last executing test programs: 12.334260691s ago: executing program 3 (id=4894): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mlockall$auto(0x7) mremap$auto(0x0, 0x4, 0x5, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/blkio.bfq.sectors_recursive\x00', 0x400040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/statistics/tx_errors\x00', 0x63502, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/pcie_aspm/parameters/policy\x00', 0xa001, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x8, 0x7fffffff, &(0x7f00000000c0)=0x3, &(0x7f00000001c0)=0xfffffff6, 0x4) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) read$auto_sco_debugfs_fops_(r1, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x8000, 0x0) io_uring_register$auto_IORING_REGISTER_EVENTFD(r2, 0x4, &(0x7f0000000040)="03da4f34ce8f48bb06bab417172a5dfa685e98b334cf07e8525abeb268430ffd188db02905d417a8fd981d221ab3a2292ca0b38fd258da21613b245ca9f1", 0x2) 6.664212444s ago: executing program 3 (id=4906): syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) r0 = socket(0x2, 0x1, 0x106) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/fs/cifs/Stats\x00', 0x88040, 0x0) pread64$auto(r1, 0x0, 0x7, 0x9fffffffd) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000200), 0xffffffffffffffff) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r4 = getpid() r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x88800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r5, 0xc0405519, &(0x7f0000000040)={@inferred=r4, 0x555c, 0xffff, 0x1, "8f9638544ae4bbdf48e497dbb5a3760f9b6b2c854e493a712fcbb4034dde3ba72adae5bfa41dba811bf5488f", @inferred=r4}) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/net\x00') sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f0000000240)={0x1c8, r2, 0x21a, 0x70bd26, 0x25dfdbfd, {}, [@MACSEC_ATTR_IFINDEX={0x8}, @MACSEC_ATTR_OFFLOAD={0x1a9, 0x9, 0x0, 0x1, [@nested={0x10b, 0xcf, 0x0, 0x1, [@nested={0x4, 0x23}, @nested={0x4, 0x125}, @typed={0x8, 0x108, 0x0, 0x0, @pid=r3}, @nested={0x4, 0x48}, @typed={0x8, 0x14, 0x0, 0x0, @pid=r4}, @generic="e6446f71f73a398c33c24e4af0a6e83f9e5907bb4c835aae34bbd42141d3764dc575bc7dc038b33cd1296cb6bd507131d256e5d3e61db4af4cd3b0ed4193dfbb3d83ae2f978b404465895df08151a55a3a24223e5ebfbf1b115d50340092f2a1bdb2b079f637905fd6d60d434ec618a0f6c58305f3b90cbcede6dae23e7e3254c6eef8c615135423859a5e5eb2c9aaee2cfcbe8dcce55bddf3bd891e710b779e4529a9011769718d0cb7385082f63a3b6735406af5fd3ac374c05b202d66ad94e522b1753513d151e33f1bc3d2c784ec35c5194ce8df70eca14d07916d72bc6f6a360b", @nested={0x4, 0x158}, @nested={0x4, 0x119}]}, @generic="38fb688d195180b44ec3b46f184ab39ee6f47dea2adce30ba5c95b8bac7df5759c4e9e17efe78f044205c9ec38aa0eba98308010ce4c912fb358551f2e3f3b927c72cc1cac31072cc8681d261c3177b14391f05e7991cc45f35327b17081f81a2410c49ee5a7b4b09dbd166dab4b0f2140fa43e94f9e1b40568b546e84502be2ad3b9b15f5cf634afd711e98e9825465070b2153c292ce2bb7"]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x44005}, 0x40) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) move_pages$auto(r3, 0x2d6e, &(0x7f0000000100)=&(0x7f00000000c0)="b864597794e00c4508dda700bbe6e435acc8af8973d3e294127fcc573ff329eac211d5013137cbcf0eb5ff761b4c08467191f773c73f3b1f2a5884e7", &(0x7f0000000140)=0xffff99a8, &(0x7f0000000180)=0x1, 0x9) r7 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_GINFO(r7, 0xc0f85403, 0x0) ioctl$auto(r6, 0x4b4e, 0xffffffffffffffff) 6.305535496s ago: executing program 2 (id=4884): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x102, 0x0) ioctl$auto_SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) madvise$auto(0x4, 0x1, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) poll$auto(0x0, 0x5, 0x80000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x8c) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0x4018aebd, r2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, r4, 0x8000) select$auto(0x8, 0x0, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/usb_storage/parameters/delay_use\x00', 0x181942, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) capget$auto(&(0x7f0000000040)={0x7, 0xffffffffffffffff}, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) umount2$auto(&(0x7f0000000100)='/#+{\x00', 0x3) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'}) ioctl$auto_VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f00000000c0)=r4) 6.265437804s ago: executing program 1 (id=4907): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x6) r0 = fsopen$auto(0x0, 0x6) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) prctl$auto(0x1000000003b, 0x400002, 0x0, 0x5, 0x8000000000000005) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x3, &(0x7f0000000000)='Q**\x00', &(0x7f0000000040), 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCR(0xffffffffffffffff, 0x0, 0x40) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x43102, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) io_setup$auto(0x7ffe, 0x0) r2 = bpf$auto_BPF_ITER_CREATE(0x21, &(0x7f0000000040)=@bpf_attr_11={0xa, 0x6, 0x0, 0x8, 0x80, 0xa55d, 0xc3, r0}, 0x10c) getsockopt$auto_SO_KEEPALIVE(r2, 0x0, 0x9, &(0x7f0000000100)='\x00', &(0x7f0000000140)=0x3) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x201, 0x0) 5.811598709s ago: executing program 3 (id=4909): prctl$auto_PR_GET_UNALIGN(0x5, 0x29, 0x8000, 0x3, 0x7fff) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) lseek$auto(0x3, 0x2, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x1d, 0x2, 0x6) poll$auto(0x0, 0x2, 0xc) mmap$auto(0x0, 0x20009, 0xfff, 0xeb1, 0x401, 0x8000) mmap$auto(0x4, 0x2020009, 0x3, 0x15, 0xfffffffffffffffa, 0x8000) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x40400, 0x0) socket(0x10, 0x2, 0xc) openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/bluetooth/hci4/force_wakeup\x00', 0x97253d5c24a95d78, 0x0) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) clone$auto(0x20003b11, 0x8, 0x0, 0x0, 0x7) r2 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) pread64$auto(r2, &(0x7f00000001c0)='\x00', 0xca31, 0x4) write$auto(r1, 0x0, 0xe) prctl$auto_PR_GET_UNALIGN(0x5, 0x29, 0x8000, 0x3, 0x7fff) (async) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) (async) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) (async) lseek$auto(0x3, 0x2, 0x4) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) socket(0x1d, 0x2, 0x6) (async) poll$auto(0x0, 0x2, 0xc) (async) mmap$auto(0x0, 0x20009, 0xfff, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x4, 0x2020009, 0x3, 0x15, 0xfffffffffffffffa, 0x8000) (async) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x40400, 0x0) (async) socket(0x10, 0x2, 0xc) (async) openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/bluetooth/hci4/force_wakeup\x00', 0x97253d5c24a95d78, 0x0) (async) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) (async) clone$auto(0x20003b11, 0x8, 0x0, 0x0, 0x7) (async) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) (async) pread64$auto(r2, &(0x7f00000001c0)='\x00', 0xca31, 0x4) (async) write$auto(r1, 0x0, 0xe) (async) 5.315421462s ago: executing program 2 (id=4910): keyctl$auto(0x17, 0x4, 0x0, 0x400, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b0004"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) futex_requeue$auto(&(0x7f0000000040)={0xb, 0x6, 0x2, 0x2000000}, 0x0, 0xf, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r2 = clone3$auto(&(0x7f0000000140)={0x3, 0x362, 0x0, 0x1, 0x218f, 0x8, 0x8, 0x9, 0x9, 0x9000, 0x1}, 0x5d) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2008000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x184, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x73e8}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'wlan0\x00'}, @NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x6}, @NL80211_ATTR_BSS_BASIC_RATES={0x1c, 0x24, "b3509ad94dddfba4adbff8ca667eacf64f08274964a27760"}, @NL80211_ATTR_WDEV={0xc, 0x99, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_TXQ_PARAMS={0x118, 0x25, 0x0, 0x1, [@nested={0x8, 0xd7, 0x0, 0x1, [@nested={0x4, 0x133}]}, @nested={0x10b, 0xb8, 0x0, 0x1, [@nested={0x4, 0x4b}, @typed={0x14, 0x152, 0x0, 0x0, @ipv6=@local}, @generic="ea39e5ab20e262a69715b968522cf80a1a21407fbd50b6103f202cb5faf8", @generic="40d467b055955955a57013282d4632d2ad8fc5a08e75bef935a723ecfe3f718cd703d28d19827ef884e69c1c2fef9bade5f84d3b5e42f9ff48d2ed107df965d2f10fcb6b4494614af2fb4521d3b569113007c74b085f6eba82f46c54183e83935f57b16422667ab940bcbfad6dac77df25e0fb29655213c169ff041de05f21603d938393f3f36fd769baa38809e0955d52682458038c236fe9ce0703e5d92ab03aecda7cc4b2c0ff3d1e80c553", @typed={0x14, 0xe, 0x0, 0x0, @ipv6=@local}, @typed={0x8, 0x117, 0x0, 0x0, @pid=r2}, @typed={0x4, 0x73}, @nested={0x4, 0x72}]}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x4004810}, 0x4080) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0x8) 5.116071905s ago: executing program 3 (id=4912): mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) r0 = socket(0x1f, 0x3, 0xfffff12c) close$auto(r0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0x0, 0x408) r1 = socketcall$auto_SYS_SOCKETPAIR(0x8, 0x0) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) ioctl$auto_TIOCGETD2(r1, 0x5424, &(0x7f00000000c0)="d4a922f9527adb91296b350d81ecdfb47013e5694596e86bb9c0bb7da0917bfc96089f6854e37ed1ae3d3f23db4bdb7a5e3f3f5e531ccb63187d1fae2221451bdc45f8b13bf9d33a0a7267fd9d3470b1732f5aae1fd2a1dc3955df05616ec65ffe0b64262dc223a5eba888c6e4b842c62d52fe0055e8e15543bfcbd82bb40ef1df886aee16a90f60376cb1a07f54d0d2b08bb4a7d2452f4a30101b37b1e93d55674a8495eb024e19a7c93f2f363089112eb02496b24f44d185880e1accfb4f00b7a0480d8a2b1144e839d5253c11cf946093ab36a38d7d65d5f121c800f2e0a108e8fc5508acc501b92f") syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000001c0)={@siginfo_0_0={0xffffffff, 0x401, 0x1, @_sigchld={0x0, 0x0, 0x2, 0x2d, 0xc91}}}, 0x5, &(0x7f0000000240)={{0xc4d, 0xffffffffffffff37}, {0x34, 0x5}, 0x5, 0x4, 0x8000, 0x7, 0x4, 0x1, 0x100000000f, 0x6, 0xf, 0x7f, 0x6, 0x5e97, 0xd, 0x5}) migrate_pages$auto(0x0, 0x8, &(0x7f0000000000)=0x4, &(0x7f0000000040)=0x3) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/pppoe\x00', 0x648445, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/rpc/nfs4.idtoname/channel\x00', 0x8f3b7a51b80ebd01, 0x0) socket(0xa, 0x1, 0x84) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000440), 0x20100, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) socket(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0x5457, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000300)=""/4096, 0x1000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/pnp0/00:02/resources\x00', 0x63102, 0x0) sendfile$auto(r1, r4, 0x0, 0x400000000006) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x80003, 0x304) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 5.11474208s ago: executing program 0 (id=4913): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim1/psample/enable\x00', 0x169a02, 0x0) mmap$auto(0x4, 0x5, 0x3, 0x17, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x100, 0x0) r3 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x2200c0, 0x0) poll$auto(&(0x7f0000000040)={r3, 0x1000, 0x1c9}, 0x2, 0x7) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x20882, 0x0) sendfile$auto(r2, r1, 0x0, 0x200) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x301e00, 0x0) mmap$auto(0x0, 0xe883, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0xfffffffffffffffc, 0x40000a, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x38}}, 0x54) madvise$auto(0x110d230000, 0x1, 0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x0, 0x0) ppoll$auto(&(0x7f00000002c0)={r0, 0x7, 0x7c3}, 0xffffffff, &(0x7f0000000380)={0x8000000000000001, 0x7}, &(0x7f00000003c0)={0x8}, 0x8) sendfile$auto(r4, r5, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/audit\x00', 0x2, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) r6 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) sendfile$auto(r6, r6, 0x0, 0x10000800000003) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r7 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/003/001\x00', 0xab01, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f00000000c0)={0x5, 0x0, 0x8000008, 0x81, &(0x7f0000000040)="a006", 0x401, 0x40, 0x6, @number_of_packets=0xfffffff3, 0x45a, 0x0, 0x0}) 5.012059657s ago: executing program 1 (id=4914): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/radio22\x00', 0x1cb502, 0x0) ioctl$auto(r0, 0x5646, r0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/khugepaged/defrag\x00', 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x770, 0xfffffffe, 0x8, 0x4, 0x4005, 0x0, 0x5, 0x400, 0x3, 0x9, 0x6, 0x6, 0x4, 0x11ffffffffffb, 0xc, 0xffffffffffffffff, 0x6, 0x10, 0x80, 0x801, 0x8000, 0x1, 0x1, 0x202, 0xd, 0xbca7, 0xfffffffffffffff6, 0x0, 0x0, 0x0, 0x6b4, [0x2, 0x6, 0x0, 0xc, 0x0, 0x0, 0x20000000000, 0x3, 0x4, 0xb, 0x3169b201, 0x0, 0x3, 0xfffffffffffffc01, 0x5, 0xfffffbfffffffffb, 0x0, 0x9, 0x2000000, 0xfffffffffffffffe, 0x0, 0x8, 0xfffffffffffffffe, 0x200000000000000, 0x0, 0x8000000000000000, 0x0, 0x1, 0x0, 0x7fffffff, 0x101, 0x0, 0x20000000000000, 0x40000000000000, 0x1000000000000200, 0x0, 0x400, 0x96, 0x5, 0x4, 0xe17, 0xfffffffffffffffc, 0x6]}, 0x1fe, 0x1) ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, &(0x7f0000000040)=0x81) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mountinfo\x00', 0xe0000, 0x0) syz_clone(0x80000000, &(0x7f0000000000)="085a1056b6aa2f10d8ddee0633aea682a5ff", 0x12, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0x10, 0x2, 0xa) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace\x00', 0x82000, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0x4000e6e) openat$auto_percpu_stats_fops_(0xffffffffffffff9c, 0x0, 0x8800, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000080)='-\x00', 0xffffffffffffffff) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffffffffffd03, &(0x7f00000001c0)) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01012bbd7000fddbdf250d000000050007"], 0x1c}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r3], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 4.896425567s ago: executing program 2 (id=4915): clock_nanosleep$auto(0x2, 0x9, &(0x7f00000002c0)={0x0, 0xc025}, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd10/queue/iosched/read_expire\x00', 0x1c2b02, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/sg/def_reserved_size\x00', 0xc8000, 0x0) r1 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) linkat$auto(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000040)='&&\x00', 0x8) symlink$auto(&(0x7f00000016c0)='./cgroup.net/\f\x00', &(0x7f0000001700)='./cgroup.net/\f\x00') read$auto_force_suspend_fops_hci_vhci(r1, &(0x7f0000000080)=""/80, 0x50) sendfile$auto(r0, r0, 0x0, 0x3) 4.724970252s ago: executing program 2 (id=4916): mmap$auto(0x0, 0x202000e, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000000), 0x109280, 0x0) read$auto(r0, &(0x7f0000000100)='\xcb%)\x00', 0x7) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x10000, 0xa, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x0, 0x806121, 0x6) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x385802, 0x0) ioctl$auto_KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f0000000040)={0x4, [0x3124, 0x6]}) 4.475749832s ago: executing program 2 (id=4917): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101681, 0x0) poll$auto(&(0x7f0000000200)={r0, 0x1, 0xa}, 0x25, 0x109) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x2, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x1c1402, 0x0) getsockopt$auto(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x0) write$auto(r1, &(0x7f00000002c0)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7kc\x85\xa6|\xb4>\v\xe9\x10p\aE\x81\xed\x00<\xdb\xd8\x9d\xe6\xe1\xa4g\x85\xe0A\xea\x94=\"\x98U\x1d7\x83[[b\b,\xed\x10-d\x02\x00\xb7\x81K\x04\x15\x85O\xa9\x0e\xbd\xe3\xaf.9^\xd9n\xc3\x9f\xc2\x86l\x03\x01\xa1\xe1>P\xee\x00\'\xaad\\v=\f\x9aP\xa5x\xf0\v\xd1\x1c\xfcoR\xd2\x1dEuZy\xa5\xc3\xce\x1aIX\xee\xfb\xb9@\xc7\x82\x84&c\xaf\xd2\x8b \x1a/\xafT\x9f\x96l+$\x8d/\xa6\x19\x97\xdc\xae\r\xbe\xfd\xa7\x9d\xf8\x8c\x96\x9dYf&\x81c\x85\x95-\xaa\xdc\xcd(\xdaZ\x84X:I[\x18\xb7\xa1\xe9\xdf\x17E\x87c\xda\xa5\xad4\x86uM\xd7\xc0H\x00\x16?f\xec\xc5]\xaa]O\xd8\xae.\xad$\xec:\xd9\x9b:\xec\xfe\x8f\x11V\xb82\b\xf8\xb5\x86\x1ej\xda\x04~\xa6Z', 0x81) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x8, 0x5, 0x1001, 0xffffffffffffffff, 0xf, 0x1000, 0xb, 0x1, 0xced80000000000, 0x9, 0xa, 0x0, 0x1, 0x7fffffff]}, 0x0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyb8\x00', 0x400, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/environ\x00', 0x80, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) 4.36967591s ago: executing program 3 (id=4918): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) (async) r1 = socket(0x2, 0x1, 0x106) setsockopt$auto(r1, 0x6, 0xd, 0x0, 0x4) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x8000, 0x0) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) openat$auto_transaction_log_fops_(0xffffffffffffff9c, 0x0, 0x121002, 0x0) (async) r4 = openat$auto_transaction_log_fops_(0xffffffffffffff9c, 0x0, 0x121002, 0x0) read$auto_transaction_log_fops_(r4, &(0x7f0000000100)=""/3, 0x3) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) (async) sysfs$auto(0x2, 0x23, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) prctl$auto_PR_SVE_GET_VL(0x33, 0x4, 0x0, 0xcbf, 0x7) write$auto(r5, 0x0, 0x4) (async) write$auto(r5, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mount$auto(0x0, 0x0, &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000340)='}[,&*}\x00') open(&(0x7f0000000080)='./file0\x00', 0x40a40, 0x61) (async) open(&(0x7f0000000080)='./file0\x00', 0x40a40, 0x61) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop10/queue/add_random\x00', 0x80302, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop10/queue/add_random\x00', 0x80302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r6, &(0x7f0000001380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xfc\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\r&\xec\xb8\xb1Z\\\xc9L\xb2\t\xddbH|\xffGP\x97)\xb9:nqn\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc$\xa0\xa5\xce\xca\xe1P\xf7\xe5_\xca\xd5\xd8\xa4g_\xb1\x88\x8cAJS\x11\x8b\xd1%a\xe5DPk\x8c\xf9\xfb\xe0+\xdb\x12\x10.F\x00\xc37\xc7\xbf\x80\xbeu\xe1V\xb2\xc5\xc9\x1a\xc7\xdc}!\x10\xb1\",1%\x0e\xeb\x15\x15me\xe1a\x03\x18{\xb03+\x93*vB\xc6\xf1\xc6\xff\xbbt\x04!\xb6\v\xde2\xc9\x89#\xbaR\xee\x13jF%\xf2\x15\x9a\x82&\x89o\xa9\xd9\xbfFY\x90\x8c\xa0\xe4\x9d\xa2\xcd\x9a\xb5TC\xc4\x9d\x9ePb]\xaa\xc7f\x06N\xc5\xfa{\x02Y\xae\xf4(\xaa\x06);{?\x1e\fu\x19b\xdf$,\x01\"\x94\x00\x00\x00\x00\x003\xcfZ\xaf~<\xba\xb7\xa03\x8c\n*krS\x19Q#\x8f\xfbW\xad\xe0\xb3o\xcb\xf7\xda\x87C\x99\x1a\xa8\xc1\xe3\xc6%\xac\x01@*\xa0\xc4\xedn-lT\xe6*?\'\x9dW=\xa7\x03\x06\x83 IT\xa3\x7ff\xb6\x95\xe5\xd2\n\xaf\x87`\xce%\xf6 &\xa7M5I\x9c\x17h\x8c\xa4\x98\x16\xe0\xd9?Y\x7f\xf6\x85_{\xfd9p$B9_\xd8\xf4\x0e\xd0\xfa\xe7\xb0\xb8\xa0\xd7\a\xff.\"\x81\b\xb0\xb4\x84\xac\xad\x1b\x93~_\xea\xfe7\x03\"\xd9\x1d.\xe5{bHX\x14\xa1\bO\x03[^\x85jP\x89\t\x06GI\xb7\x99\xb2zZf\xc8\xd4\x8d\x1c\x1e\x03\xb9\xa7Nt\xae\xfff\xf9\tx\xae\xa8\x05\xb14\xc6\x9b\x1f\xd3\x01#\xc6\nb\xd4\xb4\xc8?\xa7\xe2R\xc1\xcf\xd2\xbc\xae\xd1\xc2\x88\"\xf3\xf0\xc0uQy\xec\xfab\xd6\xcd\x16)\x19*E\vm\x8d\x1bG:\x80\'pJ', 0x4100000a3d7) unshare$auto(0x40000080) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nbd9\x00', 0x147a02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r7, 0x3, 0xe, &(0x7f00000000c0)='\x10\x98\x8a', &(0x7f0000000180)=0x40) (async) getsockopt$auto_SO_BSDCOMPAT(r7, 0x3, 0xe, &(0x7f00000000c0)='\x10\x98\x8a', &(0x7f0000000180)=0x40) 3.358559757s ago: executing program 0 (id=4919): syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) fchmodat$auto(r0, &(0x7f0000000080)='./cgroup\x00', 0x3) r1 = socket(0x2, 0x1, 0x106) connect$auto(r1, &(0x7f0000000080)=@in={0x2, 0x4001, @empty}, 0x4c) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="200028bd7000fbdbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4008000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/tty12\x00', 0x6001, 0x0) setreuid$auto(0xffffffffffffffff, 0x8) ioctl$auto(r5, 0x4b41, r2) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="130026bd70006b68e11636178b6608000300", @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x800) unshare$auto(0x40000080) madvise$auto(0x110d230000, 0x1, 0x9) unshare$auto(0x40000080) r8 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) getsockopt$auto(0x6, 0x1, 0x25, 0xfffffffffffffffe, 0x0) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r8, @ANYRESHEX=r3, @ANYRES16=r7], 0x2c}}, 0x4000000) statmount$auto(0x0, 0x0, 0x1fe, 0xd) r9 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x40002, 0x0) mmap$auto(0x800000, 0x7, 0xe9ed, 0x8000000008011, r9, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) r10 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r10, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 3.126042768s ago: executing program 1 (id=4920): unshare$auto(0x4000007e) prctl$auto(0xa, 0x8, 0x0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x6, 0xd, 0x0, 0x4) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) write$auto(r0, &(0x7f0000000080)='/dev/sequencer\x00', 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000280)="13") openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x8000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) r3 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4\x00', 0x400003, 0x0) ioctl$auto_BTRFS_IOC_SEND_32(r3, 0x40449426, &(0x7f0000000080)={@raw=0x8, 0x5, 0x5, 0x8, 0x8, 0xa, "f55c85d7ecd5fb3e404e27e7537da6a5e5820a1005cdda005aa94375"}) acct$auto(&(0x7f00000001c0)='/dev/v4l-sub\xb9|\x8dg\xe9\x06\xfb\xd6FQdev0\x00\xdcq&\xef\xe7\xda!\xf8\x9a\xd4\'\xda\x9d.\x1a\xe86\xe8\xff\\\xd8,Tz\x80\x00\x00\x00\xbfo\xf7\xb8>U\x13m\xcb\xc5\x99H;\xf9{\xbd\xda\x87\x93\x95\x92\xc0\xeb\xe2\x93\xd4\\\\|JnU\x12\xcaV\x959cI@\xa0\xf9\xa5\xff\x00<\xed\x1e+E\xe1q/H\xc4\x01d\xc2X\x97\x03\x00\xa5\xfd\xd8\x12\x05') socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000400)={{0x0, 0x5a7, 0x0, 0x1, 0x0, 0x5, 0x100001}, 0x2}, 0x2, 0x8) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x1, 0x84) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r4 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r4, &(0x7f0000000000)='/sys/kernel/security/integrity/evm/evm_xattrs\x00', 0x20000003) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, &(0x7f0000000140)={0x0, 0x9}, 0x8000000000000000, 0x2, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) 2.944026444s ago: executing program 0 (id=4921): sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fedbdf250200000008002700040000000a001800aa0000aa"], 0x28}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0xa, 0x1, 0x84) r2 = getsockopt$auto(r1, 0x0, 0x485, 0x0, &(0x7f0000000040)=0x4) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) fanotify_init$auto(0x65, 0x2) (async) r3 = socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) (async, rerun: 64) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(r3, &(0x7f0000000b80)={&(0x7f0000000000)={0x1d, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000500)={0x544, 0x0, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "c4880080c679dac02af846b809f56c291d78f5abe4a8e2df"}, @NL80211_ATTR_SCAN_SUPP_RATES={0x510, 0x7d, 0x0, 0x1, [@nested={0x3fb, 0xa6, 0x0, 0x1, [@generic="2c5398f10c6077ce099d97b5e2b6ba259689eb65fc86add4eacb874ba4a7e0a58b80e672bce642c60763ddfef6eea0bf12551be80de75da2af6f982ae52284533e9119b76f8a5e2a4f9a0181ed61c60b847adf3b00e880a4154be2d027c9c42ff4ca510a9707da2c1068f0d022ffbd7112708f983b99ea3fc33d1170dcb965cc38aeef19ff5c2fdc10449421854a63a6f26e65e2a845b6b90581a5f89520f185da8b43eb20ff1253cbbf82b7e767fdefd8894d4c173a49b3ea1abd55334ef0023c65f675a64dcb68e50f318d9cc200ffcb2d8dd402630dfc4f7203d0f4b59ff01b54d866625e7caee6301f3e7254a72d0dc11dd8be4afb925e", @nested={0x18, 0x2b, 0x0, 0x1, [@nested={0x4, 0x101}, @typed={0x4, 0x159}, @typed={0xc, 0x2e, 0x0, 0x0, @str='M$%^/,,\x00'}]}, @typed={0x8, 0x6a, 0x0, 0x0, @fd=r0}, @generic="9d1da5ea09799e13c604ce80aa2b345f6aae1809d0cb3d2c01cabfee17ebd9367104c54710125cb2904228cef99fcacd87528671952160f37e5a669ec4e4a6427250da28cfabaa99f8f7d52447c5c1d25d7d5058246dee605877945f7c7da84f9603e3576160c68dfed215bb51a363ea811b921e9e3acec4d597d6167f1c623f6c82b29e2cbb9dca45cb9b33aaedc60ec43bb4792a4a2caa391965920fdda5a84d91d4ff2d1d667e6eae81e62b00c0f7ed06b4c67584fd5fff75625dbccc", @nested={0x21f, 0x13b, 0x0, 0x1, [@generic="2ad070c16c25bdcfa60d423e0efd2e339ddec146e629441613d881a3ca1869490fc83a0c91d999b853866c0b674de489f0e827853fe89835b34878748aacdb857c1f8fad40c73bb55accbf33c3aa50ef337d31d90849363663ad77ace3b781b132abfd2d9f3dd4e1c33dfeb31bc4e55d10dbe1fd6d7df7ebb156b8a6b43110731e0d4e42d1910d525c153071b51e72d611252f4665e7a95f2180ed321d5423c99f", @generic="d55ffef3b379601e389f6e62aef7eb8da2adbe2d02fa589f9bfd8486ef15db4b3f50b116d323771f44bdb3317ddcefa47f1446e0ad0e4b3bb284c45d51b30feff9740d138be6951a5657f7fccdfd654a73e207c30af9c475", @nested={0x4, 0x4b}, @generic="9edd04cfce762d337ebdbb97c1a09ac3e12f2952079aff3d3ef4cc5a6454852d28d1d8da8721cd12359ef0b3dacec9257c55aab3005d2482f50262d887be6675a21f229c3632e20adfe47d59d57dd230f1f381be6955164adbc09e96cec7a7f70d8690e2e632ab858c", @generic="2b166f", @typed={0x1b, 0xe9, 0x0, 0x0, @binary="350ffebde8382ea0bb22a2547f0cdfee37f75cd5b44437"}, @typed={0x8, 0x64, 0x0, 0x0, @fd=r2}, @generic="d0bacada244503c6d513ae7bc83d5c4dc1b915f53430c2235b4b1ef564224bd4bc1dbe902bd9e67fcd11173b92d878439dc202fc659f051afcab932a1923dacf5c5e86fc576475ebad2218286db34e706150cc8f75266144c8894a96737aeaf4674a0478ff50f364b133e3a9a0037964f34242f97010ebeac76d1a488fe51777a4e58c85a0599172ecac", @nested={0x4, 0x113}]}]}, @nested={0x110, 0x7a, 0x0, 0x1, [@typed={0x8, 0xa1, 0x0, 0x0, @u32=0x4}, @nested={0x103, 0x16, 0x0, 0x1, [@generic="5c310504b5aaa7484bc225f0daf1ae6db817651ee956b2", @generic="f9ad581b02b333d9eba54ce857763172e4092538423102c0d41aa391c41c0978ee87a92070b31663d7e74a6360a699a1d1b59946bddeb770f79ebce883027af1d794d8d8193d4a2e360ce0e6877bc90f7d2e68823099168dafcbe387ef17f0832f8a12a3fda88a03a9ab5c861ff34c1affb7f3b81b5e2731bd84ef0bded609e6c2878b1baa39fe04fe8bbc7721bae46386ce1d6390c640a69ab58fd3736a84f5f197da1edf6908725689da1d1f36257af2dea5e09826679d5a99992c40268d42038e7c27bf176d01ed2b68af7314c8c621e037e415c7c2a737495e266497fa23", @typed={0x8, 0x6, 0x0, 0x0, @u32=0x401}]}]}]}, @NL80211_ATTR_HE_BSS_COLOR={0x4}]}, 0x544}}, 0x4000) (rerun: 64) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.655918914s ago: executing program 0 (id=4922): unshare$auto(0x2) unshare$auto(0x40000080) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/036/001\x00', 0x88442, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vivid.0/video4linux/swradio6/dev_debug\x00', 0x220b42, 0x0) r1 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) write$auto(r1, &(0x7f0000000280)='9\x00d1L\xf0\x15\xba\xa17=(\x18\xdd\xff\xec\v\xb5^\xa1/[vv\x19\x00\x7f0\xa30\xc7\x9d\x1f]\xf8\xe04\xe7s\x9a\xd3H\xd3F\x819+\x90S\x10\xb2\b\xf8)\xe4IU\t\xb8\r\x9a\x8e\'Q\xfb\xb5I\x0f\x96;\xc7\\2V\x01g\xf8\xce\xbb\x9d\xa2c2\x00\x7f\xa1:\ax\xbc\x17\xde\x0e<\x00\x00\x00\x00\x00\x00\x00\x06\xc8\xf4\xdf\xcc\x9b\xd7D\xd7ARq', 0x40) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0) sendfile$auto(r2, r3, 0x0, 0x1000000000001) write$auto(0xffffffffffffffff, &(0x7f0000003000)='/sys/kernel/debug/split_huge_pages\x00', 0x9) r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r4, 0x40186f40, &(0x7f0000000080)={0xffffffff, 0x6, 0x1, 0x5, 0x5, 0x77}) sendfile$auto(r0, r0, 0x0, 0x4f64a1d5) r5 = waitid$auto_P_PID(0x1, 0x0, &(0x7f0000000400)={@siginfo_0_0={0xffff, 0x516, 0xffff, @_timer={0x0, 0x800, @sival_int=0x5, 0xffffffff}}}, 0x9, &(0x7f0000000340)={{0x0, 0xfff}, {0x4, 0x1}, 0x645, 0x3, 0x10001, 0xb, 0xfffffffffffffffb, 0x4, 0x6, 0xd3f, 0x7, 0xa, 0x6, 0x6, 0x8001, 0x3ff}) ptrace$auto(0x7, r5, 0x1, 0x9) mmap$auto(0x4, 0x400007, 0xdf, 0x17, 0xffffffffffffffff, 0x400) read$auto(0x3, 0x0, 0x8080) unshare$auto(0x40000080) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/ttyt5/power/runtime_status\x00', 0x4240, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb0, 0x404, 0x8000) r7 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) getpid() process_vm_readv$auto(r5, &(0x7f00000000c0)={0x0, 0xa30}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000040)="8c9700089d1b208365d5b5d112dbab029ed13881d2f2c7ba2eb01c3db79f77fdc2bb50c64a925009dff4cd1aca925c57100112d88f73348a54396800ed598a0e5500d7c0cbb6b1e91d", 0x40000000001243}, 0x9, 0x1) ioctl$auto(0xffffffffffffffff, 0xfffffcaa, 0x38) ioctl$auto_TUNSETTXFILTER(r7, 0x400454d1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000000)=""/112, 0x70) mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) 2.165594472s ago: executing program 1 (id=4923): sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x4000050) (async) unshare$auto(0x40000080) (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x3ff, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [0x0, 0x0, 0xfffffffe], {0x6, 0x10001, 0x0, 0x2de, 0x504, 0x2, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x20002, 0x52, 0x6, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) (async) close_range$auto(r0, 0x8, 0x0) (async, rerun: 64) socket(0x2b, 0x1, 0x1) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000001a80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001a00)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020025bd7000ffdbdf250200000004000a80"], 0x18}, 0x1, 0x0, 0x0, 0x408c4}, 0x99) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x97c) (async, rerun: 64) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async, rerun: 64) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) (async) r3 = socket(0x1d, 0x2, 0x6) (async) r4 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$auto(r3, &(0x7f0000000040)=@can={0x1d, r5, 0xfd}, 0x6a) (async, rerun: 64) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r5}, 0x67) (async, rerun: 64) r6 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r6, r6, 0x0, 0x1) (async) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0xecf, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7fd, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xf90, 0xfffffffffffffffe, 0x80000000, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x2000000008000) (async) close_range$auto(0x2, 0x8, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfdef) 1.960334296s ago: executing program 0 (id=4924): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sched_rr_get_interval$auto(0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x189401, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) close_range$auto(r4, r4, 0x0) socketpair$auto(0x3, 0x6, 0x7, 0x0) connect$auto(r2, 0x0, 0x55) listen$auto(0x3, 0x81) mremap$auto(0x8001, 0x3, 0x8, 0x7, 0x8c36) accept$auto(0x3, 0x0, 0x0) listen$auto(0x3, 0x0) connect$auto(0x3, 0x0, 0x58) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000040)={0x80}) 1.596258558s ago: executing program 3 (id=4925): r0 = socket(0xa, 0x1, 0x0) (async) mknod$auto(&(0x7f0000000140)=':,\x00', 0xc3, 0xfffffffa) (async, rerun: 32) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) (rerun: 32) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) listen$auto(r0, 0x1) (async, rerun: 32) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (rerun: 32) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) (async, rerun: 64) socket(0x2b, 0x1, 0x0) (rerun: 64) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) 1.213936037s ago: executing program 2 (id=4926): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 32) io_uring_setup$auto(0x2008, 0x0) (async, rerun: 32) preadv$auto(0xffffffffffffffff, 0x0, 0x8000000000007, 0x3, 0x402) (async, rerun: 32) madvise$auto(0x110c230000, 0x8031ca, 0x9) (async, rerun: 32) read$auto_ptdump_fops_(0xffffffffffffffff, 0x0, 0x0) (async) unshare$auto(0x40000080) (async, rerun: 64) write$auto(0xffffffffffffffff, &(0x7f0000000500)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x95\x82 )\xca\x99h\xcf\xfdK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 64) mremap$auto(0xfffff000, 0x0, 0x4, 0x7, 0x1001ff000) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (rerun: 64) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x40000, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) (async, rerun: 32) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) (async, rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) close_range$auto(0x2, 0x8, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000500)={0x7, 0x0, [{0x4d0, 0x2, 0x6}]}) (async) write$auto_rfkill_fops_core(0xffffffffffffffff, 0x0, 0x0) (async) syz_clone3(0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x42402, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) r3 = socket(0x10, 0x80000, 0x2) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) io_uring_setup$auto(0x1, 0x0) (async, rerun: 32) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r4}, 0x18) (async, rerun: 32) socketpair$auto(0xb, 0xd, 0xfffffffd, 0x0) (async, rerun: 32) write$auto(0x3, 0x0, 0x5c8) (rerun: 32) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) 431.29006ms ago: executing program 1 (id=4928): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x6, 0x0, 0x84) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c080000c78f208e5e1fe7b2cb43a628e2e1ca1722a2af2e03bd5eb02ef2ac19af4d", @ANYRES16=r1, @ANYBLOB="01002cbd7000fedbdf250400000008000c0001000000"], 0x1c}, 0x1, 0x300000000000000, 0x0, 0x4081}, 0x8800) 24.890038ms ago: executing program 0 (id=4929): openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, 0x0, 0xc0800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) unshare$auto(0x40000080) getsockopt$auto(0xffffffffffffffff, 0x114, 0x271e, 0xfffffffffffffffc, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) read$auto(0x3, 0x0, 0x5) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) futex$auto(0x0, 0x5, 0x1ff, 0x0, 0x0, 0xfffffffa) 0s ago: executing program 1 (id=4930): sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x4000050) unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) close_range$auto(r0, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000001a80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001a00)={&(0x7f00000004c0)={0xcd8, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0xcc3, 0xa, 0x0, 0x1, [@nested={0x17c, 0xd8, 0x0, 0x1, [@typed={0x14, 0x10a, 0x0, 0x0, @ipv6=@loopback}, @generic="8c5e7904b62ded848c5a778ccb9fcd960d5745f5cea399f1393201d03ff61c8faad2714a3f3cb433cf059ecaabcadab9b937fa6270f5834c8977b164f51f8a5010c2391b321a51ed2e59e62b82050afea490c39f241c0bccc4eca2a23856a7463f5922c1e87d7c003922ae40afeb062934923dd36f2ebb228b936966e22c6ef66079c2fc3021977473b17d917d82c4b34eb65f", @generic="20bd151f080442ea1e9e9145df1e2826836b038d77a91cf3bc1c8e336491d9e593c9de15e694a026b12d4b60593ccff1177b10e75c4ddc060f10dd75faa446540cd4d2789346397d7ec6ef83a74728f306d8a679df003a270e6bbe6d9d34a5c5bff4578c2b78df5f7a0108d105b44a38f769e5a4266a314301bc9d1f94d274645b0c1e5912937fa615ad900e00f090e3c8983552b54cea92f0821b21b88777ffb0b5bf967a7fb3d02a41fdbbbb8516b63c42db43e832d8619d2907d24873200a68c154338a239ec64a", @nested={0x4, 0x3ff8}, @nested={0x4, 0xe5}]}, @generic="cea3b1eb5035f2ada7a6b369d9cae80acbce4557f0a5750e99a779e2b15337c19c29137b5f3c8b42c22922d5fc413ad50eac5db9d9600a977494ac571a4cc04d4ef62f297b19171852125f670e0986874ebd14c9069aa95a53648686fd3687a6e1b112d0f14449ee614bc9253faa00f7e2cb1278c5cb429df67247106ca668", @typed={0x8, 0x33, 0x0, 0x0, @ipv4=@broadcast}, @generic="a2e51c731e48c1c636ffffe1588d1951c13ab2c929acd0618de874f0", @nested={0xa8a, 0x4b, 0x0, 0x1, [@nested={0x4, 0x74}, @typed={0x14, 0x105, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @nested={0x4, 0x146}, @generic="a00d8ff41cccbf55c36b5d5793b6ad42435e2cc5368e1f7460d84ab4104519e965f9ddc2952e5c7833887d56fbf664f0c427fe74c8e656a2c630037a9b04033ce61f32864a8ca1909fb177864116d7e5b835df404cde2e7b18d069155563fbbe8c295df3fb0e4b465f9ad68cac8994bd7cb152b40f837efa7f8155c887cc82b77054893cb8183bd7d5283ad5b395492caad2d0e6114d4d314b6968b6858a1e20094f7e7c5243ebbaea2f639e9f0bf971a18f68326f7844933654971c4f0156eb94fd978405a40ea23d0e0fbfcd88be971646869ca13f179a0b673ae041c9c02e32a32dd05530f6c35ae0c5b7dcb4bb26", @generic="5ff77e4ad21dd42b1392491d534b63fb1aae4e2e5f3ffcd818ed6693a63d260bf76118ebdb0907505a66d6c8cd91e916af9c590fad10485dca7b11b67b7aa70069d9b8b1192e04635a0b4ce37724474ee086", @generic="3f57e9ece83eb6b69c2044386c8e8149e937230d3de3008c40677fb8ed85c878f90afc5ed28d2c58376f670287a6bd2a24aee95a20b0919851fdc7452fb1c7b1e250b8da8d0c7531733f26320c71530f76542165aaf05a98cb7dc328de86e9b77f674149b05eed59efa1cb0a824987cb56f39e62a1a2d65013005d04322e5ff87229c40c4646736970a9e738cbe590a0626430a7e5e138ac8c40ab68f912f327690b6a4d6c207470b7c4b3281619f61b3b8584107daba0cbd1dc9070a7b84481d21cb683a0ab9adf8dfd2d25c67eb0bc48b3ec953a666cd3439250e74857a01dad6300bf71ed5663dc21fb8d90bc956356e3d20fedb2869ad670b8d98d41a4434385f98de28c23e21731d643fc52792a72aab4417f9eebf9f9fa4c0a6efbaef5aac281d71d82fde9f23a44424e1ce141ab8187535ac9f11c1c5e6ddcca6efc5ff155b163f525b4cd7e712f4d8fbb53575094c83f1ca4e35aeaa81f677eeba0cf2846bd36bb0eeb1824f4dbb624edd230171a3dcdf639f2abd6a1f37f1a05c7824ad84966ea6d258ec0688a9abd4b6937ce9b6399c0db909f14427acd491832c1eccccde62c6fff59b6dbbe27ba3cfeae11986f08ed7719e612462de5988e5e8a528f1da1607f018c5fcf7314764cc7e6bee02b7651296a31f5d484c9c606964ac7b0eecdd703279a05e6c0203d794e63778e28b89b26a87cc3aba666909b55b11678b86492179e46b628d0af57d813c1176f998bd600e06f46134c85922bb2b8264ac3a1a71345282005f2ae235ad6b7fdfb1ce7aee64f8ed308e9e19b5dcaf289094c026410446cc31cc846947c872b6455afbcb0d99cd814cd51b606646b92af3a81b07dd25a7f7b2fe18bf5ff3489064b54fa1abb9a2c80a4adc93ced65cb3a1379105b22912a1a3da47a26d730ec30333269167b05768b87adb94c84fc4c888676f1a5350d03df3a75873f9d28a9150e3177d68607cbd779049daea4f37e1553e21f66dad10987dd51af2f1f59b47df0f2be4437cf158cbdd3a642d6453a0f83ed71bdc492dadbdc0c50af56a7f8aff757d3ae0fafb3dab14eb93330a0b76ee1db94d810965f4176d4bc8087b790369b89351033e27022479978679c59e5ddcef33a3770df6e6d7338130342e7fb6c13e0fd0813e689bb70ed3a05c377841afeba8ed5044a2cb0cf96799e30c120d55c193ab5ebab1add7bf6558838bfcab15ee29248d4bcb40aeb114e097f8edd3d647c014f68cb547ac73a5087a3f5de4b8822727d17a58d66c4e6fbe61d2e114cc266d3d94d3eae8987196fe922372241e197288fca4984e7bbd53d759fdc4de050c592958990f8acfea1f372df6c50f0d244ed85c19f2cc0b330298a80d50b995321d8585985a7ab7a5c6bb4f6a1a48dc757dc2c69c58f7e175790f1ac0e13d6731cae4d4d64a61d56aa5669e21893c47cdd8342ae69658f98d909f532deb250dde9c80bf2f6a9a66e5b6c4bde12091f543ce9b512bf423f965b0fc52f8218c609454463a2a2d542f23dff19998daeab5ae1b7012faeec6f7b912ab45427ef1242b756b47e810dd856352615f3e1d8998dc1ac5153316243ae2a4e2d9cf9d73a4aeab992294302c85670a37abb38b528000624149591ec596c755daa5d5bf2da6870d058cda6789550a68259b110b81a99c4cbe41eb901cb51ceaeeb704e9c77f19e47012ca35e523971dba1e0318b8862014264ef090b278d8a97f2a768729b44cd5ea820ed1fd06e7c6c16f04c0f1e12637cfbea83a0e54ff58242e5e3d2d7bf316d5832e051172cd1a314eef8969a4c64c2e45b5143e192dde9f3918b2da2f6f4b30a4a7a40df943688aee9b0f40532fc50a3ddfb7d86f71e8a8ca49390fa1113812084284c00133d9de60a69929bb47b0209f57c7eb24f42ec56c0923ca5022e8fc7b0e3889ebe35c55b550b96d1eed78f664bddc383ad13b5aecd83187322c3d1df34c453a9dc2692eb8682d7a52d84222a7197b175016974e561b7a4c808fe0e37fb1e4c5c47a77b2122e175f194f645d5a3fa56472bca44b31bd2e51533d379b68f39977dc2a756e6aa3bfffa5a83e71bbde0ad4a63887a5b2fbe6ef0046350ab304484d361dd113be886b4fabeb64a754eae54e4b76a638a450198d285e63dc939980c27febedea5790724b36ee7c038a2b7c80cec694743f13cd9e65fdef94b7453fe4282864fc85fe17b00e6e37a74aa773af30fbdc00883f44a47260a55a92984a6f8e362d3812e48205751ee40ebe614a66358a42e49f41d3f05b762c9506d9b9ad45ca5acce6e5457b98286713e3016722177c82af73a075b74bbb6e2825cf48432df1a5f93c0d7a36db00b78e49e7704ea04ebecc16d9e49e1ea71e7c4cc46d9a3b200820e730f62ffa9c0ff3ee5e88dc8ee715ccf4812f4b8a8eaabc357b0d2ad7c52e03895f36b73d6df24cde8f27c45a711d4f3e082754ae51316105fc0a903bb07023694e5e66ff62878e53d1c9ef148bf886f96db601c6a8f0f181bc644a58b3ac3149afe1c329751ca5b833b645ef5adaa4ef4157f1652b6e9ecdb0009027ec80a27747cc43be7a243e955807b8bcc1a79f730d17dc0ce448c9b62ca48a8707cd4b15493135caaa305402dc969f6ee66a5b8650020df88bf4672cb382cd234fcb91d428ab88b6a794624a1b17c2db145983d5a9cf64dae3591bbb871f60657ff7614a82e0d8d710c5ac07eda7b7b506aa6032751d1b580322cfd0cea771827a2d1f62a003afd5ded7adc414bf828e69f5642a0b0b4652d3987b0226e864cfdb3cdb1dbdfe3e28f3850f7a11a3480c13201adbbae678d36a8bf59923c9b586c3afc5b75b827", @generic="ade57f643a14595b914c973a369390e6bfb2fe25a488f8967b8d2912c14299b8b4f9d6d8a46c6c6bd54c6c937a45a412bc7311a20162a1ee859a7ec087e3c4895833e0323c4837d09ce4f000672e1fa0ebeb59fb041bcf4d6d46fc508712950a58514d6151b7675cbf7ba9eaaf23cd9e9bf56ab078b56d0ed50b1839e3db54d3420c1b4042dddd7867fcb86f3abed33f49040326091e384f124cc9d0afeceefa55525b630647420f1fb7764ba6909c52d36d58e188e5aa204bc9aa96081303a5d8b8bf603147f0617a97437db03901171e66970c3da1", @typed={0x8, 0x5b, 0x0, 0x0, @pid}, @nested={0x4, 0x12b}, @generic="adf48e04e73054f71b07a4239ba09ad16e9dce9003cd01e018d9d0ea489e666d38b2ac571a354aadd3b421b6bbaf6679abcf99079928a799cdae635b5a5e829be1c44a06dc28517ecf045ad2b5433644a384b2e2fc573d77a8f1322f17af348a71626c3abc72"]}, @typed={0x14, 0x11c, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}}]}]}, 0xcd8}, 0x1, 0x0, 0x0, 0x408c4}, 0x99) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) r3 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r3, r3, 0x0, 0x1) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0xecf, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7fd, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xf90, 0xfffffffffffffffe, 0x80000000, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x2000000008000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x4bd, 0x0, 0x3, &(0x7f0000000100)=0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) write$auto(0xffffffffffffffff, 0x0, 0xfdef) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r4, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) kernel console output (not intermixed with test programs): c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1082.655834][T27168] RSP: 002b:00007fedff272028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1082.655889][T27168] RAX: ffffffffffffffda RBX: 00007fedfe615fa0 RCX: 00007fedfe39ce59 [ 1082.655906][T27168] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 1082.655922][T27168] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1082.655938][T27168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1082.655953][T27168] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1082.655977][T27168] [ 1084.683942][T27194] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4163'. [ 1087.354281][T27251] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4174'. [ 1087.684244][T27256] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4175'. [ 1091.884617][T27371] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input82 [ 1091.892281][T27371] FAULT_INJECTION: forcing a failure. [ 1091.892281][T27371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1091.892318][T27371] CPU: 0 UID: 0 PID: 27371 Comm: syz.3.4199 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1091.892354][T27371] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1091.892363][T27371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1091.892378][T27371] Call Trace: [ 1091.892385][T27371] [ 1091.892394][T27371] dump_stack_lvl+0x100/0x190 [ 1091.892437][T27371] should_fail_ex.cold+0x5/0xa [ 1091.892466][T27371] _copy_from_user+0x2e/0xd0 [ 1091.892500][T27371] blkdev_common_ioctl+0x1677/0x2b80 [ 1091.892610][T27371] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 1091.892645][T27371] ? __pfx_futex_wait+0x10/0x10 [ 1091.892673][T27371] ? do_vfs_ioctl+0x226/0x13e0 [ 1091.892706][T27371] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1091.892742][T27371] ? rcu_is_watching+0x12/0xc0 [ 1091.892779][T27371] ? __fget_files+0x215/0x3d0 [ 1091.892802][T27371] blkdev_ioctl+0x43b/0x6f0 [ 1091.892835][T27371] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1091.892872][T27371] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1091.892906][T27371] __x64_sys_ioctl+0x18e/0x210 [ 1091.892939][T27371] do_syscall_64+0x115/0x840 [ 1091.892968][T27371] ? clear_bhb_loop+0x40/0x90 [ 1091.892996][T27371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1091.893020][T27371] RIP: 0033:0x7f680ad9ce59 [ 1091.893038][T27371] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1091.893069][T27371] RSP: 002b:00007f680bb81028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1091.893092][T27371] RAX: ffffffffffffffda RBX: 00007f680b015fa0 RCX: 00007f680ad9ce59 [ 1091.893111][T27371] RDX: 0000000000000005 RSI: 00000000401070c9 RDI: 0000000000000008 [ 1091.893126][T27371] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1091.893141][T27371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1091.893155][T27371] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1091.893178][T27371] [ 1097.097361][T27480] FAULT_INJECTION: forcing a failure. [ 1097.097361][T27480] name failslab, interval 1, probability 0, space 0, times 0 [ 1097.198882][T27480] CPU: 0 UID: 0 PID: 27480 Comm: syz.3.4219 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1097.198924][T27480] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1097.198934][T27480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1097.198948][T27480] Call Trace: [ 1097.198956][T27480] [ 1097.198965][T27480] dump_stack_lvl+0x100/0x190 [ 1097.199008][T27480] should_fail_ex.cold+0x5/0xa [ 1097.199033][T27480] ? kmem_cache_alloc_noprof+0x54/0x6d0 [ 1097.199069][T27480] should_failslab+0xc2/0x120 [ 1097.199092][T27480] kmem_cache_alloc_noprof+0x7b/0x6d0 [ 1097.199125][T27480] ? security_file_alloc+0x34/0x2c0 [ 1097.199155][T27480] ? trace_kmem_cache_alloc+0xdd/0x100 [ 1097.199181][T27480] security_file_alloc+0x34/0x2c0 [ 1097.199210][T27480] init_file+0x95/0x480 [ 1097.199237][T27480] alloc_empty_file+0x79/0x1c0 [ 1097.199266][T27480] path_openat+0xe7/0x4280 [ 1097.199288][T27480] ? kasan_save_stack+0x3f/0x50 [ 1097.199322][T27480] ? kasan_save_stack+0x30/0x50 [ 1097.199356][T27480] ? kasan_save_track+0x14/0x30 [ 1097.199390][T27480] ? __kasan_slab_alloc+0x89/0x90 [ 1097.199425][T27480] ? kmem_cache_alloc_noprof+0x241/0x6d0 [ 1097.199459][T27480] ? do_getname+0x35/0x390 [ 1097.199486][T27480] ? do_sys_openat2+0xc7/0x1e0 [ 1097.199515][T27480] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.199543][T27480] ? __pfx_path_openat+0x10/0x10 [ 1097.199570][T27480] do_file_open+0x20e/0x430 [ 1097.199594][T27480] ? __pfx_do_file_open+0x10/0x10 [ 1097.199627][T27480] ? alloc_fd+0x471/0x7a0 [ 1097.199648][T27480] ? do_getname+0x191/0x390 [ 1097.199677][T27480] do_sys_openat2+0x10f/0x1e0 [ 1097.199716][T27480] ? __pfx_do_sys_openat2+0x10/0x10 [ 1097.199747][T27480] ? __fget_files+0x215/0x3d0 [ 1097.199770][T27480] __x64_sys_openat+0x12d/0x210 [ 1097.199801][T27480] ? __pfx___x64_sys_openat+0x10/0x10 [ 1097.199835][T27480] ? rcu_is_watching+0x12/0xc0 [ 1097.199879][T27480] do_syscall_64+0x115/0x840 [ 1097.199909][T27480] ? clear_bhb_loop+0x40/0x90 [ 1097.199935][T27480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.199959][T27480] RIP: 0033:0x7f680ad9ce59 [ 1097.199977][T27480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1097.200001][T27480] RSP: 002b:00007f6808fd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1097.200024][T27480] RAX: ffffffffffffffda RBX: 00007f680b016180 RCX: 00007f680ad9ce59 [ 1097.200040][T27480] RDX: 0000000000000480 RSI: 0000200000002080 RDI: ffffffffffffff9c [ 1097.200055][T27480] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1097.200069][T27480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1097.200084][T27480] R13: 00007f680b016218 R14: 00007f680b016180 R15: 00007fff0480d348 [ 1097.200106][T27480] [ 1098.151160][T27489] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4221'. [ 1099.844641][T27523] vivid-007: ================= START STATUS ================= [ 1099.888399][T27523] vivid-007: Generate PTS: true [ 1099.912009][T27523] vivid-007: Generate SCR: true [ 1099.992079][T27523] tpg source WxH: 320x240 (Y'CbCr) [ 1100.078562][T27523] tpg field: 1 [ 1100.112786][T27523] tpg crop: (0,0)/320x240 [ 1100.140061][T27523] tpg compose: (0,0)/320x240 [ 1100.175258][T27523] tpg colorspace: 8 [ 1100.205868][T27523] tpg transfer function: 0/0 [ 1100.230421][T27523] tpg Y'CbCr encoding: 0/0 [ 1100.258223][T27523] tpg quantization: 0/0 [ 1100.321465][T27523] tpg RGB range: 0/2 [ 1100.341798][T27523] vivid-007: ================== END STATUS ================== [ 1101.065729][T27558] vivid-007: ================= START STATUS ================= [ 1101.083332][T27559] Process accounting resumed [ 1101.106235][T27558] vivid-007: Generate PTS: true [ 1101.122879][T27558] vivid-007: Generate SCR: true [ 1101.152204][T27558] tpg source WxH: 320x240 (Y'CbCr) [ 1101.164682][T27558] tpg field: 1 [ 1101.176156][T27558] tpg crop: (0,0)/320x240 [ 1101.198485][T27558] tpg compose: (0,0)/320x240 [ 1101.242567][T27558] tpg colorspace: 8 [ 1101.267612][T27558] tpg transfer function: 0/0 [ 1101.307697][T27571] FAULT_INJECTION: forcing a failure. [ 1101.307697][T27571] name failslab, interval 1, probability 0, space 0, times 0 [ 1101.322414][T27558] tpg Y'CbCr encoding: 0/0 [ 1101.343421][T27558] tpg quantization: 0/0 [ 1101.379328][T27558] tpg RGB range: 0/2 [ 1101.427417][T27558] vivid-007: ================== END STATUS ================== [ 1101.461300][T27571] CPU: 0 UID: 0 PID: 27571 Comm: syz.2.4236 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1101.461343][T27571] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1101.461354][T27571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1101.461370][T27571] Call Trace: [ 1101.461378][T27571] [ 1101.461387][T27571] dump_stack_lvl+0x100/0x190 [ 1101.461432][T27571] should_fail_ex.cold+0x5/0xa [ 1101.461459][T27571] ? __kmalloc_noprof+0xba/0x840 [ 1101.461491][T27571] ? udp_init_sock+0x24e/0x450 [ 1101.461591][T27571] should_failslab+0xc2/0x120 [ 1101.461614][T27571] __kmalloc_noprof+0xe0/0x840 [ 1101.461645][T27571] ? lockdep_init_map_type+0x5c/0x250 [ 1101.461683][T27571] udp_init_sock+0x24e/0x450 [ 1101.461706][T27571] ? __pfx_udp_init_sock+0x10/0x10 [ 1101.461732][T27571] inet_create+0x94c/0x1060 [ 1101.461771][T27571] ? inet_create+0x94/0x1060 [ 1101.461811][T27571] __sock_create+0x339/0x860 [ 1101.461849][T27571] __sys_socket+0x14d/0x260 [ 1101.461883][T27571] ? __pfx___sys_socket+0x10/0x10 [ 1101.461922][T27571] __x64_sys_socket+0x72/0xb0 [ 1101.461957][T27571] do_syscall_64+0x115/0x840 [ 1101.461988][T27571] ? clear_bhb_loop+0x40/0x90 [ 1101.462017][T27571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1101.462042][T27571] RIP: 0033:0x7fedfe39ce59 [ 1101.462062][T27571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1101.462088][T27571] RSP: 002b:00007fedff272028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1101.462112][T27571] RAX: ffffffffffffffda RBX: 00007fedfe615fa0 RCX: 00007fedfe39ce59 [ 1101.462130][T27571] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 [ 1101.462145][T27571] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1101.462161][T27571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1101.462176][T27571] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1101.462201][T27571] [ 1102.529168][T27595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4241'. [ 1102.588645][T27595] nbd: must specify at least one socket [ 1102.623939][T27597] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4241'. [ 1102.670521][T27597] nbd: must specify at least one socket [ 1103.691885][T27608] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4244'. [ 1104.650535][T27639] kexec: Could not allocate control_code_buffer [ 1105.424011][T27670] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4258'. [ 1106.232198][T27690] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 10 with max blocks 21 with error 117 [ 1106.290480][T27690] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1106.290480][T27690] [ 1106.577222][T27696] netlink: 'syz.1.4264': attribute type 1 has an invalid length. [ 1106.662839][T27696] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4264'. [ 1107.397568][T27703] FAULT_INJECTION: forcing a failure. [ 1107.397568][T27703] name failslab, interval 1, probability 0, space 0, times 0 [ 1107.542941][T27703] CPU: 0 UID: 0 PID: 27703 Comm: syz.2.4265 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1107.542982][T27703] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1107.542992][T27703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1107.543007][T27703] Call Trace: [ 1107.543015][T27703] [ 1107.543025][T27703] dump_stack_lvl+0x100/0x190 [ 1107.543067][T27703] should_fail_ex.cold+0x5/0xa [ 1107.543091][T27703] ? kmem_cache_alloc_noprof+0x54/0x6d0 [ 1107.543132][T27703] should_failslab+0xc2/0x120 [ 1107.543155][T27703] kmem_cache_alloc_noprof+0x7b/0x6d0 [ 1107.543189][T27703] ? taskstats_exit+0x67b/0xc10 [ 1107.543214][T27703] ? rcu_is_watching+0x12/0xc0 [ 1107.543253][T27703] taskstats_exit+0x67b/0xc10 [ 1107.543278][T27703] ? __pfx_acct_update_integrals+0x10/0x10 [ 1107.543306][T27703] ? __pfx_taskstats_exit+0x10/0x10 [ 1107.543332][T27703] ? preempt_count_add+0x76/0x150 [ 1107.543365][T27703] do_exit+0x65c/0x2ae0 [ 1107.543392][T27703] ? __pfx_do_exit+0x10/0x10 [ 1107.543416][T27703] ? do_raw_spin_lock+0x128/0x260 [ 1107.543450][T27703] ? get_signal+0x7e0/0x21e0 [ 1107.543487][T27703] do_group_exit+0xd5/0x2a0 [ 1107.543513][T27703] get_signal+0x1ec7/0x21e0 [ 1107.543550][T27703] ? __might_fault+0xc5/0x140 [ 1107.543582][T27703] ? __pfx_get_signal+0x10/0x10 [ 1107.543617][T27703] ? do_futex+0x190/0x440 [ 1107.543652][T27703] arch_do_signal_or_restart+0x91/0x7a0 [ 1107.543687][T27703] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1107.543725][T27703] ? rcu_is_watching+0x12/0xc0 [ 1107.543763][T27703] exit_to_user_mode_loop+0x139/0x6f0 [ 1107.543795][T27703] ? rcu_is_watching+0x12/0xc0 [ 1107.543833][T27703] do_syscall_64+0x652/0x840 [ 1107.543867][T27703] ? clear_bhb_loop+0x40/0x90 [ 1107.543895][T27703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1107.543920][T27703] RIP: 0033:0x7fedfe39ce59 [ 1107.543938][T27703] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1107.543962][T27703] RSP: 002b:00007fedff2510e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1107.543985][T27703] RAX: fffffffffffffe00 RBX: 00007fedfe616098 RCX: 00007fedfe39ce59 [ 1107.544001][T27703] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fedfe616098 [ 1107.544016][T27703] RBP: 00007fedfe616090 R08: 0000000000000000 R09: 0000000000000000 [ 1107.544031][T27703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1107.544045][T27703] R13: 00007fedfe616128 R14: 00007ffc8879f530 R15: 00007ffc8879f618 [ 1107.544068][T27703] [ 1109.167502][T27736] tc_dump_action: action bad kind [ 1109.352471][T27738] can: request_module (can-proto-0) failed. [ 1111.339166][T27806] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4287'. [ 1112.520141][T27817] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4289'. [ 1112.614703][T27824] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4290'. [ 1113.055283][T27829] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4292'. [ 1113.161861][T27837] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4293'. [ 1113.202608][T27837] ipvlan1: entered promiscuous mode [ 1113.250242][T27837] ipvlan1: entered allmulticast mode [ 1113.285446][T27837] veth0_vlan: entered allmulticast mode [ 1113.673436][T27849] input: f as /devices/virtual/input/input83 [ 1115.104126][T27878] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4303'. [ 1116.165783][ T29] audit: type=1800 audit(4295039522.816:49): pid=27901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4306" name="version" dev="configfs" ino=137169 res=0 errno=0 [ 1116.334945][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.344003][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.177933][T15657] Bluetooth: hci4: Malformed Event: 0x2f [ 1117.419758][T27913] ovs_: entered promiscuous mode [ 1118.166581][T27921] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1118.196485][T27921] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1118.217258][T27921] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1118.241645][T27921] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1118.272016][T27921] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1119.614379][T15657] Bluetooth: hci4: command 0x0406 tx timeout [ 1120.254435][T15701] Bluetooth: hci2: command 0x2016 tx timeout [ 1120.260620][T15657] Bluetooth: hci1: command 0x0406 tx timeout [ 1120.334619][T15657] Bluetooth: hci0: command 0x0c1a tx timeout [ 1121.816254][T27986] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4323'. [ 1122.335129][T27987] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.3.4322: 7 [ 1122.348475][T15657] Bluetooth: hci2: command 0x2016 tx timeout [ 1124.400540][T28031] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4332'. [ 1124.506055][T28036] FAULT_INJECTION: forcing a failure. [ 1124.506055][T28036] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1124.594422][T28036] CPU: 0 UID: 0 PID: 28036 Comm: syz.2.4332 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1124.594466][T28036] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1124.594477][T28036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1124.594493][T28036] Call Trace: [ 1124.594502][T28036] [ 1124.594515][T28036] dump_stack_lvl+0x100/0x190 [ 1124.594564][T28036] should_fail_ex.cold+0x5/0xa [ 1124.594593][T28036] get_futex_key+0x1d2/0x14f0 [ 1124.594631][T28036] ? __pfx_get_futex_key+0x10/0x10 [ 1124.594666][T28036] ? trace_ignore_this_task+0xc3/0x100 [ 1124.594692][T28036] ? event_filter_pid_sched_wakeup_probe_post+0x128/0x270 [ 1124.594727][T28036] futex_wait_setup+0x91/0x540 [ 1124.594757][T28036] __futex_wait+0x19f/0x300 [ 1124.594783][T28036] ? __pfx___futex_wait+0x10/0x10 [ 1124.594807][T28036] ? __pfx_try_to_wake_up+0x10/0x10 [ 1124.594847][T28036] ? __pfx_futex_wake_mark+0x10/0x10 [ 1124.594875][T28036] ? futex_wake+0x4ea/0x5e0 [ 1124.594897][T28036] ? rcu_is_watching+0x12/0xc0 [ 1124.594941][T28036] futex_wait+0xe6/0x370 [ 1124.594965][T28036] ? __pfx_futex_wait+0x10/0x10 [ 1124.594994][T28036] ? putname+0xb1/0x110 [ 1124.595020][T28036] ? kmem_cache_free+0x127/0x6b0 [ 1124.595056][T28036] do_futex+0x265/0x440 [ 1124.595093][T28036] ? __pfx_do_futex+0x10/0x10 [ 1124.595138][T28036] ? __pfx_do_sys_openat2+0x10/0x10 [ 1124.595172][T28036] ? __fget_files+0x21f/0x3d0 [ 1124.595196][T28036] __x64_sys_futex+0x34f/0x4d0 [ 1124.595235][T28036] ? __x64_sys_openat+0x12d/0x210 [ 1124.595269][T28036] ? __pfx___x64_sys_futex+0x10/0x10 [ 1124.595310][T28036] ? rcu_is_watching+0x12/0xc0 [ 1124.595351][T28036] do_syscall_64+0x115/0x840 [ 1124.595385][T28036] ? clear_bhb_loop+0x40/0x90 [ 1124.595420][T28036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1124.595446][T28036] RIP: 0033:0x7fedfe39ce59 [ 1124.595466][T28036] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1124.595492][T28036] RSP: 002b:00007fedff2510e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1124.595518][T28036] RAX: ffffffffffffffda RBX: 00007fedfe616098 RCX: 00007fedfe39ce59 [ 1124.595535][T28036] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fedfe616098 [ 1124.595552][T28036] RBP: 00007fedfe616090 R08: 0000000000000000 R09: 0000000000000000 [ 1124.595568][T28036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1124.595584][T28036] R13: 00007fedfe616128 R14: 00007ffc8879f530 R15: 00007ffc8879f618 [ 1124.595616][T28036] [ 1125.201695][T28048] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 1125.279199][T28048] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4335'. [ 1125.487899][T28053] random: crng reseeded on system resumption [ 1125.872328][T28065] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4339'. [ 1126.652555][T28085] random: crng reseeded on system resumption [ 1127.149217][T28096] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4346'. [ 1128.750895][T28111] Process accounting resumed [ 1129.650749][T28150] futex_wake_op: syz.2.4357 tries to shift op by -2048; fix this program [ 1129.885459][T28144] 0x000000000001-0x000000020000 : "" [ 1129.935328][T28144] ftl_cs: FTL header corrupt! [ 1129.994000][T28165] usb usb2: usbfs: process 28165 (syz.3.4360) did not claim interface 47 before use [ 1131.499084][T28224] random: crng reseeded on system resumption [ 1132.156966][T28205] Process accounting paused [ 1134.179865][T28283] netlink: 150 bytes leftover after parsing attributes in process `syz.2.4387'. [ 1135.236685][T28299] futex_wake_op: syz.0.4390 tries to shift op by -2048; fix this program [ 1135.289789][T28299] futex_wake_op: syz.0.4390 tries to shift op by -2048; fix this program [ 1135.904207][T28324] netlink: 'syz.3.4395': attribute type 4 has an invalid length. [ 1135.944250][T28324] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4395'. [ 1137.042565][T28327] Process accounting resumed [ 1137.957604][T28370] netlink: 172 bytes leftover after parsing attributes in process `syz.2.4403'. [ 1139.530223][T28412] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1140.828874][T28451] CIFS: VFS: Invalid SecurityFlags: [ 1142.888383][T28515] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input85 [ 1143.644023][T28529] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4431'. [ 1145.513583][T28581] random: crng reseeded on system resumption [ 1146.276434][T28595] netlink: 'syz.0.4444': attribute type 4 has an invalid length. [ 1146.323501][T28595] netlink: 314 bytes leftover after parsing attributes in process `syz.0.4444'. [ 1147.040707][T28586] kexec: Could not allocate control_code_buffer [ 1147.432194][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.432225][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.447384][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.447411][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.463517][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.463546][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.481606][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.481635][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.496874][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.496901][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.518096][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.518127][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.533079][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.533107][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.548699][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.548726][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.563762][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.563789][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.578703][T15657] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1147.578731][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.594682][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.603653][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.611350][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.618899][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.626774][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.634713][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.644310][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.651835][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.661104][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.668643][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.676130][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.683782][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.691819][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.699401][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.709766][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.717566][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.725497][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.733503][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.741087][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.748727][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.756578][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.764577][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1147.773591][T15657] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 1148.607092][T28646] blkio.reset_stats is deprecated [ 1149.789148][T15657] Bluetooth: hci0: command 0x0c1a tx timeout [ 1149.959938][T28675] binder: 28674:28675 ioctl 400c620e 2000000003c0 returned -22 [ 1150.034598][T28681] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4461'. [ 1150.096279][T28686] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4463'. [ 1150.184265][T28689] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4464'. [ 1150.319700][T28674] Process accounting resumed [ 1151.346982][T28719] FAULT_INJECTION: forcing a failure. [ 1151.346982][T28719] name failslab, interval 1, probability 0, space 0, times 0 [ 1151.530327][T28719] CPU: 0 UID: 0 PID: 28719 Comm: syz.2.4468 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1151.530381][T28719] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1151.530392][T28719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1151.530408][T28719] Call Trace: [ 1151.530416][T28719] [ 1151.530426][T28719] dump_stack_lvl+0x100/0x190 [ 1151.530471][T28719] should_fail_ex.cold+0x5/0xa [ 1151.530497][T28719] ? kmem_cache_alloc_noprof+0x54/0x6d0 [ 1151.530536][T28719] should_failslab+0xc2/0x120 [ 1151.530561][T28719] kmem_cache_alloc_noprof+0x7b/0x6d0 [ 1151.530596][T28719] ? __proc_create+0x2cb/0x8c0 [ 1151.530624][T28719] ? lock_release+0x24d/0x310 [ 1151.530659][T28719] __proc_create+0x2cb/0x8c0 [ 1151.530687][T28719] ? __pfx___proc_create+0x10/0x10 [ 1151.530715][T28719] ? lock_release+0x24d/0x310 [ 1151.530746][T28719] ? do_raw_spin_unlock+0x145/0x1e0 [ 1151.530785][T28719] ? _raw_spin_unlock+0x28/0x50 [ 1151.530812][T28719] proc_create_reg+0x75/0x170 [ 1151.530882][T28719] proc_create_net_data+0x8e/0x1c0 [ 1151.530912][T28719] ? __pfx_proc_create_net_data+0x10/0x10 [ 1151.530944][T28719] ? lockdep_init_map_type+0x5c/0x250 [ 1151.530978][T28719] ? lockdep_init_map_type+0x5c/0x250 [ 1151.531013][T28719] ? __pfx_packet_net_init+0x10/0x10 [ 1151.531121][T28719] packet_net_init+0x93/0xc0 [ 1151.531147][T28719] ops_init+0x1e2/0x5f0 [ 1151.531176][T28719] setup_net+0x118/0x3a0 [ 1151.531203][T28719] ? __pfx_setup_net+0x10/0x10 [ 1151.531229][T28719] ? mutex_init_lockdep+0xf1/0x120 [ 1151.531265][T28719] copy_net_ns+0x46f/0x7c0 [ 1151.531295][T28719] create_new_namespaces+0x3ea/0xac0 [ 1151.531336][T28719] unshare_nsproxy_namespaces+0xf2/0x220 [ 1151.531384][T28719] ksys_unshare+0x438/0xab0 [ 1151.531409][T28719] ? __pfx_ksys_unshare+0x10/0x10 [ 1151.531438][T28719] __x64_sys_unshare+0x31/0x40 [ 1151.531462][T28719] do_syscall_64+0x115/0x840 [ 1151.531493][T28719] ? clear_bhb_loop+0x40/0x90 [ 1151.531521][T28719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.531547][T28719] RIP: 0033:0x7fedfe39ce59 [ 1151.531567][T28719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1151.531594][T28719] RSP: 002b:00007fedff251028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1151.531618][T28719] RAX: ffffffffffffffda RBX: 00007fedfe616090 RCX: 00007fedfe39ce59 [ 1151.531635][T28719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1151.531651][T28719] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1151.531667][T28719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1151.531683][T28719] R13: 00007fedfe616128 R14: 00007fedfe616090 R15: 00007ffc8879f618 [ 1151.531708][T28719] [ 1152.246746][T15657] Bluetooth: hci0: command 0x0c1a tx timeout [ 1153.232995][T28751] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4474'. [ 1153.355623][T28752] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4474'. [ 1153.932686][T28768] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4479'. [ 1154.271810][T15701] Bluetooth: hci0: command 0x0c1a tx timeout [ 1154.608031][T28789] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 1156.010934][T28825] FAULT_INJECTION: forcing a failure. [ 1156.010934][T28825] name failslab, interval 1, probability 0, space 0, times 0 [ 1156.080665][T28825] CPU: 0 UID: 0 PID: 28825 Comm: syz.3.4488 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1156.080710][T28825] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1156.080720][T28825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1156.080736][T28825] Call Trace: [ 1156.080745][T28825] [ 1156.080754][T28825] dump_stack_lvl+0x100/0x190 [ 1156.080801][T28825] should_fail_ex.cold+0x5/0xa [ 1156.080827][T28825] ? __kmalloc_cache_noprof+0x53/0x6e0 [ 1156.080866][T28825] should_failslab+0xc2/0x120 [ 1156.080889][T28825] __kmalloc_cache_noprof+0x7a/0x6e0 [ 1156.080921][T28825] ? fqdir_init+0x4f/0x1f0 [ 1156.081022][T28825] ? rcu_is_watching+0x12/0xc0 [ 1156.081066][T28825] fqdir_init+0x4f/0x1f0 [ 1156.081098][T28825] nf_ct_net_init+0x3d/0x370 [ 1156.081180][T28825] ? __pfx_nf_ct_net_init+0x10/0x10 [ 1156.081218][T28825] ops_init+0x1e2/0x5f0 [ 1156.081246][T28825] setup_net+0x118/0x3a0 [ 1156.081271][T28825] ? __pfx_setup_net+0x10/0x10 [ 1156.081297][T28825] ? mutex_init_lockdep+0xf1/0x120 [ 1156.081333][T28825] copy_net_ns+0x46f/0x7c0 [ 1156.081363][T28825] create_new_namespaces+0x3ea/0xac0 [ 1156.081403][T28825] unshare_nsproxy_namespaces+0xf2/0x220 [ 1156.081442][T28825] ksys_unshare+0x438/0xab0 [ 1156.081467][T28825] ? __pfx_ksys_unshare+0x10/0x10 [ 1156.081494][T28825] ? trace_irq_enable.constprop.0+0x2f/0x160 [ 1156.081530][T28825] __x64_sys_unshare+0x31/0x40 [ 1156.081554][T28825] do_syscall_64+0x115/0x840 [ 1156.081586][T28825] ? clear_bhb_loop+0x40/0x90 [ 1156.081615][T28825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1156.081641][T28825] RIP: 0033:0x7f680ad9ce59 [ 1156.081660][T28825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1156.081686][T28825] RSP: 002b:00007f6808ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1156.081715][T28825] RAX: ffffffffffffffda RBX: 00007f680b016090 RCX: 00007f680ad9ce59 [ 1156.081732][T28825] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1156.081748][T28825] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1156.081765][T28825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1156.081779][T28825] R13: 00007f680b016128 R14: 00007f680b016090 R15: 00007fff0480d348 [ 1156.081804][T28825] [ 1156.621915][T15701] Bluetooth: hci0: command 0x0c1a tx timeout [ 1157.288437][T28850] sd 0:0:1:0: PR command failed: 1026 [ 1157.378293][T28850] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1157.537243][T28850] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1158.541498][T28875] ubi0: attaching mtd0 [ 1158.583097][T28875] ubi0: scanning is finished [ 1158.675737][T15701] Bluetooth: hci0: command 0x0c1a tx timeout [ 1158.702019][T28875] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1159.376088][T28875] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1160.755140][T15701] Bluetooth: hci0: command 0x0c1a tx timeout [ 1162.209449][T28955] FAULT_INJECTION: forcing a failure. [ 1162.209449][T28955] name failslab, interval 1, probability 0, space 0, times 0 [ 1162.288259][T28955] CPU: 0 UID: 0 PID: 28955 Comm: syz.3.4511 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1162.288301][T28955] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1162.288318][T28955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1162.288334][T28955] Call Trace: [ 1162.288343][T28955] [ 1162.288352][T28955] dump_stack_lvl+0x100/0x190 [ 1162.288398][T28955] should_fail_ex.cold+0x5/0xa [ 1162.288424][T28955] ? kmem_cache_alloc_noprof+0x54/0x6d0 [ 1162.288463][T28955] should_failslab+0xc2/0x120 [ 1162.288486][T28955] kmem_cache_alloc_noprof+0x7b/0x6d0 [ 1162.288521][T28955] ? security_file_alloc+0x34/0x2c0 [ 1162.288555][T28955] ? trace_kmem_cache_alloc+0xdd/0x100 [ 1162.288581][T28955] security_file_alloc+0x34/0x2c0 [ 1162.288617][T28955] init_file+0x95/0x480 [ 1162.288645][T28955] alloc_empty_file+0x79/0x1c0 [ 1162.288676][T28955] path_openat+0xe7/0x4280 [ 1162.288700][T28955] ? kasan_save_stack+0x3f/0x50 [ 1162.288736][T28955] ? kasan_save_stack+0x30/0x50 [ 1162.288772][T28955] ? kasan_save_track+0x14/0x30 [ 1162.288809][T28955] ? __kasan_slab_alloc+0x89/0x90 [ 1162.288850][T28955] ? kmem_cache_alloc_noprof+0x241/0x6d0 [ 1162.288886][T28955] ? do_getname+0x35/0x390 [ 1162.288915][T28955] ? do_sys_openat2+0xc7/0x1e0 [ 1162.288946][T28955] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.288975][T28955] ? __pfx_path_openat+0x10/0x10 [ 1162.289004][T28955] do_file_open+0x20e/0x430 [ 1162.289029][T28955] ? __pfx_do_file_open+0x10/0x10 [ 1162.289063][T28955] ? alloc_fd+0x471/0x7a0 [ 1162.289087][T28955] ? do_getname+0x191/0x390 [ 1162.289118][T28955] do_sys_openat2+0x10f/0x1e0 [ 1162.289150][T28955] ? __pfx_do_sys_openat2+0x10/0x10 [ 1162.289184][T28955] ? __pfx_restore_altstack+0x10/0x10 [ 1162.289214][T28955] __x64_sys_openat+0x12d/0x210 [ 1162.289247][T28955] ? __pfx___x64_sys_openat+0x10/0x10 [ 1162.289284][T28955] ? rcu_is_watching+0x12/0xc0 [ 1162.289331][T28955] do_syscall_64+0x115/0x840 [ 1162.289363][T28955] ? clear_bhb_loop+0x40/0x90 [ 1162.289391][T28955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.289416][T28955] RIP: 0033:0x7f680ad9ce59 [ 1162.289436][T28955] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1162.289465][T28955] RSP: 002b:00007f680bb81028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1162.289492][T28955] RAX: ffffffffffffffda RBX: 00007f680b015fa0 RCX: 00007f680ad9ce59 [ 1162.289509][T28955] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1162.289526][T28955] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1162.289544][T28955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1162.289560][T28955] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1162.289585][T28955] [ 1162.963552][T28920] Bluetooth: hci0: command 0x0c1a tx timeout [ 1163.550810][T28958] netlink: 'syz.1.4512': attribute type 11 has an invalid length. [ 1164.359636][T28994] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4519'. [ 1164.502124][T29011] netlink: 'syz.3.4523': attribute type 64 has an invalid length. [ 1164.532520][T29011] netlink: 74 bytes leftover after parsing attributes in process `syz.3.4523'. [ 1164.999647][T15657] Bluetooth: hci0: command 0x0c1a tx timeout [ 1166.047923][T15657] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1166.055465][T15657] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 1166.397213][T15657] bt_warn_ratelimited: 23 callbacks suppressed [ 1166.397234][T15657] Bluetooth: hci1: unexpected event 0x10 length: 124 > 1 [ 1166.404155][T28920] Bluetooth: hci1: hardware error 0x00 [ 1166.490155][T15657] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 1167.078356][T15657] Bluetooth: hci0: command 0x0c1a tx timeout [ 1168.214927][T29057] Process accounting paused [ 1168.438826][T28920] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1168.856655][T28920] Bluetooth: hci0: unexpected event 0x10 length: 124 > 1 [ 1168.856704][T15657] Bluetooth: hci0: hardware error 0x00 [ 1168.975041][T28920] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1169.513962][T29123] FAULT_INJECTION: forcing a failure. [ 1169.513962][T29123] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.598092][T29123] CPU: 0 UID: 0 PID: 29123 Comm: syz.2.4546 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1169.598136][T29123] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1169.598146][T29123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1169.598163][T29123] Call Trace: [ 1169.598171][T29123] [ 1169.598181][T29123] dump_stack_lvl+0x100/0x190 [ 1169.598229][T29123] should_fail_ex.cold+0x5/0xa [ 1169.598255][T29123] ? __kmalloc_cache_noprof+0x53/0x6e0 [ 1169.598290][T29123] should_failslab+0xc2/0x120 [ 1169.598313][T29123] __kmalloc_cache_noprof+0x7a/0x6e0 [ 1169.598345][T29123] ? trace_pid_list_alloc+0x9d/0x480 [ 1169.598376][T29123] trace_pid_list_alloc+0x9d/0x480 [ 1169.598404][T29123] trace_pid_write+0x110/0x460 [ 1169.598430][T29123] ? __pfx_trace_pid_write+0x10/0x10 [ 1169.598461][T29123] ? __pfx___might_resched+0x10/0x10 [ 1169.598496][T29123] event_pid_write.isra.0+0x1e4/0x7d0 [ 1169.598527][T29123] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 1169.598557][T29123] ? lock_acquire+0x301/0x370 [ 1169.598588][T29123] ? __pfx___might_resched+0x10/0x10 [ 1169.598623][T29123] vfs_write+0x2aa/0x1050 [ 1169.598663][T29123] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 1169.598695][T29123] ? __pfx_vfs_write+0x10/0x10 [ 1169.598735][T29123] ? rcu_is_watching+0x12/0xc0 [ 1169.598820][T29123] ? __fget_files+0x21f/0x3d0 [ 1169.598846][T29123] ksys_write+0x12a/0x250 [ 1169.598870][T29123] ? __pfx_ksys_write+0x10/0x10 [ 1169.598894][T29123] ? rcu_is_watching+0x12/0xc0 [ 1169.598936][T29123] do_syscall_64+0x115/0x840 [ 1169.598968][T29123] ? clear_bhb_loop+0x40/0x90 [ 1169.598996][T29123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1169.599023][T29123] RIP: 0033:0x7fedfe39ce59 [ 1169.599043][T29123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1169.599069][T29123] RSP: 002b:00007fedff272028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1169.599094][T29123] RAX: ffffffffffffffda RBX: 00007fedfe615fa0 RCX: 00007fedfe39ce59 [ 1169.599112][T29123] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1169.599128][T29123] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1169.599144][T29123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1169.599160][T29123] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1169.599184][T29123] [ 1170.756548][T29150] netlink: 'syz.1.4554': attribute type 4 has an invalid length. [ 1170.791433][T29150] netlink: 'syz.1.4554': attribute type 5 has an invalid length. [ 1170.825436][T29150] netlink: 10 bytes leftover after parsing attributes in process `syz.1.4554'. [ 1170.919685][T15657] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1171.417966][T29172] netlink: 'syz.2.4557': attribute type 4 has an invalid length. [ 1171.455161][T29172] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4557'. [ 1171.981724][T29190] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(384.8192.60), cmd(6) [ 1173.880981][T29253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4572'. [ 1174.749415][ T29] audit: type=1800 audit(4295090693.371:50): pid=29283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4576" name="version" dev="configfs" ino=145418 res=0 errno=0 [ 1174.954190][T29285] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:106: comm syz-executor: Corrupt inode bitmap - block_group = 2, inode_bitmap = 139 [ 1175.448171][T28920] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1175.457057][T28920] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1175.464815][T28920] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1175.473614][T28920] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1175.481689][T28920] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1176.344980][T29327] sctp: [Deprecated]: syz.3.4586 (pid 29327) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1176.344980][T29327] Use struct sctp_sack_info instead [ 1177.096581][T29349] FAULT_INJECTION: forcing a failure. [ 1177.096581][T29349] name failslab, interval 1, probability 0, space 0, times 0 [ 1177.156251][T29349] CPU: 0 UID: 0 PID: 29349 Comm: syz.3.4588 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1177.156303][T29349] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1177.156313][T29349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1177.156329][T29349] Call Trace: [ 1177.156337][T29349] [ 1177.156347][T29349] dump_stack_lvl+0x100/0x190 [ 1177.156391][T29349] should_fail_ex.cold+0x5/0xa [ 1177.156417][T29349] ? kmem_cache_alloc_lru_noprof+0x59/0x6e0 [ 1177.156458][T29349] should_failslab+0xc2/0x120 [ 1177.156481][T29349] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1177.156518][T29349] ? xas_split_alloc+0x11c/0x4a0 [ 1177.156553][T29349] ? lock_release+0x24d/0x310 [ 1177.156584][T29349] ? bpf_ksym_find+0x124/0x1c0 [ 1177.156622][T29349] xas_split_alloc+0x11c/0x4a0 [ 1177.156659][T29349] __folio_split+0x5e5/0x1690 [ 1177.156693][T29349] ? rcu_is_watching+0x12/0xc0 [ 1177.156733][T29349] ? __pfx___folio_split+0x10/0x10 [ 1177.156769][T29349] ? __pfx___might_resched+0x10/0x10 [ 1177.156800][T29349] ? lock_release+0x24d/0x310 [ 1177.156834][T29349] madvise_cold_or_pageout_pte_range+0xf8c/0x2620 [ 1177.156870][T29349] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 1177.156901][T29349] ? tomoyo_check_open_permission+0x1a2/0x3c0 [ 1177.156933][T29349] ? stack_trace_save+0x8e/0xc0 [ 1177.156959][T29349] ? __pfx_stack_trace_save+0x10/0x10 [ 1177.156987][T29349] ? rcu_is_watching+0x12/0xc0 [ 1177.157027][T29349] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 1177.157059][T29349] walk_pgd_range+0xc1a/0x1dd0 [ 1177.157099][T29349] ? __css_rstat_updated+0x1ce/0x5a0 [ 1177.157136][T29349] ? __pfx_walk_pgd_range+0x10/0x10 [ 1177.157172][T29349] ? rcu_is_watching+0x12/0xc0 [ 1177.157219][T29349] ? folios_put_refs+0x716/0xa90 [ 1177.157258][T29349] __walk_page_range+0x171/0x850 [ 1177.157295][T29349] ? folio_batch_move_lru+0x300/0x7d0 [ 1177.157332][T29349] ? rcu_is_watching+0x12/0xc0 [ 1177.157372][T29349] ? folio_batch_move_lru+0x32b/0x7d0 [ 1177.157408][T29349] ? lock_release+0x24d/0x310 [ 1177.157468][T29349] ? trace_irq_enable.constprop.0+0x122/0x160 [ 1177.157506][T29349] walk_page_range_vma_unsafe+0x209/0x8f0 [ 1177.157548][T29349] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 1177.157591][T29349] ? mlock_drain_local+0x254/0x4e0 [ 1177.157626][T29349] ? rcu_is_watching+0x12/0xc0 [ 1177.157664][T29349] ? mlock_drain_local+0x254/0x4e0 [ 1177.157700][T29349] ? lock_release+0x24d/0x310 [ 1177.157738][T29349] walk_page_range_vma+0x63/0x90 [ 1177.157778][T29349] madvise_pageout+0x259/0x540 [ 1177.157804][T29349] ? __pfx_madvise_pageout+0x10/0x10 [ 1177.157829][T29349] ? finish_task_switch.isra.0+0x2c0/0x1010 [ 1177.157867][T29349] ? rcu_is_watching+0x12/0xc0 [ 1177.157912][T29349] ? mtree_range_walk+0x72b/0xb70 [ 1177.157944][T29349] madvise_vma_behavior+0x452/0x2240 [ 1177.157975][T29349] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1177.158008][T29349] ? find_vma_prev+0xd8/0x150 [ 1177.158032][T29349] ? rcu_is_watching+0x12/0xc0 [ 1177.158071][T29349] ? __pfx_find_vma_prev+0x10/0x10 [ 1177.158100][T29349] ? __futex_wait+0x256/0x300 [ 1177.158128][T29349] madvise_walk_vmas+0x2fe/0xa90 [ 1177.158158][T29349] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1177.158187][T29349] ? __pfx_futex_hash+0x10/0x10 [ 1177.158229][T29349] madvise_do_behavior+0x1ea/0x510 [ 1177.158259][T29349] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1177.158289][T29349] ? down_read+0x13b/0x4c0 [ 1177.158322][T29349] ? __pfx_futex_wait+0x10/0x10 [ 1177.158353][T29349] do_madvise+0x195/0x240 [ 1177.158381][T29349] ? __pfx_do_madvise+0x10/0x10 [ 1177.158408][T29349] ? do_futex+0x190/0x440 [ 1177.158448][T29349] ? fdget+0x18b/0x210 [ 1177.158475][T29349] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1177.158513][T29349] __x64_sys_madvise+0xa9/0x110 [ 1177.158543][T29349] do_syscall_64+0x115/0x840 [ 1177.158574][T29349] ? clear_bhb_loop+0x40/0x90 [ 1177.158602][T29349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1177.158628][T29349] RIP: 0033:0x7f680ad9ce59 [ 1177.158650][T29349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1177.158675][T29349] RSP: 002b:00007f6808ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1177.158700][T29349] RAX: ffffffffffffffda RBX: 00007f680b016090 RCX: 00007f680ad9ce59 [ 1177.158718][T29349] RDX: 0000000000000015 RSI: 0000000000000081 RDI: 0000000000000000 [ 1177.158733][T29349] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1177.158749][T29349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1177.158765][T29349] R13: 00007f680b016128 R14: 00007f680b016090 R15: 00007fff0480d348 [ 1177.158789][T29349] [ 1177.648250][T28920] Bluetooth: hci3: command tx timeout [ 1177.805554][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.812038][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.704788][T29292] bridge0: port 1(bridge_slave_0) entered blocking state [ 1178.733349][T29292] bridge0: port 1(bridge_slave_0) entered disabled state [ 1178.751799][T29292] bridge_slave_0: entered allmulticast mode [ 1178.779305][T29292] bridge_slave_0: entered promiscuous mode [ 1178.811803][T29292] bridge0: port 2(bridge_slave_1) entered blocking state [ 1178.834693][T29292] bridge0: port 2(bridge_slave_1) entered disabled state [ 1178.858855][T29292] bridge_slave_1: entered allmulticast mode [ 1178.882060][T29292] bridge_slave_1: entered promiscuous mode [ 1178.996898][T29292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1179.044244][T29292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1179.147779][T29292] team0: Port device team_slave_0 added [ 1179.179946][T29292] team0: Port device team_slave_1 added [ 1179.339998][T29292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1179.375914][T29292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1179.478733][T29292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1179.527426][T29292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1179.555117][T29292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1179.639204][T29292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1179.726808][T28920] Bluetooth: hci3: command tx timeout [ 1179.764961][T29292] hsr_slave_0: entered promiscuous mode [ 1179.783772][T29292] hsr_slave_1: entered promiscuous mode [ 1179.806832][T29292] debugfs: 'hsr0' already exists in 'hsr' [ 1179.825684][T29292] Cannot create hsr debugfs directory [ 1180.500299][T29292] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1180.710011][T29292] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1180.741214][T29394] Process accounting paused [ 1180.851362][T29292] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1180.961802][T29292] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1181.711217][T29292] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1181.754253][T29292] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1181.786717][T29292] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1181.805548][T28920] Bluetooth: hci3: command tx timeout [ 1181.820020][T29292] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1181.842454][T29292] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1181.896689][T29292] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1181.930155][T29292] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1181.983448][T29292] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1182.468448][T29292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1182.550033][T29292] 8021q: adding VLAN 0 to HW filter on device team0 [ 1182.599742][T22467] bridge0: port 1(bridge_slave_0) entered blocking state [ 1182.607051][T22467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1182.702594][T22467] bridge0: port 2(bridge_slave_1) entered blocking state [ 1182.710075][T22467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1183.434916][T29437] kexec: Could not allocate control_code_buffer [ 1183.886928][T28920] Bluetooth: hci3: command tx timeout [ 1184.271218][T29484] FAULT_INJECTION: forcing a failure. [ 1184.271218][T29484] name failslab, interval 1, probability 0, space 0, times 0 [ 1184.373212][T29484] CPU: 0 UID: 0 PID: 29484 Comm: syz.3.4606 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1184.373255][T29484] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1184.373266][T29484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1184.373297][T29484] Call Trace: [ 1184.373306][T29484] [ 1184.373316][T29484] dump_stack_lvl+0x100/0x190 [ 1184.373362][T29484] should_fail_ex.cold+0x5/0xa [ 1184.373388][T29484] ? kmem_cache_alloc_lru_noprof+0x59/0x6e0 [ 1184.373439][T29484] should_failslab+0xc2/0x120 [ 1184.373462][T29484] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1184.373500][T29484] ? __d_alloc+0x35/0xa50 [ 1184.373529][T29484] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1184.373574][T29484] __d_alloc+0x35/0xa50 [ 1184.373602][T29484] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1184.373651][T29484] d_make_root+0x3e/0x90 [ 1184.373687][T29484] mqueue_fill_super+0x175/0x260 [ 1184.373726][T29484] get_tree_nodev+0xdd/0x190 [ 1184.373766][T29484] mqueue_get_tree+0xf1/0x130 [ 1184.373809][T29484] vfs_get_tree+0x92/0x320 [ 1184.373844][T29484] fc_mount_longterm+0x1a/0x270 [ 1184.373884][T29484] mq_init_ns+0x482/0x820 [ 1184.373910][T29484] copy_ipcs+0x3dd/0x7e0 [ 1184.373936][T29484] create_new_namespaces+0x20a/0xac0 [ 1184.373973][T29484] ? security_capable+0x80/0x260 [ 1184.374014][T29484] copy_namespaces+0x468/0x5e0 [ 1184.374062][T29484] copy_process+0x385f/0x7ff0 [ 1184.374117][T29484] ? __pfx_copy_process+0x10/0x10 [ 1184.374157][T29484] ? lock_release+0x24d/0x310 [ 1184.374192][T29484] ? _copy_from_user+0x59/0xd0 [ 1184.374228][T29484] kernel_clone+0x176/0x9d0 [ 1184.374268][T29484] ? __pfx_kernel_clone+0x10/0x10 [ 1184.374316][T29484] __do_sys_clone3+0x214/0x290 [ 1184.374338][T29484] ? __pfx___do_sys_clone3+0x10/0x10 [ 1184.374384][T29484] ? __fget_files+0x21f/0x3d0 [ 1184.374413][T29484] ? rcu_is_watching+0x12/0xc0 [ 1184.374455][T29484] do_syscall_64+0x115/0x840 [ 1184.374486][T29484] ? clear_bhb_loop+0x40/0x90 [ 1184.374515][T29484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1184.374541][T29484] RIP: 0033:0x7f680ad9ce59 [ 1184.374564][T29484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1184.374589][T29484] RSP: 002b:00007f680bb80ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1184.374615][T29484] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f680ad9ce59 [ 1184.374633][T29484] RDX: 00007f680bb80f10 RSI: 0000000000000058 RDI: 00007f680bb80f10 [ 1184.374649][T29484] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000058 [ 1184.374665][T29484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1184.374680][T29484] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1184.374705][T29484] [ 1185.597527][T29292] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1185.830942][T29292] veth0_vlan: entered promiscuous mode [ 1185.932352][T29292] veth1_vlan: entered promiscuous mode [ 1186.042609][T29292] veth0_macvtap: entered promiscuous mode [ 1186.092323][T29292] veth1_macvtap: entered promiscuous mode [ 1186.174499][T29292] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1186.222296][T29292] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1186.286634][T22467] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1186.343522][T22467] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1186.389095][T22467] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1186.459964][T22467] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1186.704030][T22467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1186.747236][T22467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1186.902311][T22467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1186.944669][T22467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1189.491619][T29597] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1189.864567][T29612] futex_wake_op: syz.0.4623 tries to shift op by -2048; fix this program [ 1190.035161][T29615] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4623'. [ 1190.080750][T29612] futex_wake_op: syz.0.4623 tries to shift op by -2048; fix this program [ 1190.428719][T29630] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1190.552146][T29630] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1191.384232][T29606] Process accounting resumed [ 1191.620942][T29664] usbcore.quirks: string doesn't fit in 127 chars. [ 1191.696742][T29661] mmap: syz.0.4630 (29661): VmData 46010368 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 1191.726015][T29665] .^: entered promiscuous mode [ 1192.119085][T29680] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1193.177284][T29717] FAULT_INJECTION: forcing a failure. [ 1193.177284][T29717] name failslab, interval 1, probability 0, space 0, times 0 [ 1193.242372][T29717] CPU: 0 UID: 0 PID: 29717 Comm: syz.2.4640 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1193.242415][T29717] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1193.242426][T29717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1193.242441][T29717] Call Trace: [ 1193.242450][T29717] [ 1193.242460][T29717] dump_stack_lvl+0x100/0x190 [ 1193.242504][T29717] should_fail_ex.cold+0x5/0xa [ 1193.242530][T29717] ? __kmalloc_cache_node_noprof+0x57/0x760 [ 1193.242573][T29717] should_failslab+0xc2/0x120 [ 1193.242595][T29717] __kmalloc_cache_node_noprof+0x7d/0x760 [ 1193.242635][T29717] ? kasan_save_free_info+0x3b/0x70 [ 1193.242664][T29717] ? __get_vm_area_node+0x101/0x330 [ 1193.242689][T29717] ? kfree+0x22b/0x6c0 [ 1193.242717][T29717] ? tomoyo_path_number_perm+0x46d/0x580 [ 1193.242748][T29717] __get_vm_area_node+0x101/0x330 [ 1193.242776][T29717] __vmalloc_node_range_noprof+0x228/0x1630 [ 1193.242805][T29717] ? dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.242847][T29717] ? dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.242876][T29717] ? trace_contention_end+0x126/0x160 [ 1193.242912][T29717] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1193.242942][T29717] ? __mutex_lock+0x26d/0x1bd0 [ 1193.242975][T29717] ? dvb_demux_do_ioctl+0x108/0x1200 [ 1193.243004][T29717] ? __pfx___mutex_lock+0x10/0x10 [ 1193.243037][T29717] ? dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.243063][T29717] __vmalloc_node_noprof+0xad/0xf0 [ 1193.243090][T29717] ? dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.243118][T29717] dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.243152][T29717] ? trace_irq_enable.constprop.0+0x122/0x160 [ 1193.243188][T29717] dvb_demux_do_ioctl+0xe64/0x1200 [ 1193.243218][T29717] dvb_usercopy+0x167/0x340 [ 1193.243322][T29717] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 1193.243349][T29717] ? __pfx_dvb_usercopy+0x10/0x10 [ 1193.243394][T29717] ? __fget_files+0x21f/0x3d0 [ 1193.243419][T29717] dvb_demux_ioctl+0x29/0x40 [ 1193.243458][T29717] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 1193.243499][T29717] __x64_sys_ioctl+0x18e/0x210 [ 1193.243535][T29717] do_syscall_64+0x115/0x840 [ 1193.243566][T29717] ? clear_bhb_loop+0x40/0x90 [ 1193.243595][T29717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.243621][T29717] RIP: 0033:0x7fedfe39ce59 [ 1193.243641][T29717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1193.243666][T29717] RSP: 002b:00007fedff272028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1193.243691][T29717] RAX: ffffffffffffffda RBX: 00007fedfe615fa0 RCX: 00007fedfe39ce59 [ 1193.243709][T29717] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 000000000000000a [ 1193.243725][T29717] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1193.243741][T29717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1193.243757][T29717] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1193.243781][T29717] [ 1193.590047][T29717] syz.2.4640: vmalloc error: size 8192, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1193.604180][T29717] CPU: 0 UID: 0 PID: 29717 Comm: syz.2.4640 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1193.604222][T29717] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1193.604233][T29717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1193.604249][T29717] Call Trace: [ 1193.604259][T29717] [ 1193.604269][T29717] dump_stack_lvl+0x100/0x190 [ 1193.604315][T29717] warn_alloc.cold+0x95/0x1c1 [ 1193.604341][T29717] ? __pfx_warn_alloc+0x10/0x10 [ 1193.604382][T29717] ? trace_kmalloc+0xeb/0x110 [ 1193.604409][T29717] ? __kmalloc_cache_node_noprof+0x2d9/0x760 [ 1193.604451][T29717] ? __kasan_kmalloc+0x8a/0xb0 [ 1193.604489][T29717] ? __get_vm_area_node+0x208/0x330 [ 1193.604517][T29717] __vmalloc_node_range_noprof+0xccd/0x1630 [ 1193.604551][T29717] ? dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.604581][T29717] ? trace_contention_end+0x126/0x160 [ 1193.604617][T29717] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1193.604646][T29717] ? __mutex_lock+0x26d/0x1bd0 [ 1193.604678][T29717] ? dvb_demux_do_ioctl+0x108/0x1200 [ 1193.604707][T29717] ? __pfx___mutex_lock+0x10/0x10 [ 1193.604740][T29717] ? dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.604766][T29717] __vmalloc_node_noprof+0xad/0xf0 [ 1193.604794][T29717] ? dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.604822][T29717] dvb_dmxdev_filter_start+0x914/0xdd0 [ 1193.604850][T29717] ? trace_irq_enable.constprop.0+0x122/0x160 [ 1193.604886][T29717] dvb_demux_do_ioctl+0xe64/0x1200 [ 1193.604916][T29717] dvb_usercopy+0x167/0x340 [ 1193.604955][T29717] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 1193.604981][T29717] ? __pfx_dvb_usercopy+0x10/0x10 [ 1193.605034][T29717] ? __fget_files+0x21f/0x3d0 [ 1193.605062][T29717] dvb_demux_ioctl+0x29/0x40 [ 1193.605101][T29717] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 1193.605142][T29717] __x64_sys_ioctl+0x18e/0x210 [ 1193.605178][T29717] do_syscall_64+0x115/0x840 [ 1193.605209][T29717] ? clear_bhb_loop+0x40/0x90 [ 1193.605237][T29717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.605263][T29717] RIP: 0033:0x7fedfe39ce59 [ 1193.605282][T29717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1193.605308][T29717] RSP: 002b:00007fedff272028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1193.605333][T29717] RAX: ffffffffffffffda RBX: 00007fedfe615fa0 RCX: 00007fedfe39ce59 [ 1193.605350][T29717] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 000000000000000a [ 1193.605366][T29717] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1193.605382][T29717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1193.605397][T29717] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1193.605421][T29717] [ 1193.605496][T29717] Mem-Info: [ 1193.915298][T29717] active_anon:16986 inactive_anon:12453 isolated_anon:0 [ 1193.915298][T29717] active_file:17386 inactive_file:41875 isolated_file:0 [ 1193.915298][T29717] unevictable:768 dirty:929 writeback:0 [ 1193.915298][T29717] slab_reclaimable:12941 slab_unreclaimable:101658 [ 1193.915298][T29717] mapped:25674 shmem:6937 pagetables:1492 [ 1193.915298][T29717] sec_pagetables:0 bounce:0 [ 1193.915298][T29717] kernel_misc_reclaimable:0 [ 1193.915298][T29717] free:1264562 free_pcp:25069 free_cma:0 [ 1194.007693][T29717] Node 0 active_anon:67880kB inactive_anon:49636kB active_file:69568kB inactive_file:167344kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102652kB dirty:3732kB writeback:0kB shmem:26096kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12576kB pagetables:5804kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 1194.090296][T29717] Node 1 active_anon:0kB inactive_anon:120kB active_file:4kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:32kB dirty:0kB writeback:0kB shmem:1656kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:96kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 1194.142591][T29717] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1194.211396][T29717] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1194.220209][T29717] Node 0 DMA32 free:1149580kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:67880kB inactive_anon:53744kB active_file:69568kB inactive_file:167344kB unevictable:1536kB writepending:3732kB zspages:1320kB present:3129332kB managed:2537140kB mlocked:0kB bounce:0kB free_pcp:38208kB local_pcp:38208kB free_cma:0kB [ 1194.296536][T29717] lowmem_reserve[]: 0 0 1 1 1 [ 1194.306643][T29717] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1092kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:16kB free_cma:0kB [ 1194.364176][T29717] lowmem_reserve[]: 0 0 0 0 0 [ 1194.369134][T29717] Node 1 Normal free:3897400kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:120kB active_file:4kB inactive_file:128kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:53460kB local_pcp:53460kB free_cma:0kB [ 1194.590189][T29717] lowmem_reserve[]: 0 0 0 0 0 [ 1194.619361][T29717] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1194.688622][T29717] Node 0 DMA32: 15670*4kB (UME) 10108*8kB (UME) 6615*16kB (UME) 1189*32kB (UME) 1588*64kB (UME) 755*128kB (UM) 694*256kB (UM) 363*512kB (UM) 160*1024kB (UME) 7*2048kB (UME) 30*4096kB (M) = 1150280kB [ 1194.830436][T29717] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1194.914288][T29717] Node 1 Normal: 2*4kB (UM) 2*8kB (UM) 0*16kB 1*32kB (U) 2*64kB (UM) 1*128kB (U) 3*256kB (U) 2*512kB (UM) 0*1024kB 2*2048kB (U) 950*4096kB (UM) = 3897400kB [ 1195.039988][T29717] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1195.097562][T29717] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1195.144434][T29717] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1195.189949][T29717] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1195.232032][T29717] 66293 total pagecache pages [ 1195.267003][T29717] 98 pages in swap cache [ 1195.273543][T29761] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1195.291593][T29717] Free swap = 114888kB [ 1195.315696][T29717] Total swap = 124996kB [ 1195.339612][T29717] 2097051 pages RAM [ 1195.357291][T29717] 0 pages HighMem/MovableOnly [ 1195.382857][T29717] 430878 pages reserved [ 1195.413869][T29717] 0 pages cma reserved [ 1196.658891][T29798] ubi0: attaching mtd6 [ 1196.677732][T29798] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65) [ 1197.621732][T29830] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4663'. [ 1198.574139][T29815] Process accounting resumed [ 1199.493214][T22465] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 10 with max blocks 2 with error 117 [ 1199.591059][T22465] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1199.591059][T22465] [ 1199.881777][T29883] could not allocate digest TFM handle [ 1200.359815][T29897] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4679'. [ 1200.406841][T29897] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1202.393754][T29987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4691'. [ 1202.677055][T29988] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1202.679638][T29973] ubi0: attaching mtd0 [ 1202.721321][T29973] ubi0: scanning is finished [ 1202.728746][T29973] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1202.925176][T29973] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1203.643040][T30017] FAULT_INJECTION: forcing a failure. [ 1203.643040][T30017] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.697772][T30017] CPU: 0 UID: 0 PID: 30017 Comm: syz.3.4697 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1203.697831][T30017] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1203.697846][T30017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1203.697868][T30017] Call Trace: [ 1203.697879][T30017] [ 1203.697892][T30017] dump_stack_lvl+0x100/0x190 [ 1203.697955][T30017] should_fail_ex.cold+0x5/0xa [ 1203.697995][T30017] ? __kmalloc_noprof+0xba/0x840 [ 1203.698042][T30017] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1203.698092][T30017] should_failslab+0xc2/0x120 [ 1203.698125][T30017] __kmalloc_noprof+0xe0/0x840 [ 1203.698166][T30017] ? kmem_cache_alloc_lru_noprof+0x246/0x6e0 [ 1203.698218][T30017] ? mqueue_alloc_inode+0x25/0x50 [ 1203.698277][T30017] ? alloc_inode+0x68/0x250 [ 1203.698321][T30017] memcg_list_lru_alloc+0x4ec/0x740 [ 1203.698373][T30017] ? copy_process+0x385f/0x7ff0 [ 1203.698427][T30017] ? kernel_clone+0x176/0x9d0 [ 1203.698488][T30017] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1203.698543][T30017] ? lock_release+0x24d/0x310 [ 1203.698586][T30017] __memcg_slab_post_alloc_hook+0x27e/0xff0 [ 1203.698641][T30017] ? kasan_save_track+0x14/0x30 [ 1203.698693][T30017] kmem_cache_alloc_lru_noprof+0x58c/0x6e0 [ 1203.698742][T30017] ? mqueue_alloc_inode+0x25/0x50 [ 1203.698794][T30017] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 1203.698847][T30017] mqueue_alloc_inode+0x25/0x50 [ 1203.698897][T30017] alloc_inode+0x68/0x250 [ 1203.698940][T30017] new_inode+0x22/0x1c0 [ 1203.698980][T30017] ? refcount_dec_not_one+0x136/0x1c0 [ 1203.699025][T30017] mqueue_get_inode+0x2e/0xe00 [ 1203.699077][T30017] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1203.699126][T30017] mqueue_fill_super+0x14d/0x260 [ 1203.699171][T30017] get_tree_nodev+0xdd/0x190 [ 1203.699216][T30017] mqueue_get_tree+0xf1/0x130 [ 1203.699258][T30017] vfs_get_tree+0x92/0x320 [ 1203.699297][T30017] fc_mount_longterm+0x1a/0x270 [ 1203.699340][T30017] mq_init_ns+0x482/0x820 [ 1203.699369][T30017] copy_ipcs+0x3dd/0x7e0 [ 1203.699402][T30017] create_new_namespaces+0x20a/0xac0 [ 1203.699444][T30017] ? security_capable+0x80/0x260 [ 1203.699491][T30017] copy_namespaces+0x468/0x5e0 [ 1203.699532][T30017] copy_process+0x385f/0x7ff0 [ 1203.699587][T30017] ? __pfx_copy_process+0x10/0x10 [ 1203.699640][T30017] ? lock_release+0x24d/0x310 [ 1203.699681][T30017] ? _copy_from_user+0x59/0xd0 [ 1203.699722][T30017] kernel_clone+0x176/0x9d0 [ 1203.699770][T30017] ? __pfx_kernel_clone+0x10/0x10 [ 1203.699825][T30017] __do_sys_clone3+0x214/0x290 [ 1203.699852][T30017] ? __pfx___do_sys_clone3+0x10/0x10 [ 1203.699906][T30017] ? __fget_files+0x21f/0x3d0 [ 1203.699939][T30017] ? rcu_is_watching+0x12/0xc0 [ 1203.699987][T30017] do_syscall_64+0x115/0x840 [ 1203.700024][T30017] ? clear_bhb_loop+0x40/0x90 [ 1203.700057][T30017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.700087][T30017] RIP: 0033:0x7f680ad9ce59 [ 1203.700110][T30017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1203.700142][T30017] RSP: 002b:00007f680bb80ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1203.700172][T30017] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f680ad9ce59 [ 1203.700192][T30017] RDX: 00007f680bb80f10 RSI: 0000000000000058 RDI: 00007f680bb80f10 [ 1203.700212][T30017] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000058 [ 1203.700231][T30017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1203.700249][T30017] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1203.700278][T30017] [ 1205.348360][T30057] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4705'. [ 1206.093737][T30064] zswap: compressor not available [ 1207.231960][T30114] bond0: invalid ARP target specified [ 1210.010383][T30179] random: crng reseeded on system resumption [ 1211.799655][T30215] FAULT_INJECTION: forcing a failure. [ 1211.799655][T30215] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.824844][T30215] CPU: 1 UID: 0 PID: 30215 Comm: syz.2.4741 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1211.824888][T30215] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1211.824899][T30215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1211.824915][T30215] Call Trace: [ 1211.824925][T30215] [ 1211.824935][T30215] dump_stack_lvl+0x100/0x190 [ 1211.825004][T30215] should_fail_ex.cold+0x5/0xa [ 1211.825042][T30215] ? __kmalloc_noprof+0xba/0x840 [ 1211.825076][T30215] ? __register_sysctl_table+0xbe4/0x1650 [ 1211.825106][T30215] should_failslab+0xc2/0x120 [ 1211.825130][T30215] __kmalloc_noprof+0xe0/0x840 [ 1211.825160][T30215] ? lock_release+0x24d/0x310 [ 1211.825195][T30215] __register_sysctl_table+0xbe4/0x1650 [ 1211.825230][T30215] ? __pfx___register_sysctl_table+0x10/0x10 [ 1211.825260][T30215] ? mq_init_ns+0x450/0x820 [ 1211.825285][T30215] ? __asan_memcpy+0x3c/0x60 [ 1211.825319][T30215] setup_ipc_sysctls+0x1aa/0x300 [ 1211.825369][T30215] copy_ipcs+0x57a/0x7e0 [ 1211.825395][T30215] create_new_namespaces+0x20a/0xac0 [ 1211.825433][T30215] ? security_capable+0x80/0x260 [ 1211.825475][T30215] copy_namespaces+0x468/0x5e0 [ 1211.825512][T30215] copy_process+0x385f/0x7ff0 [ 1211.825559][T30215] ? __pfx_copy_process+0x10/0x10 [ 1211.825598][T30215] ? lock_release+0x24d/0x310 [ 1211.825632][T30215] ? _copy_from_user+0x59/0xd0 [ 1211.825667][T30215] kernel_clone+0x176/0x9d0 [ 1211.825707][T30215] ? __pfx_kernel_clone+0x10/0x10 [ 1211.825746][T30215] ? futex_private_hash_put+0x115/0x1c0 [ 1211.825784][T30215] ? __pfx_futex_wake+0x10/0x10 [ 1211.825811][T30215] __do_sys_clone3+0x214/0x290 [ 1211.825839][T30215] ? __pfx___do_sys_clone3+0x10/0x10 [ 1211.825894][T30215] ? __fget_files+0x21f/0x3d0 [ 1211.825924][T30215] ? rcu_is_watching+0x12/0xc0 [ 1211.825966][T30215] do_syscall_64+0x115/0x840 [ 1211.825999][T30215] ? clear_bhb_loop+0x40/0x90 [ 1211.826027][T30215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.826054][T30215] RIP: 0033:0x7fedfe39ce59 [ 1211.826074][T30215] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1211.826100][T30215] RSP: 002b:00007fedff271ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1211.826124][T30215] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fedfe39ce59 [ 1211.826141][T30215] RDX: 00007fedff271f10 RSI: 0000000000000058 RDI: 00007fedff271f10 [ 1211.826158][T30215] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000058 [ 1211.826174][T30215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1211.826190][T30215] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1211.826214][T30215] [ 1211.829254][T30215] sysctl could not get directory: /kernel -12 [ 1212.309463][T30173] Process accounting resumed [ 1212.479069][T30222] random: crng reseeded on system resumption [ 1212.786614][T30229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4745'. [ 1214.970521][T30276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4754'. [ 1214.975246][T28920] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1216.967383][T30345] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input88 [ 1217.022833][T15657] Bluetooth: hci4: command 0x0406 tx timeout [ 1217.404497][T30353] smpboot: CPU 1 is now offline [ 1217.605160][T30357] FAULT_INJECTION: forcing a failure. [ 1217.605160][T30357] name failslab, interval 1, probability 0, space 0, times 0 [ 1217.690543][T30357] CPU: 0 UID: 0 PID: 30357 Comm: syz.3.4770 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1217.690587][T30357] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1217.690597][T30357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1217.690613][T30357] Call Trace: [ 1217.690622][T30357] [ 1217.690632][T30357] dump_stack_lvl+0x100/0x190 [ 1217.690677][T30357] should_fail_ex.cold+0x5/0xa [ 1217.690703][T30357] ? kmem_cache_alloc_noprof+0x54/0x6d0 [ 1217.690742][T30357] should_failslab+0xc2/0x120 [ 1217.690765][T30357] kmem_cache_alloc_noprof+0x7b/0x6d0 [ 1217.690801][T30357] ? alloc_empty_file+0x5b/0x1c0 [ 1217.690832][T30357] ? __pfx_stack_trace_save+0x10/0x10 [ 1217.690864][T30357] alloc_empty_file+0x5b/0x1c0 [ 1217.690896][T30357] path_openat+0xe7/0x4280 [ 1217.690919][T30357] ? kasan_save_stack+0x3f/0x50 [ 1217.690955][T30357] ? kasan_save_stack+0x30/0x50 [ 1217.690992][T30357] ? kasan_save_track+0x14/0x30 [ 1217.691028][T30357] ? __kasan_slab_alloc+0x89/0x90 [ 1217.691066][T30357] ? kmem_cache_alloc_noprof+0x241/0x6d0 [ 1217.691102][T30357] ? do_getname+0x35/0x390 [ 1217.691131][T30357] ? do_sys_openat2+0xc7/0x1e0 [ 1217.691163][T30357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1217.691192][T30357] ? __pfx_path_openat+0x10/0x10 [ 1217.691220][T30357] do_file_open+0x20e/0x430 [ 1217.691246][T30357] ? __pfx_do_file_open+0x10/0x10 [ 1217.691280][T30357] ? alloc_fd+0x471/0x7a0 [ 1217.691303][T30357] ? do_getname+0x191/0x390 [ 1217.691335][T30357] do_sys_openat2+0x10f/0x1e0 [ 1217.691374][T30357] ? __pfx_do_sys_openat2+0x10/0x10 [ 1217.691408][T30357] ? fdget+0x18b/0x210 [ 1217.691432][T30357] __x64_sys_openat+0x12d/0x210 [ 1217.691465][T30357] ? __pfx___x64_sys_openat+0x10/0x10 [ 1217.691502][T30357] ? rcu_is_watching+0x12/0xc0 [ 1217.691544][T30357] do_syscall_64+0x115/0x840 [ 1217.691576][T30357] ? clear_bhb_loop+0x40/0x90 [ 1217.691604][T30357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1217.691630][T30357] RIP: 0033:0x7f680ad9ce59 [ 1217.691650][T30357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1217.691676][T30357] RSP: 002b:00007f680bb81028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1217.691701][T30357] RAX: ffffffffffffffda RBX: 00007f680b015fa0 RCX: 00007f680ad9ce59 [ 1217.691719][T30357] RDX: 0000000000088000 RSI: 0000200000001a00 RDI: ffffffffffffff9c [ 1217.691735][T30357] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1217.691752][T30357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1217.691767][T30357] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1217.691791][T30357] [ 1219.107454][T28920] Bluetooth: hci4: command 0x0406 tx timeout [ 1219.643671][T30386] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4775'. [ 1220.036514][T30395] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4777'. [ 1220.291176][T30402] ptrace attach of ""[30403] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[30402] [ 1220.916047][T30401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4779'. [ 1220.970240][T30401] netlink: 'syz.0.4779': attribute type 1 has an invalid length. [ 1221.024437][T30401] netlink: 13 bytes leftover after parsing attributes in process `syz.0.4779'. [ 1222.503387][T30449] blktrace: Concurrent blktraces are not allowed on nbd5 [ 1222.914596][T30431] Process accounting paused [ 1223.259643][T30471] FAULT_INJECTION: forcing a failure. [ 1223.259643][T30471] name failslab, interval 1, probability 0, space 0, times 0 [ 1223.321900][T30474] input: f as /devices/virtual/input/input89 [ 1223.340206][T30471] CPU: 0 UID: 0 PID: 30471 Comm: syz.2.4792 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1223.340253][T30471] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1223.340263][T30471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1223.340279][T30471] Call Trace: [ 1223.340287][T30471] [ 1223.340297][T30471] dump_stack_lvl+0x100/0x190 [ 1223.340342][T30471] should_fail_ex.cold+0x5/0xa [ 1223.340368][T30471] ? __kmalloc_cache_noprof+0x53/0x6e0 [ 1223.340414][T30471] should_failslab+0xc2/0x120 [ 1223.340440][T30471] __kmalloc_cache_noprof+0x7a/0x6e0 [ 1223.340471][T30471] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 1223.340596][T30471] ? kasan_record_aux_stack+0xa7/0xc0 [ 1223.340626][T30471] ? __call_rcu_common.constprop.0+0xa5/0x9b0 [ 1223.340662][T30471] ? kmem_cache_free+0x43e/0x6b0 [ 1223.340696][T30471] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 1223.340736][T30471] ? rcu_is_watching+0x12/0xc0 [ 1223.340776][T30471] ? trace_contention_end+0x126/0x160 [ 1223.340811][T30471] ? snd_pcm_oss_sync+0x243/0x840 [ 1223.340847][T30471] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1223.340887][T30471] ? __pfx___mutex_lock+0x10/0x10 [ 1223.340923][T30471] ? __fsnotify_parent+0x2b4/0xd00 [ 1223.340955][T30471] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1223.340992][T30471] snd_pcm_oss_sync+0x265/0x840 [ 1223.341033][T30471] snd_pcm_oss_release+0x238/0x300 [ 1223.341069][T30471] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1223.341106][T30471] __fput+0x3ff/0xb50 [ 1223.341137][T30471] task_work_run+0x150/0x240 [ 1223.341168][T30471] ? __pfx_task_work_run+0x10/0x10 [ 1223.341198][T30471] ? rcu_is_watching+0x12/0xc0 [ 1223.341240][T30471] exit_to_user_mode_loop+0x1d8/0x6f0 [ 1223.341275][T30471] ? rcu_is_watching+0x12/0xc0 [ 1223.341316][T30471] do_syscall_64+0x652/0x840 [ 1223.341347][T30471] ? clear_bhb_loop+0x40/0x90 [ 1223.341376][T30471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1223.341409][T30471] RIP: 0033:0x7fedfe39ce59 [ 1223.341435][T30471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1223.341462][T30471] RSP: 002b:00007fedff272028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1223.341486][T30471] RAX: 0000000000000000 RBX: 00007fedfe615fa0 RCX: 00007fedfe39ce59 [ 1223.341503][T30471] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1223.341518][T30471] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1223.341534][T30471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1223.341550][T30471] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1223.341574][T30471] [ 1223.654305][T30478] netlink: 4394 bytes leftover after parsing attributes in process `syz.2.4792'. [ 1223.963921][T15657] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1224.359654][T30514] netlink: 286 bytes leftover after parsing attributes in process `syz.3.4800'. [ 1224.376782][T30497] zswap: compressor not available [ 1225.987701][T15657] Bluetooth: hci4: command 0x0406 tx timeout [ 1226.501220][T30548] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4808'. [ 1227.700899][T30568] random: crng reseeded on system resumption [ 1228.070205][T28920] Bluetooth: hci4: command 0x0406 tx timeout [ 1228.415082][T30583] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4814'. [ 1229.282553][T30580] Process accounting paused [ 1230.870738][T16695] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 10 with max blocks 3 with error 117 [ 1230.961589][T16695] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1230.961589][T16695] [ 1231.098517][T30593] block nbd2: not configured, cannot reconfigure [ 1231.562632][T30646] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4825'. [ 1231.827127][T30651] FAULT_INJECTION: forcing a failure. [ 1231.827127][T30651] name failslab, interval 1, probability 0, space 0, times 0 [ 1231.925784][T30651] CPU: 0 UID: 0 PID: 30651 Comm: syz.3.4826 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1231.925826][T30651] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1231.925836][T30651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1231.925851][T30651] Call Trace: [ 1231.925859][T30651] [ 1231.925868][T30651] dump_stack_lvl+0x100/0x190 [ 1231.925911][T30651] should_fail_ex.cold+0x5/0xa [ 1231.925936][T30651] ? kmem_cache_alloc_noprof+0x54/0x6d0 [ 1231.925972][T30651] should_failslab+0xc2/0x120 [ 1231.925994][T30651] kmem_cache_alloc_noprof+0x7b/0x6d0 [ 1231.926028][T30651] ? __anon_vma_prepare+0x344/0x5e0 [ 1231.926061][T30651] __anon_vma_prepare+0x344/0x5e0 [ 1231.926089][T30651] ? __pfx___pte_alloc+0x10/0x10 [ 1231.926111][T30651] __vmf_anon_prepare+0x11f/0x250 [ 1231.926135][T30651] do_anonymous_page+0x536/0x2050 [ 1231.926169][T30651] __handle_mm_fault+0x1d2c/0x2a00 [ 1231.926201][T30651] ? mt_find+0x45e/0x8e0 [ 1231.926235][T30651] ? __pfx___handle_mm_fault+0x10/0x10 [ 1231.926264][T30651] ? __pfx_mt_find+0x10/0x10 [ 1231.926304][T30651] ? find_vma+0xbf/0x140 [ 1231.926322][T30651] ? __pfx_find_vma+0x10/0x10 [ 1231.926360][T30651] handle_mm_fault+0x37b/0xa30 [ 1231.926392][T30651] __get_user_pages+0x1178/0x32a0 [ 1231.926420][T30651] ? rcu_is_watching+0x12/0xc0 [ 1231.926457][T30651] ? percpu_counter_add_batch+0xb9/0x230 [ 1231.926489][T30651] ? __pfx___get_user_pages+0x10/0x10 [ 1231.926512][T30651] ? rcu_is_watching+0x12/0xc0 [ 1231.926548][T30651] ? lock_acquire+0x301/0x370 [ 1231.926580][T30651] get_user_pages_remote+0x3d2/0xb10 [ 1231.926606][T30651] ? __pfx_get_user_pages_remote+0x10/0x10 [ 1231.926636][T30651] get_arg_page+0xf4/0x310 [ 1231.926669][T30651] ? __pfx_get_arg_page+0x10/0x10 [ 1231.926707][T30651] ? do_raw_spin_lock+0x128/0x260 [ 1231.926744][T30651] ? rcu_is_watching+0x12/0xc0 [ 1231.926780][T30651] ? alloc_bprm+0x548/0x9d0 [ 1231.926814][T30651] copy_string_kernel+0x17d/0x3f0 [ 1231.926848][T30651] ? alloc_bprm+0x590/0x9d0 [ 1231.926883][T30651] do_execveat_common.isra.0+0x2e6/0x580 [ 1231.926922][T30651] __x64_sys_execve+0x93/0xd0 [ 1231.926958][T30651] do_syscall_64+0x115/0x840 [ 1231.926987][T30651] ? clear_bhb_loop+0x40/0x90 [ 1231.927014][T30651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.927038][T30651] RIP: 0033:0x7f680ad9ce59 [ 1231.927057][T30651] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1231.927080][T30651] RSP: 002b:00007f680bb81028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 1231.927103][T30651] RAX: ffffffffffffffda RBX: 00007f680b015fa0 RCX: 00007f680ad9ce59 [ 1231.927122][T30651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140 [ 1231.927136][T30651] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1231.927151][T30651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1231.927165][T30651] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1231.927188][T30651] [ 1233.419413][T30656] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1233.439826][T30656] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1233.476031][T30656] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1233.526811][T30656] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1235.032160][T15657] Bluetooth: hci4: command 0x0406 tx timeout [ 1235.512044][T15657] Bluetooth: hci3: command 0x0c1a tx timeout [ 1235.627976][T30707] ubi0: attaching mtd0 [ 1235.649812][T30707] ubi0: scanning is finished [ 1235.683145][T30707] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1235.840888][T30735] FAULT_INJECTION: forcing a failure. [ 1235.840888][T30735] name failslab, interval 1, probability 0, space 0, times 0 [ 1235.893143][T30707] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1235.920493][T30735] CPU: 0 UID: 0 PID: 30735 Comm: syz.3.4843 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1235.920538][T30735] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1235.920548][T30735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1235.920565][T30735] Call Trace: [ 1235.920573][T30735] [ 1235.920583][T30735] dump_stack_lvl+0x100/0x190 [ 1235.920629][T30735] should_fail_ex.cold+0x5/0xa [ 1235.920655][T30735] ? kmem_cache_alloc_node_noprof+0x5b/0x6f0 [ 1235.920696][T30735] should_failslab+0xc2/0x120 [ 1235.920719][T30735] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1235.920757][T30735] ? __alloc_skb+0x140/0x710 [ 1235.920797][T30735] ? __alloc_skb+0x5b7/0x710 [ 1235.920837][T30735] __alloc_skb+0x140/0x710 [ 1235.920875][T30735] ? __alloc_skb+0x5b7/0x710 [ 1235.920925][T30735] ? __pfx___alloc_skb+0x10/0x10 [ 1235.920969][T30735] qrtr_alloc_ctrl_packet+0x21/0xf0 [ 1235.921094][T30735] qrtr_port_remove+0xdb/0x3e0 [ 1235.921130][T30735] ? __pfx_qrtr_port_remove+0x10/0x10 [ 1235.921166][T30735] ? do_raw_write_lock+0x11e/0x260 [ 1235.921205][T30735] ? qrtr_release+0x196/0x380 [ 1235.921240][T30735] ? rcu_is_watching+0x12/0xc0 [ 1235.921280][T30735] ? qrtr_release+0x196/0x380 [ 1235.921313][T30735] ? trace_irq_enable.constprop.0+0x122/0x160 [ 1235.921350][T30735] qrtr_release+0x2c1/0x380 [ 1235.921385][T30735] __sock_release+0xb3/0x260 [ 1235.921412][T30735] ? __pfx_sock_close+0x10/0x10 [ 1235.921437][T30735] sock_close+0x1c/0x30 [ 1235.921460][T30735] __fput+0x3ff/0xb50 [ 1235.921495][T30735] task_work_run+0x150/0x240 [ 1235.921525][T30735] ? __pfx_task_work_run+0x10/0x10 [ 1235.921556][T30735] ? rcu_is_watching+0x12/0xc0 [ 1235.921597][T30735] exit_to_user_mode_loop+0x1d8/0x6f0 [ 1235.921632][T30735] ? rcu_is_watching+0x12/0xc0 [ 1235.921672][T30735] do_syscall_64+0x652/0x840 [ 1235.921703][T30735] ? clear_bhb_loop+0x40/0x90 [ 1235.921731][T30735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.921758][T30735] RIP: 0033:0x7f680ad9ce59 [ 1235.921778][T30735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1235.921803][T30735] RSP: 002b:00007f680bb81028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1235.921829][T30735] RAX: 0000000000000000 RBX: 00007f680b015fa0 RCX: 00007f680ad9ce59 [ 1235.921846][T30735] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1235.921861][T30735] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1235.921877][T30735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1235.921892][T30735] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1235.921924][T30735] [ 1236.457884][T30707] FAULT_INJECTION: forcing a failure. [ 1236.457884][T30707] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1236.471626][T30707] CPU: 0 UID: 0 PID: 30707 Comm: syz.2.4837 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1236.471668][T30707] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1236.471677][T30707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1236.471693][T30707] Call Trace: [ 1236.471701][T30707] [ 1236.471709][T30707] dump_stack_lvl+0x100/0x190 [ 1236.471754][T30707] should_fail_ex.cold+0x5/0xa [ 1236.471781][T30707] should_fail_alloc_page+0xeb/0x140 [ 1236.471805][T30707] prepare_alloc_pages+0x1f0/0x5f0 [ 1236.471832][T30707] __alloc_frozen_pages_noprof+0x19a/0x2b60 [ 1236.471867][T30707] ? rcu_is_watching+0x12/0xc0 [ 1236.471906][T30707] ? trace_kmem_cache_alloc+0xdd/0x100 [ 1236.471931][T30707] ? kmem_cache_alloc_lru_noprof+0x297/0x6e0 [ 1236.471966][T30707] ? xas_alloc+0x350/0x460 [ 1236.471996][T30707] ? __css_rstat_updated+0x1ce/0x5a0 [ 1236.472026][T30707] ? __css_rstat_updated+0x1ce/0x5a0 [ 1236.472057][T30707] ? __css_rstat_updated+0x1ce/0x5a0 [ 1236.472085][T30707] ? __pfx___css_rstat_updated+0x10/0x10 [ 1236.472116][T30707] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1236.472153][T30707] ? do_raw_spin_lock+0x128/0x260 [ 1236.472188][T30707] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1236.472224][T30707] ? __dquot_alloc_space+0x937/0xe00 [ 1236.472252][T30707] ? do_raw_spin_unlock+0x145/0x1e0 [ 1236.472304][T30707] ? _raw_spin_unlock+0x28/0x50 [ 1236.472329][T30707] ? __dquot_alloc_space+0x519/0xe00 [ 1236.472356][T30707] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1236.472384][T30707] ? policy_nodemask+0xed/0x4f0 [ 1236.472408][T30707] alloc_pages_mpol+0x1fb/0x540 [ 1236.472431][T30707] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1236.472454][T30707] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 1236.472491][T30707] ? rcu_is_watching+0x12/0xc0 [ 1236.472528][T30707] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 1236.472563][T30707] ? lock_release+0x24d/0x310 [ 1236.472594][T30707] folio_alloc_mpol_noprof+0x36/0x260 [ 1236.472623][T30707] shmem_alloc_folio+0x135/0x160 [ 1236.472652][T30707] shmem_alloc_and_add_folio+0x371/0xd40 [ 1236.472689][T30707] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1236.472726][T30707] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 1236.472764][T30707] shmem_get_folio_gfp+0x6ab/0x1900 [ 1236.472802][T30707] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1236.472837][T30707] ? filemap_map_pages+0x9c1/0x20a0 [ 1236.472873][T30707] shmem_fault+0x1f9/0xa20 [ 1236.472905][T30707] ? rcu_read_unlock+0x2d/0xb0 [ 1236.472938][T30707] ? __pfx_shmem_fault+0x10/0x10 [ 1236.472973][T30707] ? __pfx_filemap_map_pages+0x10/0x10 [ 1236.473011][T30707] __do_fault+0x10b/0x440 [ 1236.473047][T30707] do_fault+0xa99/0x1750 [ 1236.473073][T30707] __handle_mm_fault+0x187d/0x2a00 [ 1236.473106][T30707] ? mt_find+0x45e/0x8e0 [ 1236.473140][T30707] ? __pfx___handle_mm_fault+0x10/0x10 [ 1236.473172][T30707] ? __pfx_mt_find+0x10/0x10 [ 1236.473213][T30707] ? find_vma+0xbf/0x140 [ 1236.473233][T30707] ? __pfx_find_vma+0x10/0x10 [ 1236.473280][T30707] handle_mm_fault+0x37b/0xa30 [ 1236.473312][T30707] do_user_addr_fault+0x74c/0x12f0 [ 1236.473343][T30707] exc_page_fault+0x6f/0xd0 [ 1236.473371][T30707] asm_exc_page_fault+0x26/0x30 [ 1236.473394][T30707] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 1236.473436][T30707] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1236.473460][T30707] RSP: 0018:ffffc900057178a8 EFLAGS: 00050206 [ 1236.473480][T30707] RAX: 0000000000000001 RBX: ffff888089db8000 RCX: 0000000000001080 [ 1236.473496][T30707] RDX: 0000000000000001 RSI: 0000000000453000 RDI: ffff888089dbcd80 [ 1236.473512][T30707] RBP: 000000000044e280 R08: 0000000000000001 R09: ffffed10113b7bbf [ 1236.473528][T30707] R10: ffff888089dbddff R11: 0000000000000000 R12: ffffc90005717c50 [ 1236.473544][T30707] R13: 000000000044e280 R14: 0000000000005e00 R15: 0000000000000000 [ 1236.473566][T30707] _copy_from_iter+0x355/0x1690 [ 1236.473601][T30707] ? __pfx_tcp_leave_memory_pressure+0x10/0x10 [ 1236.473711][T30707] ? sk_leave_memory_pressure+0x81/0x140 [ 1236.473744][T30707] ? __pfx__copy_from_iter+0x10/0x10 [ 1236.473776][T30707] ? alloc_pages_noprof+0xf9/0x160 [ 1236.473805][T30707] ? __sk_mem_schedule+0xd0/0x100 [ 1236.473832][T30707] tcp_sendmsg_locked+0xc8c/0x44b0 [ 1236.473879][T30707] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 1236.473919][T30707] ? do_raw_spin_lock+0x128/0x260 [ 1236.473955][T30707] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1236.473992][T30707] ? tcp_sendmsg+0x20/0x50 [ 1236.474028][T30707] ? rcu_is_watching+0x12/0xc0 [ 1236.474065][T30707] ? tcp_sendmsg+0x20/0x50 [ 1236.474100][T30707] ? trace_irq_enable.constprop.0+0x122/0x160 [ 1236.474136][T30707] tcp_sendmsg+0x2e/0x50 [ 1236.474171][T30707] ? __pfx_tcp_sendmsg+0x10/0x10 [ 1236.474208][T30707] inet_sendmsg+0xb9/0x140 [ 1236.474245][T30707] sock_write_iter+0x4cb/0x580 [ 1236.474281][T30707] ? __pfx_inet_sendmsg+0x10/0x10 [ 1236.474317][T30707] ? __pfx_sock_write_iter+0x10/0x10 [ 1236.474351][T30707] ? bpf_lsm_file_permission+0x9/0x10 [ 1236.474385][T30707] ? security_file_permission+0x76/0x210 [ 1236.474416][T30707] ? rw_verify_area+0xce/0x6d0 [ 1236.474451][T30707] vfs_write+0x6ac/0x1050 [ 1236.474489][T30707] ? __pfx_sock_write_iter+0x10/0x10 [ 1236.474520][T30707] ? __pfx_vfs_write+0x10/0x10 [ 1236.474558][T30707] ? lock_release+0x24d/0x310 [ 1236.474595][T30707] ksys_write+0x1f8/0x250 [ 1236.474616][T30707] ? __pfx_ksys_write+0x10/0x10 [ 1236.474638][T30707] ? rcu_is_watching+0x12/0xc0 [ 1236.474677][T30707] do_syscall_64+0x115/0x840 [ 1236.474706][T30707] ? clear_bhb_loop+0x40/0x90 [ 1236.474733][T30707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1236.474758][T30707] RIP: 0033:0x7fedfe39ce59 [ 1236.474777][T30707] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1236.474800][T30707] RSP: 002b:00007fedff272028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1236.474821][T30707] RAX: ffffffffffffffda RBX: 00007fedfe615fa0 RCX: 00007fedfe39ce59 [ 1236.474838][T30707] RDX: 000000007fffffff RSI: 0000000000000000 RDI: 0000000000000003 [ 1236.474852][T30707] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1236.474868][T30707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1236.474883][T30707] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1236.474906][T30707] [ 1237.816268][T15657] Bluetooth: hci3: command 0x0c1a tx timeout [ 1238.778701][T30776] FAULT_INJECTION: forcing a failure. [ 1238.778701][T30776] name failslab, interval 1, probability 0, space 0, times 0 [ 1238.807711][T30776] CPU: 0 UID: 0 PID: 30776 Comm: syz.2.4854 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1238.807758][T30776] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1238.807769][T30776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1238.807786][T30776] Call Trace: [ 1238.807796][T30776] [ 1238.807805][T30776] dump_stack_lvl+0x100/0x190 [ 1238.807859][T30776] should_fail_ex.cold+0x5/0xa [ 1238.807888][T30776] ? __kmalloc_noprof+0xba/0x840 [ 1238.807923][T30776] ? __register_sysctl_table+0xac/0x1650 [ 1238.807954][T30776] should_failslab+0xc2/0x120 [ 1238.807979][T30776] __kmalloc_noprof+0xe0/0x840 [ 1238.808012][T30776] __register_sysctl_table+0xac/0x1650 [ 1238.808041][T30776] ? rcu_is_watching+0x12/0xc0 [ 1238.808204][T30776] ? trace_kmalloc+0xeb/0x110 [ 1238.808242][T30776] ? __pfx___register_sysctl_table+0x10/0x10 [ 1238.808275][T30776] ? mq_init_ns+0x450/0x820 [ 1238.808303][T30776] ? __asan_memcpy+0x3c/0x60 [ 1238.808337][T30776] setup_mq_sysctls+0x124/0x240 [ 1238.808368][T30776] copy_ipcs+0x524/0x7e0 [ 1238.808395][T30776] create_new_namespaces+0x20a/0xac0 [ 1238.808433][T30776] ? security_capable+0x80/0x260 [ 1238.808474][T30776] copy_namespaces+0x468/0x5e0 [ 1238.808510][T30776] copy_process+0x385f/0x7ff0 [ 1238.808558][T30776] ? __pfx_copy_process+0x10/0x10 [ 1238.808597][T30776] ? lock_release+0x24d/0x310 [ 1238.808632][T30776] ? _copy_from_user+0x59/0xd0 [ 1238.808667][T30776] kernel_clone+0x176/0x9d0 [ 1238.808708][T30776] ? __pfx_kernel_clone+0x10/0x10 [ 1238.808747][T30776] ? futex_private_hash_put+0x115/0x1c0 [ 1238.808786][T30776] ? __pfx_futex_wake+0x10/0x10 [ 1238.808821][T30776] __do_sys_clone3+0x214/0x290 [ 1238.808849][T30776] ? __pfx___do_sys_clone3+0x10/0x10 [ 1238.808897][T30776] ? __fget_files+0x21f/0x3d0 [ 1238.808933][T30776] ? rcu_is_watching+0x12/0xc0 [ 1238.808975][T30776] do_syscall_64+0x115/0x840 [ 1238.809007][T30776] ? clear_bhb_loop+0x40/0x90 [ 1238.809037][T30776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1238.809067][T30776] RIP: 0033:0x7fedfe39ce59 [ 1238.809089][T30776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1238.809115][T30776] RSP: 002b:00007fedff271ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1238.809147][T30776] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fedfe39ce59 [ 1238.809164][T30776] RDX: 00007fedff271f10 RSI: 0000000000000058 RDI: 00007fedff271f10 [ 1238.809180][T30776] RBP: 00007fedfe432d6f R08: 0000000000000000 R09: 0000000000000058 [ 1238.809197][T30776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1238.809213][T30776] R13: 00007fedfe616038 R14: 00007fedfe615fa0 R15: 00007ffc8879f618 [ 1238.809237][T30776] [ 1239.292140][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.303098][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.741433][T30796] random: crng reseeded on system resumption [ 1239.823655][T28920] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1239.833494][T28920] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1239.841274][T28920] Bluetooth: hci3: command 0x0c1a tx timeout [ 1239.848290][T30799] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1239.857008][T30799] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1239.868860][T30799] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1240.152178][T30804] futex_wake_op: syz.1.4858 tries to shift op by -2048; fix this program [ 1240.211304][T30804] futex_wake_op: syz.1.4858 tries to shift op by -2048; fix this program [ 1240.243836][T30810] 0x000000000001-0x000000020000 : "" [ 1240.317438][T30810] ftl_cs: FTL header corrupt! [ 1241.329677][T30834] netlink: NAT attribute has 5 unknown bytes [ 1241.673897][T30854] FAULT_INJECTION: forcing a failure. [ 1241.673897][T30854] name failslab, interval 1, probability 0, space 0, times 0 [ 1241.725441][T30797] bridge0: port 1(bridge_slave_0) entered blocking state [ 1241.742822][T30854] CPU: 0 UID: 0 PID: 30854 Comm: syz.1.4864 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1241.742877][T30854] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1241.742887][T30854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1241.742903][T30854] Call Trace: [ 1241.742912][T30854] [ 1241.742922][T30854] dump_stack_lvl+0x100/0x190 [ 1241.742970][T30854] should_fail_ex.cold+0x5/0xa [ 1241.743000][T30854] ? __kmalloc_noprof+0xba/0x840 [ 1241.743032][T30854] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1241.743069][T30854] should_failslab+0xc2/0x120 [ 1241.743092][T30854] __kmalloc_noprof+0xe0/0x840 [ 1241.743122][T30854] ? kmem_cache_alloc_lru_noprof+0x246/0x6e0 [ 1241.743159][T30854] ? __d_alloc+0x35/0xa50 [ 1241.743186][T30854] ? d_make_root+0x3e/0x90 [ 1241.743216][T30854] memcg_list_lru_alloc+0x4ec/0x740 [ 1241.743253][T30854] ? __do_sys_clone3+0x214/0x290 [ 1241.743274][T30854] ? do_syscall_64+0x115/0x840 [ 1241.743309][T30854] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1241.743348][T30854] ? lock_release+0x24d/0x310 [ 1241.743383][T30854] __memcg_slab_post_alloc_hook+0x27e/0xff0 [ 1241.743416][T30854] ? kasan_save_track+0x14/0x30 [ 1241.743455][T30854] kmem_cache_alloc_lru_noprof+0x58c/0x6e0 [ 1241.743492][T30854] ? __d_alloc+0x35/0xa50 [ 1241.743520][T30854] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1241.743559][T30854] __d_alloc+0x35/0xa50 [ 1241.743585][T30854] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1241.743624][T30854] d_make_root+0x3e/0x90 [ 1241.743651][T30854] mqueue_fill_super+0x175/0x260 [ 1241.743689][T30854] get_tree_nodev+0xdd/0x190 [ 1241.743729][T30854] mqueue_get_tree+0xf1/0x130 [ 1241.743766][T30854] vfs_get_tree+0x92/0x320 [ 1241.743799][T30854] fc_mount_longterm+0x1a/0x270 [ 1241.743837][T30854] mq_init_ns+0x482/0x820 [ 1241.743869][T30854] copy_ipcs+0x3dd/0x7e0 [ 1241.743895][T30854] create_new_namespaces+0x20a/0xac0 [ 1241.743933][T30854] ? security_capable+0x80/0x260 [ 1241.743974][T30854] copy_namespaces+0x468/0x5e0 [ 1241.744011][T30854] copy_process+0x385f/0x7ff0 [ 1241.744058][T30854] ? __pfx_copy_process+0x10/0x10 [ 1241.744097][T30854] ? lock_release+0x24d/0x310 [ 1241.744132][T30854] ? _copy_from_user+0x59/0xd0 [ 1241.744167][T30854] kernel_clone+0x176/0x9d0 [ 1241.744207][T30854] ? __pfx_kernel_clone+0x10/0x10 [ 1241.744255][T30854] __do_sys_clone3+0x214/0x290 [ 1241.744277][T30854] ? __pfx___do_sys_clone3+0x10/0x10 [ 1241.744325][T30854] ? __fget_files+0x21f/0x3d0 [ 1241.744354][T30854] ? rcu_is_watching+0x12/0xc0 [ 1241.744396][T30854] do_syscall_64+0x115/0x840 [ 1241.744427][T30854] ? clear_bhb_loop+0x40/0x90 [ 1241.744455][T30854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.744481][T30854] RIP: 0033:0x7f27a139ce59 [ 1241.744502][T30854] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1241.744528][T30854] RSP: 002b:00007f27a22d6ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1241.744553][T30854] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f27a139ce59 [ 1241.744570][T30854] RDX: 00007f27a22d6f10 RSI: 0000000000000058 RDI: 00007f27a22d6f10 [ 1241.744587][T30854] RBP: 00007f27a1432d6f R08: 0000000000000000 R09: 0000000000000058 [ 1241.744626][T30854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1241.744641][T30854] R13: 00007f27a1616038 R14: 00007f27a1615fa0 R15: 00007ffed3f493c8 [ 1241.744665][T30854] [ 1242.122301][T30797] bridge0: port 1(bridge_slave_0) entered disabled state [ 1242.129655][T30797] bridge_slave_0: entered allmulticast mode [ 1242.136496][T30797] bridge_slave_0: entered promiscuous mode [ 1242.143827][T30797] bridge0: port 2(bridge_slave_1) entered blocking state [ 1242.151186][T30797] bridge0: port 2(bridge_slave_1) entered disabled state [ 1242.158450][T30797] bridge_slave_1: entered allmulticast mode [ 1242.165416][T30797] bridge_slave_1: entered promiscuous mode [ 1242.185809][T30797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1242.197016][T30797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1242.222686][T30797] team0: Port device team_slave_0 added [ 1242.229965][T30797] team0: Port device team_slave_1 added [ 1242.248191][T30797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1242.255176][T30797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1242.282767][T30797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1242.295742][T30797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1242.303764][T30797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1242.332486][T30797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1242.367974][T30797] hsr_slave_0: entered promiscuous mode [ 1242.375925][T30797] hsr_slave_1: entered promiscuous mode [ 1242.382230][T30797] debugfs: 'hsr0' already exists in 'hsr' [ 1242.388040][T30797] Cannot create hsr debugfs directory [ 1242.460853][T30799] Bluetooth: hci2: command tx timeout [ 1242.615313][T30797] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.765657][T30797] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.887460][T30797] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1243.193951][T30797] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1243.258012][T30797] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1243.302390][T30797] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1243.330829][T30874] ICMPv6: process `syz.3.4868' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 1243.371324][T30797] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1243.393013][T30797] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1243.428116][T30797] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1243.465714][T30875] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4867'. [ 1243.479093][T30797] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1243.531248][T30797] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1244.075380][T30797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1244.178514][T30797] 8021q: adding VLAN 0 to HW filter on device team0 [ 1244.307461][T29931] bridge0: port 1(bridge_slave_0) entered blocking state [ 1244.315078][T29931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1244.392581][T22467] bridge0: port 2(bridge_slave_1) entered blocking state [ 1244.399902][T22467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1244.477245][T15657] Bluetooth: hci2: command tx timeout [ 1244.987966][T30922] random: crng reseeded on system resumption [ 1245.430388][T30797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1245.608478][T30797] veth0_vlan: entered promiscuous mode [ 1245.662598][T30797] veth1_vlan: entered promiscuous mode [ 1245.792203][T30797] veth0_macvtap: entered promiscuous mode [ 1245.851602][T30797] veth1_macvtap: entered promiscuous mode [ 1245.942575][T30797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1245.973623][T30797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1246.009255][T16695] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.036044][T16695] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.069475][T16695] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.116329][T16695] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.483260][T29921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1246.526315][T29921] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1246.558013][T15657] Bluetooth: hci2: command tx timeout [ 1246.683991][T22467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1246.722059][T22467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1247.269895][T30974] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1247.281913][T30979] virtio-pci 0000:00:03.0: [Firmware Bug]: Overriding NUMA node to 0. Contact your vendor for updates. [ 1247.303757][T30974] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1247.324883][T30974] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1247.352995][T30974] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1247.660908][T30974] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1247.749547][T30799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1247.757277][T30799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1247.765027][T30799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1247.773158][T30799] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1247.783628][T30799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1248.470353][T22467] dummy0: left allmulticast mode [ 1248.501156][T22467] dummy0: left promiscuous mode [ 1248.523237][T22467] bridge0: port 3(dummy0) entered disabled state [ 1248.560160][T22467] bridge_slave_1: left allmulticast mode [ 1248.589087][T22467] bridge_slave_1: left promiscuous mode [ 1248.618163][T22467] bridge0: port 2(bridge_slave_1) entered disabled state [ 1248.667353][T22467] bridge_slave_0: left allmulticast mode [ 1248.694032][T22467] bridge_slave_0: left promiscuous mode [ 1248.730364][T22467] bridge0: port 1(bridge_slave_0) entered disabled state [ 1249.074782][T22467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1249.135620][T22467] bond0 (unregistering): Released all slaves [ 1249.205555][T22467] &#$@\]\-: left promiscuous mode [ 1249.249999][T22467] ovs_: left promiscuous mode [ 1249.359338][T30799] Bluetooth: hci2: command 0x0c1a tx timeout [ 1249.365470][T30799] Bluetooth: hci3: command 0x0c1a tx timeout [ 1249.839577][T30799] Bluetooth: hci1: command tx timeout [ 1250.904094][T22467] hsr_slave_0: left promiscuous mode [ 1250.927603][T22467] hsr_slave_1: left promiscuous mode [ 1250.948045][T22467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1250.978386][T22467] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1251.003625][T22467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1251.031393][T22467] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1251.173604][T22467] veth1_macvtap: left promiscuous mode [ 1251.194645][T22467] veth0_macvtap: left promiscuous mode [ 1251.215334][T22467] veth1_vlan: left promiscuous mode [ 1251.237072][T22467] veth0_vlan: left promiscuous mode [ 1251.440496][T30799] Bluetooth: hci2: command 0x0c1a tx timeout [ 1251.572269][T31044] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4896'. [ 1251.757741][T22467] team0 (unregistering): Port device team_slave_1 removed [ 1251.807791][T31041] FAULT_INJECTION: forcing a failure. [ 1251.807791][T31041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1251.863226][T31041] CPU: 0 UID: 0 PID: 31041 Comm: syz.0.4895 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 1251.863274][T31041] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 1251.863286][T31041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1251.863302][T31041] Call Trace: [ 1251.863311][T31041] [ 1251.863321][T31041] dump_stack_lvl+0x100/0x190 [ 1251.863368][T31041] should_fail_ex.cold+0x5/0xa [ 1251.863397][T31041] _copy_to_user+0x32/0xd0 [ 1251.863432][T31041] copy_siginfo_to_user+0x27/0xc0 [ 1251.863474][T31041] x64_setup_rt_frame+0xa03/0xce0 [ 1251.863514][T31041] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 1251.863549][T31041] ? do_send_specific+0x15c/0x360 [ 1251.863589][T31041] ? __task_pid_nr_ns+0x1ca/0x510 [ 1251.863614][T31041] ? __pfx_do_send_specific+0x10/0x10 [ 1251.863653][T31041] ? __task_pid_nr_ns+0x1ca/0x510 [ 1251.863679][T31041] arch_do_signal_or_restart+0x6b6/0x7a0 [ 1251.863715][T31041] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1251.863754][T31041] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 1251.863806][T31041] ? rcu_is_watching+0x12/0xc0 [ 1251.863847][T31041] exit_to_user_mode_loop+0x139/0x6f0 [ 1251.863883][T31041] ? rcu_is_watching+0x12/0xc0 [ 1251.863923][T31041] do_syscall_64+0x652/0x840 [ 1251.863957][T31041] ? clear_bhb_loop+0x40/0x90 [ 1251.863985][T31041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1251.864011][T31041] RIP: 0033:0x7f31bf59ce59 [ 1251.864031][T31041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1251.864056][T31041] RSP: 002b:00007f31c0441028 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 1251.864087][T31041] RAX: 0000000000000000 RBX: 00007f31bf815fa0 RCX: 00007f31bf59ce59 [ 1251.864103][T31041] RDX: 0000000000000021 RSI: 000000000000000e RDI: 000000000000000d [ 1251.864119][T31041] RBP: 00007f31bf632d6f R08: 0000000000000000 R09: 0000000000000000 [ 1251.864138][T31041] R10: 0000200000000340 R11: 0000000000000246 R12: 0000000000000000 [ 1251.864154][T31041] R13: 00007f31bf816038 R14: 00007f31bf815fa0 R15: 00007ffd849f7808 [ 1251.864178][T31041] [ 1252.116314][T30799] Bluetooth: hci1: command tx timeout [ 1252.308729][T30989] bridge0: port 1(bridge_slave_0) entered blocking state [ 1252.319640][T30989] bridge0: port 1(bridge_slave_0) entered disabled state [ 1252.337829][T30989] bridge_slave_0: entered allmulticast mode [ 1252.352425][T30989] bridge_slave_0: entered promiscuous mode [ 1252.385425][T30989] bridge0: port 2(bridge_slave_1) entered blocking state [ 1252.413514][T30989] bridge0: port 2(bridge_slave_1) entered disabled state [ 1252.441249][T30989] bridge_slave_1: entered allmulticast mode [ 1252.464878][T30989] bridge_slave_1: entered promiscuous mode [ 1252.553405][T30989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1252.616814][T30989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1252.741183][T30989] team0: Port device team_slave_0 added [ 1252.768968][T30989] team0: Port device team_slave_1 added [ 1252.848790][T30989] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1252.886883][T30989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1253.012833][T30989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1253.058850][T30989] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1253.083259][T30989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1253.165989][T30989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1253.307718][T30989] hsr_slave_0: entered promiscuous mode [ 1253.323280][T30989] hsr_slave_1: entered promiscuous mode [ 1253.406090][T31069] block2mtd: too many arguments [ 1253.520975][T30799] Bluetooth: hci2: command 0x0c1a tx timeout [ 1253.762430][ T5727] Process accounting resumed [ 1253.780898][ T5727] Process accounting resumed [ 1253.808753][T30989] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1253.830374][ T5727] Process accounting resumed [ 1253.853075][ T5727] Process accounting resumed [ 1253.865816][T30989] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1253.883163][T17135] Process accounting resumed [ 1253.898774][T17135] Process accounting resumed [ 1253.909619][T30989] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1253.943434][T17135] Process accounting resumed [ 1253.966117][T31061] Process accounting resumed [ 1253.976312][T30989] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1254.005632][T30989] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1254.161618][T30799] Bluetooth: hci1: command tx timeout [ 1254.172035][ T5727] Process accounting resumed [ 1254.179281][T30989] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1254.189406][T20229] Process accounting resumed [ 1254.210462][T20229] Process accounting resumed [ 1254.210914][T20229] Process accounting resumed [ 1254.213142][T20229] Process accounting resumed [ 1254.213700][T20229] Process accounting resumed [ 1254.214377][T20229] Process accounting resumed [ 1254.215345][T20229] Process accounting resumed [ 1254.222032][T20229] Process accounting resumed [ 1254.223671][T30989] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1254.226842][T20229] Process accounting resumed [ 1254.227263][T20229] Process accounting resumed [ 1254.227690][T20229] Process accounting resumed [ 1254.230648][T30989] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1254.233061][T20229] Process accounting resumed [ 1254.233491][T20229] Process accounting resumed [ 1254.233921][T20229] Process accounting resumed [ 1254.234521][T20229] Process accounting resumed [ 1254.234917][T20229] Process accounting resumed [ 1254.238390][T20229] Process accounting resumed [ 1254.240930][T20229] Process accounting resumed [ 1254.243192][T20229] Process accounting resumed [ 1254.244490][T20229] Process accounting resumed [ 1254.246432][T20229] Process accounting resumed [ 1254.249557][T20229] Process accounting resumed [ 1254.254420][T20229] Process accounting resumed [ 1254.256461][ T5727] Process accounting resumed [ 1254.259563][ T5727] Process accounting resumed [ 1254.260159][ T5727] Process accounting resumed [ 1254.263094][ T5727] Process accounting resumed [ 1254.268644][ T5727] Process accounting resumed [ 1254.269063][ T5727] Process accounting resumed [ 1254.271984][ T5727] Process accounting resumed [ 1254.274446][ T5727] Process accounting resumed [ 1254.283080][ T5727] Process accounting resumed [ 1254.286844][ T5727] Process accounting resumed [ 1254.287314][ T5727] Process accounting resumed [ 1254.289289][ T5727] Process accounting resumed [ 1254.289722][ T5727] Process accounting resumed [ 1254.290136][ T5727] Process accounting resumed [ 1254.290540][ T5727] Process accounting resumed [ 1254.295040][ T5727] Process accounting resumed [ 1254.296586][ T5727] Process accounting resumed [ 1254.299573][ T5727] Process accounting resumed [ 1254.300038][ T5727] Process accounting resumed [ 1254.301126][ T5727] Process accounting resumed [ 1254.302692][ T5727] Process accounting resumed [ 1254.305453][ T5706] Process accounting resumed [ 1254.305842][ T5706] Process accounting resumed [ 1254.307778][ T5727] Process accounting resumed [ 1254.308401][ T5727] Process accounting resumed [ 1254.315434][ T5727] Process accounting resumed [ 1254.316613][ T5727] Process accounting resumed [ 1254.317014][ T5727] Process accounting resumed [ 1254.320484][ T5727] Process accounting resumed [ 1254.320863][ T5727] Process accounting resumed [ 1254.326747][ T5727] Process accounting resumed [ 1254.330507][ T5727] Process accounting resumed [ 1254.330905][ T5727] Process accounting resumed [ 1254.452275][T30989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1254.481733][T30989] 8021q: adding VLAN 0 to HW filter on device team0 [ 1254.500385][T15884] bridge0: port 1(bridge_slave_0) entered blocking state [ 1254.500446][T15884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1254.523611][T15884] bridge0: port 2(bridge_slave_1) entered blocking state [ 1254.523678][T15884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1254.562387][T31072] Process accounting resumed [ 1255.556715][T30989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1255.638490][T30989] veth0_vlan: entered promiscuous mode [ 1255.655369][T30989] veth1_vlan: entered promiscuous mode [ 1255.706213][T30989] veth0_macvtap: entered promiscuous mode [ 1255.720282][T30989] veth1_macvtap: entered promiscuous mode [ 1255.761092][T30989] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1255.772844][T30989] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1255.800611][T31101] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1255.800695][T31101] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1255.800740][T31101] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1255.800784][T31101] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1256.242695][T30799] Bluetooth: hci1: command tx timeout [ 1256.424825][T29938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1256.498299][T29938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1256.605476][T29912] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1256.646510][T29912] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1257.939570][T31170] netlink: 304 bytes leftover after parsing attributes in process `syz.2.4910'. [ 1257.989992][T31170] netlink: 'syz.2.4910': attribute type 4 has an invalid length. [ 1258.045577][T31170] netlink: 314 bytes leftover after parsing attributes in process `syz.2.4910'. [ 1258.238890][T31179] vivid-011: ================= START STATUS ================= [ 1258.277656][T31179] vivid-011: Radio HW Seek Mode: Bounded [ 1258.307181][T31179] vivid-011: Radio Programmable HW Seek: false [ 1258.334307][T31179] vivid-011: RDS Rx I/O Mode: Block I/O [ 1258.361636][T31179] vivid-011: Generate RBDS Instead of RDS: false [ 1258.423388][T31179] vivid-011: RDS Reception: true [ 1258.471051][T31179] vivid-011: RDS Program Type: 0 inactive [ 1258.578702][T31179] vivid-011: RDS PS Name: inactive [ 1258.645643][T31179] vivid-011: RDS Radio Text: inactive [ 1258.742980][T31179] vivid-011: RDS Traffic Announcement: false inactive [ 1258.778750][T31192] FAULT_INJECTION: forcing a failure. [ 1258.778750][T31192] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.825862][T31191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4914'. [ 1258.852203][T31192] CPU: 0 UID: 0 PID: 31192 Comm: syz.2.4917 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 1258.852250][T31192] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 1258.852263][T31192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1258.852278][T31192] Call Trace: [ 1258.852286][T31192] [ 1258.852296][T31192] dump_stack_lvl+0x100/0x190 [ 1258.852342][T31192] should_fail_ex.cold+0x5/0xa [ 1258.852368][T31192] ? __kmalloc_noprof+0xba/0x840 [ 1258.852400][T31192] ? constrain_params_by_rules+0x175/0xcc0 [ 1258.852558][T31192] should_failslab+0xc2/0x120 [ 1258.852582][T31192] __kmalloc_noprof+0xe0/0x840 [ 1258.852619][T31192] ? unwind_get_return_address+0x59/0xa0 [ 1258.852654][T31192] constrain_params_by_rules+0x175/0xcc0 [ 1258.852699][T31192] ? stack_trace_save+0x8e/0xc0 [ 1258.852728][T31192] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1258.852772][T31192] ? __kasan_kmalloc+0xaa/0xb0 [ 1258.852809][T31192] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1258.852848][T31192] ? snd_pcm_oss_make_ready+0xeb/0x1b0 [ 1258.852882][T31192] ? snd_pcm_oss_set_trigger.isra.0+0x331/0x6c0 [ 1258.852924][T31192] ? rcu_is_watching+0x12/0xc0 [ 1258.852964][T31192] ? snd_interval_refine+0x2d0/0x580 [ 1258.852993][T31192] snd_pcm_hw_refine+0x7e7/0xad0 [ 1258.853035][T31192] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1258.853079][T31192] ? __asan_memset+0x23/0x50 [ 1258.853111][T31192] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 1258.853146][T31192] snd_pcm_oss_change_params_locked+0x2594/0x39f0 [ 1258.853187][T31192] ? trace_contention_end+0x126/0x160 [ 1258.853225][T31192] ? rcu_is_watching+0x12/0xc0 [ 1258.853265][T31192] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1258.853302][T31192] ? __pfx___mutex_lock+0x10/0x10 [ 1258.853336][T31192] ? __mutex_lock+0x26d/0x1bd0 [ 1258.853372][T31192] ? __mutex_unlock_slowpath+0x350/0x910 [ 1258.853408][T31192] snd_pcm_oss_make_ready+0xeb/0x1b0 [ 1258.853445][T31192] snd_pcm_oss_set_trigger.isra.0+0x331/0x6c0 [ 1258.853485][T31192] snd_pcm_oss_poll+0x404/0xae0 [ 1258.853521][T31192] ? lock_release+0x24d/0x310 [ 1258.853553][T31192] ? __pfx___pollwait+0x10/0x10 [ 1258.853591][T31192] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 1258.853634][T31192] ? __fget_files+0x21f/0x3d0 [ 1258.853659][T31192] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 1258.853695][T31192] do_select+0xd54/0x1850 [ 1258.853736][T31192] ? do_raw_spin_lock+0x128/0x260 [ 1258.853784][T31192] ? __pfx_do_select+0x10/0x10 [ 1258.853822][T31192] ? __pfx___pollwait+0x10/0x10 [ 1258.853861][T31192] ? __pfx_pollwake+0x10/0x10 [ 1258.853899][T31192] ? __pfx_pollwake+0x10/0x10 [ 1258.853954][T31192] ? rcu_is_watching+0x12/0xc0 [ 1258.853994][T31192] ? __might_fault+0xc5/0x140 [ 1258.854027][T31192] ? rcu_is_watching+0x12/0xc0 [ 1258.854066][T31192] ? __might_fault+0xc5/0x140 [ 1258.854098][T31192] ? lock_release+0x24d/0x310 [ 1258.854133][T31192] ? core_sys_select+0x55b/0xbb0 [ 1258.854172][T31192] core_sys_select+0x55b/0xbb0 [ 1258.854215][T31192] ? __pfx_core_sys_select+0x10/0x10 [ 1258.854254][T31192] ? rcu_is_watching+0x12/0xc0 [ 1258.854293][T31192] ? get_pid_task+0xfc/0x250 [ 1258.854330][T31192] ? do_futex+0x190/0x440 [ 1258.854366][T31192] ? __pfx_do_futex+0x10/0x10 [ 1258.854406][T31192] kern_select+0x1d0/0x280 [ 1258.854446][T31192] ? __pfx_kern_select+0x10/0x10 [ 1258.854490][T31192] __x64_sys_select+0xbd/0x160 [ 1258.854529][T31192] ? trace_irq_enable.constprop.0+0x122/0x160 [ 1258.854565][T31192] do_syscall_64+0x115/0x840 [ 1258.854603][T31192] ? clear_bhb_loop+0x40/0x90 [ 1258.854633][T31192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.854659][T31192] RIP: 0033:0x7ff628b9ce59 [ 1258.854679][T31192] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1258.854706][T31192] RSP: 002b:00007ff629a00028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1258.854731][T31192] RAX: ffffffffffffffda RBX: 00007ff628e16090 RCX: 00007ff628b9ce59 [ 1258.854748][T31192] RDX: 0000200000000080 RSI: 0000000000000000 RDI: 0000000000000007 [ 1258.854764][T31192] RBP: 00007ff628c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1258.854780][T31192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1258.854796][T31192] R13: 00007ff628e16128 R14: 00007ff628e16090 R15: 00007ffca67ba9c8 [ 1258.854820][T31192] [ 1259.671529][T31185] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4914'. [ 1259.681403][T31179] vivid-011: RDS Traffic Program: false inactive [ 1259.688546][T31179] vivid-011: RDS Music: false inactive [ 1259.694290][T31179] vivid-011: ================== END STATUS ================== [ 1260.518093][T31213] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1260.560572][T31213] ubi0: attaching mtd6 [ 1260.574520][T31213] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65) [ 1262.575364][T15657] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1262.584585][T15657] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1262.592776][T15657] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1262.607587][T15657] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1262.615101][T15657] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1263.111595][T24803] ------------[ cut here ]------------ [ 1263.117329][T24803] ODEBUG: free active (active state 0) object: ffff888029275438 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 1263.130503][T24803] WARNING: lib/debugobjects.c:629 at debug_print_object+0x198/0x2b0, CPU#0: syz.3.3665/24803 [ 1263.140874][T24803] Modules linked in: [ 1263.144795][T24803] CPU: 0 UID: 0 PID: 24803 Comm: syz.3.3665 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 1263.155962][T24803] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 1263.163455][T24803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1263.173693][T24803] RIP: 0010:debug_print_object+0x1a5/0x2b0 [ 1263.180073][T24803] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d 78 26 e2 0b 41 56 48 8b 14 ed c0 f4 1c 8c 4c 89 e6 <67> 48 0f b9 3a 58 83 05 02 99 d7 0b 01 48 83 c4 18 5b 5d 41 5c 41 [ 1263.199782][T24803] RSP: 0018:ffffc900037076f8 EFLAGS: 00010246 [ 1263.205941][T24803] RAX: dffffc0000000000 RBX: ffffc900037077e0 RCX: 0000000000000000 [ 1263.214556][T24803] RDX: ffffffff8c1cf400 RSI: ffffffff8c1cf020 RDI: ffffffff90e3e2b0 [ 1263.223277][T24803] RBP: 0000000000000003 R08: ffff888029275438 R09: ffffffff8bb2e020 [ 1263.231487][T24803] R10: 0000000000000000 R11: 00000000000a8987 R12: ffffffff8c1cf020 [ 1263.239623][T24803] R13: ffffffff8bb2e060 R14: ffffffff8a94ef10 R15: ffffc900037077f8 [ 1263.247773][T24803] FS: 0000000000000000(0000) GS:ffff888124366000(0000) knlGS:0000000000000000 [ 1263.256863][T24803] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1263.263481][T24803] CR2: 00007f9188dad008 CR3: 0000000093832000 CR4: 00000000003526f0 [ 1263.271659][T24803] Call Trace: [ 1263.274960][T24803] [ 1263.278030][T24803] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 1263.283530][T24803] ? trace_irq_enable.constprop.0+0x122/0x160 [ 1263.289690][T24803] debug_check_no_obj_freed+0x4da/0x630 [ 1263.295264][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.300220][T24803] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1263.306395][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.311292][T24803] ? __page_table_check_zero+0x333/0x410 [ 1263.317610][T24803] ? __page_table_check_zero+0x338/0x410 [ 1263.323317][T24803] __free_frozen_pages+0x3fc/0x10a0 [ 1263.329343][T24803] hci_release_dev+0x4ef/0x630 [ 1263.334267][T24803] ? __pfx_hci_release_dev+0x10/0x10 [ 1263.339646][T24803] ? device_release+0x97/0x270 [ 1263.344564][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.349416][T24803] ? device_release+0x97/0x270 [ 1263.354211][T24803] bt_host_release+0x6b/0xb0 [ 1263.358957][T24803] ? __pfx_bt_host_release+0x10/0x10 [ 1263.364279][T24803] device_release+0xd2/0x270 [ 1263.368950][T24803] kobject_put+0x1f7/0x640 [ 1263.373426][T24803] put_device+0x1f/0x30 [ 1263.377688][T24803] vhci_release+0x185/0x230 [ 1263.382350][T24803] ? __pfx_vhci_release+0x10/0x10 [ 1263.387461][T24803] __fput+0x3ff/0xb50 [ 1263.391480][T24803] task_work_run+0x150/0x240 [ 1263.396156][T24803] ? __pfx_task_work_run+0x10/0x10 [ 1263.401302][T24803] do_exit+0x951/0x2ae0 [ 1263.405488][T24803] ? schedule+0x2bf/0x390 [ 1263.409908][T24803] ? lock_release+0x24d/0x310 [ 1263.414631][T24803] ? __pfx_do_exit+0x10/0x10 [ 1263.419908][T24803] ? cgroup_update_frozen_flag+0x107/0x210 [ 1263.425793][T24803] ? get_signal+0x184f/0x21e0 [ 1263.431135][T24803] do_group_exit+0xd5/0x2a0 [ 1263.435779][T24803] get_signal+0x1ec7/0x21e0 [ 1263.440654][T24803] ? __pfx_get_signal+0x10/0x10 [ 1263.445570][T24803] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 1263.451559][T24803] arch_do_signal_or_restart+0x91/0x7a0 [ 1263.457301][T24803] ? get_timespec64+0x136/0x1b0 [ 1263.462188][T24803] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1263.468437][T24803] ? __x64_sys_clock_nanosleep+0x347/0x480 [ 1263.474284][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.479188][T24803] exit_to_user_mode_loop+0x139/0x6f0 [ 1263.484717][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.489610][T24803] do_syscall_64+0x652/0x840 [ 1263.494250][T24803] ? clear_bhb_loop+0x40/0x90 [ 1263.499136][T24803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1263.505059][T24803] RIP: 0033:0x7f680ad5d68e [ 1263.509726][T24803] Code: Unable to access opcode bytes at 0x7f680ad5d664. [ 1263.516796][T24803] RSP: 002b:00007f680bb80f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 1263.525907][T24803] RAX: fffffffffffffdfc RBX: 00007f680bb816c0 RCX: 00007f680ad5d68e [ 1263.534551][T24803] RDX: 00007f680bb80fb0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1263.542599][T24803] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1263.550764][T24803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1263.558823][T24803] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1263.566891][T24803] [ 1263.569938][T24803] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1263.577255][T24803] CPU: 0 UID: 0 PID: 24803 Comm: syz.3.3665 Tainted: G U I L syzkaller #0 PREEMPT(full) [ 1263.588756][T24803] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 1263.596330][T24803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1263.606584][T24803] Call Trace: [ 1263.609886][T24803] [ 1263.612837][T24803] dump_stack_lvl+0x100/0x190 [ 1263.617555][T24803] vpanic+0x552/0x970 [ 1263.621597][T24803] ? __pfx_vpanic+0x10/0x10 [ 1263.626171][T24803] ? lock_release+0x24d/0x310 [ 1263.630893][T24803] panic+0xd1/0xe0 [ 1263.634640][T24803] ? __pfx_panic+0x10/0x10 [ 1263.639101][T24803] ? check_panic_on_warn+0x1f/0x90 [ 1263.644258][T24803] check_panic_on_warn.cold+0x19/0x34 [ 1263.649669][T24803] ? debug_print_object+0x198/0x2b0 [ 1263.654894][T24803] __warn.cold+0x191/0x318 [ 1263.659337][T24803] __report_bug+0x30f/0x440 [ 1263.663939][T24803] ? debug_print_object+0x198/0x2b0 [ 1263.669176][T24803] ? __pfx___report_bug+0x10/0x10 [ 1263.674232][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.679141][T24803] ? unwind_next_frame+0x3c8/0x2090 [ 1263.684382][T24803] report_bug_entry+0xe1/0x290 [ 1263.689337][T24803] ? debug_print_object+0x1a5/0x2b0 [ 1263.694589][T24803] handle_bug+0x1cd/0x2a0 [ 1263.698966][T24803] exc_invalid_op+0x17/0x50 [ 1263.703520][T24803] asm_exc_invalid_op+0x1a/0x20 [ 1263.708416][T24803] RIP: 0010:debug_print_object+0x1a5/0x2b0 [ 1263.714246][T24803] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d 78 26 e2 0b 41 56 48 8b 14 ed c0 f4 1c 8c 4c 89 e6 <67> 48 0f b9 3a 58 83 05 02 99 d7 0b 01 48 83 c4 18 5b 5d 41 5c 41 [ 1263.733887][T24803] RSP: 0018:ffffc900037076f8 EFLAGS: 00010246 [ 1263.739989][T24803] RAX: dffffc0000000000 RBX: ffffc900037077e0 RCX: 0000000000000000 [ 1263.748365][T24803] RDX: ffffffff8c1cf400 RSI: ffffffff8c1cf020 RDI: ffffffff90e3e2b0 [ 1263.757057][T24803] RBP: 0000000000000003 R08: ffff888029275438 R09: ffffffff8bb2e020 [ 1263.765163][T24803] R10: 0000000000000000 R11: 00000000000a8987 R12: ffffffff8c1cf020 [ 1263.774321][T24803] R13: ffffffff8bb2e060 R14: ffffffff8a94ef10 R15: ffffc900037077f8 [ 1263.782325][T24803] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 1263.787942][T24803] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 1263.793531][T24803] ? trace_irq_enable.constprop.0+0x122/0x160 [ 1263.799693][T24803] debug_check_no_obj_freed+0x4da/0x630 [ 1263.805277][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.810113][T24803] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1263.816315][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.821122][T24803] ? __page_table_check_zero+0x333/0x410 [ 1263.826828][T24803] ? __page_table_check_zero+0x338/0x410 [ 1263.832936][T24803] __free_frozen_pages+0x3fc/0x10a0 [ 1263.838396][T24803] hci_release_dev+0x4ef/0x630 [ 1263.843326][T24803] ? __pfx_hci_release_dev+0x10/0x10 [ 1263.848675][T24803] ? device_release+0x97/0x270 [ 1263.853637][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.858459][T24803] ? device_release+0x97/0x270 [ 1263.863262][T24803] bt_host_release+0x6b/0xb0 [ 1263.868223][T24803] ? __pfx_bt_host_release+0x10/0x10 [ 1263.873571][T24803] device_release+0xd2/0x270 [ 1263.878309][T24803] kobject_put+0x1f7/0x640 [ 1263.882781][T24803] put_device+0x1f/0x30 [ 1263.887338][T24803] vhci_release+0x185/0x230 [ 1263.892222][T24803] ? __pfx_vhci_release+0x10/0x10 [ 1263.897357][T24803] __fput+0x3ff/0xb50 [ 1263.901626][T24803] task_work_run+0x150/0x240 [ 1263.906344][T24803] ? __pfx_task_work_run+0x10/0x10 [ 1263.911494][T24803] do_exit+0x951/0x2ae0 [ 1263.915679][T24803] ? schedule+0x2bf/0x390 [ 1263.920029][T24803] ? lock_release+0x24d/0x310 [ 1263.924739][T24803] ? __pfx_do_exit+0x10/0x10 [ 1263.929375][T24803] ? cgroup_update_frozen_flag+0x107/0x210 [ 1263.935241][T24803] ? get_signal+0x184f/0x21e0 [ 1263.939965][T24803] do_group_exit+0xd5/0x2a0 [ 1263.944507][T24803] get_signal+0x1ec7/0x21e0 [ 1263.949072][T24803] ? __pfx_get_signal+0x10/0x10 [ 1263.954053][T24803] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 1263.959549][T24803] arch_do_signal_or_restart+0x91/0x7a0 [ 1263.965134][T24803] ? get_timespec64+0x136/0x1b0 [ 1263.970054][T24803] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1263.976704][T24803] ? __x64_sys_clock_nanosleep+0x347/0x480 [ 1263.982559][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.987396][T24803] exit_to_user_mode_loop+0x139/0x6f0 [ 1263.992816][T24803] ? rcu_is_watching+0x12/0xc0 [ 1263.997637][T24803] do_syscall_64+0x652/0x840 [ 1264.002295][T24803] ? clear_bhb_loop+0x40/0x90 [ 1264.007020][T24803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1264.012937][T24803] RIP: 0033:0x7f680ad5d68e [ 1264.017370][T24803] Code: Unable to access opcode bytes at 0x7f680ad5d664. [ 1264.024410][T24803] RSP: 002b:00007f680bb80f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 1264.032860][T24803] RAX: fffffffffffffdfc RBX: 00007f680bb816c0 RCX: 00007f680ad5d68e [ 1264.041065][T24803] RDX: 00007f680bb80fb0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1264.049150][T24803] RBP: 00007f680ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1264.057157][T24803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1264.065171][T24803] R13: 00007f680b016038 R14: 00007f680b015fa0 R15: 00007fff0480d348 [ 1264.073190][T24803] [ 1264.076307][T24803] Kernel Offset: disabled [ 1264.080847][T24803] Rebooting in 86400 seconds..