auto_KVM_CREATE_VM(r3, 0x4048aecb, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r6) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002abd7000fbdbdf25040000002d0011"], 0x44}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x29}, 0x20100007}, 0x3, 0x0) 3.803903084s ago: executing program 3 (id=782): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x2}]}, 0x1c}, 0x1, 0x300000000000000, 0x0, 0x4081}, 0x8800) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_POST(r2, 0x5008, 0xfffffffffffffffe) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/wireless\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x201, 0xc000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) ioctl$auto(0x3, 0x5410, 0x38) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r4 = socket(0x2b, 0x1, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/o2hb/quorum_regions\x00', 0x500, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0xa00009}, 0x6, 0x20000003) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) write$auto(r5, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) unshare$auto(0x40000080) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC0\x00', 0x80, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) 2.943792336s ago: executing program 0 (id=783): r0 = openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/tracing_on\x00', 0x8001, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x0e\xfa{\x15\x1d\x11\x85o\xf1g\xb7\xb3\xdd\\\xfdG\xa9\x16R\xa4\xe9\xd1\xf4S\x94\xe1\x9c\x88\x1b\xe6.\x11\xa3\xe1\xddi\xb66\xaa\xa3\xc7iB\xc84\x11\xac\xfd\x1a*\xd4a\xfe\x05\x96\x0ec\x12\xea\xd5K\xea\xda\xa3\xfa\xc3\xedr\x17\xa5\x1c\x88{v\xb8\bj\x84\xd8g\x05r\xe7n\x7f^\x9d\xc7V\x92\xb9Z.Uc*K', 0x9) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x100, 0x0) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x20080, 0x0) poll$auto(&(0x7f0000000040)={r1, 0x1000, 0x1c9}, 0x2, 0x7) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x800, 0x0) mmap$auto(0x0, 0xe883, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0xfffffffffffffffc, 0x400006, 0x5, 0x100000009b72, r2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x38}}, 0x54) madvise$auto(0x110c230000, 0x8031ca, 0x10) madvise$auto(0x110d230000, 0x1, 0x9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) sigaltstack$auto(&(0x7f00000000c0)={0x0, 0x0, 0x7fffffff}, 0x0) sigaltstack$auto(0x0, &(0x7f0000000240)={0x0, 0x1, 0x1}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x0, 0x0) sendfile$auto(r3, r4, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/audit\x00', 0x2, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) r5 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x309600, 0x0) sendfile$auto(r5, r5, 0x0, 0x10000800000003) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/003/001\x00', 0xab01, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000100)={0x2, 0x0, 0x8000004, 0x81, &(0x7f0000000040)="a006", 0x100400, 0x2d, 0x6, @number_of_packets=0xfffffff3, 0x45a, 0x0, 0x0}) timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0xff) 828.128658ms ago: executing program 2 (id=784): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x5, 0x84) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(0xffffffffffffffff, 0x0, 0x6, 0xfffffffffffffffb, 0x4, 0x800) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = open$dir(0x0, 0x10000, 0x6) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES32=r1, @ANYRES16=0x0, @ANYRES8=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20008800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}, 0x1, 0x0, 0x0, 0x80}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfc0}, 0x8, 0x0, 0x8, 0x3}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) socketpair$auto(0x1, 0x5, 0x3b, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x8) mmap$auto(0x0, 0x861, 0x100001000000004, 0xfa31, 0x400, 0x8000) io_setup$auto(0x8000003, 0x0) kexec_load$auto(0x5b50, 0x2, 0x0, 0xe) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x88542, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000140), r0) socket$nl_generic(0x10, 0x3, 0x10) setresuid$auto(0x2, 0x7, 0x8080) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x2402, 0x0) ioctl$auto_EVIOCGMASK(r3, 0x80104592, &(0x7f00000000c0)={0x101, 0x8, 0x1}) inotify_init1$auto(0x3000000000000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) arch_prctl$auto_ARCH_GET_GS(0x1004, 0x8000000000000000) 703.715644ms ago: executing program 1 (id=785): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/tcp\x00', 0x40, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000080)=""/54, 0x36) r1 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) capget$auto(&(0x7f00000000c0)={0xfee6, 0xffffffffffffffff}, &(0x7f0000000100)={0x7, 0x0, 0x6}) r2 = gettid() r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r4, 0x1, 0x8070bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_RINGS_RX_BUF_LEN={0x8, 0xa, 0x9}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000) kill$auto(r2, 0x11) r7 = prctl$auto_PR_SET_SECCOMP(0x16, 0x0, 0xfffffffffffffffb, 0x8a67, 0xce1) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r8, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, r9, 0x1, 0x74bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8, 0x15, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008801}, 0x20008810) msgctl$auto_IPC_STAT(0x5, 0x2, &(0x7f00000001c0)={{0x0, 0xffffffffffffffff, 0x0, 0x9, 0xa, 0x5, 0x39de}, &(0x7f0000000140)=0x74, &(0x7f0000000180)=0x9, 0xf0d7, 0x9, 0x8, 0x7, 0x6, 0x4, 0x10, 0x6, @inferred=0xffffffffffffffff, @raw=0x1ff}) r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r11, 0x1, 0x7ff) msgctl$auto_IPC_RMID(0x0, 0x0, &(0x7f0000000300)={{0x40, 0x0, 0xee00, 0x65e0, 0x7fffffff, 0x7, 0x706}, &(0x7f0000000240)=0x8, &(0x7f00000002c0)=0x2, 0x7fffffffffffffff, 0x9, 0x40, 0x52d3, 0xfffffffffffffff7, 0x7, 0x3, 0x9, @raw=0xa9, @raw=0x4}) newfstatat$auto(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000b80)={0x4035, 0x6, 0xfff, 0x9, 0xee01, 0xee00, 0x0, 0x5, 0x2, 0x0, 0x2, 0x1, 0x0, 0x7, 0x9, 0x2, 0x800}, 0x80000000) r12 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.6/usb7/avoid_reset_quirk\x00', 0x2, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r12, &(0x7f0000000ec0)=""/4096, 0x1000) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000c40), 0x442000, 0x0) fstat$auto(r0, &(0x7f0000000c80)={0xce, 0xa31, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x8, 0x8000000000000000, 0x7, 0x2, 0x0, 0x9, 0x1, 0x2, 0x10000}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000d40)={'syzkaller1\x00'}) syz_genetlink_get_family_id$auto_batadv(&(0x7f000002de40), r7) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000d80)={'veth0_virt_wifi\x00'}) 645.502226ms ago: executing program 3 (id=786): socket(0x2, 0x1, 0x0) prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x400053, 0x9) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x75bb80, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) read$auto(0x3, 0x0, 0x8080) r0 = gettid() r1 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vkms/clients\x00', 0x2100, 0x0) ioctl$auto(r1, 0x80286f4e, r2) r3 = gettid() rt_sigqueueinfo$auto(r0, 0x6, &(0x7f00000001c0)={@siginfo_0_0={0x1, 0x401, 0xfffffff9, @_timer={r3, 0xd, @sival_ptr=0x0, 0x62}}}) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14f602, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r4, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cec10\x00', 0x101901, 0x0) syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r5, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) socket(0x2, 0x3, 0x100) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000080), 0xffffffffffffffff) 149.633607ms ago: executing program 0 (id=787): sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fedbdf250200000008002700040000000a001800aa0000aa"], 0x28}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) r0 = openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0xc0501, 0x0) ioctl$auto_XFS_IOC_ALLOCSP(0xffffffffffffffff, 0x4030580a, &(0x7f00000001c0)={0x0, 0x6, 0x2, 0x1, 0xfe9, 0x0}) r2 = getpgid(r1) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = fcntl$auto(r0, 0x4, r2) name_to_handle_at$auto(r3, 0x0, &(0x7f0000001340)={0x15, 0x5, "e14674a279f04d48efce9d802bd6c27f0b846d682d"}, &(0x7f0000001380)="f565eca883fb029560ccdf385c6468005f21777484f4a28469897d89da34cd", 0x6) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000280)=""/40, 0x28) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x0) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/smaps_rollup\x00', 0x0, 0x0) lseek$auto(r4, 0x7fd, 0x1) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x8, 0xc00000072, 0x8b72, 0x1000000002, 0x0) r5 = openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) r6 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(r6, 0xc0104d08, r6) bpf$auto_BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)=@link_create={@prog_fd=r5, @target_ifindex, 0x5d, 0x8fa7, @kprobe_multi={0x6, 0x5, 0xff, 0x2, 0x1ff}}, 0x9) io_uring_setup$auto(0x86, 0x0) socket(0xa, 0x1, 0x84) 0s ago: executing program 1 (id=788): openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/syscall\x00', 0x0, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/netdevsim/new_device\x00', 0x149b01, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x9}, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vivid.0/video4linux/vbi26/dev\x00', 0x5bb600, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty9\x00', 0x800, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000040)) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x2c, 0x1, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x80802, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(r1, &(0x7f0000000040)=@generic={0x8, "00010100"}, 0x5c) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) statmount$auto(0x0, &(0x7f0000000180)={0x3, 0x1, 0x9, 0x3, 0x1a, 0x940, 0x1ffe0, 0x7f, 0x6, 0x2, 0x7f, 0x5, 0xfff, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x20, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, [0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x478, 0x0, 0x5, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x7ffd, 0x0, 0x6, 0xffffffffffffffff, 0x0, 0xb, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) kernel console output (not intermixed with test programs): th: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.673003][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.681047][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.703702][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.713874][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.723423][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.732804][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.742298][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.818088][ T4947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.828015][ T4947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.836688][ T4947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.848714][ T4947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.858147][ T4947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.413952][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.421239][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.428723][ T5636] bridge_slave_0: entered allmulticast mode [ 90.436464][ T5636] bridge_slave_0: entered promiscuous mode [ 90.469833][ T5629] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.477381][ T5629] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.484637][ T5629] bridge_slave_0: entered allmulticast mode [ 90.492328][ T5629] bridge_slave_0: entered promiscuous mode [ 90.500729][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.507925][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.515301][ T5636] bridge_slave_1: entered allmulticast mode [ 90.522557][ T5636] bridge_slave_1: entered promiscuous mode [ 90.542473][ T5629] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.549736][ T5629] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.556999][ T5629] bridge_slave_1: entered allmulticast mode [ 90.564310][ T5629] bridge_slave_1: entered promiscuous mode [ 90.585247][ T50] Bluetooth: hci0: command tx timeout [ 90.658665][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.668352][ T5634] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.676854][ T5634] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.684610][ T5634] bridge_slave_0: entered allmulticast mode [ 90.691937][ T5634] bridge_slave_0: entered promiscuous mode [ 90.711784][ T5629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.723380][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.744337][ T50] Bluetooth: hci1: command tx timeout [ 90.748068][ T5634] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.757152][ T5634] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.764711][ T5634] bridge_slave_1: entered allmulticast mode [ 90.772317][ T5634] bridge_slave_1: entered promiscuous mode [ 90.780035][ T5642] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.787178][ T5642] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.794449][ T5642] bridge_slave_0: entered allmulticast mode [ 90.802027][ T5642] bridge_slave_0: entered promiscuous mode [ 90.812738][ T5629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.824752][ T50] Bluetooth: hci2: command tx timeout [ 90.847459][ T5642] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.854855][ T5642] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.862047][ T5642] bridge_slave_1: entered allmulticast mode [ 90.869580][ T5642] bridge_slave_1: entered promiscuous mode [ 90.889353][ T5636] team0: Port device team_slave_0 added [ 90.904618][ T50] Bluetooth: hci3: command tx timeout [ 90.914711][ T5634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.946316][ T5636] team0: Port device team_slave_1 added [ 90.958802][ T5634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.990483][ T5629] team0: Port device team_slave_0 added [ 91.020875][ T5642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.032970][ T5629] team0: Port device team_slave_1 added [ 91.050621][ T5634] team0: Port device team_slave_0 added [ 91.058349][ T5642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.078368][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.085473][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.111474][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.125499][ T5634] team0: Port device team_slave_1 added [ 91.152332][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.159405][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.185381][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.218966][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.226122][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.252238][ T5629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.284776][ T5642] team0: Port device team_slave_0 added [ 91.291067][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.298258][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.327274][ T5629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.342318][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.349352][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.375417][ T5634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.388561][ T5642] team0: Port device team_slave_1 added [ 91.403989][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.411240][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.437191][ T5634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.517396][ T5636] hsr_slave_0: entered promiscuous mode [ 91.523774][ T5636] hsr_slave_1: entered promiscuous mode [ 91.534091][ T5642] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.541099][ T5642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.567298][ T5642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.608430][ T5642] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.615505][ T5642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.642071][ T5642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.659450][ T5629] hsr_slave_0: entered promiscuous mode [ 91.665956][ T5629] hsr_slave_1: entered promiscuous mode [ 91.672075][ T5629] debugfs: 'hsr0' already exists in 'hsr' [ 91.678150][ T5629] Cannot create hsr debugfs directory [ 91.750840][ T5634] hsr_slave_0: entered promiscuous mode [ 91.758503][ T5634] hsr_slave_1: entered promiscuous mode [ 91.765822][ T5634] debugfs: 'hsr0' already exists in 'hsr' [ 91.771629][ T5634] Cannot create hsr debugfs directory [ 91.843581][ T5642] hsr_slave_0: entered promiscuous mode [ 91.851039][ T5642] hsr_slave_1: entered promiscuous mode [ 91.857621][ T5642] debugfs: 'hsr0' already exists in 'hsr' [ 91.863375][ T5642] Cannot create hsr debugfs directory [ 91.953119][ T24] cfg80211: failed to load regulatory.db [ 92.267629][ T5636] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.294727][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.304092][ T5636] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.317941][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.326421][ T5636] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.337732][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.348590][ T5636] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.360508][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.426696][ T5634] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.439098][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.452327][ T5634] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.464892][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.479525][ T5634] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.489498][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.498748][ T5634] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.509027][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.621187][ T5642] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.631813][ T5642] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.639856][ T5642] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.651873][ T5642] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.660163][ T5642] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.666982][ T50] Bluetooth: hci0: command tx timeout [ 92.676039][ T5642] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.684172][ T5642] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.694890][ T5642] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.811969][ T5629] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.822579][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.826592][ T50] Bluetooth: hci1: command tx timeout [ 92.843755][ T5629] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.853977][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.865589][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.878616][ T5629] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.888796][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.898365][ T5629] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.905195][ T50] Bluetooth: hci2: command tx timeout [ 92.913418][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.963185][ T5636] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.986016][ T50] Bluetooth: hci3: command tx timeout [ 92.992974][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.000416][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.026837][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.033997][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.079098][ T5634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.138050][ T5634] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.158308][ T5642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.171810][ T111] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.178965][ T111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.212741][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.219909][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.263239][ T5642] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.305050][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.312325][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.330569][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.337813][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.395159][ T5629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.475225][ T5629] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.519136][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.526366][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.556996][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.564277][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.211292][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.343299][ T5636] veth0_vlan: entered promiscuous mode [ 94.406702][ T5636] veth1_vlan: entered promiscuous mode [ 94.512367][ T5636] veth0_macvtap: entered promiscuous mode [ 94.542992][ T5634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.562725][ T5636] veth1_macvtap: entered promiscuous mode [ 94.625934][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.658104][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.691940][ T31] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.708536][ T31] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.719722][ T31] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.741640][ T31] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.745540][ T50] Bluetooth: hci0: command tx timeout [ 94.768405][ T5642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.776893][ T5634] veth0_vlan: entered promiscuous mode [ 94.849179][ T5634] veth1_vlan: entered promiscuous mode [ 94.871137][ T5629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.904548][ T50] Bluetooth: hci1: command tx timeout [ 94.942044][ T111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.954860][ T111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.984668][ T50] Bluetooth: hci2: command tx timeout [ 95.014024][ T1051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.027262][ T1051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.057762][ T5634] veth0_macvtap: entered promiscuous mode [ 95.064570][ T50] Bluetooth: hci3: command tx timeout [ 95.079807][ T5642] veth0_vlan: entered promiscuous mode [ 95.091588][ T5634] veth1_macvtap: entered promiscuous mode [ 95.129385][ T5642] veth1_vlan: entered promiscuous mode [ 95.149278][ T5629] veth0_vlan: entered promiscuous mode [ 95.165725][ T5636] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.194026][ T5629] veth1_vlan: entered promiscuous mode [ 95.206638][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.246371][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.319544][ T48] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.332078][ T48] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.347351][ T48] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.367688][ T48] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.392891][ T5642] veth0_macvtap: entered promiscuous mode [ 95.422604][ T5629] veth0_macvtap: entered promiscuous mode [ 95.437023][ T5642] veth1_macvtap: entered promiscuous mode [ 95.456194][ T5629] veth1_macvtap: entered promiscuous mode [ 95.569493][ T5642] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.580025][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.591005][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.604525][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.620041][ T5781] binder: 5777:5781 ioctl 400c620e 0 returned -14 [ 95.638977][ T5642] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.659871][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.692511][ T1051] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.701335][ T111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.701372][ T111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.721296][ T1051] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.746894][ T1051] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.757259][ T1051] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.780619][ T1051] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.822594][ T1051] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.837988][ T1051] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.885634][ T1051] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.048227][ T111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.074459][ T111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.115594][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.123889][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.177984][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.189185][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.243704][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.253615][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.824685][ T50] Bluetooth: hci0: command tx timeout [ 96.984905][ T50] Bluetooth: hci1: command tx timeout [ 97.066196][ T50] Bluetooth: hci2: command tx timeout [ 97.144605][ T50] Bluetooth: hci3: command tx timeout [ 97.863550][ T5802] mmap: syz.0.1 (5802) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 98.015494][ T5812] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 98.342190][ T5816] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.336756][ T5830] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10'. [ 100.957776][ T5855] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 101.260243][ T30] audit: type=1800 audit(1780012482.234:2): pid=5858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.16" name="file0" dev="tmpfs" ino=38 res=0 errno=0 [ 102.210574][ T5853] syz.2.14 (5853) used greatest stack depth: 19400 bytes left [ 102.422595][ T30] audit: type=1800 audit(1780012483.394:3): pid=5869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file0" dev="tmpfs" ino=35 res=0 errno=0 [ 104.784076][ T5903] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 105.031995][ T5897] FAULT_INJECTION: forcing a failure. [ 105.031995][ T5897] name failslab, interval 1, probability 0, space 0, times 1 [ 105.072077][ T5897] CPU: 1 UID: 0 PID: 5897 Comm: syz.1.23 Not tainted syzkaller #0 PREEMPT(full) [ 105.072122][ T5897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 105.072146][ T5897] Call Trace: [ 105.072157][ T5897] [ 105.072170][ T5897] dump_stack_lvl+0x100/0x190 [ 105.072236][ T5897] should_fail_ex.cold+0x5/0xa [ 105.072278][ T5897] should_failslab+0xc2/0x120 [ 105.072321][ T5897] __kmalloc_cache_noprof+0x7a/0x6f0 [ 105.072370][ T5897] ? snd_virmidi_input_open+0xc8/0x4a0 [ 105.072416][ T5897] ? __kasan_kmalloc+0xaa/0xb0 [ 105.072458][ T5897] snd_virmidi_input_open+0xc8/0x4a0 [ 105.072510][ T5897] open_substream+0x480/0x9b0 [ 105.072564][ T5897] rawmidi_open_priv+0x55d/0x6f0 [ 105.072634][ T5897] snd_rawmidi_open+0x4c9/0xba0 [ 105.072675][ T5897] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 105.072734][ T5897] ? __pfx_default_wake_function+0x10/0x10 [ 105.072792][ T5897] ? do_raw_spin_lock+0x128/0x260 [ 105.072829][ T5897] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 105.072878][ T5897] snd_open+0x201/0x450 [ 105.072918][ T5897] ? __pfx_snd_open+0x10/0x10 [ 105.072957][ T5897] chrdev_open+0x234/0x6a0 [ 105.072998][ T5897] ? __pfx_chrdev_open+0x10/0x10 [ 105.073039][ T5897] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 105.073086][ T5897] do_dentry_open+0x6ab/0x14d0 [ 105.073123][ T5897] ? __pfx_chrdev_open+0x10/0x10 [ 105.073172][ T5897] vfs_open+0x82/0x3f0 [ 105.073228][ T5897] path_openat+0x208c/0x31a0 [ 105.073281][ T5897] ? __pfx_path_openat+0x10/0x10 [ 105.073341][ T5897] do_file_open+0x20e/0x430 [ 105.073434][ T5897] ? __pfx_do_file_open+0x10/0x10 [ 105.073507][ T5897] ? alloc_fd+0x476/0x790 [ 105.073552][ T5897] ? do_getname+0x191/0x390 [ 105.073607][ T5897] do_sys_openat2+0x10d/0x1e0 [ 105.073671][ T5897] ? __pfx_do_sys_openat2+0x10/0x10 [ 105.073729][ T5897] ? __fget_files+0x21f/0x3d0 [ 105.073779][ T5897] __x64_sys_openat+0x12d/0x210 [ 105.073839][ T5897] ? __pfx___x64_sys_openat+0x10/0x10 [ 105.073906][ T5897] ? rcu_is_watching+0x12/0xc0 [ 105.073950][ T5897] do_syscall_64+0x115/0x840 [ 105.073997][ T5897] ? clear_bhb_loop+0x40/0x90 [ 105.074040][ T5897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.074072][ T5897] RIP: 0033:0x7f3a4cb9ce59 [ 105.074096][ T5897] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.074124][ T5897] RSP: 002b:00007f3a4da6b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 105.074152][ T5897] RAX: ffffffffffffffda RBX: 00007f3a4ce15fa0 RCX: 00007f3a4cb9ce59 [ 105.074171][ T5897] RDX: 000000000000a003 RSI: 0000200000000340 RDI: ffffffffffffff9c [ 105.074190][ T5897] RBP: 00007f3a4cc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 105.074207][ T5897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.074224][ T5897] R13: 00007f3a4ce16038 R14: 00007f3a4ce15fa0 R15: 00007ffc2c024498 [ 105.074266][ T5897] [ 105.436807][ T5913] netlink: 342 bytes leftover after parsing attributes in process `syz.0.26'. [ 105.926608][ T5919] [U] ^R [ 106.812063][ T5935] process 'syz.2.29' launched ':,' with NULL argv: empty string added [ 107.117645][ T5937] hub 1-0:1.0: USB hub found [ 107.136311][ T5937] hub 1-0:1.0: 1 port detected [ 107.324676][ T5917] Process accounting resumed [ 108.727901][ T5956] FAULT_INJECTION: forcing a failure. [ 108.727901][ T5956] name failslab, interval 1, probability 0, space 0, times 0 [ 108.837480][ T5956] CPU: 1 UID: 0 PID: 5956 Comm: syz.1.31 Not tainted syzkaller #0 PREEMPT(full) [ 108.837525][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 108.837548][ T5956] Call Trace: [ 108.837556][ T5956] [ 108.837565][ T5956] dump_stack_lvl+0x100/0x190 [ 108.837612][ T5956] should_fail_ex.cold+0x5/0xa [ 108.837642][ T5956] should_failslab+0xc2/0x120 [ 108.837672][ T5956] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 108.837711][ T5956] ? __kernfs_new_node+0xd2/0x9f0 [ 108.837744][ T5956] __kernfs_new_node+0xd2/0x9f0 [ 108.837773][ T5956] ? __pfx_try_to_wake_up+0x10/0x10 [ 108.837804][ T5956] ? __pfx___kernfs_new_node+0x10/0x10 [ 108.837838][ T5956] ? find_held_lock+0x2b/0x80 [ 108.837868][ T5956] ? kernfs_root+0xee/0x2a0 [ 108.837893][ T5956] ? kernfs_root+0xee/0x2a0 [ 108.837926][ T5956] kernfs_new_node+0x11b/0x1a0 [ 108.837961][ T5956] __kernfs_create_file+0x53/0x350 [ 108.838002][ T5956] sysfs_add_file_mode_ns+0x207/0x3c0 [ 108.838041][ T5956] sysfs_merge_group+0x194/0x340 [ 108.838071][ T5956] ? __pfx_sysfs_merge_group+0x10/0x10 [ 108.838099][ T5956] ? bus_add_device+0x368/0x6b0 [ 108.838136][ T5956] ? __pfx_bus_add_device+0x10/0x10 [ 108.838168][ T5956] ? __pfx_dev_add_physical_location+0x10/0x10 [ 108.838203][ T5956] dpm_sysfs_add+0x237/0x280 [ 108.838231][ T5956] device_add+0x9ef/0x1950 [ 108.838260][ T5956] ? __pfx_device_add+0x10/0x10 [ 108.838290][ T5956] ? lockdep_init_map_type+0x5c/0x250 [ 108.838314][ T5956] ? __init_waitqueue_head+0xca/0x150 [ 108.838348][ T5956] rfkill_register+0x1ad/0xb30 [ 108.838380][ T5956] nfc_register_device+0x11f/0x3e0 [ 108.838418][ T5956] nci_register_device+0x7f1/0xb80 [ 108.838447][ T5956] ? __pfx_nci_register_device+0x10/0x10 [ 108.838500][ T5956] ? lockdep_init_map_type+0x5c/0x250 [ 108.838542][ T5956] virtual_ncidev_open+0x141/0x220 [ 108.838582][ T5956] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 108.838618][ T5956] misc_open+0x26d/0x450 [ 108.838644][ T5956] ? __pfx_misc_open+0x10/0x10 [ 108.838668][ T5956] chrdev_open+0x234/0x6a0 [ 108.838699][ T5956] ? __pfx_apparmor_file_open+0x10/0x10 [ 108.838726][ T5956] ? __pfx_chrdev_open+0x10/0x10 [ 108.838759][ T5956] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 108.838799][ T5956] do_dentry_open+0x6ab/0x14d0 [ 108.838828][ T5956] ? __pfx_chrdev_open+0x10/0x10 [ 108.838866][ T5956] vfs_open+0x82/0x3f0 [ 108.838906][ T5956] path_openat+0x208c/0x31a0 [ 108.838977][ T5956] ? __pfx_path_openat+0x10/0x10 [ 108.839026][ T5956] do_file_open+0x20e/0x430 [ 108.839061][ T5956] ? __pfx_do_file_open+0x10/0x10 [ 108.839113][ T5956] ? alloc_fd+0x476/0x790 [ 108.839147][ T5956] ? do_getname+0x191/0x390 [ 108.839186][ T5956] do_sys_openat2+0x10d/0x1e0 [ 108.839224][ T5956] ? __pfx_do_sys_openat2+0x10/0x10 [ 108.839265][ T5956] ? __fget_files+0x21f/0x3d0 [ 108.839301][ T5956] __x64_sys_openat+0x12d/0x210 [ 108.839341][ T5956] ? __pfx___x64_sys_openat+0x10/0x10 [ 108.839385][ T5956] ? rcu_is_watching+0x12/0xc0 [ 108.839417][ T5956] do_syscall_64+0x115/0x840 [ 108.839452][ T5956] ? clear_bhb_loop+0x40/0x90 [ 108.839482][ T5956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.839507][ T5956] RIP: 0033:0x7f3a4cb9ce59 [ 108.839527][ T5956] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.839550][ T5956] RSP: 002b:00007f3a4da08028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 108.839591][ T5956] RAX: ffffffffffffffda RBX: 00007f3a4ce16270 RCX: 00007f3a4cb9ce59 [ 108.839613][ T5956] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 108.839633][ T5956] RBP: 00007f3a4cc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 108.839653][ T5956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.839679][ T5956] R13: 00007f3a4ce16308 R14: 00007f3a4ce16270 R15: 00007ffc2c024498 [ 108.839710][ T5956] [ 111.669697][ T5985] FAULT_INJECTION: forcing a failure. [ 111.669697][ T5985] name failslab, interval 1, probability 0, space 0, times 0 [ 111.738149][ T5985] CPU: 0 UID: 0 PID: 5985 Comm: syz.1.36 Not tainted syzkaller #0 PREEMPT(full) [ 111.738180][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 111.738194][ T5985] Call Trace: [ 111.738202][ T5985] [ 111.738211][ T5985] dump_stack_lvl+0x100/0x190 [ 111.738258][ T5985] should_fail_ex.cold+0x5/0xa [ 111.738291][ T5985] should_failslab+0xc2/0x120 [ 111.738321][ T5985] __kmalloc_cache_noprof+0x7a/0x6f0 [ 111.738356][ T5985] ? __debugfs_file_get+0x2ac/0x860 [ 111.738396][ T5985] __debugfs_file_get+0x2ac/0x860 [ 111.738429][ T5985] ? __pfx___debugfs_file_get+0x10/0x10 [ 111.738464][ T5985] ? __pfx_apparmor_file_open+0x10/0x10 [ 111.738490][ T5985] ? path_get+0x61/0x80 [ 111.738539][ T5985] full_proxy_open_regular+0x4f/0x370 [ 111.738594][ T5985] do_dentry_open+0x6ab/0x14d0 [ 111.738621][ T5985] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 111.738661][ T5985] vfs_open+0x82/0x3f0 [ 111.738696][ T5985] path_openat+0x208c/0x31a0 [ 111.738732][ T5985] ? __pfx_path_openat+0x10/0x10 [ 111.738769][ T5985] do_file_open+0x20e/0x430 [ 111.738804][ T5985] ? __pfx_do_file_open+0x10/0x10 [ 111.738850][ T5985] ? alloc_fd+0x476/0x790 [ 111.738881][ T5985] ? do_getname+0x191/0x390 [ 111.738916][ T5985] do_sys_openat2+0x10d/0x1e0 [ 111.738950][ T5985] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.738985][ T5985] ? do_raw_spin_lock+0x128/0x260 [ 111.739016][ T5985] __x64_sys_openat+0x12d/0x210 [ 111.739051][ T5985] ? __pfx___x64_sys_openat+0x10/0x10 [ 111.739090][ T5985] ? rcu_is_watching+0x12/0xc0 [ 111.739118][ T5985] do_syscall_64+0x115/0x840 [ 111.739169][ T5985] ? clear_bhb_loop+0x40/0x90 [ 111.739196][ T5985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.739220][ T5985] RIP: 0033:0x7f3a4cb9ce59 [ 111.739239][ T5985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.739261][ T5985] RSP: 002b:00007f3a4da4a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 111.739283][ T5985] RAX: ffffffffffffffda RBX: 00007f3a4ce16090 RCX: 00007f3a4cb9ce59 [ 111.739298][ T5985] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 111.739312][ T5985] RBP: 00007f3a4cc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 111.739326][ T5985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.739339][ T5985] R13: 00007f3a4ce16128 R14: 00007f3a4ce16090 R15: 00007ffc2c024498 [ 111.739368][ T5985] [ 112.130881][ T5981] bond0: invalid ARP target specified [ 114.381135][ T6003] ubi0: attaching mtd0 [ 114.478453][ T6003] ubi0: scanning is finished [ 114.489253][ T6003] ubi0: empty MTD device detected [ 115.567236][ T6003] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 115.580545][ T6003] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 115.619333][ T6003] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 115.677787][ T6003] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 115.900949][ T6003] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 116.043686][ T6003] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 116.199724][ T6003] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4237798215 [ 116.315409][ T6003] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 116.422533][ T6021] ubi0: background thread "ubi_bgt0d" started, PID 6021 [ 116.467308][ T6009] ubi0: detaching mtd0 [ 116.692708][ T6009] ubi0: mtd0 is detached [ 117.146601][ T6030] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 117.420218][ T6032] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 117.536034][ T30] audit: type=1800 audit(1780012498.514:4): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.43" name="dbroot" dev="configfs" ino=8701 res=0 errno=0 [ 117.918735][ T6041] netlink: 28 bytes leftover after parsing attributes in process `syz.2.45'. [ 118.028784][ T6042] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 118.044931][ T6044] netlink: 16 bytes leftover after parsing attributes in process `syz.0.47'. [ 118.403323][ T6041] Zero length message leads to an empty skb [ 119.048640][ T6042] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.917675][ T6042] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.329326][ T6042] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.863041][ T6042] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.961318][ T6075] syz.0.51 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 122.506294][ T6081] ubi9: attaching mtd0 [ 122.536899][ T6081] ubi9 error: ubi_attach_mtd_dev: bad VID header (32768) or data offsets (32832) [ 122.752850][ T6085] loop6: detected capacity change from 0 to 8 [ 125.461407][ T6144] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 126.690099][ T6119] Process accounting resumed [ 128.792157][ T6161] netlink: 12 bytes leftover after parsing attributes in process `syz.2.63'. [ 131.395464][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.70'. [ 132.883495][ T6219] netlink: 330 bytes leftover after parsing attributes in process `syz.0.72'. [ 132.902066][ T6219] mac80211_hwsim hwsim7 : renamed from wlan0 (while UP) [ 132.923673][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.931976][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.307796][ T6228] ICMPv6: process `syz.3.74' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 134.383077][ T6228] loop13: detected capacity change from 0 to 8 [ 136.064832][ T6251] netlink: 342 bytes leftover after parsing attributes in process `syz.3.78'. [ 136.146805][ T6252] netlink: 342 bytes leftover after parsing attributes in process `syz.3.78'. [ 138.556703][ T6278] Process accounting paused [ 140.791187][ T6277] Process accounting resumed [ 142.599088][ T6294] Process accounting resumed [ 142.634496][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 142.881488][ T6324] NFSD: Failed to start, no listeners configured. [ 143.152829][ T6329] smpboot: CPU 1 is now offline [ 144.823460][ T6343] GUP no longer grows the stack in syz.2.93 (6343): 11000-401000 (10000) [ 144.869934][ T6343] CPU: 0 UID: 0 PID: 6343 Comm: syz.2.93 Tainted: G L syzkaller #0 PREEMPT(full) [ 144.869972][ T6343] Tainted: [L]=SOFTLOCKUP [ 144.869980][ T6343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 144.869994][ T6343] Call Trace: [ 144.870002][ T6343] [ 144.870011][ T6343] dump_stack_lvl+0x100/0x190 [ 144.870058][ T6343] gup_vma_lookup.cold+0x83/0x96 [ 144.870095][ T6343] __get_user_pages+0x241/0x32a0 [ 144.870133][ T6343] ? down_read_killable+0x307/0x4b0 [ 144.870157][ T6343] ? __lock_acquire+0x4a5/0x2630 [ 144.870195][ T6343] ? __pfx___get_user_pages+0x10/0x10 [ 144.870234][ T6343] __gup_longterm_locked+0x87d/0x16f0 [ 144.870265][ T6343] ? lock_acquire+0x1b1/0x370 [ 144.870309][ T6343] ? __pfx___gup_longterm_locked+0x10/0x10 [ 144.870341][ T6343] ? lock_acquire+0x1b1/0x370 [ 144.870383][ T6343] ? find_held_lock+0x2b/0x80 [ 144.870422][ T6343] ? sanity_check_pinned_pages+0x4f2/0x8b0 [ 144.870457][ T6343] gup_fast_fallback+0x16dc/0x2790 [ 144.870511][ T6343] ? __pfx_gup_fast_fallback+0x10/0x10 [ 144.870541][ T6343] ? rcu_is_watching+0x12/0xc0 [ 144.870574][ T6343] ? hrtimer_start_range_ns+0x860/0x1a50 [ 144.870604][ T6343] ? find_held_lock+0x2b/0x80 [ 144.870638][ T6343] pin_user_pages_fast+0xa7/0xf0 [ 144.870670][ T6343] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 144.870703][ T6343] ? finish_task_switch.isra.0+0x384/0x1010 [ 144.870739][ T6343] iov_iter_extract_pages+0xa0d/0x1ef0 [ 144.870786][ T6343] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 144.870821][ T6343] ? try_to_wake_up+0x5ec/0x1900 [ 144.870865][ T6343] ? __pfx___schedule+0x10/0x10 [ 144.870901][ T6343] iov_iter_extract_bvecs+0x10b/0xa60 [ 144.870938][ T6343] ? preempt_schedule_common+0x42/0xc0 [ 144.870973][ T6343] ? preempt_schedule_thunk+0x16/0x30 [ 144.871013][ T6343] ? __pfx_iov_iter_extract_bvecs+0x10/0x10 [ 144.871050][ T6343] ? rcu_preempt_deferred_qs_irqrestore+0x8b9/0xb90 [ 144.871093][ T6343] ? rcu_is_watching+0x12/0xc0 [ 144.871123][ T6343] bio_iov_iter_get_pages+0x26f/0x670 [ 144.871168][ T6343] __blkdev_direct_IO_simple+0x3a7/0x890 [ 144.871207][ T6343] ? do_raw_spin_unlock+0x145/0x1e0 [ 144.871239][ T6343] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 144.871292][ T6343] ? trace_hrtimer_start+0x79/0x230 [ 144.871325][ T6343] ? hrtimer_start_range_ns+0x860/0x1a50 [ 144.871369][ T6343] ? __lock_acquire+0x4a5/0x2630 [ 144.871410][ T6343] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 144.871445][ T6343] blkdev_direct_IO+0xc76/0x1fb0 [ 144.871490][ T6343] ? find_held_lock+0x2b/0x80 [ 144.871519][ T6343] ? aa_file_perm+0x7e4/0x14d0 [ 144.871554][ T6343] ? aa_file_perm+0x7e4/0x14d0 [ 144.871597][ T6343] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 144.871636][ T6343] ? aa_file_perm+0x7f3/0x14d0 [ 144.871674][ T6343] ? filemap_check_errors+0xa9/0x150 [ 144.871705][ T6343] ? filemap_write_and_wait_range.part.0+0x60/0x110 [ 144.871751][ T6343] blkdev_read_iter+0x225/0x4f0 [ 144.871795][ T6343] do_iter_readv_writev+0x60d/0x920 [ 144.871823][ T6343] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 144.871860][ T6343] ? bpf_lsm_file_permission+0x9/0x10 [ 144.871883][ T6343] ? security_file_permission+0x76/0x210 [ 144.871917][ T6343] ? rw_verify_area+0xce/0x6d0 [ 144.871944][ T6343] vfs_readv+0x4d3/0x8d0 [ 144.871976][ T6343] ? __pfx_vfs_readv+0x10/0x10 [ 144.872021][ T6343] ? __fget_files+0x21f/0x3d0 [ 144.872058][ T6343] ? do_readv+0x13e/0x340 [ 144.872080][ T6343] do_readv+0x13e/0x340 [ 144.872106][ T6343] ? __pfx_do_readv+0x10/0x10 [ 144.872131][ T6343] ? exit_to_user_mode_loop+0xf3/0x670 [ 144.872176][ T6343] __x64_sys_preadv2+0x11f/0x160 [ 144.872210][ T6343] do_syscall_64+0x115/0x840 [ 144.872245][ T6343] ? clear_bhb_loop+0x40/0x90 [ 144.872274][ T6343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.872299][ T6343] RIP: 0033:0x7fd0c7f9ce59 [ 144.872319][ T6343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.872343][ T6343] RSP: 002b:00007fd0c8eec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 144.872365][ T6343] RAX: ffffffffffffffda RBX: 00007fd0c8215fa0 RCX: 00007fd0c7f9ce59 [ 144.872381][ T6343] RDX: 0000000000000006 RSI: 0000200000000380 RDI: 0000000000000002 [ 144.872395][ T6343] RBP: 00007fd0c8032d6f R08: 0008000000000000 R09: 0000000000000007 [ 144.872410][ T6343] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 144.872424][ T6343] R13: 00007fd0c8216038 R14: 00007fd0c8215fa0 R15: 00007fff8d994aa8 [ 144.872454][ T6343] [ 152.818796][ T6407] ======================================================= [ 152.818796][ T6407] WARNING: The mand mount option has been deprecated and [ 152.818796][ T6407] and is ignored by this kernel. Remove the mand [ 152.818796][ T6407] option from the mount to silence this warning. [ 152.818796][ T6407] ======================================================= [ 153.218243][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.1.105'. [ 156.589105][ T6436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.109'. [ 157.563396][ T6100] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 158.348463][ T6447] ubi0: attaching mtd0 [ 158.450088][ T6447] ubi0: scanning is finished [ 158.733918][ T6458] random: crng reseeded on system resumption [ 159.119065][ T6447] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 159.239025][ T6447] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 159.354279][ T6447] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 159.553255][ T6447] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 159.752083][ T6447] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 159.973922][ T6447] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 160.135406][ T6447] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4237798215 [ 160.479097][ T6447] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 160.782349][ T6462] ubi0: background thread "ubi_bgt0d" started, PID 6462 [ 160.790295][ T6453] ubi0: detaching mtd0 [ 160.989988][ T6453] ubi0: mtd0 is detached [ 165.261115][ T6526] futex_wake_op: syz.2.120 tries to shift op by -2048; fix this program [ 165.349214][ T6524] 0x000000000001-0x000000020000 : "" [ 165.836393][ T6524] ftl_cs: FTL header corrupt! [ 165.888906][ T6535] FAULT_INJECTION: forcing a failure. [ 165.888906][ T6535] name failslab, interval 1, probability 0, space 0, times 0 [ 165.979272][ T6535] CPU: 0 UID: 0 PID: 6535 Comm: syz.0.121 Tainted: G L syzkaller #0 PREEMPT(full) [ 165.979310][ T6535] Tainted: [L]=SOFTLOCKUP [ 165.979318][ T6535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 165.979332][ T6535] Call Trace: [ 165.979340][ T6535] [ 165.979349][ T6535] dump_stack_lvl+0x100/0x190 [ 165.979395][ T6535] should_fail_ex.cold+0x5/0xa [ 165.979425][ T6535] ? tomoyo_realpath_from_path+0xb6/0x690 [ 165.979461][ T6535] should_failslab+0xc2/0x120 [ 165.979491][ T6535] __kmalloc_noprof+0xe0/0x850 [ 165.979513][ T6535] ? kfree+0x1dd/0x6c0 [ 165.979552][ T6535] tomoyo_realpath_from_path+0xb6/0x690 [ 165.979595][ T6535] tomoyo_mount_acl+0x1b6/0x8b0 [ 165.979627][ T6535] ? is_bpf_text_address+0x8a/0x1a0 [ 165.979661][ T6535] ? bpf_ksym_find+0x124/0x1c0 [ 165.979690][ T6535] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 165.979727][ T6535] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 165.979758][ T6535] ? kernel_text_address+0x8d/0x100 [ 165.979787][ T6535] ? make_vfsuid+0xec/0x140 [ 165.979810][ T6535] ? unwind_get_return_address+0x59/0xa0 [ 165.979877][ T6535] ? tomoyo_domain+0xb2/0x150 [ 165.979898][ T6535] ? tomoyo_profile+0x47/0x60 [ 165.979945][ T6535] tomoyo_mount_permission+0x214/0x460 [ 165.979978][ T6535] ? tomoyo_mount_permission+0x1f6/0x460 [ 165.980013][ T6535] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 165.980062][ T6535] security_sb_mount+0xdd/0x270 [ 165.980091][ T6535] path_mount+0x158/0x23d0 [ 165.980130][ T6535] ? __pfx_path_mount+0x10/0x10 [ 165.980162][ T6535] ? lockdep_hardirqs_on+0x78/0x100 [ 165.980201][ T6535] ? putname+0xb1/0x110 [ 165.980231][ T6535] ? kmem_cache_free+0x127/0x6c0 [ 165.980278][ T6535] ? __x64_sys_mount+0x293/0x310 [ 165.980311][ T6535] __x64_sys_mount+0x293/0x310 [ 165.980346][ T6535] ? __pfx___x64_sys_mount+0x10/0x10 [ 165.980384][ T6535] ? rcu_is_watching+0x12/0xc0 [ 165.980415][ T6535] do_syscall_64+0x115/0x840 [ 165.980449][ T6535] ? clear_bhb_loop+0x40/0x90 [ 165.980479][ T6535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.980503][ T6535] RIP: 0033:0x7f0b7b79ce59 [ 165.980523][ T6535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 165.980546][ T6535] RSP: 002b:00007f0b7c5f1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 165.980568][ T6535] RAX: ffffffffffffffda RBX: 00007f0b7ba16180 RCX: 00007f0b7b79ce59 [ 165.980584][ T6535] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000000000000000 [ 165.980598][ T6535] RBP: 00007f0b7b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 165.980613][ T6535] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 165.980626][ T6535] R13: 00007f0b7ba16218 R14: 00007f0b7ba16180 R15: 00007ffe0e6a0318 [ 165.980656][ T6535] [ 166.313384][ T6535] ERROR: Out of memory at tomoyo_realpath_from_path. [ 167.482883][ T6553] ubi0: attaching mtd0 [ 167.594830][ T6553] ubi0: scanning is finished [ 167.765435][ T6558] random: crng reseeded on system resumption [ 167.983634][ T6553] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 168.065937][ T6553] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 168.138743][ T6553] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 168.241322][ T6553] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 168.389172][ T6553] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 168.548612][ T6553] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 168.701810][ T6553] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 4237798215 [ 168.890486][ T6553] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 169.139350][ T6561] ubi0: background thread "ubi_bgt0d" started, PID 6561 [ 169.147127][ T6555] ubi0: detaching mtd0 [ 169.249310][ T6555] ubi0: mtd0 is detached [ 170.496840][ T6518] Process accounting resumed [ 171.001218][ T6588] FAULT_INJECTION: forcing a failure. [ 171.001218][ T6588] name failslab, interval 1, probability 0, space 0, times 0 [ 171.175053][ T6588] CPU: 0 UID: 0 PID: 6588 Comm: syz.0.129 Tainted: G L syzkaller #0 PREEMPT(full) [ 171.175089][ T6588] Tainted: [L]=SOFTLOCKUP [ 171.175098][ T6588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 171.175111][ T6588] Call Trace: [ 171.175119][ T6588] [ 171.175127][ T6588] dump_stack_lvl+0x100/0x190 [ 171.175172][ T6588] should_fail_ex.cold+0x5/0xa [ 171.175202][ T6588] should_failslab+0xc2/0x120 [ 171.175235][ T6588] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 171.175274][ T6588] ? xas_split_alloc+0x11c/0x4a0 [ 171.175315][ T6588] xas_split_alloc+0x11c/0x4a0 [ 171.175356][ T6588] __folio_split+0x5e5/0x1640 [ 171.175399][ T6588] ? __pfx___folio_split+0x10/0x10 [ 171.175450][ T6588] ? __pfx___might_resched+0x10/0x10 [ 171.175482][ T6588] madvise_cold_or_pageout_pte_range+0xf8c/0x2620 [ 171.175528][ T6588] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 171.175562][ T6588] ? tomoyo_check_open_permission+0x1a2/0x3c0 [ 171.175600][ T6588] ? register_lock_class+0x40/0x560 [ 171.175639][ T6588] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 171.175677][ T6588] walk_pgd_range+0xc1a/0x1dd0 [ 171.175707][ T6588] ? __css_rstat_updated+0x1ce/0x5a0 [ 171.175773][ T6588] ? __pfx_walk_pgd_range+0x10/0x10 [ 171.175797][ T6588] ? rcu_is_watching+0x12/0xc0 [ 171.175825][ T6588] ? folios_put_refs+0x716/0xa90 [ 171.175852][ T6588] __walk_page_range+0x171/0x850 [ 171.175878][ T6588] ? find_held_lock+0x2b/0x80 [ 171.175918][ T6588] walk_page_range_vma_unsafe+0x209/0x8f0 [ 171.175949][ T6588] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 171.175981][ T6588] ? find_held_lock+0x2b/0x80 [ 171.176011][ T6588] ? mlock_drain_local+0x254/0x4e0 [ 171.176032][ T6588] ? mlock_drain_local+0x254/0x4e0 [ 171.176059][ T6588] walk_page_range_vma+0x63/0x90 [ 171.176087][ T6588] madvise_pageout+0x259/0x540 [ 171.176118][ T6588] ? __pfx_madvise_pageout+0x10/0x10 [ 171.176149][ T6588] ? rcu_is_watching+0x12/0xc0 [ 171.176189][ T6588] ? mtree_range_walk+0x72b/0xb70 [ 171.176224][ T6588] madvise_vma_behavior+0x452/0x2240 [ 171.176261][ T6588] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 171.176303][ T6588] ? find_vma_prev+0xd8/0x150 [ 171.176331][ T6588] ? futex_unqueue+0x133/0x2c0 [ 171.176353][ T6588] ? __pfx_find_vma_prev+0x10/0x10 [ 171.176391][ T6588] ? __futex_wait+0x256/0x300 [ 171.176427][ T6588] madvise_walk_vmas+0x2fe/0xa90 [ 171.176470][ T6588] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 171.176511][ T6588] madvise_do_behavior+0x1ea/0x510 [ 171.176547][ T6588] ? __pfx_madvise_do_behavior+0x10/0x10 [ 171.176582][ T6588] ? down_read+0x13b/0x450 [ 171.176617][ T6588] do_madvise+0x195/0x240 [ 171.176649][ T6588] ? __pfx_do_madvise+0x10/0x10 [ 171.176681][ T6588] ? do_futex+0x192/0x350 [ 171.176711][ T6588] ? __sys_sendmsg+0x18f/0x220 [ 171.176749][ T6588] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 171.176790][ T6588] __x64_sys_madvise+0xa9/0x110 [ 171.176823][ T6588] ? lockdep_hardirqs_on+0x78/0x100 [ 171.176858][ T6588] do_syscall_64+0x115/0x840 [ 171.176892][ T6588] ? clear_bhb_loop+0x40/0x90 [ 171.176921][ T6588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.176946][ T6588] RIP: 0033:0x7f0b7b79ce59 [ 171.176965][ T6588] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 171.176988][ T6588] RSP: 002b:00007f0b7c612028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 171.177010][ T6588] RAX: ffffffffffffffda RBX: 00007f0b7ba16090 RCX: 00007f0b7b79ce59 [ 171.177026][ T6588] RDX: 0000000000000015 RSI: 0000000000000081 RDI: 0000000000000000 [ 171.177040][ T6588] RBP: 00007f0b7b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 171.177054][ T6588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 171.177068][ T6588] R13: 00007f0b7ba16128 R14: 00007f0b7ba16090 R15: 00007ffe0e6a0318 [ 171.177098][ T6588] [ 172.818969][ T6587] sd 0:0:1:0: PR command failed: 1026 [ 172.825979][ T6587] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 172.842839][ T6587] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 173.144568][ T6121] Bluetooth: hci0: command 0x0c1a tx timeout [ 173.160318][ T6583] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 173.725457][ T6583] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 173.969690][ T6583] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 174.050413][ T6583] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 174.076407][ T6583] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 174.121462][ T6583] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 174.152076][ T6583] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 174.215961][ T6583] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 174.264129][ T6583] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 174.292820][ T6583] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 174.313164][ T6583] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 174.336051][ T6583] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 174.402548][ T6583] Process accounting paused [ 174.410342][ T6586] Process accounting paused [ 174.688549][ T6613] ovs_: entered promiscuous mode [ 174.798234][ T6615] futex_wake_op: syz.3.135 tries to shift op by -1; fix this program [ 174.917754][ T6617] ovs_: entered promiscuous mode [ 174.999840][ T6617] futex_wake_op: syz.0.136 tries to shift op by -1; fix this program [ 175.224832][ T6121] Bluetooth: hci0: command 0x0c1a tx timeout [ 176.104510][ T6121] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.185720][ T6121] Bluetooth: hci2: command 0x0c1a tx timeout [ 176.344296][ T6121] Bluetooth: hci3: command 0x0c1a tx timeout [ 176.522651][ T6637] FAULT_INJECTION: forcing a failure. [ 176.522651][ T6637] name failslab, interval 1, probability 0, space 0, times 0 [ 176.571298][ T6637] CPU: 0 UID: 0 PID: 6637 Comm: syz.2.140 Tainted: G L syzkaller #0 PREEMPT(full) [ 176.571343][ T6637] Tainted: [L]=SOFTLOCKUP [ 176.571351][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 176.571365][ T6637] Call Trace: [ 176.571373][ T6637] [ 176.571381][ T6637] dump_stack_lvl+0x100/0x190 [ 176.571428][ T6637] should_fail_ex.cold+0x5/0xa [ 176.571458][ T6637] should_failslab+0xc2/0x120 [ 176.571488][ T6637] __kmalloc_cache_noprof+0x7a/0x6f0 [ 176.571524][ T6637] ? crtc_crc_open+0x3ba/0x7e0 [ 176.571567][ T6637] crtc_crc_open+0x3ba/0x7e0 [ 176.571598][ T6637] ? __debugfs_file_get+0x1fc/0x860 [ 176.571641][ T6637] ? __pfx_crtc_crc_open+0x10/0x10 [ 176.571674][ T6637] ? __pfx_apparmor_file_open+0x10/0x10 [ 176.571700][ T6637] ? path_get+0x61/0x80 [ 176.571742][ T6637] ? __pfx_crtc_crc_open+0x10/0x10 [ 176.571771][ T6637] full_proxy_open_regular+0x1b6/0x370 [ 176.571815][ T6637] do_dentry_open+0x6ab/0x14d0 [ 176.571845][ T6637] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 176.571889][ T6637] vfs_open+0x82/0x3f0 [ 176.571928][ T6637] path_openat+0x208c/0x31a0 [ 176.571969][ T6637] ? __pfx_path_openat+0x10/0x10 [ 176.572010][ T6637] do_file_open+0x20e/0x430 [ 176.572043][ T6637] ? __pfx_do_file_open+0x10/0x10 [ 176.572094][ T6637] ? alloc_fd+0x476/0x790 [ 176.572127][ T6637] ? do_getname+0x191/0x390 [ 176.572166][ T6637] do_sys_openat2+0x10d/0x1e0 [ 176.572209][ T6637] ? __pfx_do_sys_openat2+0x10/0x10 [ 176.572249][ T6637] ? do_raw_spin_lock+0x128/0x260 [ 176.572283][ T6637] __x64_sys_openat+0x12d/0x210 [ 176.572324][ T6637] ? __pfx___x64_sys_openat+0x10/0x10 [ 176.572369][ T6637] ? rcu_is_watching+0x12/0xc0 [ 176.572400][ T6637] do_syscall_64+0x115/0x840 [ 176.572434][ T6637] ? clear_bhb_loop+0x40/0x90 [ 176.572463][ T6637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.572488][ T6637] RIP: 0033:0x7fd0c7f9ce59 [ 176.572507][ T6637] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 176.572530][ T6637] RSP: 002b:00007fd0c8ecb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 176.572552][ T6637] RAX: ffffffffffffffda RBX: 00007fd0c8216090 RCX: 00007fd0c7f9ce59 [ 176.572568][ T6637] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 176.572583][ T6637] RBP: 00007fd0c8032d6f R08: 0000000000000000 R09: 0000000000000000 [ 176.572597][ T6637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 176.572611][ T6637] R13: 00007fd0c8216128 R14: 00007fd0c8216090 R15: 00007fff8d994aa8 [ 176.572641][ T6637] [ 177.355885][ T6121] Bluetooth: hci0: command 0x0c1a tx timeout [ 178.184498][ T6121] Bluetooth: hci1: command 0x0c1a tx timeout [ 178.264407][ T6121] Bluetooth: hci2: command 0x0c1a tx timeout [ 178.424340][ T6121] Bluetooth: hci3: command 0x0c1a tx timeout [ 180.264468][ T6121] Bluetooth: hci1: command 0x0c1a tx timeout [ 180.344414][ T6121] Bluetooth: hci2: command 0x0c1a tx timeout [ 180.504763][ T6121] Bluetooth: hci3: command 0x0c1a tx timeout [ 180.724570][ T6677] openvswitch: ovs_: Dropping previously announced user features [ 180.841086][ T6682] futex_wake_op: syz.3.148 tries to shift op by -1; fix this program [ 180.937741][ T6675] batadv_slave_1: entered promiscuous mode [ 181.010947][ T6674] batadv_slave_1: left promiscuous mode [ 183.929406][ T6688] Process accounting resumed [ 184.228973][ T6710] bridge0: port 3(gretap0) entered blocking state [ 184.316747][ T6710] bridge0: port 3(gretap0) entered disabled state [ 184.385996][ T6710] gretap0: entered allmulticast mode [ 184.440994][ T30] audit: type=1800 audit(1780012565.404:5): pid=6713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.152" name="members" dev="configfs" ino=13894 res=0 errno=0 [ 184.493638][ T6710] gretap0: entered promiscuous mode [ 184.571402][ T6710] bridge0: port 3(gretap0) entered blocking state [ 184.579184][ T6710] bridge0: port 3(gretap0) entered forwarding state [ 188.068244][ T6753] ubi0: attaching mtd0 [ 188.131039][ T6753] ubi0: scanning is finished [ 188.369298][ T6762] random: crng reseeded on system resumption [ 188.543574][ T6753] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 188.671414][ T6753] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 188.818923][ T6753] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 189.005636][ T6753] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 189.196294][ T6753] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 189.359406][ T6753] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 189.525795][ T6753] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 4237798215 [ 189.553436][ T6781] netlink: 342 bytes leftover after parsing attributes in process `syz.0.164'. [ 189.774978][ T6753] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 189.984440][ T6765] ubi0: background thread "ubi_bgt0d" started, PID 6765 [ 189.993012][ T6757] ubi0: detaching mtd0 [ 190.139987][ T6757] ubi0: mtd0 is detached [ 192.158917][ T6813] openvswitch: netlink: Key type 68 is out of range max 32 [ 193.569855][ T6834] bridge0: port 3(team0) entered blocking state [ 193.605668][ T6834] bridge0: port 3(team0) entered disabled state [ 193.639866][ T6834] team0: entered allmulticast mode [ 193.676874][ T6834] team_slave_0: entered allmulticast mode [ 193.714333][ T6834] team_slave_1: entered allmulticast mode [ 193.757273][ T6834] team0: entered promiscuous mode [ 193.782465][ T6834] team_slave_0: entered promiscuous mode [ 193.828320][ T6834] team_slave_1: entered promiscuous mode [ 193.894930][ T6834] bridge0: port 3(team0) entered blocking state [ 193.901329][ T6834] bridge0: port 3(team0) entered forwarding state [ 194.231934][ T6806] zram: Removed device: zram0 [ 194.307845][ T6807] Process accounting resumed [ 194.348113][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.354547][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.022085][ T30] audit: type=1800 audit(1780012577.994:6): pid=6868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.175" name="file0" dev="tmpfs" ino=278 res=0 errno=0 [ 198.352900][ T6878] netlink: 'syz.0.179': attribute type 2 has an invalid length. [ 198.619930][ T6878] netlink: 28 bytes leftover after parsing attributes in process `syz.0.179'. [ 198.685813][ T6878] virt_wifi0: entered allmulticast mode [ 198.912821][ T6883] nbd: socks must be embedded in a SOCK_ITEM attr [ 199.390758][ T6886] netlink: 28 bytes leftover after parsing attributes in process `syz.0.181'. [ 199.903977][ T6897] futex_wake_op: syz.3.183 tries to shift op by -1; fix this program [ 201.533235][ T6911] batadv_slave_1: entered promiscuous mode [ 201.647889][ T6910] batadv_slave_1: left promiscuous mode [ 204.596195][ T5706] Process accounting resumed [ 204.891347][ T30] audit: type=1800 audit(1780012585.864:7): pid=6935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.190" name="file0" dev="tmpfs" ino=229 res=0 errno=0 [ 205.791860][ T6927] Process accounting resumed [ 207.882874][ T6954] hub 1-0:1.0: USB hub found [ 208.028513][ T6954] hub 1-0:1.0: 1 port detected [ 208.185339][ T6962] batadv_slave_1: entered promiscuous mode [ 208.264871][ T6970] netlink: 342 bytes leftover after parsing attributes in process `syz.3.196'. [ 208.402955][ T6961] batadv_slave_1: left promiscuous mode [ 208.660603][ T6973] netlink: 342 bytes leftover after parsing attributes in process `syz.0.197'. [ 210.189742][ T6988] syz.0.200 uses obsolete (PF_INET,SOCK_PACKET) [ 211.066081][ T6999] netlink: 20 bytes leftover after parsing attributes in process `syz.0.202'. [ 211.187023][ T6999] hsr_slave_0: left promiscuous mode [ 211.253578][ T6999] hsr_slave_1: left promiscuous mode [ 211.394597][ T30] audit: type=1800 audit(1780012592.364:8): pid=6991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.199" name="file0" dev="tmpfs" ino=280 res=0 errno=0 [ 213.332445][ T30] audit: type=1800 audit(1780012594.304:9): pid=7009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.204" name="file0" dev="tmpfs" ino=252 res=0 errno=0 [ 217.119381][ T7010] Process accounting paused [ 220.041843][ T7091] ubi0: attaching mtd0 [ 220.079661][ T7091] ubi0: scanning is finished [ 220.627170][ T7091] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 220.810469][ T7091] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 220.935500][ T7091] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 221.068793][ T7091] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 221.251852][ T7091] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 221.382162][ T7091] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 221.598392][ T7091] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 4237798215 [ 221.780064][ T7091] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 221.946243][ T7099] ubi0: background thread "ubi_bgt0d" started, PID 7099 [ 221.957408][ T7093] ubi0: detaching mtd0 [ 222.053475][ T7093] ubi0: mtd0 is detached [ 222.921397][ T7109] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5636] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[7109] [ 224.150894][ T7107] random: crng reseeded on system resumption [ 225.127916][ T7107] Process accounting paused [ 225.617080][ T7118] hub 1-0:1.0: USB hub found [ 225.732497][ T7118] hub 1-0:1.0: 1 port detected [ 227.699154][ T7140] netlink: 130 bytes leftover after parsing attributes in process `syz.0.219'. [ 227.895988][ T7141] FAULT_INJECTION: forcing a failure. [ 227.895988][ T7141] name failslab, interval 1, probability 0, space 0, times 0 [ 227.987780][ T7141] CPU: 0 UID: 0 PID: 7141 Comm: syz.0.219 Tainted: G L syzkaller #0 PREEMPT(full) [ 227.987817][ T7141] Tainted: [L]=SOFTLOCKUP [ 227.987825][ T7141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 227.987839][ T7141] Call Trace: [ 227.987847][ T7141] [ 227.987856][ T7141] dump_stack_lvl+0x100/0x190 [ 227.987923][ T7141] should_fail_ex.cold+0x5/0xa [ 227.987957][ T7141] should_failslab+0xc2/0x120 [ 227.987987][ T7141] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 227.988027][ T7141] ? key_alloc+0x3c5/0x1310 [ 227.988069][ T7141] ? mark_held_locks+0x40/0x70 [ 227.988111][ T7141] key_alloc+0x3c5/0x1310 [ 227.988151][ T7141] ? __pfx_key_alloc+0x10/0x10 [ 227.988184][ T7141] ? __pfx_key_default_cmp+0x10/0x10 [ 227.988225][ T7141] ? __pfx_keyring_search_iterator+0x10/0x10 [ 227.988265][ T7141] keyring_alloc+0x44/0xc0 [ 227.988302][ T7141] look_up_user_keyrings+0x508/0x790 [ 227.988335][ T7141] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 227.988373][ T7141] lookup_user_key+0xbb1/0x1300 [ 227.988404][ T7141] ? __pfx_lookup_user_key+0x10/0x10 [ 227.988432][ T7141] ? __pfx_do_futex+0x10/0x10 [ 227.988461][ T7141] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 227.988496][ T7141] ? xfd_validate_state+0x129/0x190 [ 227.988518][ T7141] ? ksys_write+0x1ac/0x250 [ 227.988549][ T7141] keyctl_keyring_unlink+0x1f/0x1b0 [ 227.988573][ T7141] __do_sys_keyctl+0x3dd/0x5a0 [ 227.988600][ T7141] do_syscall_64+0x115/0x840 [ 227.988633][ T7141] ? clear_bhb_loop+0x40/0x90 [ 227.988662][ T7141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.988687][ T7141] RIP: 0033:0x7f0b7b79ce59 [ 227.988710][ T7141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 227.988731][ T7141] RSP: 002b:00007f0b7c612028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 227.988756][ T7141] RAX: ffffffffffffffda RBX: 00007f0b7ba16090 RCX: 00007f0b7b79ce59 [ 227.988783][ T7141] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000009 [ 227.988796][ T7141] RBP: 00007f0b7b832d6f R08: 0000000000000008 R09: 0000000000000000 [ 227.988809][ T7141] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 227.988823][ T7141] R13: 00007f0b7ba16128 R14: 00007f0b7ba16090 R15: 00007ffe0e6a0318 [ 227.988850][ T7141] [ 228.786754][ T7148] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 231.561898][ T7169] random: crng reseeded on system resumption [ 231.683190][ T7169] hub 1-0:1.0: USB hub found [ 231.752234][ T7169] hub 1-0:1.0: 1 port detected [ 232.873992][ T7192] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 232.958519][ T7192] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 233.125154][ T7193] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 233.145105][ T7196] random: crng reseeded on system resumption [ 233.249784][ T7193] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 233.496229][ T7177] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.883593][ T7174] Process accounting paused [ 236.407749][ T30] audit: type=1800 audit(1780012617.384:10): pid=7232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.233" name="file0" dev="tmpfs" ino=296 res=0 errno=0 [ 237.465301][ T30] audit: type=1800 audit(1780012618.444:11): pid=7255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.236" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 239.313884][ T7255] kexec: Could not allocate control_code_buffer [ 239.469462][ T30] audit: type=1800 audit(1780012620.444:12): pid=7270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.237" name="file0" dev="tmpfs" ino=344 res=0 errno=0 [ 239.873599][ T7279] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 11!phy1!netdev:wlan1!rc_rateid [ 239.908800][ T6121] Bluetooth: hci0: Malformed LE Event: 0x0b [ 240.145150][ T7286] sysfs: cannot create duplicate filename '/class/ieee80211/11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 240.211004][ T7286] CPU: 0 UID: 0 PID: 7286 Comm: syz.3.239 Tainted: G L syzkaller #0 PREEMPT(full) [ 240.211041][ T7286] Tainted: [L]=SOFTLOCKUP [ 240.211050][ T7286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 240.211064][ T7286] Call Trace: [ 240.211072][ T7286] [ 240.211081][ T7286] dump_stack_lvl+0x100/0x190 [ 240.211130][ T7286] sysfs_warn_dup.cold+0x1c/0x28 [ 240.211166][ T7286] sysfs_do_create_link_sd+0x113/0x140 [ 240.211204][ T7286] sysfs_create_link+0x61/0xc0 [ 240.211230][ T7286] device_add+0x675/0x1950 [ 240.211261][ T7286] ? __pfx_device_add+0x10/0x10 [ 240.211287][ T7286] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 240.211325][ T7286] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 240.211373][ T7286] wiphy_register+0x1edd/0x2d90 [ 240.211403][ T7286] ? __rtnl_unlock+0xb9/0xf0 [ 240.211441][ T7286] ? __pfx_wiphy_register+0x10/0x10 [ 240.211472][ T7286] ? __asan_memset+0x23/0x50 [ 240.211510][ T7286] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 240.211561][ T7286] ieee80211_register_hw+0x3055/0x4570 [ 240.211614][ T7286] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 240.211657][ T7286] ? __pfx___debug_object_init+0x10/0x10 [ 240.211694][ T7286] ? find_held_lock+0x2b/0x80 [ 240.211726][ T7286] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 240.211762][ T7286] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 240.211802][ T7286] ? __hrtimer_setup+0x208/0x330 [ 240.211830][ T7286] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 240.211881][ T7286] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 240.211916][ T7286] ? __asan_memcpy+0x3c/0x60 [ 240.211957][ T7286] hwsim_new_radio_nl+0xc5f/0x1370 [ 240.211988][ T7286] ? rcu_is_watching+0x12/0xc0 [ 240.212018][ T7286] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 240.212057][ T7286] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 240.212097][ T7286] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 240.212143][ T7286] genl_family_rcv_msg_doit+0x214/0x300 [ 240.212189][ T7286] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 240.212227][ T7286] ? genl_get_cmd+0x3e7/0x760 [ 240.212268][ T7286] ? bpf_lsm_capable+0x9/0x10 [ 240.212294][ T7286] ? security_capable+0x80/0x260 [ 240.212323][ T7286] ? ns_capable+0xd2/0xf0 [ 240.212353][ T7286] genl_rcv_msg+0x560/0x800 [ 240.212393][ T7286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 240.212431][ T7286] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 240.212473][ T7286] netlink_rcv_skb+0x159/0x420 [ 240.212507][ T7286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 240.212545][ T7286] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 240.212591][ T7286] ? netlink_deliver_tap+0x1ae/0xcc0 [ 240.212626][ T7286] genl_rcv+0x28/0x40 [ 240.212659][ T7286] netlink_unicast+0x585/0x850 [ 240.212697][ T7286] ? __pfx_netlink_unicast+0x10/0x10 [ 240.212738][ T7286] netlink_sendmsg+0x8b0/0xda0 [ 240.212777][ T7286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 240.212808][ T7286] ? __import_iovec+0x1d2/0x640 [ 240.212858][ T7286] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 240.212898][ T7286] ____sys_sendmsg+0x9e1/0xb70 [ 240.212926][ T7286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 240.212958][ T7286] ? __pfx_____sys_sendmsg+0x10/0x10 [ 240.212991][ T7286] ? rcu_is_watching+0x12/0xc0 [ 240.213033][ T7286] ? ___sys_sendmsg+0x19d/0x1e0 [ 240.213064][ T7286] ? kfree+0x1dd/0x6c0 [ 240.213102][ T7286] ___sys_sendmsg+0x190/0x1e0 [ 240.213137][ T7286] ? __pfx____sys_sendmsg+0x10/0x10 [ 240.213202][ T7286] ? __pfx___might_resched+0x10/0x10 [ 240.213233][ T7286] __sys_sendmmsg+0x205/0x430 [ 240.213262][ T7286] ? __pfx___sys_sendmmsg+0x10/0x10 [ 240.213311][ T7286] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 240.213346][ T7286] ? kcov_ioctl+0x16a/0x720 [ 240.213382][ T7286] __x64_sys_sendmmsg+0x9c/0x100 [ 240.213407][ T7286] ? lockdep_hardirqs_on+0x78/0x100 [ 240.213441][ T7286] do_syscall_64+0x115/0x840 [ 240.213474][ T7286] ? clear_bhb_loop+0x40/0x90 [ 240.213506][ T7286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.213530][ T7286] RIP: 0033:0x7f0bcd19ce59 [ 240.213549][ T7286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 240.213570][ T7286] RSP: 002b:00007f0bce072028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 240.213593][ T7286] RAX: ffffffffffffffda RBX: 00007f0bcd416090 RCX: 00007f0bcd19ce59 [ 240.213608][ T7286] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 240.213623][ T7286] RBP: 00007f0bcd232d6f R08: 0000000000000000 R09: 0000000000000000 [ 240.213636][ T7286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 240.213650][ T7286] R13: 00007f0bcd416128 R14: 00007f0bcd416090 R15: 00007ffc8eccfb38 [ 240.213680][ T7286] syzkaller syzkaller login: [ 241.957010][ T7315] netlink: 28 bytes leftover after parsing attributes in process `syz.2.243'. [ 241.988574][ T7315] ipvlan1: entered promiscuous mode [ 242.055820][ T7315] ipvlan1: entered allmulticast mode [ 242.098823][ T7315] veth0_vlan: entered allmulticast mode [ 243.442605][ T7304] Process accounting resumed [ 243.707231][ T7325] sysfs_service_op_store: Client not running :-5: [ 244.117287][ T7307] kexec: Could not allocate control_code_buffer [ 244.646999][ T7334] netlink: 342 bytes leftover after parsing attributes in process `syz.3.247'. [ 244.735739][ T7337] netlink: 342 bytes leftover after parsing attributes in process `syz.3.247'. [ 244.766687][ T7336] debugfs: '11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' already exists in 'ieee80211' [ 245.066718][ T7340] sysfs: cannot create duplicate filename '/class/ieee80211/11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 245.169644][ T7340] CPU: 0 UID: 0 PID: 7340 Comm: syz.1.248 Tainted: G L syzkaller #0 PREEMPT(full) [ 245.169681][ T7340] Tainted: [L]=SOFTLOCKUP [ 245.169689][ T7340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 245.169718][ T7340] Call Trace: [ 245.169726][ T7340] [ 245.169735][ T7340] dump_stack_lvl+0x100/0x190 [ 245.169781][ T7340] sysfs_warn_dup.cold+0x1c/0x28 [ 245.169816][ T7340] sysfs_do_create_link_sd+0x113/0x140 [ 245.169845][ T7340] sysfs_create_link+0x61/0xc0 [ 245.169871][ T7340] device_add+0x675/0x1950 [ 245.169900][ T7340] ? __pfx_device_add+0x10/0x10 [ 245.169925][ T7340] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 245.169962][ T7340] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 245.170008][ T7340] wiphy_register+0x1edd/0x2d90 [ 245.170036][ T7340] ? __rtnl_unlock+0xb9/0xf0 [ 245.170073][ T7340] ? __pfx_wiphy_register+0x10/0x10 [ 245.170104][ T7340] ? __asan_memset+0x23/0x50 [ 245.170140][ T7340] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 245.170190][ T7340] ieee80211_register_hw+0x3055/0x4570 [ 245.170242][ T7340] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 245.170279][ T7340] ? __pfx___debug_object_init+0x10/0x10 [ 245.170316][ T7340] ? find_held_lock+0x2b/0x80 [ 245.170347][ T7340] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 245.170382][ T7340] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 245.170421][ T7340] ? __hrtimer_setup+0x208/0x330 [ 245.170448][ T7340] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 245.170498][ T7340] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 245.170552][ T7340] ? __asan_memcpy+0x3c/0x60 [ 245.170593][ T7340] hwsim_new_radio_nl+0xc5f/0x1370 [ 245.170644][ T7340] ? rcu_is_watching+0x12/0xc0 [ 245.170675][ T7340] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 245.170714][ T7340] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 245.170753][ T7340] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 245.170797][ T7340] genl_family_rcv_msg_doit+0x214/0x300 [ 245.170837][ T7340] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 245.170873][ T7340] ? genl_get_cmd+0x3e7/0x760 [ 245.170913][ T7340] ? bpf_lsm_capable+0x9/0x10 [ 245.170939][ T7340] ? security_capable+0x80/0x260 [ 245.170962][ T7340] ? ns_capable+0xd2/0xf0 [ 245.170991][ T7340] genl_rcv_msg+0x560/0x800 [ 245.171030][ T7340] ? __pfx_genl_rcv_msg+0x10/0x10 [ 245.171067][ T7340] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 245.171100][ T7340] ? kasan_check_range+0xfc/0x1e0 [ 245.171137][ T7340] netlink_rcv_skb+0x159/0x420 [ 245.171169][ T7340] ? __pfx_genl_rcv_msg+0x10/0x10 [ 245.171207][ T7340] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 245.171250][ T7340] ? netlink_deliver_tap+0x1ae/0xcc0 [ 245.171284][ T7340] genl_rcv+0x28/0x40 [ 245.171316][ T7340] netlink_unicast+0x585/0x850 [ 245.171352][ T7340] ? __pfx_netlink_unicast+0x10/0x10 [ 245.171392][ T7340] netlink_sendmsg+0x8b0/0xda0 [ 245.171429][ T7340] ? __pfx_netlink_sendmsg+0x10/0x10 [ 245.171460][ T7340] ? __import_iovec+0x1d2/0x640 [ 245.171496][ T7340] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 245.171525][ T7340] ____sys_sendmsg+0x9e1/0xb70 [ 245.171556][ T7340] ? __pfx_netlink_sendmsg+0x10/0x10 [ 245.171590][ T7340] ? __pfx_____sys_sendmsg+0x10/0x10 [ 245.171631][ T7340] ? rcu_is_watching+0x12/0xc0 [ 245.171662][ T7340] ? ___sys_sendmsg+0x19d/0x1e0 [ 245.171694][ T7340] ? kfree+0x1dd/0x6c0 [ 245.171751][ T7340] ___sys_sendmsg+0x190/0x1e0 [ 245.171787][ T7340] ? __pfx____sys_sendmsg+0x10/0x10 [ 245.171848][ T7340] ? __pfx___might_resched+0x10/0x10 [ 245.171880][ T7340] __sys_sendmmsg+0x205/0x430 [ 245.171910][ T7340] ? __pfx___sys_sendmmsg+0x10/0x10 [ 245.171959][ T7340] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 245.171996][ T7340] ? kcov_ioctl+0x16a/0x720 [ 245.172033][ T7340] __x64_sys_sendmmsg+0x9c/0x100 [ 245.172058][ T7340] ? lockdep_hardirqs_on+0x78/0x100 [ 245.172094][ T7340] do_syscall_64+0x115/0x840 [ 245.172127][ T7340] ? clear_bhb_loop+0x40/0x90 [ 245.172157][ T7340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.172181][ T7340] RIP: 0033:0x7f3a4cb9ce59 [ 245.172201][ T7340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 245.172224][ T7340] RSP: 002b:00007f3a4da4a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 245.172251][ T7340] RAX: ffffffffffffffda RBX: 00007f3a4ce16090 RCX: 00007f3a4cb9ce59 [ 245.172267][ T7340] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 245.172281][ T7340] RBP: 00007f3a4cc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 245.172296][ T7340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 245.172310][ T7340] R13: 00007f3a4ce16128 R14: 00007f3a4ce16090 R15: 00007ffc2c024498 [ 245.172341][ T7340] [ 245.640743][ T7348] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk syzkaller syzkaller login: [ 247.208792][ T7373] bridge0: port 3(bond0) entered blocking state [ 247.287122][ T7373] bridge0: port 3(bond0) entered disabled state [ 247.376173][ T7373] bond0: entered allmulticast mode [ 247.416247][ T7355] Process accounting resumed [ 247.451179][ T7373] bond_slave_0: entered allmulticast mode [ 247.536564][ T7373] bond_slave_1: entered allmulticast mode [ 247.616458][ T7373] bond0: entered promiscuous mode [ 247.657530][ T7373] bond_slave_0: entered promiscuous mode [ 247.700962][ T7373] bond_slave_1: entered promiscuous mode [ 247.747971][ T7373] bridge0: port 3(bond0) entered blocking state [ 247.754444][ T7373] bridge0: port 3(bond0) entered forwarding state [ 247.845017][ T7371] batadv_slave_1: entered promiscuous mode [ 247.854434][ T7370] batadv_slave_1: left promiscuous mode [ 248.319044][ T7391] netlink: 342 bytes leftover after parsing attributes in process `syz.3.259'. [ 248.372529][ T7395] netlink: 342 bytes leftover after parsing attributes in process `syz.3.259'. [ 250.636580][ T7423] netlink: 334 bytes leftover after parsing attributes in process `syz.2.265'. [ 250.882317][ T7419] netlink: 12 bytes leftover after parsing attributes in process `syz.1.264'. [ 252.245517][ T7432] ovs_: entered promiscuous mode [ 252.390347][ T7435] futex_wake_op: syz.2.267 tries to shift op by -1; fix this program [ 252.768143][ T30] audit: type=1800 audit(1780012633.734:13): pid=7430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.266" name="file0" dev="tmpfs" ino=366 res=0 errno=0 [ 253.013032][ T7439] batadv_slave_1: entered promiscuous mode [ 253.051381][ T7438] batadv_slave_1: left promiscuous mode [ 254.381005][ T7462] netlink: 342 bytes leftover after parsing attributes in process `syz.2.273'. [ 254.517087][ T7466] netlink: 342 bytes leftover after parsing attributes in process `syz.2.273'. [ 254.569036][ T7467] netlink: 342 bytes leftover after parsing attributes in process `syz.1.274'. [ 254.700443][ T7467] netlink: 342 bytes leftover after parsing attributes in process `syz.1.274'. [ 255.789633][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.796869][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.182821][ T7485] QAT: Device 0 not found [ 256.581885][ T7489] batadv_slave_1: entered promiscuous mode [ 256.648650][ T7487] batadv_slave_1: left promiscuous mode [ 256.975724][ T7496] openvswitch: ovs_: Dropping previously announced user features [ 257.038328][ T7496] futex_wake_op: syz.3.279 tries to shift op by -1; fix this program [ 257.735911][ T7505] netlink: 28 bytes leftover after parsing attributes in process `syz.2.282'. [ 258.615051][ T30] audit: type=1804 audit(1780012639.584:14): pid=7518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.284" name="/newroot/76/file0" dev="tmpfs" ino=424 res=1 errno=0 [ 261.533847][ T7564] netlink: 342 bytes leftover after parsing attributes in process `syz.1.289'. [ 261.590196][ T7566] netlink: 342 bytes leftover after parsing attributes in process `syz.1.289'. [ 262.653079][ T7581] netlink: 342 bytes leftover after parsing attributes in process `syz.1.290'. [ 262.804795][ T7583] netlink: 342 bytes leftover after parsing attributes in process `syz.1.290'. [ 265.324958][ T7600] zswap: compressor 000 not available [ 266.505747][ T7614] blktrace: Concurrent blktraces are not allowed on loop2 [ 266.527619][ T7590] Process accounting resumed [ 266.969958][ T7627] netlink: 12 bytes leftover after parsing attributes in process `syz.3.298'. [ 267.769101][ T7602] kexec: Could not allocate control_code_buffer [ 271.075726][ T7672] netlink: 342 bytes leftover after parsing attributes in process `syz.0.308'. [ 271.133905][ T7672] netlink: 342 bytes leftover after parsing attributes in process `syz.0.308'. [ 272.956102][ T7689] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 273.392242][ T30] audit: type=1807 audit(1780012654.364:15): UNKNOWN=nl80211 res=0 [ 273.438585][ T30] audit: type=1802 audit(1780012654.384:16): pid=7689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.312" res=0 errno=0 [ 273.905959][ T7686] ima: policy update failed [ 274.000373][ T30] audit: type=1802 audit(1780012654.974:17): pid=7686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.312" res=0 errno=0 [ 274.097171][ T7681] Process accounting paused [ 274.561022][ T7706] netlink: 342 bytes leftover after parsing attributes in process `syz.0.316'. [ 274.617563][ T7709] netlink: 342 bytes leftover after parsing attributes in process `syz.0.316'. [ 276.047176][ T7713] sd 0:0:1:0: PR command failed: 1026 [ 276.072873][ T7713] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 276.106235][ T7713] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 276.609824][ T7725] netlink: 342 bytes leftover after parsing attributes in process `syz.2.320'. [ 276.682432][ T7729] netlink: 342 bytes leftover after parsing attributes in process `syz.2.320'. [ 276.908650][ T7731] netlink: 12 bytes leftover after parsing attributes in process `syz.0.321'. [ 278.637698][ T7752] Process accounting paused [ 278.881544][ T7759] netlink: 342 bytes leftover after parsing attributes in process `syz.2.327'. [ 280.113497][ T7756] bridge0: port 3(gretap0) entered blocking state [ 280.164902][ T7756] bridge0: port 3(gretap0) entered disabled state [ 280.201281][ T7756] gretap0: entered allmulticast mode [ 280.240560][ T7756] gretap0: entered promiscuous mode [ 280.277333][ T7756] bridge0: port 3(gretap0) entered blocking state [ 280.283929][ T7756] bridge0: port 3(gretap0) entered forwarding state [ 282.122337][ T7800] blktrace: Concurrent blktraces are not allowed on loop2 [ 282.134861][ T7798] openvswitch: ovs_: Dropping previously announced user features [ 282.243186][ T7801] futex_wake_op: syz.0.342 tries to shift op by -1; fix this program [ 282.382970][ T7797] batadv_slave_1: entered promiscuous mode [ 282.460089][ T7795] batadv_slave_1: left promiscuous mode [ 284.625466][ T7836] futex_wake_op: syz.0.340 tries to shift op by -2048; fix this program [ 284.641048][ T7830] netlink: 342 bytes leftover after parsing attributes in process `syz.2.341'. [ 284.796265][ T7829] 0x000000000001-0x000000020000 : "" [ 284.856470][ T7836] blktrace: Concurrent blktraces are not allowed on loop2 [ 284.901255][ T7829] ftl_cs: FTL header corrupt! [ 285.680104][ T7811] kexec: Could not allocate control_code_buffer [ 285.782471][ T7845] warning: `syz.2.344' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 286.036502][ T7848] FAULT_INJECTION: forcing a failure. [ 286.036502][ T7848] name failslab, interval 1, probability 0, space 0, times 0 [ 286.131796][ T7848] CPU: 0 UID: 0 PID: 7848 Comm: syz.2.344 Tainted: G L syzkaller #0 PREEMPT(full) [ 286.131835][ T7848] Tainted: [L]=SOFTLOCKUP [ 286.131844][ T7848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 286.131857][ T7848] Call Trace: [ 286.131865][ T7848] [ 286.131881][ T7848] dump_stack_lvl+0x100/0x190 [ 286.131928][ T7848] should_fail_ex.cold+0x5/0xa [ 286.131959][ T7848] should_failslab+0xc2/0x120 [ 286.131989][ T7848] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 286.132029][ T7848] ? __d_alloc+0x34/0xa40 [ 286.132069][ T7848] __d_alloc+0x34/0xa40 [ 286.132105][ T7848] d_alloc+0x4a/0x1e0 [ 286.132139][ T7848] lookup_one_qstr_excl+0x171/0x250 [ 286.132180][ T7848] start_dirop+0x59/0xb0 [ 286.132209][ T7848] simple_start_creating+0xf9/0x110 [ 286.132239][ T7848] ? __pfx_simple_start_creating+0x10/0x10 [ 286.132269][ T7848] ? mntput+0x70/0xa0 [ 286.132295][ T7848] ? simple_pin_fs+0xa3/0x190 [ 286.132321][ T7848] debugfs_start_creating.part.0+0x82/0x170 [ 286.132348][ T7848] __debugfs_create_file+0xb3/0x4f0 [ 286.132378][ T7848] debugfs_create_file_full+0x41/0x60 [ 286.132406][ T7848] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 286.132436][ T7848] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 286.132459][ T7848] ? ida_alloc_range+0x70d/0x830 [ 286.132519][ T7848] ? lockdep_init_map_type+0x5c/0x250 [ 286.132546][ T7848] preinit_net.part.0+0x252/0x920 [ 286.132576][ T7848] copy_net_ns+0x339/0x7c0 [ 286.132609][ T7848] create_new_namespaces+0x3ea/0xac0 [ 286.132647][ T7848] unshare_nsproxy_namespaces+0xf2/0x220 [ 286.132681][ T7848] ksys_unshare+0x438/0xab0 [ 286.132718][ T7848] ? __pfx_ksys_unshare+0x10/0x10 [ 286.132752][ T7848] ? xfd_validate_state+0x129/0x190 [ 286.132775][ T7848] ? ksys_write+0x1ac/0x250 [ 286.132811][ T7848] __x64_sys_unshare+0x31/0x40 [ 286.132846][ T7848] do_syscall_64+0x115/0x840 [ 286.132886][ T7848] ? clear_bhb_loop+0x40/0x90 [ 286.132916][ T7848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.132941][ T7848] RIP: 0033:0x7fd0c7f9ce59 [ 286.132961][ T7848] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 286.132984][ T7848] RSP: 002b:00007fd0c8e89028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 286.133007][ T7848] RAX: ffffffffffffffda RBX: 00007fd0c8216270 RCX: 00007fd0c7f9ce59 [ 286.133023][ T7848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 286.133036][ T7848] RBP: 00007fd0c8032d6f R08: 0000000000000000 R09: 0000000000000000 [ 286.133051][ T7848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.133065][ T7848] R13: 00007fd0c8216308 R14: 00007fd0c8216270 R15: 00007fff8d994aa8 [ 286.133095][ T7848] [ 287.106758][ T7850] zswap: compressor 000 not available [ 287.596727][ T7867] openvswitch: ovs_: Dropping previously announced user features [ 287.674077][ T7870] futex_wake_op: syz.3.348 tries to shift op by -1; fix this program [ 288.852201][ T7890] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 289.037081][ T30] audit: type=1807 audit(1780012670.014:18): UNKNOWN=nl80211 res=0 [ 289.075142][ T30] audit: type=1802 audit(1780012670.014:19): pid=7890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.0.357" res=0 errno=0 [ 290.157650][ T7878] ima: policy update failed [ 290.186803][ T30] audit: type=1802 audit(1780012671.154:20): pid=7878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.357" res=0 errno=0 [ 290.898740][ T7902] bridge0: port 4(team0) entered blocking state [ 290.930475][ T7902] bridge0: port 4(team0) entered disabled state [ 290.959170][ T7902] team0: entered allmulticast mode [ 290.989235][ T7902] team_slave_0: entered allmulticast mode [ 291.014071][ T7902] team_slave_1: entered allmulticast mode [ 291.044103][ T7902] team0: entered promiscuous mode [ 291.071860][ T7902] team_slave_0: entered promiscuous mode [ 291.097757][ T7902] team_slave_1: entered promiscuous mode [ 291.132183][ T7902] bridge0: port 4(team0) entered blocking state [ 291.138893][ T7902] bridge0: port 4(team0) entered forwarding state [ 291.756340][ T7915] openvswitch: netlink: Key type 68 is out of range max 32 [ 291.903541][ T30] audit: type=1800 audit(1780012672.874:21): pid=7919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.356" name="file0" dev="tmpfs" ino=519 res=0 errno=0 [ 293.522775][ T7912] Process accounting resumed [ 294.118685][ T7929] netlink: 342 bytes leftover after parsing attributes in process `syz.3.359'. [ 295.373845][ T7948] netlink: 'syz.3.362': attribute type 2 has an invalid length. [ 296.091576][ T7948] netlink: 28 bytes leftover after parsing attributes in process `syz.3.362'. [ 296.240245][ T7948] virt_wifi0: entered allmulticast mode [ 296.479329][ T7964] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 296.722287][ T30] audit: type=1807 audit(1780012677.694:22): UNKNOWN=nl80211 res=0 [ 296.778403][ T30] audit: type=1802 audit(1780012677.694:23): pid=7964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.365" res=0 errno=0 [ 297.809242][ T7957] ima: policy update failed [ 297.867571][ T30] audit: type=1802 audit(1780012678.844:24): pid=7957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.365" res=0 errno=0 [ 298.363902][ T7970] Process accounting paused [ 298.916821][ T7978] zswap: compressor not available [ 298.976872][ T30] audit: type=1800 audit(1780012679.954:25): pid=7984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.369" name="file0" dev="tmpfs" ino=535 res=0 errno=0 [ 299.906814][ T8001] batadv_slave_1: entered promiscuous mode [ 299.978529][ T8000] batadv_slave_1: left promiscuous mode [ 300.671383][ T30] audit: type=1800 audit(1780012681.644:26): pid=8006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.373" name="file0" dev="tmpfs" ino=526 res=0 errno=0 [ 301.381129][ T8019] netlink: 'syz.2.375': attribute type 2 has an invalid length. [ 301.689543][ T8019] netlink: 28 bytes leftover after parsing attributes in process `syz.2.375'. [ 301.783825][ T8019] virt_wifi0: entered allmulticast mode [ 302.969501][ T8035] netlink: 342 bytes leftover after parsing attributes in process `syz.2.377'. [ 303.996339][ T8050] openvswitch: ovs_: Dropping previously announced user features [ 304.148868][ T8054] futex_wake_op: syz.2.382 tries to shift op by -1; fix this program [ 305.558423][ T30] audit: type=1800 audit(1780012686.534:27): pid=8067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.385" name="file0" dev="tmpfs" ino=562 res=0 errno=0 [ 305.838058][ T8043] Process accounting resumed [ 306.472119][ T8079] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ekl*[GCHFx^ĒPktkyve' [ 308.038052][ T30] audit: type=1800 audit(1780012689.014:28): pid=8093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.389" name="file0" dev="tmpfs" ino=543 res=0 errno=0 [ 308.685937][ T8100] blktrace: Concurrent blktraces are not allowed on loop2 [ 310.733229][ T8117] nbd: socks must be embedded in a SOCK_ITEM attr [ 311.030468][ T8118] batadv_slave_1: entered promiscuous mode [ 311.159719][ T8114] batadv_slave_1: left promiscuous mode [ 311.339652][ T8096] kexec: Could not allocate control_code_buffer [ 313.762338][ T8163] i2c i2c-0: new_device: Invalid device name [ 314.104655][ T8164] netlink: 338 bytes leftover after parsing attributes in process `syz.2.400'. [ 314.833908][ T8172] netlink: 342 bytes leftover after parsing attributes in process `syz.1.404'. [ 315.080468][ T30] audit: type=1800 audit(1780012696.054:29): pid=8174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.403" name="file0" dev="tmpfs" ino=589 res=0 errno=0 [ 315.105121][ T8179] batadv_slave_1: entered promiscuous mode [ 315.160359][ T8178] batadv_slave_1: left promiscuous mode [ 316.515158][ T8192] netlink: 342 bytes leftover after parsing attributes in process `syz.1.409'. [ 317.229652][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.238068][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.211461][ T8232] netlink: 342 bytes leftover after parsing attributes in process `syz.0.416'. [ 319.926484][ T8242] netlink: 20 bytes leftover after parsing attributes in process `syz.1.418'. [ 320.337325][ T8248] netlink: 342 bytes leftover after parsing attributes in process `syz.0.419'. [ 320.476318][ T8242] hsr_slave_0: left promiscuous mode [ 320.521984][ T8242] hsr_slave_1: left promiscuous mode [ 321.155769][ T30] audit: type=1800 audit(1780012702.134:30): pid=8252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.421" name="file0" dev="tmpfs" ino=551 res=0 errno=0 [ 321.924481][ T8259] hub 1-0:1.0: USB hub found [ 322.016580][ T8259] hub 1-0:1.0: 1 port detected [ 323.867518][ T8269] Process accounting paused [ 324.256308][ T8287] random: crng reseeded on system resumption [ 324.361970][ T8287] hub 1-0:1.0: USB hub found [ 324.397242][ T8287] hub 1-0:1.0: 1 port detected [ 324.715247][ T8294] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 324.748564][ T8294] vhci_hcd vhci_hcd.1: Wrong hub descriptor type for USB 3.0 roothub. [ 325.459627][ T8304] netlink: 342 bytes leftover after parsing attributes in process `syz.0.438'. [ 328.573999][ T8347] Process accounting resumed [ 328.693457][ T8345] hub 1-0:1.0: USB hub found [ 328.786979][ T8345] hub 1-0:1.0: 1 port detected [ 329.147247][ T8353] zswap: compressor not available [ 329.518791][ T30] audit: type=1800 audit(1780012710.494:31): pid=8362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.441" name="file0" dev="tmpfs" ino=576 res=0 errno=0 [ 332.246699][ T8390] batadv_slave_1: entered promiscuous mode [ 332.274659][ T8390] batadv_slave_1: left promiscuous mode [ 332.415084][ T8393] netlink: 342 bytes leftover after parsing attributes in process `syz.0.453'. [ 333.400144][ T8405] random: crng reseeded on system resumption [ 334.692260][ T6121] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 335.054647][ T8428] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 335.106504][ T8428] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 335.189346][ T8430] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 335.277409][ T8430] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) syzkaller syzkaller login: [ 336.493333][ T8445] hub 1-0:1.0: USB hub found [ 336.504858][ T8450] netlink: 342 bytes leftover after parsing attributes in process `syz.0.463'. [ 336.537452][ T8445] hub 1-0:1.0: 1 port detected [ 336.824395][ T6105] Bluetooth: hci1: command 0x0c1a tx timeout [ 337.152201][ T8460] netlink: 342 bytes leftover after parsing attributes in process `syz.1.457'. [ 337.182296][ T8440] Process accounting paused [ 338.814689][ T30] audit: type=1800 audit(1780012719.794:32): pid=8469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.459" name="file0" dev="tmpfs" ino=603 res=0 errno=0 [ 338.906060][ T6121] Bluetooth: hci1: command 0x0c1a tx timeout [ 342.209524][ T8512] netlink: 342 bytes leftover after parsing attributes in process `syz.1.469'. [ 344.794621][ T8533] sysfs_service_op_store: Client not running :-5: [ 344.889793][ T8534] batadv_slave_1: entered promiscuous mode [ 344.959011][ T8532] batadv_slave_1: left promiscuous mode [ 346.131210][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.481'. [ 347.847071][ T8579] netlink: 342 bytes leftover after parsing attributes in process `syz.0.483'. [ 349.004915][ T8591] batadv_slave_1: entered promiscuous mode [ 349.032890][ T8587] batadv_slave_1: left promiscuous mode [ 349.149624][ T8572] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5642] was attempted by ""[8572] [ 349.712918][ T8606] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 349.941698][ T8612] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 350.726149][ T8618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.490'. [ 350.819982][ T8618] netlink: 354 bytes leftover after parsing attributes in process `syz.2.490'. [ 351.361530][ T8627] bridge0: port 5(bond0) entered blocking state [ 351.430279][ T8627] bridge0: port 5(bond0) entered disabled state [ 351.504759][ T8627] bond0: entered allmulticast mode [ 351.565815][ T8627] bond_slave_0: entered allmulticast mode [ 351.644719][ T8627] bond_slave_1: entered allmulticast mode [ 351.739761][ T8627] bond0: entered promiscuous mode [ 351.799428][ T8627] bond_slave_0: entered promiscuous mode [ 351.861073][ T8627] bond_slave_1: entered promiscuous mode [ 351.910034][ T8627] bridge0: port 5(bond0) entered blocking state [ 351.916478][ T8627] bridge0: port 5(bond0) entered forwarding state [ 352.319936][ T8638] batadv_slave_1: entered promiscuous mode [ 352.401130][ T8637] batadv_slave_1: left promiscuous mode [ 354.212391][ T8676] netlink: 342 bytes leftover after parsing attributes in process `syz.1.508'. [ 355.115793][ T8676] Process accounting resumed [ 356.055780][ T30] audit: type=1800 audit(1780012737.024:33): pid=8700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.501" name="file0" dev="tmpfs" ino=716 res=0 errno=0 [ 358.553532][ T8738] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 358.870695][ T8742] sysfs: cannot create duplicate filename '/class/ieee80211/11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 358.939363][ T8742] CPU: 0 UID: 0 PID: 8742 Comm: syz.3.507 Tainted: G L syzkaller #0 PREEMPT(full) [ 358.939402][ T8742] Tainted: [L]=SOFTLOCKUP [ 358.939410][ T8742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 358.939424][ T8742] Call Trace: [ 358.939432][ T8742] [ 358.939441][ T8742] dump_stack_lvl+0x100/0x190 [ 358.939489][ T8742] sysfs_warn_dup.cold+0x1c/0x28 [ 358.939526][ T8742] sysfs_do_create_link_sd+0x113/0x140 [ 358.939557][ T8742] sysfs_create_link+0x61/0xc0 [ 358.939583][ T8742] device_add+0x675/0x1950 [ 358.939613][ T8742] ? __pfx_device_add+0x10/0x10 [ 358.939639][ T8742] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 358.939677][ T8742] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 358.939725][ T8742] wiphy_register+0x1edd/0x2d90 [ 358.939755][ T8742] ? __rtnl_unlock+0xb9/0xf0 [ 358.939793][ T8742] ? __pfx_wiphy_register+0x10/0x10 [ 358.939824][ T8742] ? __asan_memset+0x23/0x50 [ 358.939862][ T8742] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 358.939912][ T8742] ieee80211_register_hw+0x3055/0x4570 [ 358.939965][ T8742] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 358.940003][ T8742] ? __pfx___debug_object_init+0x10/0x10 [ 358.940040][ T8742] ? find_held_lock+0x2b/0x80 [ 358.940072][ T8742] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 358.940108][ T8742] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 358.940148][ T8742] ? __hrtimer_setup+0x208/0x330 [ 358.940176][ T8742] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 358.940227][ T8742] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 358.940262][ T8742] ? __asan_memcpy+0x3c/0x60 [ 358.940310][ T8742] hwsim_new_radio_nl+0xc5f/0x1370 [ 358.940341][ T8742] ? rcu_is_watching+0x12/0xc0 [ 358.940375][ T8742] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 358.940416][ T8742] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 358.940456][ T8742] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 358.940502][ T8742] genl_family_rcv_msg_doit+0x214/0x300 [ 358.940543][ T8742] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 358.940581][ T8742] ? genl_get_cmd+0x3e7/0x760 [ 358.940622][ T8742] ? bpf_lsm_capable+0x9/0x10 [ 358.940648][ T8742] ? security_capable+0x80/0x260 [ 358.940673][ T8742] ? ns_capable+0xd2/0xf0 [ 358.940703][ T8742] genl_rcv_msg+0x560/0x800 [ 358.940744][ T8742] ? __pfx_genl_rcv_msg+0x10/0x10 [ 358.940782][ T8742] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 358.940824][ T8742] netlink_rcv_skb+0x159/0x420 [ 358.940858][ T8742] ? __pfx_genl_rcv_msg+0x10/0x10 [ 358.940896][ T8742] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 358.940942][ T8742] ? netlink_deliver_tap+0x1ae/0xcc0 [ 358.940977][ T8742] genl_rcv+0x28/0x40 [ 358.941011][ T8742] netlink_unicast+0x585/0x850 [ 358.941048][ T8742] ? __pfx_netlink_unicast+0x10/0x10 [ 358.941090][ T8742] netlink_sendmsg+0x8b0/0xda0 [ 358.941128][ T8742] ? __pfx_netlink_sendmsg+0x10/0x10 [ 358.941160][ T8742] ? __import_iovec+0x1d2/0x640 [ 358.941199][ T8742] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 358.941229][ T8742] ____sys_sendmsg+0x9e1/0xb70 [ 358.941260][ T8742] ? __pfx_netlink_sendmsg+0x10/0x10 [ 358.941301][ T8742] ? __pfx_____sys_sendmsg+0x10/0x10 [ 358.941333][ T8742] ? preempt_schedule_thunk+0x16/0x30 [ 358.941375][ T8742] ? try_to_wake_up+0x5f6/0x1900 [ 358.941412][ T8742] ___sys_sendmsg+0x190/0x1e0 [ 358.941449][ T8742] ? __pfx____sys_sendmsg+0x10/0x10 [ 358.941484][ T8742] ? futex_private_hash_put+0x107/0x1c0 [ 358.941557][ T8742] __sys_sendmsg+0x170/0x220 [ 358.941583][ T8742] ? __pfx___sys_sendmsg+0x10/0x10 [ 358.941608][ T8742] ? __x64_sys_futex+0x34f/0x4d0 [ 358.941644][ T8742] ? rcu_is_watching+0x12/0xc0 [ 358.941676][ T8742] do_syscall_64+0x115/0x840 [ 358.941715][ T8742] ? clear_bhb_loop+0x40/0x90 [ 358.941745][ T8742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.941769][ T8742] RIP: 0033:0x7f0bcd19ce59 [ 358.941790][ T8742] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 358.941813][ T8742] RSP: 002b:00007f0bce093028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 358.941836][ T8742] RAX: ffffffffffffffda RBX: 00007f0bcd415fa0 RCX: 00007f0bcd19ce59 [ 358.941852][ T8742] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 358.941867][ T8742] RBP: 00007f0bcd232d6f R08: 0000000000000000 R09: 0000000000000000 [ 358.941882][ T8742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.941896][ T8742] R13: 00007f0bcd416038 R14: 00007f0bcd415fa0 R15: 00007ffc8eccfb38 [ 358.941926][ T8742] [ 359.850593][ T8743] sysfs: cannot create duplicate filename '/class/ieee80211/11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 359.917461][ T8743] CPU: 0 UID: 0 PID: 8743 Comm: syz.3.507 Tainted: G L syzkaller #0 PREEMPT(full) [ 359.917499][ T8743] Tainted: [L]=SOFTLOCKUP [ 359.917507][ T8743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 359.917521][ T8743] Call Trace: [ 359.917528][ T8743] [ 359.917537][ T8743] dump_stack_lvl+0x100/0x190 [ 359.917582][ T8743] sysfs_warn_dup.cold+0x1c/0x28 [ 359.917617][ T8743] sysfs_do_create_link_sd+0x113/0x140 [ 359.917646][ T8743] sysfs_create_link+0x61/0xc0 [ 359.917672][ T8743] device_add+0x675/0x1950 [ 359.917701][ T8743] ? __pfx_device_add+0x10/0x10 [ 359.917726][ T8743] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 359.917762][ T8743] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 359.917812][ T8743] wiphy_register+0x1edd/0x2d90 [ 359.917841][ T8743] ? __rtnl_unlock+0xb9/0xf0 [ 359.917878][ T8743] ? __pfx_wiphy_register+0x10/0x10 [ 359.917907][ T8743] ? __asan_memset+0x23/0x50 [ 359.917944][ T8743] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 359.917993][ T8743] ieee80211_register_hw+0x3055/0x4570 [ 359.918044][ T8743] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 359.918081][ T8743] ? __pfx___debug_object_init+0x10/0x10 [ 359.918118][ T8743] ? find_held_lock+0x2b/0x80 [ 359.918149][ T8743] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 359.918184][ T8743] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 359.918243][ T8743] ? __hrtimer_setup+0x208/0x330 [ 359.918270][ T8743] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 359.918338][ T8743] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 359.918374][ T8743] ? __asan_memcpy+0x3c/0x60 [ 359.918429][ T8743] hwsim_new_radio_nl+0xc5f/0x1370 [ 359.918459][ T8743] ? rcu_is_watching+0x12/0xc0 [ 359.918488][ T8743] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 359.918526][ T8743] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 359.918564][ T8743] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 359.918628][ T8743] genl_family_rcv_msg_doit+0x214/0x300 [ 359.918669][ T8743] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 359.918707][ T8743] ? genl_get_cmd+0x3e7/0x760 [ 359.918748][ T8743] ? bpf_lsm_capable+0x9/0x10 [ 359.918774][ T8743] ? security_capable+0x80/0x260 [ 359.918799][ T8743] ? ns_capable+0xd2/0xf0 [ 359.918829][ T8743] genl_rcv_msg+0x560/0x800 [ 359.918869][ T8743] ? __pfx_genl_rcv_msg+0x10/0x10 [ 359.918907][ T8743] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 359.918949][ T8743] netlink_rcv_skb+0x159/0x420 [ 359.918982][ T8743] ? __pfx_genl_rcv_msg+0x10/0x10 [ 359.919021][ T8743] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 359.919066][ T8743] ? netlink_deliver_tap+0x1ae/0xcc0 [ 359.919101][ T8743] genl_rcv+0x28/0x40 [ 359.919135][ T8743] netlink_unicast+0x585/0x850 [ 359.919172][ T8743] ? __pfx_netlink_unicast+0x10/0x10 [ 359.919219][ T8743] netlink_sendmsg+0x8b0/0xda0 [ 359.919257][ T8743] ? __pfx_netlink_sendmsg+0x10/0x10 [ 359.919295][ T8743] ? __import_iovec+0x1d2/0x640 [ 359.919334][ T8743] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 359.919365][ T8743] ____sys_sendmsg+0x9e1/0xb70 [ 359.919397][ T8743] ? __pfx_netlink_sendmsg+0x10/0x10 [ 359.919432][ T8743] ? __pfx_____sys_sendmsg+0x10/0x10 [ 359.919470][ T8743] ? rcu_is_watching+0x12/0xc0 [ 359.919497][ T8743] ? ___sys_sendmsg+0x19d/0x1e0 [ 359.919529][ T8743] ? kfree+0x1dd/0x6c0 [ 359.919568][ T8743] ___sys_sendmsg+0x190/0x1e0 [ 359.919604][ T8743] ? __pfx____sys_sendmsg+0x10/0x10 [ 359.919666][ T8743] ? __pfx___might_resched+0x10/0x10 [ 359.919698][ T8743] __sys_sendmmsg+0x205/0x430 [ 359.919758][ T8743] ? __pfx___sys_sendmmsg+0x10/0x10 [ 359.919817][ T8743] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 359.919866][ T8743] ? kcov_ioctl+0x16a/0x720 [ 359.919904][ T8743] __x64_sys_sendmmsg+0x9c/0x100 [ 359.919929][ T8743] ? lockdep_hardirqs_on+0x78/0x100 [ 359.919965][ T8743] do_syscall_64+0x115/0x840 [ 359.920010][ T8743] ? clear_bhb_loop+0x40/0x90 [ 359.920040][ T8743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.920065][ T8743] RIP: 0033:0x7f0bcd19ce59 [ 359.920090][ T8743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 359.920114][ T8743] RSP: 002b:00007f0bce072028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 359.920137][ T8743] RAX: ffffffffffffffda RBX: 00007f0bcd416090 RCX: 00007f0bcd19ce59 [ 359.920154][ T8743] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 359.920168][ T8743] RBP: 00007f0bcd232d6f R08: 0000000000000000 R09: 0000000000000000 [ 359.920182][ T8743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 359.920196][ T8743] R13: 00007f0bcd416128 R14: 00007f0bcd416090 R15: 00007ffc8eccfb38 [ 359.920234][ T8743] [ 360.838229][ T8728] kexec: Could not allocate control_code_buffer [ 360.907036][ T8741] Process accounting paused syzkaller syzkaller login: [ 361.687795][ T8757] netlink: 342 bytes leftover after parsing attributes in process `syz.2.517'. [ 362.899037][ T8761] netlink: 342 bytes leftover after parsing attributes in process `syz.2.512'. [ 363.973920][ T30] audit: type=1800 audit(1780012744.944:34): pid=8777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.523" name="file0" dev="tmpfs" ino=734 res=0 errno=0 [ 366.171170][ T8804] batadv_slave_1: entered promiscuous mode [ 366.441366][ T8803] batadv_slave_1: left promiscuous mode [ 366.736205][ T8814] netlink: 342 bytes leftover after parsing attributes in process `syz.0.522'. [ 367.449991][ T8809] Process accounting resumed [ 368.173344][ T8830] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 369.489455][ T8833] hub 1-0:1.0: USB hub found [ 369.573925][ T8833] hub 1-0:1.0: 1 port detected [ 370.121773][ T8842] netlink: 342 bytes leftover after parsing attributes in process `syz.3.529'. [ 372.715077][ T30] audit: type=1800 audit(1780012753.684:35): pid=8857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.533" name="file0" dev="tmpfs" ino=758 res=0 errno=0 [ 373.348938][ T8871] netlink: 342 bytes leftover after parsing attributes in process `syz.1.536'. [ 373.709626][ T30] audit: type=1800 audit(1780012754.684:36): pid=8876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.537" name="file0" dev="tmpfs" ino=756 res=0 errno=0 [ 374.260084][ T8860] Process accounting resumed [ 377.558602][ T8912] hub 1-0:1.0: USB hub found [ 377.610683][ T8912] hub 1-0:1.0: 1 port detected [ 377.644256][ T8920] netlink: 342 bytes leftover after parsing attributes in process `syz.3.546'. [ 378.512527][ T30] audit: type=1800 audit(1780012759.484:37): pid=8928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.547" name="file0" dev="tmpfs" ino=767 res=0 errno=0 [ 378.672616][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.680704][ T30] audit: type=1800 audit(1780012759.514:38): pid=8927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.548" name="file0" dev="tmpfs" ino=774 res=0 errno=0 [ 378.701863][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.785390][ T30] audit: type=1800 audit(1780012761.764:39): pid=8944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.550" name="dbroot" dev="configfs" ino=29168 res=0 errno=0 [ 382.203018][ T8963] futex_wake_op: syz.0.553 tries to shift op by -2048; fix this program [ 382.371056][ T8962] 0x000000000001-0x000000020000 : "" [ 382.411271][ T8962] ftl_cs: FTL header corrupt! [ 382.470189][ T8966] netlink: 342 bytes leftover after parsing attributes in process `syz.2.554'. [ 382.565280][ T8967] netlink: 342 bytes leftover after parsing attributes in process `syz.2.554'. [ 383.085301][ T8974] netlink: 342 bytes leftover after parsing attributes in process `syz.1.555'. [ 383.315544][ T8972] netlink: 342 bytes leftover after parsing attributes in process `syz.1.555'. [ 385.435567][ T8982] Process accounting paused [ 388.592727][ T6121] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 389.059530][ T6121] Bluetooth: hci2: unexpected event 0x05 length: 6 > 4 [ 389.253305][ T30] audit: type=1800 audit(1780012770.224:40): pid=9033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.566" name="file0" dev="tmpfs" ino=788 res=0 errno=0 [ 390.666973][ T6105] Bluetooth: hci2: command 0x0c1a tx timeout [ 391.023284][ T9029] Process accounting resumed [ 392.632952][ T9074] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 394.697015][ T30] audit: type=1800 audit(1780012775.674:41): pid=9093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.577" name="file0" dev="tmpfs" ino=811 res=0 errno=0 [ 397.003257][ T9117] futex_wake_op: syz.0.582 tries to shift op by -2048; fix this program [ 398.009733][ T9116] Process accounting paused [ 398.104828][ T9133] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 398.766166][ T6105] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 398.766200][ T6105] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 398.782852][ T6105] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 398.782904][ T6105] Bluetooth: hci0: Unknown advertising packet type: 0x36 [ 398.791774][ T6105] Bluetooth: hci0: adv larger than maximum supported [ 398.799677][ T6105] Bluetooth: hci0: Malformed LE Event: 0x0d [ 399.194520][ T9147] random: crng reseeded on system resumption [ 404.257518][ T9209] netlink: 12 bytes leftover after parsing attributes in process `syz.1.597'. [ 404.383334][ T9210] netlink: 326 bytes leftover after parsing attributes in process `syz.1.597'. [ 404.507748][ T9210] bridge0: port 3(team0) entered disabled state [ 404.514561][ T9210] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.521891][ T9210] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.548118][ T9206] Process accounting paused [ 405.198000][ T9215] netlink: 342 bytes leftover after parsing attributes in process `syz.1.598'. [ 405.210187][ T9177] Process accounting resumed [ 407.891579][ T9241] vhci_hcd vhci_hcd.0: ClearPortFeature: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 410.179515][ T9265] netlink: 342 bytes leftover after parsing attributes in process `syz.3.611'. [ 410.255375][ T9266] netlink: 342 bytes leftover after parsing attributes in process `syz.3.611'. [ 414.344279][ T9317] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 415.898824][ T9332] netlink: 342 bytes leftover after parsing attributes in process `syz.0.623'. [ 415.938362][ T9332] netlink: 342 bytes leftover after parsing attributes in process `syz.0.623'. [ 417.319396][ T9325] Process accounting resumed [ 418.540899][ T9345] kAFS: unparsable volume name [ 420.621130][ T9374] snd_virmidi snd_virmidi.0: control 2048:1:9:>,OICuAeX&%[5_:4 is already present [ 421.414034][ T9379] Process accounting paused [ 422.343034][ T9401] netlink: 342 bytes leftover after parsing attributes in process `syz.0.636'. [ 422.534514][ T9402] netlink: 342 bytes leftover after parsing attributes in process `syz.0.636'. [ 423.878035][ T30] audit: type=1800 audit(4294967303.370:42): pid=9408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.637" name="file0" dev="tmpfs" ino=849 res=0 errno=0 [ 426.149234][ T9435] netlink: 342 bytes leftover after parsing attributes in process `syz.0.643'. [ 427.194756][ T30] audit: type=1800 audit(4294967306.680:43): pid=9442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.644" name="file0" dev="tmpfs" ino=855 res=0 errno=0 [ 427.315860][ T9449] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 428.934042][ T9448] Process accounting resumed [ 429.280437][ T30] audit: type=1800 audit(4294967308.770:44): pid=9461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.647" name="dbroot" dev="configfs" ino=33403 res=0 errno=0 [ 429.666762][ T9466] netlink: 342 bytes leftover after parsing attributes in process `syz.3.648'. [ 432.068117][ T9491] netlink: 342 bytes leftover after parsing attributes in process `syz.1.653'. [ 433.957671][ T9504] ieee80211 phy72: Failed to add default virtual iface [ 434.568520][ T9512] FAULT_INJECTION: forcing a failure. [ 434.568520][ T9512] name failslab, interval 1, probability 0, space 0, times 0 [ 434.673301][ T9512] CPU: 0 UID: 0 PID: 9512 Comm: syz.2.657 Tainted: G L syzkaller #0 PREEMPT(full) [ 434.673340][ T9512] Tainted: [L]=SOFTLOCKUP [ 434.673348][ T9512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 434.673373][ T9512] Call Trace: [ 434.673381][ T9512] [ 434.673391][ T9512] dump_stack_lvl+0x100/0x190 [ 434.673438][ T9512] should_fail_ex.cold+0x5/0xa [ 434.673469][ T9512] should_failslab+0xc2/0x120 [ 434.673499][ T9512] __kmalloc_cache_noprof+0x7a/0x6f0 [ 434.673539][ T9512] ? trace_pid_list_alloc+0x2fe/0x480 [ 434.673580][ T9512] trace_pid_list_alloc+0x2fe/0x480 [ 434.673617][ T9512] trace_pid_write+0x110/0x460 [ 434.673652][ T9512] ? __pfx_trace_pid_write+0x10/0x10 [ 434.673702][ T9512] event_pid_write.isra.0+0x1e4/0x7d0 [ 434.673740][ T9512] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 434.673785][ T9512] vfs_write+0x2aa/0x1070 [ 434.673815][ T9512] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 434.673854][ T9512] ? __pfx_vfs_write+0x10/0x10 [ 434.673882][ T9512] ? __fget_files+0x215/0x3d0 [ 434.673917][ T9512] ? __fget_files+0x21f/0x3d0 [ 434.673954][ T9512] ksys_write+0x12a/0x250 [ 434.673982][ T9512] ? __pfx_ksys_write+0x10/0x10 [ 434.674013][ T9512] ? rcu_is_watching+0x12/0xc0 [ 434.674045][ T9512] do_syscall_64+0x115/0x840 [ 434.674081][ T9512] ? clear_bhb_loop+0x40/0x90 [ 434.674110][ T9512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.674136][ T9512] RIP: 0033:0x7fd0c7f9ce59 [ 434.674156][ T9512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 434.674179][ T9512] RSP: 002b:00007fd0c8eec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 434.674203][ T9512] RAX: ffffffffffffffda RBX: 00007fd0c8215fa0 RCX: 00007fd0c7f9ce59 [ 434.674219][ T9512] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 434.674233][ T9512] RBP: 00007fd0c8032d6f R08: 0000000000000000 R09: 0000000000000000 [ 434.674247][ T9512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.674261][ T9512] R13: 00007fd0c8216038 R14: 00007fd0c8215fa0 R15: 00007fff8d994aa8 [ 434.674291][ T9512] [ 435.691528][ T9525] netlink: 342 bytes leftover after parsing attributes in process `syz.1.660'. [ 437.981890][ T9511] Process accounting paused [ 439.754046][ T30] audit: type=1800 audit(4294967319.240:45): pid=9562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.666" name="file0" dev="tmpfs" ino=843 res=0 errno=0 [ 439.877711][ T9569] netlink: 342 bytes leftover after parsing attributes in process `syz.2.668'. [ 440.107750][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.114909][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.972895][ T9584] netlink: 342 bytes leftover after parsing attributes in process `syz.2.670'. [ 442.423956][ T9597] netlink: 342 bytes leftover after parsing attributes in process `syz.1.672'. [ 442.922346][ T30] audit: type=1800 audit(4294967322.410:46): pid=9596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.671" name="file0" dev="tmpfs" ino=953 res=0 errno=0 [ 444.580646][ T9610] ieee80211 phy74: Failed to add default virtual iface [ 444.684350][ T6105] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 446.160819][ T9634] netlink: 342 bytes leftover after parsing attributes in process `syz.0.680'. [ 446.906912][ T9639] input: jJǸ-9%vJ86 as /devices/virtual/input/input8 [ 447.754553][ T9633] Process accounting paused [ 449.840669][ T9670] batadv_slave_1: entered promiscuous mode [ 449.969197][ T9669] batadv_slave_1: left promiscuous mode [ 450.461279][ T9681] netlink: 342 bytes leftover after parsing attributes in process `syz.2.689'. [ 450.691926][ T9686] netlink: 342 bytes leftover after parsing attributes in process `syz.3.690'. [ 450.854230][ T30] audit: type=1800 audit(4294967330.340:47): pid=9684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.688" name="file0" dev="tmpfs" ino=925 res=0 errno=0 [ 453.893153][ T9687] Process accounting resumed [ 453.983789][ T9705] vhci_hcd vhci_hcd.1: invalid port number 99 [ 454.013938][ T9705] vhci_hcd vhci_hcd.1: Wrong hub descriptor type for USB 3.0 roothub. [ 454.206478][ T9727] kAFS: No cell specified [ 454.760336][ T30] audit: type=1800 audit(4294967334.250:48): pid=9730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.697" name="file0" dev="tmpfs" ino=974 res=0 errno=0 [ 457.287028][ T9765] netlink: 342 bytes leftover after parsing attributes in process `syz.1.703'. [ 458.975833][ T9773] Process accounting paused [ 461.229268][ T9792] Process accounting resumed [ 461.606593][ T9800] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 461.729246][ T9800] CIFS mount error: No usable UNC path provided in device string! [ 461.729246][ T9800] [ 461.797932][ T9800] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 461.845491][ T30] audit: type=1800 audit(4294967341.340:49): pid=9812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.714" name="file0" dev="tmpfs" ino=957 res=0 errno=0 [ 462.500589][ T9807] zswap: compressor not available [ 464.899468][ T9844] netlink: 'syz.0.718': attribute type 1 has an invalid length. [ 464.932011][ T9844] nbd: error processing sock list [ 467.726240][ T6105] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 468.191174][ T30] audit: type=1800 audit(4294967347.680:50): pid=9878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.726" name="file0" dev="tmpfs" ino=930 res=0 errno=0 [ 468.215948][ T9881] netlink: 342 bytes leftover after parsing attributes in process `syz.2.727'. [ 468.958620][ T9884] Process accounting resumed [ 469.280728][ T9896] netlink: 342 bytes leftover after parsing attributes in process `syz.2.729'. [ 469.785314][ T6121] Bluetooth: hci0: command 0x0c1a tx timeout [ 471.871747][ T6121] Bluetooth: hci0: command 0x0c1a tx timeout [ 472.082811][ T30] audit: type=1800 audit(4294967351.570:51): pid=9921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.735" name="file0" dev="tmpfs" ino=1022 res=0 errno=0 [ 472.409101][ T30] audit: type=1800 audit(4294967351.900:52): pid=9925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.736" name="dbroot" dev="configfs" ino=37205 res=0 errno=0 [ 474.086401][ T9940] netlink: 342 bytes leftover after parsing attributes in process `syz.3.739'. [ 474.160760][ T9942] netlink: 342 bytes leftover after parsing attributes in process `syz.1.740'. [ 475.832488][ T30] audit: type=1800 audit(4294967355.320:53): pid=9954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.743" name="file0" dev="tmpfs" ino=1028 res=0 errno=0 [ 476.183028][ T9961] batadv_slave_1: entered promiscuous mode [ 476.271556][ T9960] batadv_slave_1: left promiscuous mode [ 479.129368][ T9998] netlink: 342 bytes leftover after parsing attributes in process `syz.2.751'. [ 480.340279][T10010] kernel profiling enabled (shift: 3) [ 482.272612][T10038] netlink: 342 bytes leftover after parsing attributes in process `syz.1.758'. [ 482.450327][ T30] audit: type=1800 audit(4294967361.940:54): pid=10039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.757" name="file0" dev="tmpfs" ino=971 res=0 errno=0 [ 487.549130][T10077] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff81b0deaa (__mcheck_cpu_init_prepare_banks+0x18a/0x380) [ 487.567925][T10077] Call Trace: [ 487.572438][T10077] [ 487.576629][T10077] ? __pfx___mcheck_cpu_init_prepare_banks+0x10/0x10 [ 487.584079][T10077] ? __pfx___schedule+0x10/0x10 [ 487.589865][T10077] ? irqentry_exit+0x24d/0x970 [ 487.594878][T10077] mce_cpu_restart+0xd5/0x1f0 [ 487.600058][T10077] ? __pfx_mce_cpu_restart+0x10/0x10 [ 487.605507][T10077] smp_call_function_many_cond+0x13d4/0x1700 [ 487.611726][T10077] ? __pfx_mce_cpu_restart+0x10/0x10 [ 487.617080][T10077] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 487.623116][T10077] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 487.629580][T10077] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 487.635696][T10077] ? __timer_delete_sync+0x151/0x1c0 [ 487.641182][T10077] ? __pfx_mce_cpu_restart+0x10/0x10 [ 487.646588][T10077] on_each_cpu_cond_mask+0x40/0x90 [ 487.651922][T10077] set_bank+0x240/0x3a0 [ 487.656227][T10077] ? __pfx_set_bank+0x10/0x10 [ 487.660949][T10077] ? find_held_lock+0x2b/0x80 [ 487.665887][T10077] ? sysfs_file_kobj+0xe4/0x290 [ 487.671050][T10077] ? sysfs_file_kobj+0xe4/0x290 [ 487.676047][T10077] ? __pfx_set_bank+0x10/0x10 [ 487.680864][T10077] dev_attr_store+0x58/0x80 [ 487.685586][T10077] ? __pfx_dev_attr_store+0x10/0x10 [ 487.691350][T10077] sysfs_kf_write+0xf2/0x150 [ 487.696125][T10077] kernfs_fop_write_iter+0x3e0/0x5f0 [ 487.702287][T10077] ? __pfx_sysfs_kf_write+0x10/0x10 [ 487.708247][T10077] vfs_write+0x6ac/0x1070 [ 487.712627][T10077] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 487.718664][T10077] ? __pfx_vfs_write+0x10/0x10 [ 487.724014][T10077] ksys_write+0x12a/0x250 [ 487.729005][T10077] ? __pfx_ksys_write+0x10/0x10 [ 487.733942][T10077] ? rcu_is_watching+0x12/0xc0 [ 487.738995][T10077] do_syscall_64+0x115/0x840 [ 487.743744][T10077] ? clear_bhb_loop+0x40/0x90 [ 487.748621][T10077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.754770][T10077] RIP: 0033:0x7fd0c7f9ce59 [ 487.759874][T10077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 487.780332][T10077] RSP: 002b:00007fd0c8eec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 487.789118][T10077] RAX: ffffffffffffffda RBX: 00007fd0c8215fa0 RCX: 00007fd0c7f9ce59 [ 487.798596][T10077] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000003 [ 487.806949][T10077] RBP: 00007fd0c8032d6f R08: 0000000000000000 R09: 0000000000000000 [ 487.815975][T10077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.824831][T10077] R13: 00007fd0c8216038 R14: 00007fd0c8215fa0 R15: 00007fff8d994aa8 [ 487.833541][T10077] [ 487.882766][T10054] Process accounting paused [ 488.951239][ T30] audit: type=1800 audit(4294967368.440:55): pid=10090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.767" name="file0" dev="tmpfs" ino=983 res=0 errno=0 [ 489.751419][T10074] Process accounting resumed [ 489.951196][ T30] audit: type=1800 audit(4294967369.440:56): pid=10105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.769" name="dbroot" dev="configfs" ino=38590 res=0 errno=0 [ 491.554833][T10122] netlink: 28 bytes leftover after parsing attributes in process `syz.2.772'. [ 492.466933][T10130] netlink: 342 bytes leftover after parsing attributes in process `syz.0.774'. [ 494.472315][T10125] Process accounting paused [ 495.967615][ T6105] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 496.002633][T10154] vivid-008: ================= START STATUS ================= [ 496.127969][T10154] vivid-008: ================== END STATUS ================== [ 496.528711][ T30] audit: type=1800 audit(4294967376.020:57): pid=10162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.779" name="file0" dev="tmpfs" ino=1081 res=0 errno=0 [ 498.026003][ T6105] Bluetooth: hci2: command 0x0c1a tx timeout [ 499.598109][T10187] usb usb3: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 499.913405][T10184] zswap: compressor 000 not available [ 500.110583][ T6105] Bluetooth: hci2: command 0x0c1a tx timeout [ 501.149593][T10164] Process accounting paused [ 501.547855][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.554528][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.264896][T10222] Format for adding new device is "id port_count num_queues" (uint uint uint). [ 502.504191][ T5735] ================================================================== [ 502.504220][ T5735] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 502.504265][ T5735] Write of size 8 at addr ffffc90004969be0 by task kworker/0:4/5735 [ 502.504285][ T5735] [ 502.504298][ T5735] CPU: 0 UID: 0 PID: 5735 Comm: kworker/0:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 502.504331][ T5735] Tainted: [L]=SOFTLOCKUP [ 502.504339][ T5735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 502.504358][ T5735] Workqueue: events_power_efficient fb_flashcursor [ 502.504397][ T5735] Call Trace: [ 502.504404][ T5735] [ 502.504413][ T5735] dump_stack_lvl+0x100/0x190 [ 502.504454][ T5735] print_report+0x13d/0x4b0 [ 502.504486][ T5735] ? _raw_spin_lock_irqsave+0x52/0x60 [ 502.504519][ T5735] ? sys_imageblit+0x19fb/0x1d60 [ 502.504547][ T5735] kasan_report+0xdf/0x1d0 [ 502.504575][ T5735] ? sys_imageblit+0x19fb/0x1d60 [ 502.504607][ T5735] sys_imageblit+0x19fb/0x1d60 [ 502.504640][ T5735] ? __pfx_sys_imageblit+0x10/0x10 [ 502.504674][ T5735] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 502.504715][ T5735] soft_cursor+0x524/0xa10 [ 502.504743][ T5735] bit_cursor+0xca1/0x1490 [ 502.504770][ T5735] ? __pfx_bit_cursor+0x10/0x10 [ 502.504797][ T5735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 502.504831][ T5735] ? get_color+0x1da/0x450 [ 502.504865][ T5735] ? __pfx_bit_cursor+0x10/0x10 [ 502.504886][ T5735] fb_flashcursor+0x338/0x430 [ 502.504921][ T5735] process_one_work+0xa0e/0x1980 [ 502.504949][ T5735] ? __pfx_process_one_work+0x10/0x10 [ 502.504975][ T5735] ? __pfx_fb_flashcursor+0x10/0x10 [ 502.505011][ T5735] worker_thread+0x5ef/0xe50 [ 502.505036][ T5735] ? __pfx_worker_thread+0x10/0x10 [ 502.505058][ T5735] ? kthread+0x13a/0x450 [ 502.505091][ T5735] ? __pfx_worker_thread+0x10/0x10 [ 502.505112][ T5735] kthread+0x370/0x450 [ 502.505145][ T5735] ? __pfx_kthread+0x10/0x10 [ 502.505181][ T5735] ret_from_fork+0x72b/0xd50 [ 502.505205][ T5735] ? __pfx_ret_from_fork+0x10/0x10 [ 502.505230][ T5735] ? __switch_to+0x800/0x1100 [ 502.505267][ T5735] ? __switch_to_asm+0x39/0x70 [ 502.505296][ T5735] ? __pfx_kthread+0x10/0x10 [ 502.505331][ T5735] ret_from_fork_asm+0x1a/0x30 [ 502.505368][ T5735] [ 502.505376][ T5735] [ 502.505382][ T5735] The buggy address belongs to a vmalloc virtual mapping [ 502.505398][ T5735] Memory state around the buggy address: [ 502.505410][ T5735] ffffc90004969a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 502.505431][ T5735] ffffc90004969b00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 502.505447][ T5735] >ffffc90004969b80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 502.505460][ T5735] ^ [ 502.505474][ T5735] ffffc90004969c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 502.505490][ T5735] ffffc90004969c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 502.505506][ T5735] ================================================================== [ 502.505531][ T5735] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 502.505548][ T5735] CPU: 0 UID: 0 PID: 5735 Comm: kworker/0:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 502.505580][ T5735] Tainted: [L]=SOFTLOCKUP [ 502.505588][ T5735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 502.505603][ T5735] Workqueue: events_power_efficient fb_flashcursor [ 502.505641][ T5735] Call Trace: [ 502.505648][ T5735] [ 502.505656][ T5735] dump_stack_lvl+0x100/0x190 [ 502.505694][ T5735] vpanic+0x552/0x970 [ 502.505716][ T5735] ? __pfx_vpanic+0x10/0x10 [ 502.505738][ T5735] ? mark_held_locks+0x40/0x70 [ 502.505775][ T5735] ? irqentry_exit+0x24d/0x970 [ 502.505810][ T5735] ? sys_imageblit+0x19fb/0x1d60 [ 502.505838][ T5735] panic+0xd1/0xe0 [ 502.505859][ T5735] ? __pfx_panic+0x10/0x10 [ 502.505885][ T5735] ? check_panic_on_warn+0x1f/0x90 [ 502.505924][ T5735] check_panic_on_warn.cold+0x19/0x34 [ 502.505949][ T5735] end_report.part.0+0x3a/0x90 [ 502.505982][ T5735] kasan_report.cold+0xe/0x18 [ 502.506016][ T5735] ? sys_imageblit+0x19fb/0x1d60 [ 502.506049][ T5735] sys_imageblit+0x19fb/0x1d60 [ 502.506082][ T5735] ? __pfx_sys_imageblit+0x10/0x10 [ 502.506117][ T5735] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 502.506157][ T5735] soft_cursor+0x524/0xa10 [ 502.506185][ T5735] bit_cursor+0xca1/0x1490 [ 502.506212][ T5735] ? __pfx_bit_cursor+0x10/0x10 [ 502.506244][ T5735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 502.506278][ T5735] ? get_color+0x1da/0x450 [ 502.506313][ T5735] ? __pfx_bit_cursor+0x10/0x10 [ 502.506335][ T5735] fb_flashcursor+0x338/0x430 [ 502.506371][ T5735] process_one_work+0xa0e/0x1980 [ 502.506399][ T5735] ? __pfx_process_one_work+0x10/0x10 [ 502.506426][ T5735] ? __pfx_fb_flashcursor+0x10/0x10 [ 502.506462][ T5735] worker_thread+0x5ef/0xe50 [ 502.506487][ T5735] ? __pfx_worker_thread+0x10/0x10 [ 502.506510][ T5735] ? kthread+0x13a/0x450 [ 502.506543][ T5735] ? __pfx_worker_thread+0x10/0x10 [ 502.506564][ T5735] kthread+0x370/0x450 [ 502.506598][ T5735] ? __pfx_kthread+0x10/0x10 [ 502.506634][ T5735] ret_from_fork+0x72b/0xd50 [ 502.506658][ T5735] ? __pfx_ret_from_fork+0x10/0x10 [ 502.506683][ T5735] ? __switch_to+0x800/0x1100 [ 502.506713][ T5735] ? __switch_to_asm+0x39/0x70 [ 502.506742][ T5735] ? __pfx_kthread+0x10/0x10 [ 502.506778][ T5735] ret_from_fork_asm+0x1a/0x30 [ 502.506815][ T5735] [ 502.506882][ T5735] Kernel Offset: disabled