last executing test programs: 11.011073513s ago: executing program 0 (id=601): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) memfd_create$auto(0x0, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/wakeup/wakeup6/expire_count\x00', 0x20680, 0x0) socket(0x2a, 0x2, 0x6) socket(0x1d, 0x1, 0xffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) write$auto(r0, &(0x7f0000000000)='\x00', 0x2) socket(0x27, 0x4, 0x20083a) write$auto(0xca, &(0x7f00000004c0)='\x04>2\x18!\xe2\x00\x94\xf2\xa2\x00\x00\x8d\xa9p\xcc\xccV\xf9ozi\xb2:\x19\x92r\xcc9\x99f\xc5BV\xb1\x92l\xed\x84fe\x8a\x8c\xd3*\xfe\x1dE\xa1W8\x03\xcb\t\x13K\xb4\x893\xf3Q\x7f\xd1|\xefp\xb1\xb3\xcer8\b=\xa4y\xd4\x88\xbcn\x8d\xf3\f\xbe\x9f\xed\xc1k\xcf\x0f`6\xe0\xd1\x03\x108a\x90KG,\xf8\v\x88\xe2+\xcb\xf2v\x8bL\xa6\xaa}*\xce\xd8\x98\xc9\\f\xccT\xa1\x05\x14\x84\xbb\aF,\xc8\xc7u\x93\xe8?\x92\t\xa9`\xff\x93l\x93\xac\n\xdd\xa4\n\x8e\xec\x14\x02|\xf7\xc4\x8e\x06h\xc0\x8f\x04\xceB\x03\xda\x89\x8f\xf3g\x1a\xb8\x1a\x18\xf2\x93DRSO\x97\xb1\xc3\xa8Q\xa2\xb2\xa8\xc3\xd3\xf9\xd4Y\x8d\x8d\xad\x8f[\xbe\xe5\xf1\x9f\x01s\x8eg\x05\xe8\xf9\x8f\xa6g\vu\xc9\xef\x0f\xbd(y8@\xca\xec(\xe8\x91\xf8$<\x81\x85\xac\xd7\x878\xd9\xce%\xcf\xab\xdb\xaf{\x82\x83\x8d\xce\xc0\r\xb6\xe4$\xd0<\xf8\xeay \xf1\x19\xb3Ta~*&\xd8\xc8\x00%\xdc\xbc;\x9f\xcf\xf0\xd8\xd7 \xa5\x8b\x10o \x13s}{\xe5\xb2\xd9;_\xec\xdef\xb1<\x18qg\x1e{\xba\xb0\xf7\xbb\xca\x00'/323, 0x7f) ioctl$auto_BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0x0) ioctl$auto_BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)="fc06c1f730b9d2867a8ba29f242cf38f59f712fcd917fee796") openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x100e01, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 10.714360604s ago: executing program 3 (id=603): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x4a8000, 0x0) select$auto(0xd, 0x0, &(0x7f0000000400)={[0x8, 0x200000000005, 0x7, 0x7, 0x0, 0x80000004, 0xc, 0x6, 0x8fc, 0xb80, 0xe34c, 0x9, 0x3, 0xfffffffffffff954, 0xfffffffffffffff8, 0xfff]}, 0x0, &(0x7f0000000080)={0x800000000001ff, 0x401}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6gretap0\x00'}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) futex$auto(0x0, 0x1, 0x40000006, 0x0, 0x0, 0x80000001) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) 10.614183017s ago: executing program 0 (id=604): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x4a8000, 0x0) select$auto(0xd, 0x0, &(0x7f0000000400)={[0x8, 0x200000000005, 0x7, 0x7, 0x0, 0x80000004, 0xc, 0x6, 0x8fc, 0xb80, 0xe34c, 0x9, 0x3, 0xfffffffffffff954, 0xfffffffffffffff8, 0xfff]}, 0x0, &(0x7f0000000080)={0x800000000001ff, 0x401}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6gretap0\x00'}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) futex$auto(0x0, 0x1, 0x40000006, 0x0, 0x0, 0x80000001) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) 9.46022573s ago: executing program 3 (id=606): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1e0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = clone$auto(0x6, 0x8000000000000001, &(0x7f0000000080)=0xcf, &(0x7f00000000c0)=0xffff7fff, 0x1000) prctl$auto(0xa134, 0x22, r1, 0x800, 0x5) socket(0x2, 0x1, 0x106) socket(0x2, 0x3, 0xa) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf4, 0xb0, @raw=0xfffff03c}}) setsockopt$auto(0x4, 0x0, 0x3, &(0x7f0000000000)='!/*:(*\'\x00', 0x800000e) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, r0, 0x300000000000) statmount$auto(&(0x7f0000000040)={0xffff, @raw=0xb8, 0xb, 0x4, 0xfffffffffffffff8}, &(0x7f0000000340)={0x3ff, 0x1, 0x7fff, 0x8, 0x6, 0x3, 0x0, 0x5, 0x8, 0x8, 0x3, 0x690, 0x1604000000000, 0x2, 0x100, 0xfff, 0x2, 0x9, 0xfffff1a0, 0x8, 0xc, 0xfff, 0x3, 0x9503, 0x0, 0x1, 0xeb, 0x5c1f, 0x1, 0x9, 0x20000000, [0x9, 0x1ff, 0x8, 0x2, 0x0, 0x2, 0x2, 0x7, 0x6, 0x7f, 0x100, 0x2, 0x9, 0x1, 0x4, 0x3, 0x0, 0x10001, 0x9, 0x5148d73f, 0x7, 0xa5, 0xc, 0x1, 0x8000000000000000, 0x100000000, 0x3, 0x80000001, 0x2, 0x2, 0x0, 0x9, 0xe23f, 0x7fff, 0x3, 0x0, 0x9, 0x4, 0x6, 0x0, 0x7, 0xfff, 0xffffffff], "0d4da07757fc0a8e5de18bd363ce4cd41558fdae0643974f4f329960f2cb8c8e546a2541ef8227735f9d60e3cb50f6712c580dab3d8d1876a632fbe3c7bc8983b2033f3e94ce99928fb6f63d6a5d00427e16356cd2bb5ac7332f15102dfa643a2ac8b0a2354713be651e33e04d87dc8db31dee05bda730841ad8c01c925cfb6c19c83be19a876ab65f124cbd4bf03702b919"}, 0x6, 0x7) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xffff, 0x100000000, 0x2000000000000001, 0x948b, 0x3, 0x6, 0x3, 0x1000, 0x4, 0x4000008000001f, 0x200000009, 0x2e, 0x20000009, 0x2, 0x5]}, 0x0) r3 = socket(0x10, 0x2, 0x0) landlock_restrict_self$auto(r3, 0x2) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004000)='/dev/audio\x00', 0x102, 0x0) ioctl$auto_SNDCTL_DSP_GETOSPACE(r4, 0x8010500c, &(0x7f00000000c0)="7c182e9b3c7ce9d4cb0d3db413a9096e2a9eba66ce35c2335f7c748dd5fa3083bc738951a51dda131549ca747d8896c942048caae598d9dc61b932a6184247c9c11e9c51c20c7c66d51b05d4eb3b5a49718e99141bdd3772dc98cb48e2a80f97157a468fb1a0046226a44257") openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 8.170225155s ago: executing program 0 (id=608): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0) ioctl$auto_I2C_SLAVE(r0, 0x703, &(0x7f0000000580)="a4d3a3a6bf9a2da8775ee43bc75ffeb76ab6c08ed145a9c52866000014ec5b533b84d754ff1b926d02aa7fa8ed87cfe0d170d217c102281ebfe0d7e60487aac8a59f3812cec0ffc443deb7efcc9f20cfaf08114778dce8bf15bf7fb538b9499f231769008db793d3e02da40007562434cd1eca09a23fb28cb021bcdc44db26a019a369a22775f7aa8ff9e7ceaf5ab71d412754ab8c7debbceff29ea72a8ca05f4d9720ef2d34ad8cce353c7b45f57e9e3277ff5cc688c9a4cd3b9593842c9c450841d2d9828952cddfd3aacd42abe0e80cf0859ee819ba622d7a6d2dde1c072865cd646b398713b7a62ed3b66e9d5b340c929bf355a400bb5a1a2276841b8213d4124542ce4bc9483a182c80402c79f89d5a6292e20000000000007fd5726c69b163acd3b2c9ae413532b5b295914026731e5e7254b51ce2aa9bd6a81b7e4606c5fed45e4db4fcddbd49009b8239694563") recvmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000000)="44f9ff09a4ffffffff23e12332e60bf78aa0fde6b30df0724f57742537efac675fab66c0bb275bb2d8acedb542a3216d6f10f3161a0b2629f3becb8c3b1dc28b5890a1cbbde1196cbd7f2e900ffa0d9248283c28c8ae4bca28f62857d5", 0x81, &(0x7f00000000c0)={&(0x7f0000000080), 0x5}, 0x9, &(0x7f0000000200)="4f5e2f56ac48ebd6c963a638196aafb9b1ae2239a120599372d802d774b57468740ee0e047f185c8a812c8cdff8590c126278e7a27dce7481453bb272cef541db66181eb19174515dc22e8b4e216e1521b2371acdfea34147cbd7eef6b647a3849f691dac12cb48234fb31d5c3ed849c9e62dbc322905377c3c4116a2fead519cb1afbd2f14fdc21bf52eaad85990106c413e11984a8ff52edf029d43486f544007d8abaa1a3ef261bb27c540672b7e1cf13ae822ced10f0e97fd8233b40e8b34ab14eef51c864c9d73ed4080aed798a394e0d11fa3016fe774a9686755c10bfbe0000", 0x200, 0x1}, 0xc}, 0x897e, 0x3, &(0x7f00000001c0)={0x1, 0xfffffffffffffff9}) sendmsg$auto_NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc001}, 0x4) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000)) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_XFS_IOC_COMMIT_RANGE(0xffffffffffffffff, 0x40585883, &(0x7f00000000c0)={r1, 0x0, 0x6, 0x7fffffff, 0x2, 0x7fffffffffffffff, [0xe375, 0x3, 0x7, 0xd, 0x3, 0x2]}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto_RTC_UIE_ON(0xffffffffffffffff, 0x7003, 0x4) setsockopt$auto(0x3, 0x29, 0x46, 0x0, 0x808) prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x8000000000002, 0x0, 0x10000000, 0x3) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000040)='//\xf2?', 0x80000002) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x7, 0x3, 0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/dmi/id/product_name\x00', 0x200, 0x0) r4 = pidfd_open$auto(0x1, 0x0) setns(r4, 0x60020000) umount2$auto(&(0x7f0000000000)='.\x00', 0x3) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000080)=""/64, 0x40) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) shmctl$auto_IPC_INFO(0x5, 0x3, 0x0) mmap$auto(0x0, 0x4005, 0x7, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r5, 0x8000) 7.25283658s ago: executing program 3 (id=614): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/zram-control/hot_remove\x00', 0x8001, 0x0) r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(r0, 0x0, 0x9a9, 0x70000fc) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) write$auto_sg_fops_sg(0xffffffffffffffff, &(0x7f0000000180)="4a0200000000040000899edb615550fd8c4496fa87f201004feb02eff5d2adc239a4e1eded0e91b86c61b6b42ed62d62a26a5f31109e4bd82797c0e623a4be715fcab52d1239c503da1141d07cea841bff00578cdf826d13c54f217c7c160e708c20b2070f78f0379c0281de71f7b1668cc421e30fe1f4b418fc08dc2dd4835a04bf452b88", 0x85) r1 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) r2 = io_uring_setup$auto(0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) recvfrom$auto(0xffffffffffffffff, 0x0, 0xde, 0x8, 0x0, 0x0) timer_create$auto(0xfffffffa, &(0x7f0000000100)={@sival_int=0x9, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}, &(0x7f0000000140)=0x6) timer_settime$auto(0x0, 0x2, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x401}}, 0x0) ioctl$auto_IOCTL_VMCI_CTX_GET_CPT_STATE(r2, 0x7b1, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r1, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/scsi/sg/debug\x00', 0x2000, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x3, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r5, 0xae03, 0x42) pread64$auto(r4, 0x0, 0x6, 0x3) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 5.800724018s ago: executing program 3 (id=619): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) write$auto_cachefiles_daemon_fops_internal(0xffffffffffffffff, &(0x7f0000000300)="a0", 0x1) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000040)=0x5) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/ieee80211/phy3/netdev:wlan0/stations/08:02:11:00:00:01/he_capa\x00', 0xa0080, 0x0) r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy16/power\x00', 0x204001, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x0) unshare$auto(0x40000080) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) sendfile$auto(r1, r1, 0x0, 0x9) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/\x98@dio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0x2, 0x80802, 0x0) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000002c0), r4) sendmsg$auto_NL80211_CMD_ADD_LINK(r3, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="1485", @ANYRES16=r5, @ANYBLOB="0004dbdf259400003d17082520884d2d8400000000ec436df2e0db073b1971b912af34"], 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x44) r6 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r6, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) recvmmsg$auto(0x3, 0x0, 0xfffe, 0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, 0x0, 0xa3) r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r7, 0x0, 0x1ff) 4.43289705s ago: executing program 0 (id=622): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x7, 0xf2cf, 0xcd7, 0x82}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3fee6c2bbb6c8599fc6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84be165f", 0x300000a}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000080), 0x20802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x22a01, 0x0) io_uring_setup$auto(0x403, 0x0) getpid() unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x80, 0x4, 0x5, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) getcpu$auto(0xfffffffffffffffc, 0xffffffffffffffff, 0xfffffffffffffffd) fanotify_init$auto(0x65, 0x2) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) syz_clone3(&(0x7f0000000380)={0x2c022000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) 4.030394009s ago: executing program 2 (id=624): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x2800, 0x0) (async, rerun: 64) r0 = socket(0x2, 0x5, 0x0) (rerun: 64) close_range$auto(0x2, 0xa, 0x0) (async) socket(0x18, 0x800, 0x1) (async) socket(0xa, 0x2, 0x3a) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) (async) shutdown$auto(0x200000003, 0x2) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80002, 0x73) (async) socket(0x2b, 0x1, 0x3) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) (async) setsockopt$auto(0x3, 0x84, 0x40017, 0x0, 0x27) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="036c25bd0900fddbdf02000000"], 0x1c}, 0x1, 0x0, 0x0, 0x404c884}, 0x64004890) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(0x0, r3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) (rerun: 32) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) getpgid$auto(0x1) (async) io_uring_setup$auto(0x59, 0x0) read$auto(0x3, 0x0, 0xfffffdef) (async) ioctl$auto(0x3, 0x402c542b, 0x38) 3.421784906s ago: executing program 1 (id=627): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) listen$auto(r0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0xe8082, 0x0) ioctl$auto_BLKPG2(r1, 0x1269, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40900, 0x0) setsockopt$auto_SO_CNX_ADVICE(0xffffffffffffffff, 0x4, 0x35, 0x0, 0xb7) 3.130489821s ago: executing program 2 (id=628): r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6a) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptywf\x00', 0x0, 0x0) recvfrom$auto(0xffffffffffffffff, 0xfffffffffffffffc, 0x5, 0x99, 0x0, 0x0) ioctl$auto(0x3, 0x80045439, 0xffffffffffffffff) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x5, 0x2}, 0x10001}, 0x5, 0x20000000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x20a00, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r2, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) ioctl$auto_BLKGETNRZONES(0xffffffffffffffff, 0x80041285, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(0x0, r3) ioprio_set$auto(0x3, 0x0, 0x4b34) sendmsg$auto_TIPC_NL_MEDIA_GET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x67c0}, 0x1, 0x0, 0x0, 0x800}, 0x10) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) 2.510660726s ago: executing program 0 (id=629): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x6, 0x5, 0x2000003) ioctl$auto(0x3, 0x80000541b, 0x38) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xed2, 0x12) prctl$auto(0x0, 0x7fff, r0, 0x5, 0x2000000006) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) write$auto(0xca, &(0x7f00000000c0)='\x04>\x00\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\xf9y\xc7p\xf1w\xbe\xde\xe8\xc3\x01#\xcc\tF\xb6\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1\xd5\x1e\x8f\t\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x85\x00\x00\x00\xe2E\x00\x00-a\xb6n\xbc\xb4=\xf8\xce\x01\x1f]\x85|\xce\xd7\xff\xff\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\x00\x80\x00\x00\xe9e\xe5\x80\x1c\x02\"\xa7&8U\xfd\xdc\x15\xae\xfa5\xb8}\x0e\xb4:\x91\xbb5\xd3{\xb2\xd0\xc0\x93=\xf8E\xceO\x1e\xd5\x8f\xdf\xaa\x1c\xfd\xb0h\xd8\xbc\xecA\xa6\xde\xd1=\xfd)d\x8f\vk\x1c+\xf7, \xf8]\xb3\xe9B\x02\f\'\xcf0\x06', 0x1ff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) read$auto(r1, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1d"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x804) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x8000000c4}, 0x2, 0x0, 0x0, 0x5}, 0x7}, 0x0, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x40203, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r3, 0x4c03, 0xfffffffffffffffd) madvise$auto(0x9, 0x6, 0x5) unshare$auto(0x1) pkey_free$auto(0x5) 2.345412568s ago: executing program 1 (id=630): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/zram-control/hot_remove\x00', 0x8001, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4200000000df, 0xeb1, 0x401, 0x8000) socket(0x28, 0x1, 0x0) io_uring_setup$auto(0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x5, 0x104000000000010e, 0x2, 0x0, 0x16) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x8) setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x567) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'sit0\x00', 0x0}) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/acpi/parameters/acpica_version\x00', 0x400, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="011526bd7000fbdbdf250b0000000800130007000000080004000400000004000b"], 0x28}, 0x1, 0x0, 0x0, 0x24044095}, 0x4000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0xa}, 0x7}, 0x3, 0x2) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000200)=""/266, 0x10a) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd7073000000001400000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x1400, 0x0, 0xaee2e45ddcc9e3a5}, 0x20040080) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000100)={0x1c, r4, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8804}, 0x28000040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x51) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r5 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x68) ioctl$auto_FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000080)) 1.840315711s ago: executing program 1 (id=631): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x24, r2, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@typed={0xc, 0x3, 0x0, 0x0, @binary="1d906b2807a58f65"}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x104}, 0x40) capget$auto(&(0x7f0000000080)={0x7, 0x0}, &(0x7f00000000c0)={0x9, 0x829, 0x5}) sendmsg$auto_TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x45c, r2, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x448, 0x2, 0x0, 0x1, [@nested={0x2be, 0xcb, 0x0, 0x1, [@nested={0x4, 0x52}, @generic="097dbaf85be42e4e5613ad2e1f89d9c15acd4769ed7d562f04d841766def0fa7de4434f96dfc94f5fb7c67d2300d925f0ee414d29071dac6e983032b4d803ce3454225ac4eb91ce5f0172af8927ddcbd57d790", @typed={0x8, 0x124, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}, @generic="a170cd4cb88e25f79239c37a997392004767689843ed38e616c6b6af145fea3333d2d6272846696dcbda96b1d018bcd6ae8408afff4852ad3e23c573962834bc9b7af1a7aae551a97bd0a520314e64a5a102f6be0cc3b85fa550a41b08c84ce6e11117d9decb2ac293ca0c6fd021be34d76d03018b52f2eed8d98c5f6bf7135babd43f45f7821633037e94581defb0565c59b6dcc74c3f0b8e3feeb9098942cb86ed09c455da609c85263992860ca977f7a8229a81e4b820", @generic, @generic="64eeac3e0fc9aaf1ce4cc8ab812b5fc430531c40e04c9c797e628d7b41fe670e05bf21033263d50062a820e7d33816c67620fb7730e062b2ded8de7b790233cc30e93017a30e799e34e2904190edad0d2dbc015ec324e2c884c280d2c298fb9e7e38df03fd02f2c808b2d6287cd74b8180ad08dd043422556c9d96ff56ef94d8dcabb12b09eab3531a12e1a08d1333960859bd294d6c8407c8d451a1f78911a03e58d03a510663fe41278c6ceb9b285cfcbbb9f215cbbf21a84b6cc29d9570b6bcd9aab291283a1a0f2f57c905fd995bc341bb99698c", @typed={0x8, 0x7a, 0x0, 0x0, @pid=r3}, @generic="2055fcaf3380ea3d7b972404073ca79fee6cd73926e9aa6727936fcb9b84dfc9c40d1f26e6778688653b247764a597be856d53bb5a040415218e2a74a4408450f13b2ff948c55cd1a9060b0ea75720264becbdd32e4f8dd586e92975ffed0ff12232c6dc5652f2ad89817ea2aa855f40e14735edb4008f4461c863ab793f85b9c28bfae5a2ed91856c87575df4e67ec18692e3229c7ee90f54c4a64faac98a7506faa9fe5a0e141c91fda3a085bf39d394f49be457", @typed={0x10, 0x89, 0x0, 0x0, @str='/proc/kcore\x00'}]}, @generic="6ead2c8c6a5db26190718cc84d531c3d9c26ce175ebcac411371ef2f74f8c2a7c40a841331afa44e4f535209f01819d87631c1ae99322aa0720dcfac6b7b159f8c20f568c4c6f842417347eb870d0d4aa873ab80afdc7ced9770830a3da57d03851743c527f43abb91114d2ab526654092ee7e", @generic="ae5c1360cef040813e969b2e38a26b4c631fd1d6f44f1dad972046806bfabbe667e9d13cbb0a9cd9d1b8344a197c9140ce5b8d9cb12969d293f01497873dc3aeb7c315e2a9de0d9bd3c85b283e84a7f06f", @nested={0xbd, 0x12b, 0x0, 0x1, [@typed={0x14, 0x140, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @generic="af58ce7e6b7f2cd0ac172f7cdc7f89bd3bc65cfc4ebb7f6b1b66817bbf980e92c33c927dc624737df207468ad73d96679d15e38b9fa9ede03070322f27d4870918c51b3ac48016ef4bb86448dce46c00abb14e947a965c04b400d32e7d678c47f66094b61b182d18aa1043dccf127757217c5b82764250120be40336ec3b4945088b1d69ab27c4383923f3a7f0", @typed={0x14, 0xd, 0x0, 0x0, @ipv6=@private1}, @nested={0x4, 0x135}]}]}]}, 0x45c}, 0x1, 0x0, 0x0, 0x2404c054}, 0x8801) read$auto_proc_iter_file_ops_compat_inode(r0, 0x0, 0x4d) bpf$auto(0x0, &(0x7f00000001c0)=@batch={0x2, 0x9, 0x2, 0x6, 0x58bc, r0, 0xaa5, 0x795}, 0x10) bpf$auto(0x2, 0x0, 0xb) mmap$auto(0x0, 0x4020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x3a) r4 = socket(0x2, 0x80002, 0x73) bind$auto(r4, &(0x7f0000000340)=@l2tp={0x2, 0x0, @multicast2, 0x4}, 0x6b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x400004, 0xdc, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) fsopen$auto(0x0, 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bond0\x00', 0x0}) r9 = bpf$auto(0xfffffffd, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex=r8, r7, 0x8, 0x7, r5, @relative_fd=r5, 0x4}, 0x1ff) prctl$auto(0x8001, 0x1000, 0xffffffffffffffff, 0x5, 0x1007) bpf$auto(0x4, &(0x7f0000000340)=@query={@target_ifindex=r10, 0x0, 0x7, 0x8, 0xfffffffffffffff9, @prog_cnt=0xfff, 0x0, 0x79, 0xd1e3, 0x4, 0x2}, 0x4) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000180), r9) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x8a000, 0x0) 1.590715712s ago: executing program 2 (id=632): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000140), r0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x4004) (async, rerun: 64) io_uring_register$auto_IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000000)="1ea32a3c5cbc86dbbde9aaa9782a726cbb503a9c99b6a68d499420ad24913c88420632add1570ec916b1e730b27ecc35ded2d9b58467b83a9fb7d346321fddbebc9d39f12a91240923f40392ecd6e2f2ae7641121adb2cb66ad25759559f99d273044a5826d715505bbc58c9ac97bdbad03899eeb80cb91759dff85f0eac19160b5fa8d269e97b94dc66c9cccd5546638b3a1f3bf70ca303ec074175f77beec568da41ae7cd6f4503d7ce824232736d98e9a1cd309ba584618f5732b00f616fc8820c27e4acc9544c090f67990b7f53d851cf36ef3846153ebdeb458a733a5bd425f4ffbd9572982698a27c5f9c40591d6368009", 0x5) (rerun: 64) 1.514481052s ago: executing program 1 (id=633): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r0 = openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000005dc0)='/proc/thread-self/ns/cgroup\x00', 0x800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = getsockopt$auto(0x6, 0x1, 0x11, 0xfffffffffffffffe, 0x0) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r4, &(0x7f0000000dc0)={0x0, 0xfffffffffffffe75, &(0x7f0000000d80)={&(0x7f0000000000)={0x20, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x64004401}, 0x800) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000001f40)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001f00)={&(0x7f0000000280)={0x1c64, r3, 0x20, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_KEY={0x177d, 0x30, 0x0, 0x1, [@generic="062ecce8c3c7507ad6dce1dc019d616a6ee88caf127c260202bc081dc6c6f2968a67fb5416773c7580af7413d5b89aa18c95640e6c51be56d9aee282b2d41809dd7fb14743", @nested={0x21c, 0x13d, 0x0, 0x1, [@generic="c0bdc2361c20aac7bc2bc39f97c835a68997b7bcc0fffd88a0c2", @typed={0x8, 0xc2, 0x0, 0x0, @fd=r0}, @typed={0x14, 0x150, 0x0, 0x0, @ipv6=@mcast1}, @generic="22f2f379d582188a7660ec6946054b26e6618a5ec5186ece4a2ea1b5f3f51ba7b77af71ca2c3f03bc35081c321c8b8f4a6716990b908c0e805a4", @typed={0x8, 0x116, 0x0, 0x0, @ipv4=@multicast2}, @generic="07c3103e37a0c7eeeaf42436c2cb4abbdfcc4cfbf919c103e43430f3f2ce6fdcc7f2635c73c92e4b469f04ffb7399324fdf60576b4b6eb6047d3428a9ee2500ac0129e9a95849ad2f664fb52578d545b9913b890fdd3658e9b70ef2f3f3eea63c60b2dedf77fb15f9aff91403ac01f16ede5d8906a1e175353d015cf103dfc32a7ec99c75796ac3454ede33f112ce06e2f881c5ee1929567072521f7236575d291b7acbdfe99d3bf70bc8305d05da083d5287676e48179dcae67677db4c9f2d02c86992ac0f4ee22a7ae5d7443ba098ca442", @generic="79a221569d4763d0eb1d42f28409181fe908d83c39c7e0f3259ff384b9aeb3867235da03a41d4c386146dc4a28f2f09973140df7e2c2a1f53fe5b5d3de86840f635fb6b37c20ada4143abeb3d8d1329c052ff718361fc644e9960dcf7d4eaf9f4775e32031c5206fba0ee3978613ef65e29c6fe6e20353a431a3df6c3a165afb73d32df0a1d826854affe016fa3e62b5dac02ce0f33fbfa317717494c98d8bc979c89c7d03a6407f60223e3ebc4676c0d5015c59819dfd93d88d770984ce75c9f5f8", @typed={0xc, 0x40, 0x0, 0x0, @u64=0x4}]}, @generic="53412cc092b634754c06209172211bf65d840af829b89a82ba2e19aec131eae04a82606ecb90b24096c26f1a377ad72a366cfe661262106b56fd26de1a8cac1c3f7b25cb11ea0fa5bd85f430fc3da9d6f825dba92bf50c1c62b6313a31cce9a5554dd1b20fd396060170b744ba80b545a13c258ccf3649c0401242381c725f685f69ccc64d44bca9ef35d9e2b680ace68f929f166794eee64cb0ebcee158bfb379772a95cc84bf97915db827e61a04aba27d784dfbc362bd2214d89bf1d005dead63f6387c77dda56111e6318d12f43967f7260154f7c50e3b82025e7a12841f344333fa2cac3549309c", @nested={0x29d, 0x94, 0x0, 0x1, [@generic="63c8ee7b9e8fd120a6e8ebf6287d8d0d8a35209ce09f60b4f8fe68f5802e233f4416ce74de465a52923709db36157416400ced53cffe2aebbd6492cde34ab80577c4062d7a02804617e806b252cadff8a7c9189177f54a448f5f3dd4eb382365e5aa7f61418bc48d9cc07efe6e9cbf2ba5d2ba84c933e504239d152cee7791a7fdf63db55ee5fbffc40d5a88dc8be7067158a05d8775132439b452ed6982ecb0561cf9e3b616cd08567331a03e4525889c6ef18a6afc232f28350adc6b67c308e091b77953ffad66cccfd78a290188b05a79153a42c17cb02c8eb9b77e95933dab6ef6dc80d72b1b231fc4b7b5a6c549c9dae54000a3721889", @generic="483299dcc91b1c2b33f0b06d84c34f88a00219d6cd90b89054c5151b2087fee6348b3267ceb61513dba04278266d9232830bf89d07e094d21b1ec6bb74d076c621acd54a189d666ff0cd910279356d169b5813adfd8e6743a70d540e99fb58f3428def867dd2ba87b2ed03e4e77ab27f00abcbda995bf68682d2fde5a9921e030967c578c5288ce99e78f417ef04e8988c5d43215a3e8d0025791c75d6ee43c686429d4916dd", @generic="66909fd156f4cd133593d7bffbda7ed7e7120ab12d6c577be7711b94b9d1a7bba52df018ce8a58ad1e76979ee793283198ba2e1c127114afb5d0bffa1bb9287c7bddef0f95ee228445e2d7f9545d2bb6628eabc80aae5656cb0e5937b027952bcf84cad83c7093d0deff1d9c60ad7ae35ad7cb712f65cc01edfddc388ab3cc69f0b7e520", @generic="dd6c07a945731727fa0d2d546d60d48a588560ef62161c16d57998d8409405b9f91cd9817f61cd027b2cad75e5c7bf1535ff527676ec0a06d3782dfbf685f28170d09a7abc9e6f9b2613a2fbe3507033ad24eb0ff168cfd4ccdd258f1db26d54187d", @nested={0x4, 0xd9}, @nested={0x4, 0x50}, @nested={0x4, 0x55}, @typed={0x8, 0x68, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}, @generic="3b1216ed4f3e9bdba1a9508e2efa79d03fc6748ddc9cf10e2c987f3b769a4da097bb42179a79409e8fa017a4618358a470f539f4f3371442836be51ff9aaec9c7c54aac8293b91914ffeadffe318dbfb94e6e0af54da017a91c0a39a49b98fce899e58554ec5f58ee5a0e374dab6b3f770aab2183c5097fe25285173311789311ece2aca47561db9489122cf5c3a4dec92f9a29d9c8d00f22c9a3238354f5f174fd520072f7d5fcce8944e82f56c260ca3386830d2b14b3c688cc9687682f43ea6c2f2ef853beaf39398996093788f00eec795a3eb216b2a78cadce8e9996e25f5f160494ea4131456b4592fb7d0e42381edb8", @nested={0x1004, 0xf4, 0x0, 0x1, [@generic="1233d478c5dfee07801e41e9333442b9b4d73e7a38dc13d0b9995577c686d7136021b21bddc26a2ba26e6d7f3d218f3de1d220c639fda62f2f716d982f968d3848b535cf720ffc548d1c128b5026d40d97e9639ad1f737be40177c8a3bc6fa712c85c7427d0c9a35c0ddb50b5e68449f4998730f7741716cd5b07962fd3bf8da48a407766706fa8dd1f05b22876e553f7806daf2dd82ec3e126a5e3ff00b2bebb095034a16715bc9f70c619e02504d142b0daabafbe64f83ceb44db7584993144d7edc48f9ab586abdf9293c01db799f9524090c9c10648c6bd92e664c72abd97047f770ee9d98d8eeb0a3a7fece6d786c684d5454778c4251aade213841b4befbaa57866add34b69297e20be43b5076e0039ca44c92bd13979dd1ae3e4bb2c0bf398abad720a47683351b2743a8ca39cd47821e22df672a5f004c0f16cf88ca81f4018feccccc514f2e80987835cd27b2caf492ea7baa7103584c3e664462e7248539a135ac99e10fce4576030b05c1e6ba6264348b3832b4fb535059feff00e26133ec5015d111837911fcbba1abed143c973f8baa896572f0ea060f24ebaae9413016846fd1ebec124d761beba012cb60eadd4c91021b6d92551a2dd0daeb6d815c70b08accf067428f046a4fba3ec766ba2cdff8d181bb312b41c632f947c9606c5f295659f6ae3b3569b33805a47c0de48471e1ca320a26e5f307151d42987397cab321602091d4a04b4844e5ed262c7c08d2a645c07ffa0d64ff23e11269d089d78e402555adf8304a3e3e3a7a566225ac2602986f536b1eb496689dbc9a1795263237361c848fb71df33a51768399c2b7b0ff637fe4eae00ec40307df5b8642ba72d9832a9044427f72a9fd16bf63ff727e487d527a65450cfdda1e65e299d540269fb6daa1227b9172e93be0d302276deaf6440183f111409348daf4a2490b094e87fe1781847b3b2ce33282934ddb010dbb2d1102689c883d165dcd9893a367eae6c6c3f9239eb38272702484e091d3b121f6a1a0e1a58c3f622a02e2cedc2232da85a2721753b3af1c71714da3524ae116946b600c7b2675df23b63a7f58fbf5ccabc23e6bc5e843542a4950432e93b003a42ed5de8cf894dc59336b037475b42b1003baa8370e4078c2773772dd26e8f3cd912fdc5e7dbdea18aac24dd3144abeda8720f6121c8303e00925e76bea9ebe7a88c763b1ef5ea8f84c20da202c94e5b5f516c6f5c449147ae8e3f72b8f4c2fed1bc862f380ca2569bc50491ed79222bf0087968d88b4c714ecac64b7f81f8eca16daed319161fab4bdd5d491133ab748943003898976616f8dbe97dcf685f9f90170cec3e27f8fcb5608cdef11aea79c3de048dea09442d74487fbf7d7f222187abe4d73f8b282725285b8cde1e983327a1bb2de602eeb503e3f790e67ccbc40f8935c1e63d79ac65bb37ebad7b9b301817eae83971115f2ef16255da58cf8e818549486f2b91e4097cbacb3de1d7df30c7164e2f6484e1b2099252f546d85accb34e5e9fd4139c08bd8a4d2067c41e97bcd644512b5c28f94b8a6d244f514f1e5ad06e91a32a145787dbcb11e0bffdf0b5d67aefa3444951f799ce3f2d3daa634f0242bf4e82b27e4b86ccebacf72859a13f9ad31bf049fbf1f76f644d92b92126ba64b23f15284af03428bea3056aa4ea6920a24cbb2703756988c42139d362c7e10114e8d7e40ca1300514ed009248a46b24d358b7da68aba083f6d5a2bf916a32654db7bb3a8b9dd5c3b1e77a9fdb99c39dee5e1ed624554ac25b8d82e84b56b2cf371a908dff3884b835defcad3c27d0e984b46091d5aa98e7fc792e7c504e91a37c0ad6fe28b82ba8c478b52bbe13bf34808642942c5785d806500141e94ee16f022597251fdee7648622ff2281fe388999919b2ab0d2f2beeb41d11ad4988488bbaf2d979ca1311a1c710a0d62f5173ee2d6f5deb96bcac4f6221b02eb4eae96042d78d770122ed11971de3dd60dd27336b6daba35e579692b6ad9c03b47671766a1cd8af610cf28a4003b3b2b3097ec3ce26d15ca9966f2c2aa9aade72b1578169cdc3ff901277c52127c8934df274d55b63086624c23f909e7dbd24ecec3933175bf53af7d4d8dfd190192b81ad30af08a390a0541d95555bad41c0d8a7cdcb40e095ab381ae6c05f6f20c2b4b9f5b669d218959d8a64410856e8cc439040f117da1260252798a02e6f2f25a54cc8bbcb0384b36a877a917f69a4cc7a2eafebfa8bd77bc87e463e69e8338e3946cc771e0da9b19077fdde141e6feabb7c01eb7034e00e5e8ce902a7671f922bf70cdf9cd0e4c88fef70b62dc0f9b82bc4d765a74bb0f5b7436f8a6ddf15bd9f18cce0a991f2ad112752427e1dcaaf1246c72474a42d367b03299c0ef79618d019bc832b2dab6c6708df367f55f49960b9f398f66f6c4ada66488d372988b63bd95f52b6ad62e3782df66998fccdfd83711e69be878aec1f9090f96010035737e5996bf21cfab4596dcb1cb8fc232c9728f853a05b283fa497a87f85b1578f666ab1f296f251cd02d0a728d3fda64d41c5ca4344e813e3a99edcb212127a7213f5dd757d95809c1a2e6606fa596945c8cba0a4367fab3d90c7c3980928675d69b40d95cce8ee1dd074a3fe16976de9fa66393d2027ec9d39dcfa5acddff13167ca144c327a523bb7ed0bb1958e2c237c452fcd8c0cb3704b497bb741807cdaf41f0ce0cad08e756e14c3d48b82fea9abb509ee391ce3f09c876fb5717146ea939adf603e26503b66a7f1deba20a4e0a019a4777505a6758079aaa647202c24ead3a72007535b020686b5aaafe7573ca0243aa22a44256405663e8d877bda2edaaaa489d7692ae943b52346a6fd14b7cea95b0387cacc5cc14cf80b206cafd63515ebc67972b7d2d513c3d2282f90c940beec1ac05af1e1e07995c8509b90f340b59b26a74c4e37a5e82e7a30cf36665f4c28f5d172d07771f30d38971385eaf3f87ba848c61f005b251c1e454ae83f05377f4d7562932638b635036e375a22a2ef1da31039bd8a279d1e03b0b6ac35c2a8bc2c2644da7862508d3920c4b3d26f4401fad011bf1ef7c5dbfa21e64df609a40a066ba24c56f3b4522dbdbe1138f0772d28fce3cd74679a6583d3e15c0266948550951e34aec750a99945d9b2d0d8adf841485ace3564f12fd86741d858e8c1394f6cb74912457611238ac4a4f6556d05e3341cf2368b58a9bdab522bec74a1cf182d049fa6ec6d52323e3d15e4d18b2d873033373365a083776114050f8f28ade136e6bd91381da0fafcb1e5cba3a010a3c8223d6a0fd6e32dc41d9914655e1f59ad32396ec836e28f8a33276d4cf9b81b11cc262ae53c0fc634bb401c12eb4b1b047105c39703a5a1d09dd94fa9b62a163fc72f96f6dfdf080014859be76d33628b231d6729035030152a28bf2b9f1d39c1a7e0f5a6c9568793890a7c9d10e937797b4e4fe5ba5ee5238843b7ab1639d7ef59c01ccb97b368c42aa70b9f2ab44d50e880065062f43262c513c4cc7ae1b7cae759ec9cd3013f2871fd2f16077a854dfccb197fe0a97158e31ccd77f5a20420fa2db726094b9ca5886e4fac5f5c3eff170c8fbefa0d1b2ff13dbe8754020d3f7e3f064dde4b0d52e31db6fe7502a28dd7a9b7ad0f47cb978e39f0e23749b53591e8c317eec850e253ed86f0de423be7ed8743d14e646ba99f4b74bf09e7f6c2d71b7d23eb7d888c9febf517a8fd3fe6de29e876dd483032e4917531feb1c58ebb43dbd65ad6cdd160671a0d96d1ea7131a80f0f8ba72fa49107c5518293dbaeda5ac34f587e80ff4c91880b5495efac911f52e8b301ee9b1874fd7419b831fd997caa7501d9a42f0cc849ee2a63af398380f8d2009a21a01e4d49fbbccdc4860d73a8a46e65a5e80ffad56c89a607fba55fbc3c290c2203dc446d7317024a960c1ac3df5bdbcb57a6da257181fb0da66c51216c7836085ab6c15fc7d9875822cd8c7429237de1fc8cf3a3530ca4972c742c0756f77791e605b3f663f6b74afd5b0c0ea9dde7ae0c70e622b21c87b56d7ea32e3a29115215874a43f3f5c27658d924129c7b0c0fbed58bbf158e2215fa617e08ea761dbbc5a184bc80442f2e731d118e88f955a94438f3219ddfdfe8ac4b4d7cf87755d27fb62c0bba1e39990daf9cb8e5f3b96c4c3da66c2470db410de74823f931e709b326b9dd81c36fa7bbd3bc048ef87936a9db3587e8c034bca2035d13ad1aa2aa41095b72ff1841a376681976d7b2089b3525ba35b72f1e59e8a3749cacf49e7bd011ce26758ac268afdc9a068693b19fac0e58e17d5c4e7cc6e55cff7d3e40fe539b5d853cab58eb6767891cb81fe1fb3301c160897b26d741a3d4dcd61d56e0a60f50c01e34c46e7f8660c8da57369f03e434c9fddd7c0446c8758cee524f4092283d5d175420a7b09a36c93885c5b7db83d7f6a24f34c18e6568e30ca9963b01fb931314189c62933a68cbe73683709fe358823283e7bd051cd5bf9ed0c4ec377e28d659e6941479950e656bc1c738266d3c1de9fd59208794f36e064a5e630b98b165760c679e1929646c0e76ba73a89f1cd1867f035585e4bb32e1d628ac1a3b5166859a86c278e6de336e84e8730aa9236808d003b2d51f7829027fe1ad2d3deb0bb74b0acd344366c4f52a759ec7619ada7a0a796fface2e82b988814db8200bccfb368e4c15438fd10057e2700b1be44bb0a05b916ee75f5b1d5340821a804bbd1d5740ade5b44b784a3cc33fefa1e4bd49c53cc014de439df2e77a3a7b4751a8e000281311608b55e8c91da7e66d4eafde1362c71401bba3426f8d1f6d9ce39ed02aa7578e1ad992078a8a92c8f59ee61fb8b0c8d6c042bec35ec86a7552d9bc79e9cde419122a7e9c867fd15d1ea0daf2e09c01931dc4488e7c14dcc070b03012ab74b1faaba68fe912591c389758c7f4992262ff97324fe32c3280152c5b9d15b6ad77729772442c36806de40e5dee466582320ec563d6abc457672a36b5de87416a106272d75d1cbceb2eead3aa107c938c17b57d6660f6dc3329c4813f1c9ee9b13442b6d2bd7a33bf2b28eda7f48d2ff3314f72563deba3012479668de464f144d1fa875d370e25ef76a7d4b503ec3cb129515951f76de9b89351bdc759470c2deb9daee4c930a4872648d429ce052f7ceff86d60099329c8714244f28a5a37fec92e9d1e74c2236ac1212ffd6d1af702e8fa62f7afaf5d6a31a118b5bc1ae4272f4e37891c16fafecb4eaa1cd799f5ed14ad8e9f19d1ebc611f99b7bb72f12884c9ccae7fccd5334ef609767537f476d0316638eb2387f4e5b17cbaa6cdf90fcb69d67631986669cd1646eae8d20fc73b29348561114f023b8eb0de4b7d5db79fcc71d2ace9872fc7dd467549edbe162f1a455e0dea87b1ff7c69c39211ce331a5411ae975d6b050dbc8e152c59ba13f3619fde9b494a2e0d96779542d8e13f26b172da6c5c2d4170ccd9dcf96b567a419f172b060b6efd21cb393df6d4ef709e66cb81d4621e2877ff4ec974163c17b28bacb309e52b2f13f4754a02404937b9232883f61617599d38d2790a22ab5c96cb08df93bc803a584416dec1ac45ba4e79d46db42ec729d5ad285d6ff8257a43b0e92d47c0390357a13a052fcd7c208fe7539e487e2ef92ad7f474a5aca91da9c4e586d296b5b73a18c4436377d279efc1ef0f5953cc3111650b6b2ca248f58d277df2627784ed012233d2a2776eee18cc5bec7f39793c281d68be7d69872dc0d1a8b66b84b"]}, @generic="664a50925d9d4ae4caf10197578f1f632dba3f45313d7369cca109316507237e677c4919b2cd8c4115eb150fc5e7c5689a92114600317b04518a193b4243827b57d81f77068cc9d0cd1ca21ebdf05da35b01da0fbf63d2181323550b4c013408352b14f6bddf8c89aad211de1a2def482e54f7c4cb0489c62b04629a123a1b0cf4946e87c3f30ec50761b8794d59f770d9567684f640ee"]}, @NL802154_ATTR_COORDINATOR={0x4b5, 0x1e, 0x0, 0x1, [@nested={0x61, 0x50, 0x0, 0x1, [@nested={0x4, 0x12b}, @nested={0x4, 0x98}, @nested={0x4, 0x18}, @generic="d61c95d089b1502e7f0f995f15a0a5f3a7f4b32f0673cdaf4cbfa70a00fc3c21771a1fbd4015c31d64038e1b64d798de5da5bc1c524316e920bf79d80188340c7f9bb05456d817aeb853a9c12c", @nested={0x4, 0xc0}]}, @generic="8cf0333eda95d3b6b19f64effbadfa249d55060fcefad2cc7c3e760c0e0d1d5b499cc487970faa972157383b101c5c6ca878483c99e4592a7ec03f338050d94d48efc47330d32d53faa4d76a4b0fbbc8411d4db3ea4593821cd7414663dcf8ab4f88ff1c6e67af09b2c15c38887935a46f7bf734d52de13865bfd0605cf0ae5e355f2bb324fadbafdb42df88d8fc0d1a92aeb711cafed2f06073eba7e6e48aab", @generic="497eeffd8114fc5b5b350b9633a89534f35b5e02bda376abd366acdf3a578c189101c6380506f5245387cd3adf7c00cd57f22dbf0f3dec86266278c8ffebba88710b240467ac0ea7c3bc0dd1462bf48f7f2028f48a8d553e4db47199b6c23ae05b56ad66d505b0d316896cc2bfc7053f0351fed2fdde278d457bc06bc11734e9c890a486baa314b1531a2999831494491444859441fe6ca7ca98ae674137997ae0942903bd5739008465bdc3421ae9f8f5d938f7abbb76edf11c199bfcdd2c335d78d20bfc1dafe987479457fdfdd9a13a5eb2ea2b608ae1d43f144205718c1d15f1c68a8494669ae01fbfc3c6", @typed={0x5, 0xf8, 0x0, 0x0, @str='\x00'}, @nested={0xb0, 0x8d, 0x0, 0x1, [@nested={0x4, 0xe2}, @generic="6be21e29195b3a094dae41b4557397faec2fc9a79b1c8383301e801961182312a5669571c096e49d8b84d5416a2d6769403828ce4e0b779c65e947fc96d60c3ed702ccf67a9e7679caac14f1b1a5dbbcd54ee61486395cb5e2d40e85b3d9a3b4fc92be946dbefce97c5a220e3ee8c1fc8c91d39625435af5928f84acf7c9d08c3570ccf22b21b72113e5c498db6c59ac25fa7459da655e81d9d790b7648f0115eff567fe5e50334d"]}, @nested={0xdd, 0x116, 0x0, 0x1, [@generic="52e43b01584a9f883b93bbf79565f0a19ac260384a08490c8398c5f1f09c81ea7ebac8b7f94bf00945d3991a30f80d0bb636cce40a2d792a", @generic="a3e40180cbb41218aadbbf7a0af260fcce8d6b96bcd8d55876ef0cc2bdcbd2e1f35b54ce89d6313d23db22edba32685b49207705d17caf3655195cc93c5a029a7e63a28b52449baf5683a731cba15211261cb27a85b064e5e3d8447eaad367990d0d62292234aa6c260a17af551b86903c", @nested={0x4, 0x100}, @nested={0x4, 0x48}, @typed={0x14, 0x12a, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @typed={0x14, 0x80, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, @typed={0xa, 0x9b, 0x0, 0x0, @str='wlan1\x00'}, @nested={0x111, 0x115, 0x0, 0x1, [@generic="78d25daacdd0d865e1aa0ad8546c3caccca6de04429cece6d5212fe90535e3d6a4bede4a47782a635ea057ddb884f89a5de1fd0948424558ffd8f33b27f5ae2ba51d01d935a076ae8ebc7ffe5ef8e86f90", @generic="97b9dbe84363e46994957910b728d9372347aca621089e594015f4462fe966a78221cc487a09e43e772a30e5367a4940af44b2d7e135ed3a50b70330da4e71c24f800c028311890250c1b7ec429ce34ef4523e4ab83727be642c8158aeda608a465008b659e496e3d262f793c8fdfd5faecc742e9df51f8e57874a4e16aff20f84e516804abd58a70dac63cbae99495e20e2af7a1ce8f83cafd0e0f3b525bf5efe2698e5e0eef2476d528214ebb538d0301d3c67eb0dd0e8bb0fd1cc"]}, @typed={0x8, 0x70, 0x0, 0x0, @fd=r0}]}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x1e}, @NL802154_ATTR_SCAN_CHANNELS={0x8, 0x21, 0x9}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x1c64}, 0x1, 0x0, 0x0, 0x240000c0}, 0x40009) open_by_handle_at$auto(r0, &(0x7f0000005e00)={0x10, 0xf1, "82a0d48cb31f0af60000000823b40e62"}, 0x80000001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) r5 = socket(0xa, 0x5, 0x0) getsockopt$auto(r5, 0x84, 0x10, 0x0, 0x0) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), r1) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(r2, &(0x7f0000001fc0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001f80)={&(0x7f0000000240)={0x1c, r6, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0xfffc}]}, 0x1c}}, 0x4400080c) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES64=r3, @ANYBLOB="130026ea95f173d8973e6a00000008000300", @ANYRES32=r8], 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x20040894) 1.358821159s ago: executing program 2 (id=634): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_MCAST_FLAGS_PRIV={0x8, 0x27, 0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) fcntl$auto_F_SETLK(r1, 0x6, 0x6) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x2c, r2, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0xcb9}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x800, 0x0) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) set_mempolicy$auto(0xb, 0x0, 0x506) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x800000002, 0x0, 0x6, 0x0) shmctl$auto_IPC_INFO(0xb, 0x3, &(0x7f0000001480)={{0x172, 0xffffffffffffffff, 0xffffffffffffffff, 0xaee5, 0xfffffffc, 0x8000, 0x7}, 0x101, 0x3ff, 0x1, 0x4, @inferred=r4, @raw=0x978, 0x4, 0x0, 0x0, &(0x7f0000000480)="dbfb3f6c1e4a6c24494b"}) fsconfig$auto_FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x5) read$auto_udf_dir_operations_udfdecl(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$auto_nlctrl(0x0, r3) kexec_load$auto(0x200000000007, 0x1, 0x0, 0x4) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r5, 0x0, 0x1ff) r6 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000004080)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x80201, 0x0) writev$auto(r6, &(0x7f0000005f00)={0x0, 0x4}, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.289125986s ago: executing program 1 (id=635): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) setresuid$auto(0x0, 0x0, 0x0) prctl$auto(0x1b, 0x6, 0x0, 0x0, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x8004) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40ebf, 0xd, 0x300000000000) socket(0x2c, 0x3, 0x0) 1.05196963s ago: executing program 3 (id=636): close_range$auto(0x2, 0xa, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0x2, 0x5, 0x84) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1ac}}, 0x40000) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={0x0, 0x1ffffffff}, 0x6, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) 753.474155ms ago: executing program 3 (id=637): mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x6a) ioctl$auto_FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)) 262.454131ms ago: executing program 1 (id=638): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) io_uring_setup$auto(0x1d48, &(0x7f0000000180)={0x7fffeffd, 0x5, 0x2, 0x6, 0x7, 0x8, r0, [0x0, 0x800000], {0x6, 0x88, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x7fff, 0x8000000400000001}, {0x100, 0x1, 0x10000052, 0x7, 0x11, 0x101, 0x40, 0x2, 0x3}}) 244.202489ms ago: executing program 2 (id=639): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) socket(0x10, 0x2, 0x0) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x24, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x400080}, @NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x7f}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) (async) setrlimit$auto(0x7, &(0x7f0000000080)={0x0, 0x6}) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 67.475992ms ago: executing program 0 (id=640): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/zram-control/hot_remove\x00', 0x8001, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c084}, 0x51) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x443, 0x0) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec29\x00', 0x8801, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000800)={"fda25684", 0x0, 0x6, 0x3, 0x9b4, 0x9, "e919df43f641bff500000000000010", '\x00', "00010247", '\x00', ["22dfffffffefffff480400", "080000ea385d2cd706e10301", "b06f8c66ee00006f17c800", "5f0600000091148db1ca2a92"]}) r2 = ioctl$auto_TUNGETFILTER(r0, 0x801054db, &(0x7f0000000100)={0x3, &(0x7f0000000040)={0x81, 0x7, 0x1, @inferred=r0}}) ioctl$auto_TUNSETCARRIER(r2, 0x400454e2, &(0x7f0000000000)=0x68) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) 0s ago: executing program 2 (id=641): openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4000, 0x0) r0 = prctl$auto_SIGCONT(0x1, 0x12, 0x0, 0xffffffff00000000, 0x6) read$auto_fops_u64_ro_(r0, &(0x7f0000000140)=""/145, 0x91) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sysfs$auto(0x2, 0x23, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x0, 0x0) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio\x00\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&r9-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcf?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3da) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x840, 0x0) ioctl$auto(r2, 0x5608, 0x7) r3 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r3, 0x107, 0x14, 0x0, 0x6) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) openat$auto_ftrace_formats_fops_trace_printk(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/printk_formats\x00', 0x109000, 0x0) read$auto(r4, 0x0, 0x1ff) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x81}, 0x5) r6 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000018c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001880)={&(0x7f0000000700)=ANY=[@ANYBLOB="78b60000", @ANYRES16=0x0, @ANYBLOB="040429bd7000fedbdf250900000008000b00090000000c001700010000000000000006000a00568f000008000100aaa9000008002a00ff01000008002c0001000000050026000200000008002700b9c3000018001880140051000000000000000000000000000000000006000900cc010000"], 0x78}, 0x1, 0x0, 0x0, 0x30004000}, 0x880) socketpair$auto(0x1e, 0x5, 0x1, 0x0) r7 = socket(0x11, 0x80003, 0x300) r8 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r8, 0x107, 0x12, 0x0, 0x8) setsockopt$auto(r7, 0x107, 0x12, 0x0, 0x8) write$auto_ftrace_subsystem_filter_fops_trace_events(r6, &(0x7f0000000040)="713aa618", 0x4) sendto$auto(r3, 0x0, 0x13, 0xc, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41, 0x4}, 0x2}}, 0x1e) kernel console output (not intermixed with test programs): ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 111.177660][ T6183] ? mas_walk+0x6ef/0x9b0 [ 111.177683][ T6183] __mmap_region+0x4aa/0x2da0 [ 111.177709][ T6183] ? __pfx___mmap_region+0x10/0x10 [ 111.177733][ T6183] ? __lock_acquire+0x4a5/0x2630 [ 111.177762][ T6183] ? find_held_lock+0x2b/0x80 [ 111.177780][ T6183] ? ima_match_policy+0x8c4/0x2350 [ 111.177795][ T6183] ? ima_match_policy+0x8c4/0x2350 [ 111.177824][ T6183] ? __pfx___might_resched+0x10/0x10 [ 111.177840][ T6183] ? finish_task_switch.isra.0+0x2c6/0x1010 [ 111.177859][ T6183] ? find_held_lock+0x2b/0x80 [ 111.177877][ T6183] ? process_measurement+0x4c8/0x2350 [ 111.177897][ T6183] ? process_measurement+0x4c8/0x2350 [ 111.177948][ T6183] mmap_region+0x527/0x620 [ 111.177964][ T6183] ? __pfx_mmap_region+0x10/0x10 [ 111.177978][ T6183] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 111.177997][ T6183] ? cap_mmap_addr+0x4b/0x120 [ 111.178017][ T6183] ? bpf_lsm_mmap_addr+0x9/0x30 [ 111.178031][ T6183] ? security_mmap_addr+0x71/0x1e0 [ 111.178047][ T6183] ? __get_unmapped_area+0x255/0x3e0 [ 111.178067][ T6183] do_mmap+0xc63/0x12f0 [ 111.178094][ T6183] ? __pfx_do_mmap+0x10/0x10 [ 111.178124][ T6183] ? __pfx_down_write_killable+0x10/0x10 [ 111.178149][ T6183] vm_mmap_pgoff+0x29e/0x470 [ 111.178170][ T6183] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 111.178187][ T6183] ? __fget_files+0x215/0x3d0 [ 111.178206][ T6183] ? __fget_files+0x21f/0x3d0 [ 111.178226][ T6183] ksys_mmap_pgoff+0x3cb/0x610 [ 111.178244][ T6183] ? __x64_sys_futex+0x358/0x4d0 [ 111.178260][ T6183] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 111.178277][ T6183] ? xfd_validate_state+0x129/0x190 [ 111.178297][ T6183] __x64_sys_mmap+0x125/0x190 [ 111.178314][ T6183] do_syscall_64+0x10b/0xf80 [ 111.178331][ T6183] ? clear_bhb_loop+0x40/0x90 [ 111.178351][ T6183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.178367][ T6183] RIP: 0033:0x7f281019cdd9 [ 111.178381][ T6183] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.178395][ T6183] RSP: 002b:00007f2810fa3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 111.178409][ T6183] RAX: ffffffffffffffda RBX: 00007f2810415fa0 RCX: 00007f281019cdd9 [ 111.178419][ T6183] RDX: 0000000000000007 RSI: 00000000003fffff RDI: 0000000000009000 [ 111.178428][ T6183] RBP: 00007f2810232d69 R08: 00000000000000dd R09: 0000000000000000 [ 111.178437][ T6183] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 111.178446][ T6183] R13: 00007f2810416038 R14: 00007f2810415fa0 R15: 00007fff0c891068 [ 111.178465][ T6183] [ 112.063149][ T6201] netlink: 4 bytes leftover after parsing attributes in process `syz.3.83'. [ 112.606912][ T6211] netlink: 'syz.3.87': attribute type 4 has an invalid length. [ 112.629047][ T6211] netlink: 314 bytes leftover after parsing attributes in process `syz.3.87'. [ 113.829493][ T6235] futex_wake_op: syz.1.90 tries to shift op by -2048; fix this program [ 113.831401][ T6230] futex_wake_op: syz.3.91 tries to shift op by -2048; fix this program [ 114.391907][ T5629] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 114.393116][ T6246] binder: 6244:6246 ioctl c0306201 200000000000 returned -11 [ 114.399529][ T5629] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 114.420156][ T6248] futex_wake_op: syz.1.94 tries to shift op by -2048; fix this program [ 114.533606][ T6248] futex_wake_op: syz.1.94 tries to shift op by -2048; fix this program [ 114.614130][ T6248] futex_wake_op: syz.1.94 tries to shift op by -2048; fix this program [ 115.828768][ T6262] FAULT_INJECTION: forcing a failure. [ 115.828768][ T6262] name failslab, interval 1, probability 0, space 0, times 0 [ 115.887750][ T6262] CPU: 0 UID: 0 PID: 6262 Comm: syz.3.96 Not tainted syzkaller #0 PREEMPT(full) [ 115.887792][ T6262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 115.887809][ T6262] Call Trace: [ 115.887818][ T6262] [ 115.887829][ T6262] dump_stack_lvl+0x100/0x190 [ 115.887879][ T6262] should_fail_ex.cold+0x5/0xa [ 115.887913][ T6262] should_failslab+0xc2/0x120 [ 115.887947][ T6262] __kmalloc_node_noprof+0xe6/0x850 [ 115.887991][ T6262] ? alloc_slab_obj_exts+0xae/0x270 [ 115.888039][ T6262] alloc_slab_obj_exts+0xae/0x270 [ 115.888083][ T6262] __memcg_slab_post_alloc_hook+0x3c2/0xff0 [ 115.888132][ T6262] ? kasan_save_track+0x14/0x30 [ 115.888172][ T6262] kmem_cache_alloc_noprof+0x58a/0x6e0 [ 115.888217][ T6262] ? do_epoll_ctl+0xc6c/0x36a0 [ 115.888260][ T6262] do_epoll_ctl+0xc6c/0x36a0 [ 115.888292][ T6262] ? __lock_acquire+0x4a5/0x2630 [ 115.888329][ T6262] ? __pfx_do_epoll_ctl+0x10/0x10 [ 115.888361][ T6262] ? find_held_lock+0x2b/0x80 [ 115.888394][ T6262] ? __might_fault+0xc5/0x140 [ 115.888431][ T6262] ? __might_fault+0xc5/0x140 [ 115.888482][ T6262] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 115.888517][ T6262] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 115.888555][ T6262] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 115.888597][ T6262] ? rcu_is_watching+0x12/0xc0 [ 115.888633][ T6262] do_syscall_64+0x10b/0xf80 [ 115.888665][ T6262] ? clear_bhb_loop+0x40/0x90 [ 115.888702][ T6262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.888732][ T6262] RIP: 0033:0x7f281019cdd9 [ 115.888764][ T6262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.888789][ T6262] RSP: 002b:00007f2810f82028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 115.888813][ T6262] RAX: ffffffffffffffda RBX: 00007f2810416090 RCX: 00007f281019cdd9 [ 115.888830][ T6262] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 115.888844][ T6262] RBP: 00007f2810232d69 R08: 0000000000000000 R09: 0000000000000000 [ 115.888860][ T6262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.888873][ T6262] R13: 00007f2810416128 R14: 00007f2810416090 R15: 00007fff0c891068 [ 115.888910][ T6262] [ 117.664119][ T6277] netlink: zone id is out of range [ 117.674547][ T6278] netlink: zone id is out of range [ 117.730661][ T6277] netlink: zone id is out of range [ 117.749307][ T6278] netlink: zone id is out of range [ 117.780620][ T6278] netlink: zone id is out of range [ 117.797345][ T6277] netlink: zone id is out of range [ 117.864241][ T6278] netlink: zone id is out of range [ 117.885657][ T6277] netlink: zone id is out of range [ 117.953510][ T6278] netlink: zone id is out of range [ 117.969702][ T6277] netlink: zone id is out of range [ 120.271255][ T6305] futex_wake_op: syz.2.103 tries to shift op by -2048; fix this program [ 121.388970][ T6317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.106'. [ 122.243991][ T6339] futex_wake_op: syz.1.112 tries to shift op by -2048; fix this program [ 122.307997][ T6323] FAULT_INJECTION: forcing a failure. [ 122.307997][ T6323] name failslab, interval 1, probability 0, space 0, times 0 [ 122.387302][ T6323] CPU: 0 UID: 0 PID: 6323 Comm: syz.2.107 Not tainted syzkaller #0 PREEMPT(full) [ 122.387342][ T6323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 122.387359][ T6323] Call Trace: [ 122.387368][ T6323] [ 122.387377][ T6323] dump_stack_lvl+0x100/0x190 [ 122.387415][ T6323] should_fail_ex.cold+0x5/0xa [ 122.387453][ T6323] should_failslab+0xc2/0x120 [ 122.387493][ T6323] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 122.387539][ T6323] ? __proc_create+0x2cb/0x8c0 [ 122.387585][ T6323] __proc_create+0x2cb/0x8c0 [ 122.387620][ T6323] ? __pfx___proc_create+0x10/0x10 [ 122.387653][ T6323] ? __lock_acquire+0x4a5/0x2630 [ 122.387680][ T6323] ? proc_register+0x559/0x8a0 [ 122.387725][ T6323] proc_create_reg+0x75/0x170 [ 122.387765][ T6323] proc_create_data+0x86/0x110 [ 122.387802][ T6323] ? __pfx_proc_create_data+0x10/0x10 [ 122.387838][ T6323] ? net_generic+0xea/0x2a0 [ 122.387879][ T6323] gss_svc_init_net+0x233/0x640 [ 122.387913][ T6323] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 122.387953][ T6323] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 122.387990][ T6323] ops_init+0x1e2/0x5f0 [ 122.388025][ T6323] setup_net+0x118/0x3a0 [ 122.388056][ T6323] ? __pfx_setup_net+0x10/0x10 [ 122.388085][ T6323] ? mutex_init_lockdep+0xf1/0x120 [ 122.388121][ T6323] copy_net_ns+0x46f/0x7c0 [ 122.388157][ T6323] create_new_namespaces+0x3ea/0xac0 [ 122.388203][ T6323] unshare_nsproxy_namespaces+0xf2/0x220 [ 122.388245][ T6323] ksys_unshare+0x438/0xab0 [ 122.388289][ T6323] ? __pfx_ksys_unshare+0x10/0x10 [ 122.388330][ T6323] ? xfd_validate_state+0x129/0x190 [ 122.388373][ T6323] __x64_sys_unshare+0x31/0x40 [ 122.388416][ T6323] do_syscall_64+0x10b/0xf80 [ 122.388449][ T6323] ? clear_bhb_loop+0x40/0x90 [ 122.388492][ T6323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.388522][ T6323] RIP: 0033:0x7fc7d699cdd9 [ 122.388546][ T6323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.388573][ T6323] RSP: 002b:00007fc7d78fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 122.388599][ T6323] RAX: ffffffffffffffda RBX: 00007fc7d6c16090 RCX: 00007fc7d699cdd9 [ 122.388618][ T6323] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 122.388635][ T6323] RBP: 00007fc7d6a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 122.388652][ T6323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.388668][ T6323] R13: 00007fc7d6c16128 R14: 00007fc7d6c16090 R15: 00007ffc19009308 [ 122.388706][ T6323] [ 122.763500][ T6332] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 122.947516][ T6332] syz.3.111 uses obsolete (PF_INET,SOCK_PACKET) [ 123.026326][ T6339] futex_wake_op: syz.1.112 tries to shift op by -2048; fix this program [ 123.537388][ T5629] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 123.539445][ T6353] binder: 6352:6353 ioctl c0306201 200000000000 returned -11 [ 123.545397][ T5629] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 125.295554][ T6379] ubi: mtd0 is already attached to ubi0 [ 125.974340][ T5915] syz.2.24 (5915) used greatest stack depth: 18608 bytes left [ 125.982943][ T6384] process 'syz.3.123' launched ':,' with NULL argv: empty string added [ 129.016224][ T6444] netlink: 186 bytes leftover after parsing attributes in process `syz.0.133'. [ 130.552697][ T6481] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 130.751873][ T5828] syz.2.10 (5828) used greatest stack depth: 17960 bytes left [ 131.006001][ T6495] netlink: 52 bytes leftover after parsing attributes in process `syz.2.142'. [ 131.107472][ T6497] netlink: 342 bytes leftover after parsing attributes in process `syz.1.143'. [ 132.830397][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.840371][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.262098][ T6537] futex_wake_op: syz.0.149 tries to shift op by -2048; fix this program [ 133.449703][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.2.150'. [ 134.011767][ T6552] futex_wake_op: syz.2.153 tries to shift op by -2048; fix this program [ 134.125862][ T6557] futex_wake_op: syz.2.153 tries to shift op by -2048; fix this program [ 134.284369][ T6559] futex_wake_op: syz.0.154 tries to shift op by -2048; fix this program [ 134.643667][ T6556] binder: 6529:6556 ioctl 40086602 e20 returned -22 [ 136.055903][ T6582] futex_wake_op: syz.2.158 tries to shift op by -2048; fix this program [ 136.728546][ T6592] futex_wake_op: syz.2.159 tries to shift op by -2048; fix this program [ 136.820331][ T6592] futex_wake_op: syz.2.159 tries to shift op by -2048; fix this program [ 136.861051][ T6590] FAULT_INJECTION: forcing a failure. [ 136.861051][ T6590] name failslab, interval 1, probability 0, space 0, times 0 [ 136.888232][ T6590] CPU: 1 UID: 0 PID: 6590 Comm: syz.3.160 Not tainted syzkaller #0 PREEMPT(full) [ 136.888271][ T6590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 136.888285][ T6590] Call Trace: [ 136.888293][ T6590] [ 136.888302][ T6590] dump_stack_lvl+0x100/0x190 [ 136.888333][ T6590] should_fail_ex.cold+0x5/0xa [ 136.888366][ T6590] should_failslab+0xc2/0x120 [ 136.888394][ T6590] __kmalloc_node_noprof+0xe6/0x850 [ 136.888431][ T6590] ? alloc_slab_obj_exts+0xae/0x270 [ 136.888470][ T6590] alloc_slab_obj_exts+0xae/0x270 [ 136.888506][ T6590] __memcg_slab_post_alloc_hook+0x3c2/0xff0 [ 136.888541][ T6590] ? __kmalloc_noprof+0x238/0x850 [ 136.888584][ T6590] ? kasan_unpoison+0x27/0x60 [ 136.888624][ T6590] ? lsm_blob_alloc+0x68/0x90 [ 136.888657][ T6590] __kmalloc_noprof+0x662/0x850 [ 136.888699][ T6590] lsm_blob_alloc+0x68/0x90 [ 136.888730][ T6590] security_prepare_creds+0x2d/0x290 [ 136.888762][ T6590] prepare_creds+0x5d6/0x950 [ 136.888793][ T6590] __sys_setregid+0x109/0x910 [ 136.888828][ T6590] do_syscall_64+0x10b/0xf80 [ 136.888861][ T6590] ? clear_bhb_loop+0x40/0x90 [ 136.888895][ T6590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.888924][ T6590] RIP: 0033:0x7f281019cdd9 [ 136.888947][ T6590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.888973][ T6590] RSP: 002b:00007f2810fa3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 136.888999][ T6590] RAX: ffffffffffffffda RBX: 00007f2810415fa0 RCX: 00007f281019cdd9 [ 136.889019][ T6590] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 136.889036][ T6590] RBP: 00007f2810232d69 R08: 0000000000000000 R09: 0000000000000000 [ 136.889053][ T6590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.889069][ T6590] R13: 00007f2810416038 R14: 00007f2810415fa0 R15: 00007fff0c891068 [ 136.889105][ T6590] [ 137.614094][ T5629] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 137.622282][ T5629] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 137.641196][ T6600] binder: 6599:6600 ioctl c0306201 200000000000 returned -11 [ 138.830205][ T6622] FAULT_INJECTION: forcing a failure. [ 138.830205][ T6622] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 138.858436][ T6622] CPU: 0 UID: 0 PID: 6622 Comm: syz.3.167 Not tainted syzkaller #0 PREEMPT(full) [ 138.858476][ T6622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 138.858493][ T6622] Call Trace: [ 138.858501][ T6622] [ 138.858511][ T6622] dump_stack_lvl+0x100/0x190 [ 138.858548][ T6622] should_fail_ex.cold+0x5/0xa [ 138.858585][ T6622] _copy_from_iter+0x1f4/0x1690 [ 138.858615][ T6622] ? __asan_memset+0x23/0x50 [ 138.858659][ T6622] ? __pfx__copy_from_iter+0x10/0x10 [ 138.858705][ T6622] ? __pfx___alloc_skb+0x10/0x10 [ 138.858753][ T6622] ? __pfx___might_resched+0x10/0x10 [ 138.858786][ T6622] ? __pfx_futex_wake_mark+0x10/0x10 [ 138.858834][ T6622] netlink_sendmsg+0x808/0xda0 [ 138.858874][ T6622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.858914][ T6622] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 138.858961][ T6622] __sys_sendto+0x468/0x4b0 [ 138.859002][ T6622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.859040][ T6622] ? __pfx___sys_sendto+0x10/0x10 [ 138.859093][ T6622] ? find_held_lock+0x2b/0x80 [ 138.859148][ T6622] ? xfd_validate_state+0x129/0x190 [ 138.859187][ T6622] __x64_sys_sendto+0xe0/0x1c0 [ 138.859225][ T6622] ? do_syscall_64+0x90/0xf80 [ 138.859257][ T6622] ? lockdep_hardirqs_on+0x78/0x100 [ 138.859288][ T6622] do_syscall_64+0x10b/0xf80 [ 138.859318][ T6622] ? clear_bhb_loop+0x40/0x90 [ 138.859349][ T6622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.859376][ T6622] RIP: 0033:0x7f281015d60e [ 138.859397][ T6622] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 138.859423][ T6622] RSP: 002b:00007f2810fa1e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 138.859448][ T6622] RAX: ffffffffffffffda RBX: 00007f2810fa36c0 RCX: 00007f281015d60e [ 138.859467][ T6622] RDX: 0000000000000020 RSI: 00007f2810fa2000 RDI: 0000000000000003 [ 138.859482][ T6622] RBP: 0000000000000000 R08: 00007f2810fa1f04 R09: 000000000000000c [ 138.859498][ T6622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 138.859514][ T6622] R13: 00007f2810fa1f58 R14: 00007f2810fa2000 R15: 0000000000000000 [ 138.859550][ T6622] [ 139.141354][ T6629] FAULT_INJECTION: forcing a failure. [ 139.141354][ T6629] name failslab, interval 1, probability 0, space 0, times 0 [ 139.154924][ T6629] CPU: 0 UID: 0 PID: 6629 Comm: syz.2.170 Not tainted syzkaller #0 PREEMPT(full) [ 139.154965][ T6629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 139.154996][ T6629] Call Trace: [ 139.155005][ T6629] [ 139.155015][ T6629] dump_stack_lvl+0x100/0x190 [ 139.155058][ T6629] should_fail_ex.cold+0x5/0xa [ 139.155094][ T6629] ? lsm_blob_alloc+0x68/0x90 [ 139.155129][ T6629] should_failslab+0xc2/0x120 [ 139.155164][ T6629] __kmalloc_noprof+0xe0/0x850 [ 139.155209][ T6629] ? trace_kmem_cache_alloc+0xd5/0x100 [ 139.155249][ T6629] lsm_blob_alloc+0x68/0x90 [ 139.155287][ T6629] security_prepare_creds+0x2d/0x290 [ 139.155324][ T6629] prepare_creds+0x5d6/0x950 [ 139.155358][ T6629] __sys_setregid+0x109/0x910 [ 139.155403][ T6629] do_syscall_64+0x10b/0xf80 [ 139.155437][ T6629] ? clear_bhb_loop+0x40/0x90 [ 139.155474][ T6629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.155504][ T6629] RIP: 0033:0x7fc7d699cdd9 [ 139.155528][ T6629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 139.155555][ T6629] RSP: 002b:00007fc7d791c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 139.155583][ T6629] RAX: ffffffffffffffda RBX: 00007fc7d6c15fa0 RCX: 00007fc7d699cdd9 [ 139.155602][ T6629] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 139.155624][ T6629] RBP: 00007fc7d6a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 139.155642][ T6629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 139.155658][ T6629] R13: 00007fc7d6c16038 R14: 00007fc7d6c15fa0 R15: 00007ffc19009308 [ 139.155697][ T6629] [ 139.778148][ T6652] futex_wake_op: syz.1.176 tries to shift op by -2048; fix this program [ 139.918341][ T6658] futex_wake_op: syz.1.176 tries to shift op by -2048; fix this program [ 140.759800][ T6674] futex_wake_op: syz.0.180 tries to shift op by -2048; fix this program [ 140.928972][ T6676] futex_wake_op: syz.0.180 tries to shift op by -2048; fix this program [ 142.532097][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 142.938173][ T6694] FAULT_INJECTION: forcing a failure. [ 142.938173][ T6694] name failslab, interval 1, probability 0, space 0, times 0 [ 142.996921][ T6694] CPU: 1 UID: 0 PID: 6694 Comm: syz.1.183 Not tainted syzkaller #0 PREEMPT(full) [ 142.996963][ T6694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 142.996980][ T6694] Call Trace: [ 142.996989][ T6694] [ 142.997000][ T6694] dump_stack_lvl+0x100/0x190 [ 142.997044][ T6694] should_fail_ex.cold+0x5/0xa [ 142.997080][ T6694] ? lsm_blob_alloc+0x68/0x90 [ 142.997124][ T6694] should_failslab+0xc2/0x120 [ 142.997158][ T6694] __kmalloc_noprof+0xe0/0x850 [ 142.997200][ T6694] ? trace_kmem_cache_alloc+0xd5/0x100 [ 142.997238][ T6694] lsm_blob_alloc+0x68/0x90 [ 142.997275][ T6694] security_prepare_creds+0x2d/0x290 [ 142.997311][ T6694] prepare_creds+0x5d6/0x950 [ 142.997346][ T6694] __sys_setregid+0x109/0x910 [ 142.997384][ T6694] do_syscall_64+0x10b/0xf80 [ 142.997417][ T6694] ? clear_bhb_loop+0x40/0x90 [ 142.997451][ T6694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.997484][ T6694] RIP: 0033:0x7f7ce459cdd9 [ 142.997507][ T6694] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.997533][ T6694] RSP: 002b:00007f7ce27ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 142.997560][ T6694] RAX: ffffffffffffffda RBX: 00007f7ce4815fa0 RCX: 00007f7ce459cdd9 [ 142.997579][ T6694] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 142.997596][ T6694] RBP: 00007f7ce4632d69 R08: 0000000000000000 R09: 0000000000000000 [ 142.997613][ T6694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.997630][ T6694] R13: 00007f7ce4816038 R14: 00007f7ce4815fa0 R15: 00007ffe46af3958 [ 142.997667][ T6694] [ 144.437511][ T6722] zswap: compressor not available [ 144.605205][ T6732] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 145.822482][ T5629] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 145.830062][ T5629] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 145.842587][ T6760] binder: 6759:6760 ioctl c0306201 200000000000 returned -11 [ 146.325410][ T6766] FAULT_INJECTION: forcing a failure. [ 146.325410][ T6766] name failslab, interval 1, probability 0, space 0, times 0 [ 146.338856][ T6766] CPU: 1 UID: 0 PID: 6766 Comm: syz.0.198 Not tainted syzkaller #0 PREEMPT(full) [ 146.338891][ T6766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 146.338908][ T6766] Call Trace: [ 146.338916][ T6766] [ 146.338927][ T6766] dump_stack_lvl+0x100/0x190 [ 146.338963][ T6766] should_fail_ex.cold+0x5/0xa [ 146.338996][ T6766] should_failslab+0xc2/0x120 [ 146.339026][ T6766] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 146.339071][ T6766] ? ep_ptable_queue_proc+0x5b/0x280 [ 146.339112][ T6766] ep_ptable_queue_proc+0x5b/0x280 [ 146.339146][ T6766] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 146.339179][ T6766] snd_seq_oss_readq_poll+0x56/0xb0 [ 146.339209][ T6766] snd_seq_oss_poll+0x122/0x1d0 [ 146.339248][ T6766] ? __pfx_odev_poll+0x10/0x10 [ 146.339280][ T6766] odev_poll+0x4a/0x90 [ 146.339313][ T6766] ep_item_poll+0x141/0x1f0 [ 146.339350][ T6766] do_epoll_ctl+0x1f33/0x36a0 [ 146.339402][ T6766] ? __pfx_do_epoll_ctl+0x10/0x10 [ 146.339437][ T6766] ? find_held_lock+0x2b/0x80 [ 146.339468][ T6766] ? __might_fault+0xc5/0x140 [ 146.339505][ T6766] ? __might_fault+0xc5/0x140 [ 146.339542][ T6766] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 146.339583][ T6766] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 146.339625][ T6766] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 146.339662][ T6766] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 146.339696][ T6766] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 146.339736][ T6766] ? syscall_user_dispatch+0x76/0x130 [ 146.339767][ T6766] do_syscall_64+0x10b/0xf80 [ 146.339799][ T6766] ? clear_bhb_loop+0x40/0x90 [ 146.339839][ T6766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.339868][ T6766] RIP: 0033:0x7f8a8a59cdd9 [ 146.339889][ T6766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.339915][ T6766] RSP: 002b:00007f8a8b4bb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 146.339942][ T6766] RAX: ffffffffffffffda RBX: 00007f8a8a815fa0 RCX: 00007f8a8a59cdd9 [ 146.339962][ T6766] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 146.339978][ T6766] RBP: 00007f8a8a632d69 R08: 0000000000000000 R09: 0000000000000000 [ 146.339995][ T6766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.340011][ T6766] R13: 00007f8a8a816038 R14: 00007f8a8a815fa0 R15: 00007ffc1402f0f8 [ 146.340048][ T6766] [ 146.983839][ T6784] futex_wake_op: syz.1.203 tries to shift op by -2048; fix this program [ 147.079861][ T6786] futex_wake_op: syz.1.203 tries to shift op by -2048; fix this program [ 147.645726][ T6795] netlink: 4 bytes leftover after parsing attributes in process `syz.3.206'. [ 148.074919][ T6803] FAULT_INJECTION: forcing a failure. [ 148.074919][ T6803] name failslab, interval 1, probability 0, space 0, times 0 [ 148.087800][ T5629] Bluetooth: hci2: unexpected subevent 0x18 length: 123 > 19 [ 148.094500][ T6803] CPU: 1 UID: 0 PID: 6803 Comm: syz.3.208 Not tainted syzkaller #0 PREEMPT(full) [ 148.094536][ T6803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 148.094552][ T6803] Call Trace: [ 148.094561][ T6803] [ 148.094571][ T6803] dump_stack_lvl+0x100/0x190 [ 148.094604][ T6803] should_fail_ex.cold+0x5/0xa [ 148.094640][ T6803] should_failslab+0xc2/0x120 [ 148.094671][ T6803] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 148.094713][ T6803] ? alloc_empty_file+0x5b/0x1c0 [ 148.094751][ T6803] ? stack_trace_save+0x8e/0xc0 [ 148.094793][ T6803] alloc_empty_file+0x5b/0x1c0 [ 148.094832][ T6803] path_openat+0xe8/0x31a0 [ 148.094864][ T6803] ? kasan_save_stack+0x3f/0x50 [ 148.094888][ T6803] ? kasan_save_stack+0x30/0x50 [ 148.094912][ T6803] ? kasan_save_track+0x14/0x30 [ 148.094935][ T6803] ? __kasan_slab_alloc+0x89/0x90 [ 148.094961][ T6803] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 148.095002][ T6803] ? do_getname+0x35/0x390 [ 148.095039][ T6803] ? do_syscall_64+0x10b/0xf80 [ 148.095070][ T6803] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.095102][ T6803] ? __pfx_path_openat+0x10/0x10 [ 148.095146][ T6803] do_file_open+0x20e/0x430 [ 148.095181][ T6803] ? __pfx_do_file_open+0x10/0x10 [ 148.095233][ T6803] ? _raw_spin_unlock+0x28/0x50 [ 148.095258][ T6803] ? alloc_fd+0x476/0x790 [ 148.095295][ T6803] do_sys_openat2+0x10d/0x1e0 [ 148.095334][ T6803] ? __pfx_do_sys_openat2+0x10/0x10 [ 148.095386][ T6803] __x64_sys_open+0xfe/0x1d0 [ 148.095426][ T6803] ? __pfx___x64_sys_open+0x10/0x10 [ 148.095481][ T6803] ? rcu_is_watching+0x12/0xc0 [ 148.095519][ T6803] do_syscall_64+0x10b/0xf80 [ 148.095549][ T6803] ? clear_bhb_loop+0x40/0x90 [ 148.095582][ T6803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.095610][ T6803] RIP: 0033:0x7f281019cdd9 [ 148.095632][ T6803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 148.095656][ T6803] RSP: 002b:00007f2810fa3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 148.095681][ T6803] RAX: ffffffffffffffda RBX: 00007f2810415fa0 RCX: 00007f281019cdd9 [ 148.095698][ T6803] RDX: 0000000000000408 RSI: 0000000000595002 RDI: 0000200000000100 [ 148.095714][ T6803] RBP: 00007f2810232d69 R08: 0000000000000000 R09: 0000000000000000 [ 148.095730][ T6803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.095746][ T6803] R13: 00007f2810416038 R14: 00007f2810415fa0 R15: 00007fff0c891068 [ 148.095779][ T6803] [ 148.355813][ T5629] Bluetooth: hci2: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 148.409565][ T6807] binder: 6806:6807 ioctl c0306201 200000000000 returned -11 [ 148.894491][ T6815] futex_wake_op: syz.3.210 tries to shift op by -2048; fix this program [ 149.122906][ T6818] smpboot: CPU 1 is now offline [ 150.063431][ T6835] FAULT_INJECTION: forcing a failure. [ 150.063431][ T6835] name failslab, interval 1, probability 0, space 0, times 0 [ 150.137145][ T6835] CPU: 0 UID: 0 PID: 6835 Comm: syz.1.215 Not tainted syzkaller #0 PREEMPT(full) [ 150.137167][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 150.137177][ T6835] Call Trace: [ 150.137182][ T6835] [ 150.137187][ T6835] dump_stack_lvl+0x100/0x190 [ 150.137209][ T6835] should_fail_ex.cold+0x5/0xa [ 150.137229][ T6835] ? tomoyo_realpath_from_path+0xb6/0x690 [ 150.137249][ T6835] should_failslab+0xc2/0x120 [ 150.137266][ T6835] __kmalloc_noprof+0xe0/0x850 [ 150.137288][ T6835] ? kfree+0x1dd/0x6c0 [ 150.137315][ T6835] tomoyo_realpath_from_path+0xb6/0x690 [ 150.137337][ T6835] tomoyo_check_open_permission+0x2af/0x3c0 [ 150.137353][ T6835] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 150.137375][ T6835] ? hook_file_open+0x24e/0x7a0 [ 150.137404][ T6835] ? path_get+0x61/0x80 [ 150.137425][ T6835] tomoyo_file_open+0x6b/0x90 [ 150.137446][ T6835] security_file_open+0xb5/0x1e0 [ 150.137463][ T6835] do_dentry_open+0x5aa/0x1660 [ 150.137481][ T6835] ? security_inode_permission+0xbf/0x250 [ 150.137499][ T6835] vfs_open+0x82/0x3f0 [ 150.137522][ T6835] path_openat+0x208c/0x31a0 [ 150.137545][ T6835] ? __pfx_path_openat+0x10/0x10 [ 150.137570][ T6835] do_file_open+0x20e/0x430 [ 150.137588][ T6835] ? __pfx_do_file_open+0x10/0x10 [ 150.137619][ T6835] ? alloc_fd+0x476/0x790 [ 150.137638][ T6835] ? do_getname+0x191/0x390 [ 150.137660][ T6835] do_sys_openat2+0x10d/0x1e0 [ 150.137681][ T6835] ? __pfx_do_sys_openat2+0x10/0x10 [ 150.137704][ T6835] ? __fget_files+0x21f/0x3d0 [ 150.137724][ T6835] __x64_sys_openat+0x12d/0x210 [ 150.137746][ T6835] ? __pfx___x64_sys_openat+0x10/0x10 [ 150.137771][ T6835] ? rcu_is_watching+0x12/0xc0 [ 150.137791][ T6835] do_syscall_64+0x10b/0xf80 [ 150.137808][ T6835] ? clear_bhb_loop+0x40/0x90 [ 150.137826][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.137841][ T6835] RIP: 0033:0x7f7ce459cdd9 [ 150.137854][ T6835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 150.137868][ T6835] RSP: 002b:00007f7ce27ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 150.137883][ T6835] RAX: ffffffffffffffda RBX: 00007f7ce4815fa0 RCX: 00007f7ce459cdd9 [ 150.137892][ T6835] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 150.137901][ T6835] RBP: 00007f7ce4632d69 R08: 0000000000000000 R09: 0000000000000000 [ 150.137910][ T6835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.137918][ T6835] R13: 00007f7ce4816038 R14: 00007f7ce4815fa0 R15: 00007ffe46af3958 [ 150.137938][ T6835] [ 150.137945][ T6835] ERROR: Out of memory at tomoyo_realpath_from_path. [ 150.885713][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 150.895407][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 151.414729][ T6866] netlink: 'syz.3.222': attribute type 4 has an invalid length. [ 151.456410][ T6862] netlink: 28 bytes leftover after parsing attributes in process `syz.0.221'. [ 151.562626][ T6856] FAULT_INJECTION: forcing a failure. [ 151.562626][ T6856] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.666275][ T6856] CPU: 0 UID: 0 PID: 6856 Comm: syz.1.219 Not tainted syzkaller #0 PREEMPT(full) [ 151.666298][ T6856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 151.666307][ T6856] Call Trace: [ 151.666312][ T6856] [ 151.666319][ T6856] dump_stack_lvl+0x100/0x190 [ 151.666341][ T6856] should_fail_ex.cold+0x5/0xa [ 151.666361][ T6856] _copy_from_iter+0x1f4/0x1690 [ 151.666378][ T6856] ? __asan_memset+0x23/0x50 [ 151.666401][ T6856] ? __pfx__copy_from_iter+0x10/0x10 [ 151.666424][ T6856] ? __pfx___alloc_skb+0x10/0x10 [ 151.666446][ T6856] ? __pfx___might_resched+0x10/0x10 [ 151.666463][ T6856] ? __pfx_futex_wake_mark+0x10/0x10 [ 151.666486][ T6856] netlink_sendmsg+0x808/0xda0 [ 151.666508][ T6856] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.666529][ T6856] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 151.666553][ T6856] __sys_sendto+0x468/0x4b0 [ 151.666574][ T6856] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.666592][ T6856] ? __pfx___sys_sendto+0x10/0x10 [ 151.666620][ T6856] ? find_held_lock+0x2b/0x80 [ 151.666645][ T6856] ? xfd_validate_state+0x129/0x190 [ 151.666664][ T6856] __x64_sys_sendto+0xe0/0x1c0 [ 151.666685][ T6856] ? do_syscall_64+0x90/0xf80 [ 151.666703][ T6856] ? lockdep_hardirqs_on+0x78/0x100 [ 151.666720][ T6856] do_syscall_64+0x10b/0xf80 [ 151.666736][ T6856] ? clear_bhb_loop+0x40/0x90 [ 151.666754][ T6856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.666769][ T6856] RIP: 0033:0x7f7ce455d60e [ 151.666782][ T6856] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 151.666796][ T6856] RSP: 002b:00007f7ce27ece88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 151.666810][ T6856] RAX: ffffffffffffffda RBX: 00007f7ce27ee6c0 RCX: 00007f7ce455d60e [ 151.666820][ T6856] RDX: 0000000000000020 RSI: 00007f7ce27ed000 RDI: 0000000000000003 [ 151.666829][ T6856] RBP: 0000000000000000 R08: 00007f7ce27ecf04 R09: 000000000000000c [ 151.666837][ T6856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 151.666845][ T6856] R13: 00007f7ce27ecf58 R14: 00007f7ce27ed000 R15: 0000000000000000 [ 151.666864][ T6856] [ 155.870734][ T6961] ======================================================= [ 155.870734][ T6961] WARNING: The mand mount option has been deprecated and [ 155.870734][ T6961] and is ignored by this kernel. Remove the mand [ 155.870734][ T6961] option from the mount to silence this warning. [ 155.870734][ T6961] ======================================================= [ 157.371940][ T6984] FAULT_INJECTION: forcing a failure. [ 157.371940][ T6984] name failslab, interval 1, probability 0, space 0, times 0 [ 157.547388][ T6984] CPU: 0 UID: 0 PID: 6984 Comm: syz.3.244 Not tainted syzkaller #0 PREEMPT(full) [ 157.547411][ T6984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 157.547420][ T6984] Call Trace: [ 157.547425][ T6984] [ 157.547431][ T6984] dump_stack_lvl+0x100/0x190 [ 157.547452][ T6984] should_fail_ex.cold+0x5/0xa [ 157.547473][ T6984] should_failslab+0xc2/0x120 [ 157.547491][ T6984] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 157.547514][ T6984] ? prepare_creds+0x2c/0x950 [ 157.547533][ T6984] prepare_creds+0x2c/0x950 [ 157.547550][ T6984] __sys_setuid+0x9c/0x440 [ 157.547568][ T6984] do_syscall_64+0x10b/0xf80 [ 157.547586][ T6984] ? clear_bhb_loop+0x40/0x90 [ 157.547604][ T6984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.547620][ T6984] RIP: 0033:0x7f281019cdd9 [ 157.547633][ T6984] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.547648][ T6984] RSP: 002b:00007f280e3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000069 [ 157.547662][ T6984] RAX: ffffffffffffffda RBX: 00007f2810416180 RCX: 00007f281019cdd9 [ 157.547672][ T6984] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 157.547680][ T6984] RBP: 00007f2810232d69 R08: 0000000000000000 R09: 0000000000000000 [ 157.547688][ T6984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.547697][ T6984] R13: 00007f2810416218 R14: 00007f2810416180 R15: 00007fff0c891068 [ 157.547722][ T6984] [ 157.926443][ T6999] usb usb15: usbfs: process 6999 (syz.0.248) did not claim interface 0 before use [ 158.566712][ T5629] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 158.576162][ T5629] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 158.592895][ T7015] binder: 7012:7015 ioctl c0306201 200000000000 returned -11 [ 159.746934][ T7038] futex_wake_op: syz.1.258 tries to shift op by -2048; fix this program [ 159.883389][ T7042] futex_wake_op: syz.1.258 tries to shift op by -2048; fix this program [ 160.038616][ T7040] device-mapper: ioctl: Invalid ioctl structure: name d, dev 3000000000 [ 160.398352][ T7056] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(7.0.1), cmd(5) [ 160.440382][ T7057] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(7.0.1), cmd(5) [ 161.459150][ T7068] net_ratelimit: 148 callbacks suppressed [ 161.459166][ T7068] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 161.740301][ T5629] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 161.750410][ T5629] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 161.781702][ T7073] binder: 7071:7073 ioctl c0306201 200000000000 returned -11 [ 162.111458][ T7080] can: request_module (can-proto-0) failed. [ 162.328309][ T7080] ALSA: mixer_oss: invalid OSS volume ',e&ER$o i<\#Z\' [ 162.852098][ T7090] bridge_slave_0: left allmulticast mode [ 162.879677][ T7090] bridge_slave_0: left promiscuous mode [ 162.914709][ T7090] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.865883][ T7109] futex_wake_op: syz.2.272 tries to shift op by -2048; fix this program [ 163.894826][ T7101] FAULT_INJECTION: forcing a failure. [ 163.894826][ T7101] name failslab, interval 1, probability 0, space 0, times 0 [ 163.956036][ T7101] CPU: 0 UID: 0 PID: 7101 Comm: syz.3.271 Not tainted syzkaller #0 PREEMPT(full) [ 163.956059][ T7101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 163.956068][ T7101] Call Trace: [ 163.956074][ T7101] [ 163.956079][ T7101] dump_stack_lvl+0x100/0x190 [ 163.956101][ T7101] should_fail_ex.cold+0x5/0xa [ 163.956121][ T7101] should_failslab+0xc2/0x120 [ 163.956139][ T7101] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 163.956163][ T7101] ? do_epoll_ctl+0x2434/0x36a0 [ 163.956185][ T7101] do_epoll_ctl+0x2434/0x36a0 [ 163.956212][ T7101] ? __pfx_do_epoll_ctl+0x10/0x10 [ 163.956230][ T7101] ? find_held_lock+0x2b/0x80 [ 163.956248][ T7101] ? __might_fault+0xc5/0x140 [ 163.956269][ T7101] ? __might_fault+0xc5/0x140 [ 163.956304][ T7101] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 163.956324][ T7101] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 163.956345][ T7101] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 163.956364][ T7101] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 163.956386][ T7101] ? syscall_user_dispatch+0x76/0x130 [ 163.956406][ T7101] do_syscall_64+0x10b/0xf80 [ 163.956423][ T7101] ? clear_bhb_loop+0x40/0x90 [ 163.956441][ T7101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.956456][ T7101] RIP: 0033:0x7f281019cdd9 [ 163.956474][ T7101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 163.956488][ T7101] RSP: 002b:00007f2810fa3028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 163.956503][ T7101] RAX: ffffffffffffffda RBX: 00007f2810415fa0 RCX: 00007f281019cdd9 [ 163.956513][ T7101] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 163.956522][ T7101] RBP: 00007f2810232d69 R08: 0000000000000000 R09: 0000000000000000 [ 163.956533][ T7101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.956541][ T7101] R13: 00007f2810416038 R14: 00007f2810415fa0 R15: 00007fff0c891068 [ 163.956560][ T7101] [ 164.382182][ T7109] futex_wake_op: syz.2.272 tries to shift op by -2048; fix this program [ 164.478553][ T7109] futex_wake_op: syz.2.272 tries to shift op by -2048; fix this program [ 164.549208][ T7115] FAULT_INJECTION: forcing a failure. [ 164.549208][ T7115] name failslab, interval 1, probability 0, space 0, times 0 [ 164.614619][ T7115] CPU: 0 UID: 0 PID: 7115 Comm: syz.1.275 Not tainted syzkaller #0 PREEMPT(full) [ 164.614640][ T7115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 164.614649][ T7115] Call Trace: [ 164.614654][ T7115] [ 164.614660][ T7115] dump_stack_lvl+0x100/0x190 [ 164.614681][ T7115] should_fail_ex.cold+0x5/0xa [ 164.614700][ T7115] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 164.614720][ T7115] should_failslab+0xc2/0x120 [ 164.614738][ T7115] __kmalloc_noprof+0xe0/0x850 [ 164.614765][ T7115] kernfs_fop_write_iter+0x26a/0x5f0 [ 164.614788][ T7115] vfs_write+0x6ac/0x1070 [ 164.614805][ T7115] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 164.614827][ T7115] ? __pfx_vfs_write+0x10/0x10 [ 164.614854][ T7115] ksys_write+0x12a/0x250 [ 164.614870][ T7115] ? __pfx_ksys_write+0x10/0x10 [ 164.614888][ T7115] ? rcu_is_watching+0x12/0xc0 [ 164.614908][ T7115] do_syscall_64+0x10b/0xf80 [ 164.614926][ T7115] ? clear_bhb_loop+0x40/0x90 [ 164.614944][ T7115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.614959][ T7115] RIP: 0033:0x7f7ce459cdd9 [ 164.614972][ T7115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.614985][ T7115] RSP: 002b:00007f7ce27ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 164.614999][ T7115] RAX: ffffffffffffffda RBX: 00007f7ce4815fa0 RCX: 00007f7ce459cdd9 [ 164.615009][ T7115] RDX: 0000000000000004 RSI: 0000200000000200 RDI: 0000000000000003 [ 164.615018][ T7115] RBP: 00007f7ce27ee090 R08: 0000000000000000 R09: 0000000000000000 [ 164.615026][ T7115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.615034][ T7115] R13: 00007f7ce4816038 R14: 00007f7ce4815fa0 R15: 00007ffe46af3958 [ 164.615053][ T7115] [ 165.513526][ T5629] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 165.521031][ T5629] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 165.534981][ T7122] binder: 7121:7122 ioctl c0306201 200000000000 returned -11 [ 166.071744][ T7133] nvme_fcloop: unknown parameter or missing value '7=";&L=j"Yq'R"' [ 166.301953][ T7146] FAULT_INJECTION: forcing a failure. [ 166.301953][ T7146] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.364840][ T7146] CPU: 0 UID: 0 PID: 7146 Comm: syz.0.284 Not tainted syzkaller #0 PREEMPT(full) [ 166.364863][ T7146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 166.364872][ T7146] Call Trace: [ 166.364877][ T7146] [ 166.364882][ T7146] dump_stack_lvl+0x100/0x190 [ 166.364904][ T7146] should_fail_ex.cold+0x5/0xa [ 166.364924][ T7146] _copy_from_iter+0x1f4/0x1690 [ 166.364943][ T7146] ? __pfx__copy_from_iter+0x10/0x10 [ 166.364966][ T7146] ? rcu_is_watching+0x12/0xc0 [ 166.364983][ T7146] ? trace_kmalloc+0xe3/0x110 [ 166.365000][ T7146] ? __kasan_kmalloc+0xaa/0xb0 [ 166.365015][ T7146] ? __kmalloc_noprof+0x320/0x850 [ 166.365052][ T7146] kernfs_fop_write_iter+0x186/0x5f0 [ 166.365076][ T7146] vfs_write+0x6ac/0x1070 [ 166.365093][ T7146] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 166.365115][ T7146] ? __pfx_vfs_write+0x10/0x10 [ 166.365143][ T7146] ksys_write+0x12a/0x250 [ 166.365159][ T7146] ? __pfx_ksys_write+0x10/0x10 [ 166.365177][ T7146] ? rcu_is_watching+0x12/0xc0 [ 166.365196][ T7146] do_syscall_64+0x10b/0xf80 [ 166.365214][ T7146] ? clear_bhb_loop+0x40/0x90 [ 166.365239][ T7146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.365254][ T7146] RIP: 0033:0x7f8a8a59cdd9 [ 166.365267][ T7146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.365280][ T7146] RSP: 002b:00007f8a8b4bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 166.365294][ T7146] RAX: ffffffffffffffda RBX: 00007f8a8a815fa0 RCX: 00007f8a8a59cdd9 [ 166.365304][ T7146] RDX: 0000000000000004 RSI: 0000200000000200 RDI: 0000000000000003 [ 166.365312][ T7146] RBP: 00007f8a8b4bb090 R08: 0000000000000000 R09: 0000000000000000 [ 166.365321][ T7146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.365329][ T7146] R13: 00007f8a8a816038 R14: 00007f8a8a815fa0 R15: 00007ffc1402f0f8 [ 166.365348][ T7146] [ 166.971058][ T7154] netlink: 8 bytes leftover after parsing attributes in process `syz.2.286'. [ 167.123031][ T7151] zswap: compressor not available [ 169.320758][ T7189] FAULT_INJECTION: forcing a failure. [ 169.320758][ T7189] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.349631][ T7183] FAULT_INJECTION: forcing a failure. [ 169.349631][ T7183] name failslab, interval 1, probability 0, space 0, times 0 [ 169.379367][ T7189] CPU: 0 UID: 0 PID: 7189 Comm: syz.3.293 Not tainted syzkaller #0 PREEMPT(full) [ 169.379387][ T7189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 169.379395][ T7189] Call Trace: [ 169.379400][ T7189] [ 169.379406][ T7189] dump_stack_lvl+0x100/0x190 [ 169.379426][ T7189] should_fail_ex.cold+0x5/0xa [ 169.379446][ T7189] _copy_to_user+0x32/0xd0 [ 169.379472][ T7189] simple_read_from_buffer+0xcb/0x170 [ 169.379490][ T7189] proc_fail_nth_read+0x1af/0x230 [ 169.379514][ T7189] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 169.379538][ T7189] ? rw_verify_area+0xce/0x6d0 [ 169.379552][ T7189] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 169.379573][ T7189] vfs_read+0x1e4/0xb30 [ 169.379591][ T7189] ? __pfx_vfs_read+0x10/0x10 [ 169.379607][ T7189] ? __fget_files+0x215/0x3d0 [ 169.379627][ T7189] ? __fget_files+0x21f/0x3d0 [ 169.379648][ T7189] ksys_read+0x12a/0x250 [ 169.379664][ T7189] ? __pfx_ksys_read+0x10/0x10 [ 169.379681][ T7189] ? rcu_is_watching+0x12/0xc0 [ 169.379701][ T7189] do_syscall_64+0x10b/0xf80 [ 169.379719][ T7189] ? clear_bhb_loop+0x40/0x90 [ 169.379737][ T7189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.379752][ T7189] RIP: 0033:0x7f281015d60e [ 169.379764][ T7189] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 169.379777][ T7189] RSP: 002b:00007f2810fa2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 169.379791][ T7189] RAX: ffffffffffffffda RBX: 00007f2810fa36c0 RCX: 00007f281015d60e [ 169.379801][ T7189] RDX: 000000000000000f RSI: 00007f2810fa30a0 RDI: 0000000000000004 [ 169.379809][ T7189] RBP: 00007f2810fa3090 R08: 0000000000000000 R09: 0000000000000000 [ 169.379818][ T7189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.379826][ T7189] R13: 00007f2810416038 R14: 00007f2810415fa0 R15: 00007fff0c891068 [ 169.379851][ T7189] [ 169.665750][ T7183] CPU: 0 UID: 0 PID: 7183 Comm: syz.0.291 Not tainted syzkaller #0 PREEMPT(full) [ 169.665773][ T7183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 169.665782][ T7183] Call Trace: [ 169.665793][ T7183] [ 169.665800][ T7183] dump_stack_lvl+0x100/0x190 [ 169.665822][ T7183] should_fail_ex.cold+0x5/0xa [ 169.665842][ T7183] ? nfc_llcp_build_tlv+0x105/0x250 [ 169.665859][ T7183] should_failslab+0xc2/0x120 [ 169.665877][ T7183] __kmalloc_noprof+0xe0/0x850 [ 169.665904][ T7183] nfc_llcp_build_tlv+0x105/0x250 [ 169.665921][ T7183] ? lockdep_hardirqs_on+0x78/0x100 [ 169.665940][ T7183] nfc_llcp_build_gb.isra.0+0x193/0x3f0 [ 169.665957][ T7183] ? __pfx_nfc_llcp_build_gb.isra.0+0x10/0x10 [ 169.665977][ T7183] ? lockdep_init_map_type+0x5c/0x250 [ 169.665993][ T7183] ? lockdep_init_map_type+0x5c/0x250 [ 169.666010][ T7183] nfc_llcp_register_device+0x600/0xa60 [ 169.666028][ T7183] nfc_register_device+0x6d/0x3e0 [ 169.666047][ T7183] nci_register_device+0x7f1/0xb80 [ 169.666070][ T7183] ? __pfx_nci_register_device+0x10/0x10 [ 169.666095][ T7183] ? lockdep_init_map_type+0x5c/0x250 [ 169.666113][ T7183] virtual_ncidev_open+0x141/0x220 [ 169.666135][ T7183] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 169.666156][ T7183] misc_open+0x26d/0x450 [ 169.666174][ T7183] ? __pfx_misc_open+0x10/0x10 [ 169.666190][ T7183] chrdev_open+0x234/0x6a0 [ 169.666209][ T7183] ? __pfx_chrdev_open+0x10/0x10 [ 169.666228][ T7183] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 169.666251][ T7183] do_dentry_open+0x6d8/0x1660 [ 169.666268][ T7183] ? __pfx_chrdev_open+0x10/0x10 [ 169.666290][ T7183] vfs_open+0x82/0x3f0 [ 169.666313][ T7183] path_openat+0x208c/0x31a0 [ 169.666337][ T7183] ? __pfx_path_openat+0x10/0x10 [ 169.666361][ T7183] do_file_open+0x20e/0x430 [ 169.666380][ T7183] ? __pfx_do_file_open+0x10/0x10 [ 169.666411][ T7183] ? alloc_fd+0x476/0x790 [ 169.666430][ T7183] ? do_getname+0x191/0x390 [ 169.666452][ T7183] do_sys_openat2+0x10d/0x1e0 [ 169.666473][ T7183] ? __pfx_do_sys_openat2+0x10/0x10 [ 169.666501][ T7183] __x64_sys_openat+0x12d/0x210 [ 169.666524][ T7183] ? __pfx___x64_sys_openat+0x10/0x10 [ 169.666549][ T7183] ? rcu_is_watching+0x12/0xc0 [ 169.666569][ T7183] do_syscall_64+0x10b/0xf80 [ 169.666585][ T7183] ? clear_bhb_loop+0x40/0x90 [ 169.666603][ T7183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.666619][ T7183] RIP: 0033:0x7f8a8a59cdd9 [ 169.666633][ T7183] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 169.666647][ T7183] RSP: 002b:00007f8a8b4bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 169.666661][ T7183] RAX: ffffffffffffffda RBX: 00007f8a8a815fa0 RCX: 00007f8a8a59cdd9 [ 169.666671][ T7183] RDX: 0000000000000002 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 169.666681][ T7183] RBP: 00007f8a8a632d69 R08: 0000000000000000 R09: 0000000000000000 [ 169.666690][ T7183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.666699][ T7183] R13: 00007f8a8a816038 R14: 00007f8a8a815fa0 R15: 00007ffc1402f0f8 [ 169.666719][ T7183] [ 170.541840][ T7208] futex_wake_op: syz.1.298 tries to shift op by -2048; fix this program [ 170.667517][ T7209] futex_wake_op: syz.1.298 tries to shift op by -2048; fix this program [ 170.753584][ T7212] futex_wake_op: syz.0.299 tries to shift op by -2048; fix this program [ 170.896515][ T7214] futex_wake_op: syz.0.299 tries to shift op by -2048; fix this program [ 172.572757][ T7241] Per memcg swappiness does not exist in cgroup v2. See memory.reclaim or memory.swap.max there [ 172.572757][ T7241] [ 173.217028][ T5629] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 173.237261][ T5629] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 173.256185][ T7260] binder: 7259:7260 ioctl c0306201 200000000000 returned -11 [ 173.626357][ T7252] FAULT_INJECTION: forcing a failure. [ 173.626357][ T7252] name fail_futex, interval 1, probability 0, space 0, times 1 [ 173.704075][ T7252] CPU: 0 UID: 0 PID: 7252 Comm: syz.3.310 Not tainted syzkaller #0 PREEMPT(full) [ 173.704097][ T7252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 173.704109][ T7252] Call Trace: [ 173.704114][ T7252] [ 173.704120][ T7252] dump_stack_lvl+0x100/0x190 [ 173.704142][ T7252] should_fail_ex.cold+0x5/0xa [ 173.704162][ T7252] get_futex_key+0x1d2/0x1510 [ 173.704180][ T7252] ? __pfx_get_futex_key+0x10/0x10 [ 173.704195][ T7252] ? trace_pid_list_is_set+0x22c/0x390 [ 173.704219][ T7252] futex_wait_setup+0x83/0x510 [ 173.704244][ T7252] __futex_wait+0x19f/0x300 [ 173.704264][ T7252] ? __pfx___futex_wait+0x10/0x10 [ 173.704286][ T7252] ? __pfx_futex_wake_mark+0x10/0x10 [ 173.704307][ T7252] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 173.704322][ T7252] ? __hrtimer_setup+0x208/0x330 [ 173.704342][ T7252] ? ktime_add_safe+0x60/0x70 [ 173.704364][ T7252] futex_wait+0xe6/0x370 [ 173.704383][ T7252] ? __pfx_futex_wait+0x10/0x10 [ 173.704405][ T7252] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 173.704426][ T7252] do_futex+0x1ef/0x350 [ 173.704442][ T7252] ? __pfx_do_futex+0x10/0x10 [ 173.704457][ T7252] ? ktime_get+0x22c/0x320 [ 173.704478][ T7252] ? lockdep_hardirqs_on+0x78/0x100 [ 173.704499][ T7252] __x64_sys_futex+0x34f/0x4d0 [ 173.704517][ T7252] ? __pfx___x64_sys_futex+0x10/0x10 [ 173.704537][ T7252] ? rcu_is_watching+0x12/0xc0 [ 173.704562][ T7252] do_syscall_64+0x10b/0xf80 [ 173.704579][ T7252] ? clear_bhb_loop+0x40/0x90 [ 173.704597][ T7252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.704612][ T7252] RIP: 0033:0x7f281019cdd9 [ 173.704624][ T7252] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.704638][ T7252] RSP: 002b:00007fff0c8911c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 173.704652][ T7252] RAX: ffffffffffffffda RBX: 000000000002a601 RCX: 00007f281019cdd9 [ 173.704661][ T7252] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f281041618c [ 173.704670][ T7252] RBP: 0000000000000032 R08: 0000000000000001 R09: 0000000000000000 [ 173.704678][ T7252] R10: 00007fff0c8912d0 R11: 0000000000000246 R12: 00007fff0c8912f0 [ 173.704687][ T7252] R13: 00007f281041618c R14: 000000000002a633 R15: 00007fff0c8912d0 [ 173.704705][ T7252] [ 176.111901][ T7325] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 176.111901][ T7325] The task syz.0.323 (7325) triggered the difference, watch for misbehavior. [ 177.463704][ T29] audit: type=1800 audit(1777524723.919:2): pid=7350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.330" name="features" dev="configfs" ino=17677 res=0 errno=0 [ 177.527460][ T7354] netlink: 28 bytes leftover after parsing attributes in process `syz.1.330'. [ 177.601494][ T7355] netlink: 28 bytes leftover after parsing attributes in process `syz.1.330'. [ 178.782841][ T5629] Bluetooth: hci2: unexpected subevent 0x18 length: 123 > 19 [ 178.790422][ T5629] Bluetooth: hci2: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 178.807578][ T7373] binder: 7372:7373 ioctl c0306201 200000000000 returned -11 [ 178.973953][ T7377] FAULT_INJECTION: forcing a failure. [ 178.973953][ T7377] name failslab, interval 1, probability 0, space 0, times 0 [ 179.049701][ T7377] CPU: 0 UID: 0 PID: 7377 Comm: syz.0.336 Tainted: G L syzkaller #0 PREEMPT(full) [ 179.049726][ T7377] Tainted: [L]=SOFTLOCKUP [ 179.049731][ T7377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 179.049740][ T7377] Call Trace: [ 179.049745][ T7377] [ 179.049751][ T7377] dump_stack_lvl+0x100/0x190 [ 179.049772][ T7377] should_fail_ex.cold+0x5/0xa [ 179.049791][ T7377] should_failslab+0xc2/0x120 [ 179.049812][ T7377] __kmalloc_cache_noprof+0x7a/0x6f0 [ 179.049833][ T7377] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 179.049859][ T7377] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 179.049880][ T7377] ? trace_contention_end+0x85/0x170 [ 179.049898][ T7377] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 179.049920][ T7377] ? kasan_quarantine_put+0x104/0x240 [ 179.049944][ T7377] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 179.049964][ T7377] ? __pfx___mutex_lock+0x10/0x10 [ 179.049982][ T7377] ? find_held_lock+0x2b/0x80 [ 179.050000][ T7377] ? tomoyo_path_number_perm+0x28f/0x580 [ 179.050015][ T7377] ? tomoyo_path_number_perm+0x28f/0x580 [ 179.050035][ T7377] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 179.050049][ T7377] ? futex_wait+0x11e/0x370 [ 179.050071][ T7377] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 179.050102][ T7377] snd_pcm_oss_get_formats+0x7d/0x350 [ 179.050122][ T7377] ? do_vfs_ioctl+0x226/0x13e0 [ 179.050135][ T7377] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 179.050161][ T7377] snd_pcm_oss_ioctl+0x1702/0x3700 [ 179.050183][ T7377] ? hook_file_ioctl_common+0x149/0x410 [ 179.050199][ T7377] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 179.050222][ T7377] ? xfd_validate_state+0x129/0x190 [ 179.050240][ T7377] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 179.050261][ T7377] __x64_sys_ioctl+0x18e/0x210 [ 179.050277][ T7377] do_syscall_64+0x10b/0xf80 [ 179.050294][ T7377] ? clear_bhb_loop+0x40/0x90 [ 179.050312][ T7377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.050327][ T7377] RIP: 0033:0x7f8a8a59cdd9 [ 179.050339][ T7377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.050358][ T7377] RSP: 002b:00007f8a8b4bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 179.050374][ T7377] RAX: ffffffffffffffda RBX: 00007f8a8a815fa0 RCX: 00007f8a8a59cdd9 [ 179.050383][ T7377] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000002 [ 179.050392][ T7377] RBP: 00007f8a8a632d69 R08: 0000000000000000 R09: 0000000000000000 [ 179.050400][ T7377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.050408][ T7377] R13: 00007f8a8a816038 R14: 00007f8a8a815fa0 R15: 00007ffc1402f0f8 [ 179.050427][ T7377] [ 180.368821][ T7401] openvswitch: netlink: IP tunnel dst address not specified [ 182.967998][ T7453] futex_wake_op: syz.0.353 tries to shift op by -2048; fix this program [ 183.109848][ T7454] futex_wake_op: syz.0.353 tries to shift op by -2048; fix this program [ 183.376816][ T5629] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 183.384428][ T5629] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 183.401109][ T7462] binder: 7460:7462 ioctl c0306201 200000000000 returned -11 [ 184.989547][ T7490] vhci_hcd vhci_hcd.2: invalid port number 194 [ 185.034534][ T7490] vhci_hcd vhci_hcd.2: invalid port number 194 [ 186.196061][ T7510] FAULT_INJECTION: forcing a failure. [ 186.196061][ T7510] name fail_futex, interval 1, probability 0, space 0, times 0 [ 186.225406][ T7510] CPU: 0 UID: 0 PID: 7510 Comm: syz.1.367 Tainted: G L syzkaller #0 PREEMPT(full) [ 186.225432][ T7510] Tainted: [L]=SOFTLOCKUP [ 186.225437][ T7510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 186.225446][ T7510] Call Trace: [ 186.225452][ T7510] [ 186.225457][ T7510] dump_stack_lvl+0x100/0x190 [ 186.225479][ T7510] should_fail_ex.cold+0x5/0xa [ 186.225499][ T7510] get_futex_key+0x1d2/0x1510 [ 186.225516][ T7510] ? __pfx_get_futex_key+0x10/0x10 [ 186.225540][ T7510] futex_wait_setup+0x83/0x510 [ 186.225565][ T7510] __futex_wait+0x19f/0x300 [ 186.225595][ T7510] ? __pfx___futex_wait+0x10/0x10 [ 186.225613][ T7510] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 186.225634][ T7510] ? __pfx_futex_wake_mark+0x10/0x10 [ 186.225655][ T7510] ? futex_hash+0x2ad/0x370 [ 186.225670][ T7510] ? futex_hash+0x141/0x370 [ 186.225685][ T7510] futex_wait+0xe6/0x370 [ 186.225704][ T7510] ? __pfx_futex_wait+0x10/0x10 [ 186.225726][ T7510] ? ksys_write+0x190/0x250 [ 186.225742][ T7510] ? ksys_write+0x190/0x250 [ 186.225761][ T7510] do_futex+0x1ef/0x350 [ 186.225777][ T7510] ? __pfx_do_futex+0x10/0x10 [ 186.225793][ T7510] ? do_set_mempolicy+0x217/0x3d0 [ 186.225810][ T7510] ? __pfx_do_set_mempolicy+0x10/0x10 [ 186.225828][ T7510] __x64_sys_futex+0x34f/0x4d0 [ 186.225846][ T7510] ? __pfx___x64_sys_futex+0x10/0x10 [ 186.225863][ T7510] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 186.225882][ T7510] ? rcu_is_watching+0x12/0xc0 [ 186.225901][ T7510] do_syscall_64+0x10b/0xf80 [ 186.225918][ T7510] ? clear_bhb_loop+0x40/0x90 [ 186.225935][ T7510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.225950][ T7510] RIP: 0033:0x7f7ce459cdd9 [ 186.225963][ T7510] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 186.225977][ T7510] RSP: 002b:00007f7ce27ee0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 186.225991][ T7510] RAX: ffffffffffffffda RBX: 00007f7ce4815fa8 RCX: 00007f7ce459cdd9 [ 186.226001][ T7510] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7ce4815fa8 [ 186.226010][ T7510] RBP: 00007f7ce4815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 186.226018][ T7510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 186.226026][ T7510] R13: 00007f7ce4816038 R14: 00007ffe46af3870 R15: 00007ffe46af3958 [ 186.226045][ T7510] [ 187.225081][ T7510] block2mtd: illegal erase size [ 187.333036][ T7522] FAULT_INJECTION: forcing a failure. [ 187.333036][ T7522] name failslab, interval 1, probability 0, space 0, times 0 [ 187.423067][ T7522] CPU: 0 UID: 0 PID: 7522 Comm: syz.0.368 Tainted: G L syzkaller #0 PREEMPT(full) [ 187.423092][ T7522] Tainted: [L]=SOFTLOCKUP [ 187.423097][ T7522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 187.423106][ T7522] Call Trace: [ 187.423111][ T7522] [ 187.423117][ T7522] dump_stack_lvl+0x100/0x190 [ 187.423138][ T7522] should_fail_ex.cold+0x5/0xa [ 187.423158][ T7522] should_failslab+0xc2/0x120 [ 187.423176][ T7522] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 187.423199][ T7522] ? shmem_alloc_inode+0x25/0x50 [ 187.423219][ T7522] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 187.423241][ T7522] shmem_alloc_inode+0x25/0x50 [ 187.423258][ T7522] alloc_inode+0x68/0x250 [ 187.423281][ T7522] new_inode+0x22/0x1c0 [ 187.423301][ T7522] ? trace_kmem_cache_alloc+0xd5/0x100 [ 187.423320][ T7522] shmem_get_inode+0x1e3/0xfb0 [ 187.423342][ T7522] ? __pfx_shmem_get_inode+0x10/0x10 [ 187.423366][ T7522] __shmem_file_setup+0x382/0x460 [ 187.423387][ T7522] ? __pfx___shmem_file_setup+0x10/0x10 [ 187.423409][ T7522] ? vm_area_alloc+0x1f/0x160 [ 187.423437][ T7522] shmem_zero_setup+0x96/0x1b0 [ 187.423454][ T7522] __mmap_region+0x24e7/0x2da0 [ 187.423480][ T7522] ? __pfx___mmap_region+0x10/0x10 [ 187.423504][ T7522] ? __lock_acquire+0x4a5/0x2630 [ 187.423519][ T7522] ? rcu_is_watching+0x12/0xc0 [ 187.423537][ T7522] ? trace_pelt_se_tp+0x13b/0x190 [ 187.423556][ T7522] ? find_held_lock+0x2b/0x80 [ 187.423575][ T7522] ? debug_object_activate+0x331/0x490 [ 187.423597][ T7522] ? debug_object_activate+0x331/0x490 [ 187.423620][ T7522] ? do_raw_spin_unlock+0x145/0x1e0 [ 187.423637][ T7522] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 187.423662][ T7522] ? find_held_lock+0x2b/0x80 [ 187.423690][ T7522] ? rcu_is_watching+0x12/0xc0 [ 187.423708][ T7522] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 187.423727][ T7522] ? lockdep_hardirqs_on+0x78/0x100 [ 187.423773][ T7522] mmap_region+0x35d/0x620 [ 187.423786][ T7522] ? rcu_is_watching+0x12/0xc0 [ 187.423804][ T7522] ? __pfx_mmap_region+0x10/0x10 [ 187.423819][ T7522] ? cap_mmap_addr+0x4b/0x120 [ 187.423840][ T7522] ? bpf_lsm_mmap_addr+0x9/0x30 [ 187.423854][ T7522] ? security_mmap_addr+0x71/0x1e0 [ 187.423870][ T7522] ? __get_unmapped_area+0x255/0x3e0 [ 187.423891][ T7522] do_mmap+0xc63/0x12f0 [ 187.423912][ T7522] ? __pfx_do_mmap+0x10/0x10 [ 187.423929][ T7522] ? __pfx_down_write_killable+0x10/0x10 [ 187.423954][ T7522] vm_mmap_pgoff+0x29e/0x470 [ 187.423975][ T7522] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 187.423995][ T7522] ? do_futex+0x192/0x350 [ 187.424011][ T7522] ? __pfx_do_futex+0x10/0x10 [ 187.424025][ T7522] ? __pfx_do_sys_openat2+0x10/0x10 [ 187.424050][ T7522] ksys_mmap_pgoff+0xe4/0x610 [ 187.424068][ T7522] ? __x64_sys_futex+0x358/0x4d0 [ 187.424084][ T7522] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 187.424101][ T7522] ? xfd_validate_state+0x129/0x190 [ 187.424120][ T7522] __x64_sys_mmap+0x125/0x190 [ 187.424139][ T7522] do_syscall_64+0x10b/0xf80 [ 187.424156][ T7522] ? clear_bhb_loop+0x40/0x90 [ 187.424174][ T7522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.424189][ T7522] RIP: 0033:0x7f8a8a59cdd9 [ 187.424202][ T7522] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 187.424215][ T7522] RSP: 002b:00007f8a8b4bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 187.424230][ T7522] RAX: ffffffffffffffda RBX: 00007f8a8a815fa0 RCX: 00007f8a8a59cdd9 [ 187.424239][ T7522] RDX: 0000000000000fff RSI: 0000000000020009 RDI: 0000000000000000 [ 187.424247][ T7522] RBP: 00007f8a8a632d69 R08: 0000000000000401 R09: 0000000000008000 [ 187.424256][ T7522] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 187.424264][ T7522] R13: 00007f8a8a816038 R14: 00007f8a8a815fa0 R15: 00007ffc1402f0f8 [ 187.424283][ T7522] [ 190.515075][ T5627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 190.527276][ T5627] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 190.536435][ T5627] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 190.546238][ T5627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 190.557697][ T5627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 191.989723][ T7607] FAULT_INJECTION: forcing a failure. [ 191.989723][ T7607] name failslab, interval 1, probability 0, space 0, times 0 [ 192.123969][ T7607] CPU: 0 UID: 0 PID: 7607 Comm: syz.1.383 Tainted: G L syzkaller #0 PREEMPT(full) [ 192.123995][ T7607] Tainted: [L]=SOFTLOCKUP [ 192.124001][ T7607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 192.124010][ T7607] Call Trace: [ 192.124015][ T7607] [ 192.124021][ T7607] dump_stack_lvl+0x100/0x190 [ 192.124043][ T7607] should_fail_ex.cold+0x5/0xa [ 192.124064][ T7607] should_failslab+0xc2/0x120 [ 192.124082][ T7607] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 192.124097][ T7607] ? landlock_restrict_sibling_threads+0x4f5/0x1490 [ 192.124122][ T7607] krealloc_node_align_noprof+0x321/0x3e0 [ 192.124151][ T7607] landlock_restrict_sibling_threads+0x4f5/0x1490 [ 192.124176][ T7607] ? __pfx_landlock_restrict_sibling_threads+0x10/0x10 [ 192.124195][ T7607] ? rcu_is_watching+0x12/0xc0 [ 192.124230][ T7607] ? __pfx___might_resched+0x10/0x10 [ 192.124248][ T7607] ? landlock_merge_ruleset+0x213/0x830 [ 192.124274][ T7607] __do_sys_landlock_restrict_self+0x5d2/0x9e0 [ 192.124300][ T7607] do_syscall_64+0x10b/0xf80 [ 192.124317][ T7607] ? clear_bhb_loop+0x40/0x90 [ 192.124335][ T7607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.124350][ T7607] RIP: 0033:0x7f7ce459cdd9 [ 192.124364][ T7607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 192.124377][ T7607] RSP: 002b:00007f7ce27ac028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 192.124392][ T7607] RAX: ffffffffffffffda RBX: 00007f7ce4816180 RCX: 00007f7ce459cdd9 [ 192.124402][ T7607] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000005 [ 192.124411][ T7607] RBP: 00007f7ce4632d69 R08: 0000000000000000 R09: 0000000000000000 [ 192.124420][ T7607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.124428][ T7607] R13: 00007f7ce4816218 R14: 00007f7ce4816180 R15: 00007ffe46af3958 [ 192.124448][ T7607] [ 192.619184][ T5629] Bluetooth: hci0: command tx timeout [ 193.233532][ T29] audit: type=1800 audit(1777524739.691:3): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.385" name="SYSV00000802" dev="tmpfs" ino=0 res=0 errno=0 [ 193.651166][ T7633] futex_wake_op: syz.0.387 tries to shift op by -2048; fix this program [ 194.164313][ T7581] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.205143][ T7581] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.242993][ T7581] bridge_slave_0: entered allmulticast mode [ 194.290825][ T7581] bridge_slave_0: entered promiscuous mode [ 194.304930][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.312978][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.356438][ T7581] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.373576][ T7638] FAULT_INJECTION: forcing a failure. [ 194.373576][ T7638] name failslab, interval 1, probability 0, space 0, times 0 [ 194.400896][ T7581] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.429352][ T7581] bridge_slave_1: entered allmulticast mode [ 194.457411][ T7581] bridge_slave_1: entered promiscuous mode [ 194.465737][ T7638] CPU: 0 UID: 0 PID: 7638 Comm: syz.2.388 Tainted: G L syzkaller #0 PREEMPT(full) [ 194.465762][ T7638] Tainted: [L]=SOFTLOCKUP [ 194.465767][ T7638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 194.465776][ T7638] Call Trace: [ 194.465781][ T7638] [ 194.465787][ T7638] dump_stack_lvl+0x100/0x190 [ 194.465808][ T7638] should_fail_ex.cold+0x5/0xa [ 194.465828][ T7638] ? sk_prot_alloc+0x10b/0x2a0 [ 194.465844][ T7638] should_failslab+0xc2/0x120 [ 194.465862][ T7638] __kmalloc_noprof+0xe0/0x850 [ 194.465889][ T7638] sk_prot_alloc+0x10b/0x2a0 [ 194.465907][ T7638] sk_alloc+0x36/0xe80 [ 194.465931][ T7638] xsk_create+0x117/0x760 [ 194.465962][ T7638] __sock_create+0x339/0x860 [ 194.465985][ T7638] __sys_socket+0x14d/0x260 [ 194.466005][ T7638] ? __pfx___sys_socket+0x10/0x10 [ 194.466030][ T7638] __x64_sys_socket+0x72/0xb0 [ 194.466049][ T7638] ? lockdep_hardirqs_on+0x78/0x100 [ 194.466067][ T7638] do_syscall_64+0x10b/0xf80 [ 194.466083][ T7638] ? clear_bhb_loop+0x40/0x90 [ 194.466101][ T7638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.466116][ T7638] RIP: 0033:0x7fc7d699cdd9 [ 194.466129][ T7638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.466142][ T7638] RSP: 002b:00007fc7d78da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 194.466157][ T7638] RAX: ffffffffffffffda RBX: 00007fc7d6c16180 RCX: 00007fc7d699cdd9 [ 194.466166][ T7638] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000000002c [ 194.466175][ T7638] RBP: 00007fc7d6a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 194.466183][ T7638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.466192][ T7638] R13: 00007fc7d6c16218 R14: 00007fc7d6c16180 R15: 00007ffc19009308 [ 194.466211][ T7638] [ 194.880165][ T5629] Bluetooth: hci0: command tx timeout [ 195.004113][ T7581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.019750][ T7581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.173028][ T7581] team0: Port device team_slave_0 added [ 195.531723][ T7581] team0: Port device team_slave_1 added [ 195.744051][ T7581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.775177][ T7581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.802281][ T7581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.885168][ T7581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.910373][ T7581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.975458][ T7581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.325025][ T7581] hsr_slave_0: entered promiscuous mode [ 196.342264][ T7581] hsr_slave_1: entered promiscuous mode [ 196.358954][ T7581] debugfs: 'hsr0' already exists in 'hsr' [ 196.373906][ T7581] Cannot create hsr debugfs directory [ 196.709154][ T7672] netlink: 25 bytes leftover after parsing attributes in process `syz.2.394'. [ 196.939631][ T5629] Bluetooth: hci0: command tx timeout [ 197.175269][ T7691] netlink: 28 bytes leftover after parsing attributes in process `syz.1.398'. [ 197.274535][ T7581] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.466887][ T7581] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.574899][ T5629] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 197.582556][ T5629] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 197.598599][ T7695] binder: 7694:7695 ioctl c0306201 200000000000 returned -11 [ 197.638068][ T7581] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.777248][ T7581] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.054687][ T7704] random: crng reseeded on system resumption [ 198.511725][ T7581] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 198.561030][ T7581] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 198.604268][ T7581] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 198.649088][ T7581] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 198.684094][ T7581] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 198.728691][ T7581] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 198.763703][ T7581] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 198.816470][ T7581] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 199.020530][ T5629] Bluetooth: hci0: command tx timeout [ 199.138115][ T7581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.210445][ T7581] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.255709][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.262849][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.366404][ T137] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.373556][ T137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.547893][ T7703] kexec: Could not allocate control_code_buffer [ 199.908140][ T7743] zram0: detected capacity change from 0 to 16 [ 200.607089][ T7743] zswap: compressor not available [ 200.911560][ T7581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.116499][ T7581] veth0_vlan: entered promiscuous mode [ 201.167281][ T7581] veth1_vlan: entered promiscuous mode [ 201.288613][ T7581] veth0_macvtap: entered promiscuous mode [ 201.406574][ T7581] veth1_macvtap: entered promiscuous mode [ 201.508184][ T5635] Bluetooth: hci3: command 0x0406 tx timeout [ 201.514583][ T5635] Bluetooth: hci2: command 0x0406 tx timeout [ 201.520884][ T5630] Bluetooth: hci1: command 0x0406 tx timeout [ 201.541041][ T7787] FAULT_INJECTION: forcing a failure. [ 201.541041][ T7787] name failslab, interval 1, probability 0, space 0, times 0 [ 201.614570][ T7787] CPU: 0 UID: 0 PID: 7787 Comm: syz.1.413 Tainted: G L syzkaller #0 PREEMPT(full) [ 201.614596][ T7787] Tainted: [L]=SOFTLOCKUP [ 201.614602][ T7787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 201.614611][ T7787] Call Trace: [ 201.614617][ T7787] [ 201.614623][ T7787] dump_stack_lvl+0x100/0x190 [ 201.614644][ T7787] should_fail_ex.cold+0x5/0xa [ 201.614664][ T7787] should_failslab+0xc2/0x120 [ 201.614681][ T7787] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 201.614703][ T7787] ? security_file_alloc+0x34/0x2c0 [ 201.614720][ T7787] ? trace_kmem_cache_alloc+0xd5/0x100 [ 201.614740][ T7787] security_file_alloc+0x34/0x2c0 [ 201.614756][ T7787] init_file+0x95/0x480 [ 201.614776][ T7787] alloc_empty_file+0x79/0x1c0 [ 201.614797][ T7787] path_openat+0xe8/0x31a0 [ 201.614814][ T7787] ? __kernel_text_address+0xd/0x30 [ 201.614830][ T7787] ? unwind_get_return_address+0x59/0xa0 [ 201.614849][ T7787] ? arch_stack_walk+0xa6/0xf0 [ 201.614871][ T7787] ? __pfx_path_openat+0x10/0x10 [ 201.614890][ T7787] ? stack_trace_save+0x8e/0xc0 [ 201.614910][ T7787] ? __pfx_stack_trace_save+0x10/0x10 [ 201.614931][ T7787] do_file_open+0x20e/0x430 [ 201.614951][ T7787] ? __pfx_do_file_open+0x10/0x10 [ 201.614967][ T7787] ? kasan_save_track+0x14/0x30 [ 201.614980][ T7787] ? __kasan_slab_alloc+0x89/0x90 [ 201.614994][ T7787] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 201.615035][ T7787] do_open_execat+0xd1/0x360 [ 201.615050][ T7787] ? __pfx_do_open_execat+0x10/0x10 [ 201.615065][ T7787] ? __might_fault+0xc5/0x140 [ 201.615086][ T7787] ? __might_fault+0xc5/0x140 [ 201.615111][ T7787] alloc_bprm+0x2d/0x710 [ 201.615127][ T7787] do_execveat_common.isra.0+0x19c/0x580 [ 201.615143][ T7787] ? do_getname+0x191/0x390 [ 201.615168][ T7787] __x64_sys_execve+0x93/0xd0 [ 201.615185][ T7787] do_syscall_64+0x10b/0xf80 [ 201.615203][ T7787] ? clear_bhb_loop+0x40/0x90 [ 201.615221][ T7787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.615236][ T7787] RIP: 0033:0x7f7ce459cdd9 [ 201.615250][ T7787] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 201.615264][ T7787] RSP: 002b:00007f7ce27ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 201.615278][ T7787] RAX: ffffffffffffffda RBX: 00007f7ce4815fa0 RCX: 00007f7ce459cdd9 [ 201.615288][ T7787] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0 [ 201.615296][ T7787] RBP: 00007f7ce4632d69 R08: 0000000000000000 R09: 0000000000000000 [ 201.615305][ T7787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 201.615314][ T7787] R13: 00007f7ce4816038 R14: 00007f7ce4815fa0 R15: 00007ffe46af3958 [ 201.615333][ T7787] [ 202.319247][ T7581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.394907][ T7581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 202.488351][ T6112] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.502336][ T6112] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.725763][ T7804] binder: 7778:7804 ioctl 40086602 e20 returned -22 [ 202.741862][ T6112] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.750615][ T6112] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.973584][ T137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.005663][ T137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.272154][ T6098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.309258][ T6098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.896457][ T7812] zswap: compressor not available [ 205.072654][ T7842] vivid-003: ================= START STATUS ================= [ 205.104747][ T7842] vivid-003: Radio HW Seek Mode: Bounded [ 205.152119][ T7842] vivid-003: Radio Programmable HW Seek: false [ 205.181640][ T7842] vivid-003: RDS Rx I/O Mode: Block I/O [ 205.222472][ T7842] vivid-003: Generate RBDS Instead of RDS: false [ 205.255038][ T7842] vivid-003: RDS Reception: true [ 205.278187][ T7842] vivid-003: RDS Program Type: 0 inactive [ 205.307243][ T7842] vivid-003: RDS PS Name: inactive [ 205.349320][ T7842] vivid-003: RDS Radio Text: inactive [ 205.385325][ T7842] vivid-003: RDS Traffic Announcement: false inactive [ 205.402157][ T7849] FAULT_INJECTION: forcing a failure. [ 205.402157][ T7849] name failslab, interval 1, probability 0, space 0, times 0 [ 205.431396][ T7842] vivid-003: RDS Traffic Program: false inactive [ 205.462558][ T7842] vivid-003: RDS Music: false inactive [ 205.475345][ T7849] CPU: 0 UID: 0 PID: 7849 Comm: syz.3.421 Tainted: G L syzkaller #0 PREEMPT(full) [ 205.475370][ T7849] Tainted: [L]=SOFTLOCKUP [ 205.475375][ T7849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 205.475383][ T7849] Call Trace: [ 205.475388][ T7849] [ 205.475394][ T7849] dump_stack_lvl+0x100/0x190 [ 205.475415][ T7849] should_fail_ex.cold+0x5/0xa [ 205.475434][ T7849] ? tomoyo_realpath_from_path+0xb6/0x690 [ 205.475453][ T7849] should_failslab+0xc2/0x120 [ 205.475470][ T7849] __kmalloc_noprof+0xe0/0x850 [ 205.475493][ T7849] ? kfree+0x1dd/0x6c0 [ 205.475515][ T7849] tomoyo_realpath_from_path+0xb6/0x690 [ 205.475537][ T7849] tomoyo_path_number_perm+0x23c/0x580 [ 205.475551][ T7849] ? tomoyo_path_number_perm+0x22e/0x580 [ 205.475567][ T7849] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 205.475600][ T7849] ? find_held_lock+0x2b/0x80 [ 205.475618][ T7849] ? __fget_files+0x215/0x3d0 [ 205.475634][ T7849] ? hook_file_ioctl_common+0x149/0x410 [ 205.475648][ T7849] ? __fget_files+0x215/0x3d0 [ 205.475668][ T7849] ? __fget_files+0x21f/0x3d0 [ 205.475687][ T7849] security_file_ioctl+0xd3/0x230 [ 205.475703][ T7849] __x64_sys_ioctl+0xb7/0x210 [ 205.475719][ T7849] do_syscall_64+0x10b/0xf80 [ 205.475736][ T7849] ? clear_bhb_loop+0x40/0x90 [ 205.475754][ T7849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.475769][ T7849] RIP: 0033:0x7fa9df59cdd9 [ 205.475782][ T7849] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.475795][ T7849] RSP: 002b:00007fa9e0471028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 205.475810][ T7849] RAX: ffffffffffffffda RBX: 00007fa9df815fa0 RCX: 00007fa9df59cdd9 [ 205.475819][ T7849] RDX: 0000200000000080 RSI: 0000000000004601 RDI: 0000000000000004 [ 205.475828][ T7849] RBP: 00007fa9e0471090 R08: 0000000000000000 R09: 0000000000000000 [ 205.475836][ T7849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.475844][ T7849] R13: 00007fa9df816038 R14: 00007fa9df815fa0 R15: 00007ffe04435bf8 [ 205.475863][ T7849] [ 205.476089][ T7849] ERROR: Out of memory at tomoyo_realpath_from_path. [ 205.704785][ T7842] vivid-003: ================== END STATUS ================== [ 206.329607][ T7864] binder: 7863:7864 ioctl c0306201 200000000000 returned -11 [ 206.364947][ T5627] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 206.380408][ T5627] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 206.404738][ T7857] FAULT_INJECTION: forcing a failure. [ 206.404738][ T7857] name failslab, interval 1, probability 0, space 0, times 0 [ 206.609992][ T7857] CPU: 0 UID: 0 PID: 7857 Comm: syz.0.423 Tainted: G L syzkaller #0 PREEMPT(full) [ 206.610020][ T7857] Tainted: [L]=SOFTLOCKUP [ 206.610025][ T7857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 206.610034][ T7857] Call Trace: [ 206.610040][ T7857] [ 206.610045][ T7857] dump_stack_lvl+0x100/0x190 [ 206.610067][ T7857] should_fail_ex.cold+0x5/0xa [ 206.610087][ T7857] ? __register_sysctl_table+0xac/0x1650 [ 206.610106][ T7857] should_failslab+0xc2/0x120 [ 206.610123][ T7857] __kmalloc_noprof+0xe0/0x850 [ 206.610150][ T7857] __register_sysctl_table+0xac/0x1650 [ 206.610168][ T7857] ? is_module_address+0x5f/0xf0 [ 206.610187][ T7857] ? __pfx___register_sysctl_table+0x10/0x10 [ 206.610204][ T7857] ? is_module_address+0x69/0xf0 [ 206.610218][ T7857] ? register_net_sysctl_sz+0x222/0x430 [ 206.610239][ T7857] ? __asan_memcpy+0x3c/0x60 [ 206.610262][ T7857] sctp_sysctl_net_register+0x15e/0x200 [ 206.610286][ T7857] ? __pfx_sctp_defaults_init+0x10/0x10 [ 206.610308][ T7857] sctp_defaults_init+0x6d2/0xd90 [ 206.610330][ T7857] ? __pfx_sctp_defaults_init+0x10/0x10 [ 206.610352][ T7857] ops_init+0x1e2/0x5f0 [ 206.610370][ T7857] setup_net+0x118/0x3a0 [ 206.610386][ T7857] ? __pfx_setup_net+0x10/0x10 [ 206.610401][ T7857] ? mutex_init_lockdep+0xf1/0x120 [ 206.610420][ T7857] copy_net_ns+0x46f/0x7c0 [ 206.610439][ T7857] create_new_namespaces+0x3ea/0xac0 [ 206.610462][ T7857] unshare_nsproxy_namespaces+0xf2/0x220 [ 206.610483][ T7857] ksys_unshare+0x438/0xab0 [ 206.610505][ T7857] ? __pfx_ksys_unshare+0x10/0x10 [ 206.610525][ T7857] ? xfd_validate_state+0x129/0x190 [ 206.610546][ T7857] __x64_sys_unshare+0x31/0x40 [ 206.610567][ T7857] do_syscall_64+0x10b/0xf80 [ 206.610584][ T7857] ? clear_bhb_loop+0x40/0x90 [ 206.610602][ T7857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.610617][ T7857] RIP: 0033:0x7f8a8a59cdd9 [ 206.610630][ T7857] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 206.610644][ T7857] RSP: 002b:00007f8a8b4bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 206.610659][ T7857] RAX: ffffffffffffffda RBX: 00007f8a8a815fa0 RCX: 00007f8a8a59cdd9 [ 206.610668][ T7857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 206.610677][ T7857] RBP: 00007f8a8a632d69 R08: 0000000000000000 R09: 0000000000000000 [ 206.610685][ T7857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 206.610694][ T7857] R13: 00007f8a8a816038 R14: 00007f8a8a815fa0 R15: 00007ffc1402f0f8 [ 206.610713][ T7857] [ 207.168092][ T7876] sctp: [Deprecated]: syz.1.427 (pid 7876) Use of struct sctp_assoc_value in delayed_ack socket option. [ 207.168092][ T7876] Use struct sctp_sack_info instead [ 207.451585][ T7870] zswap: compressor not available [ 207.544834][ T7882] FAULT_INJECTION: forcing a failure. [ 207.544834][ T7882] name failslab, interval 1, probability 0, space 0, times 0 [ 207.600849][ T7882] CPU: 0 UID: 0 PID: 7882 Comm: syz.2.429 Tainted: G L syzkaller #0 PREEMPT(full) [ 207.600876][ T7882] Tainted: [L]=SOFTLOCKUP [ 207.600881][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 207.600890][ T7882] Call Trace: [ 207.600896][ T7882] [ 207.600901][ T7882] dump_stack_lvl+0x100/0x190 [ 207.600930][ T7882] should_fail_ex.cold+0x5/0xa [ 207.600950][ T7882] should_failslab+0xc2/0x120 [ 207.600968][ T7882] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 207.600991][ T7882] ? do_epoll_ctl+0x2434/0x36a0 [ 207.601014][ T7882] do_epoll_ctl+0x2434/0x36a0 [ 207.601040][ T7882] ? __pfx_do_epoll_ctl+0x10/0x10 [ 207.601057][ T7882] ? find_held_lock+0x2b/0x80 [ 207.601075][ T7882] ? __might_fault+0xc5/0x140 [ 207.601096][ T7882] ? __might_fault+0xc5/0x140 [ 207.601124][ T7882] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 207.601143][ T7882] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 207.601162][ T7882] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 207.601181][ T7882] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 207.601203][ T7882] ? syscall_user_dispatch+0x76/0x130 [ 207.601223][ T7882] do_syscall_64+0x10b/0xf80 [ 207.601240][ T7882] ? clear_bhb_loop+0x40/0x90 [ 207.601258][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.601273][ T7882] RIP: 0033:0x7fc7d699cdd9 [ 207.601286][ T7882] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.601300][ T7882] RSP: 002b:00007fc7d791c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 207.601315][ T7882] RAX: ffffffffffffffda RBX: 00007fc7d6c15fa0 RCX: 00007fc7d699cdd9 [ 207.601325][ T7882] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 207.601334][ T7882] RBP: 00007fc7d6a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 207.601342][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 207.601351][ T7882] R13: 00007fc7d6c16038 R14: 00007fc7d6c15fa0 R15: 00007ffc19009308 [ 207.601370][ T7882] [ 208.437003][ T5623] Bluetooth: hci1: unexpected event 0x3e length: 358 > 260 [ 208.437028][ T5623] Bluetooth: hci1: unexpected subevent 0x1b length: 357 > 260 [ 208.452036][ T5623] Bluetooth: hci1: Malformed LE Event: 0x1b [ 208.736380][ T7892] FAULT_INJECTION: forcing a failure. [ 208.736380][ T7892] name failslab, interval 1, probability 0, space 0, times 0 [ 208.794442][ T7892] CPU: 0 UID: 0 PID: 7892 Comm: syz.1.432 Tainted: G L syzkaller #0 PREEMPT(full) [ 208.794469][ T7892] Tainted: [L]=SOFTLOCKUP [ 208.794475][ T7892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 208.794484][ T7892] Call Trace: [ 208.794489][ T7892] [ 208.794495][ T7892] dump_stack_lvl+0x100/0x190 [ 208.794516][ T7892] should_fail_ex.cold+0x5/0xa [ 208.794537][ T7892] should_failslab+0xc2/0x120 [ 208.794555][ T7892] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 208.794578][ T7892] ? do_epoll_ctl+0x2434/0x36a0 [ 208.794601][ T7892] do_epoll_ctl+0x2434/0x36a0 [ 208.794628][ T7892] ? __pfx_do_epoll_ctl+0x10/0x10 [ 208.794646][ T7892] ? find_held_lock+0x2b/0x80 [ 208.794664][ T7892] ? __might_fault+0xc5/0x140 [ 208.794688][ T7892] ? __might_fault+0xc5/0x140 [ 208.794716][ T7892] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 208.794734][ T7892] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 208.794754][ T7892] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 208.794773][ T7892] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 208.794795][ T7892] ? syscall_user_dispatch+0x76/0x130 [ 208.794814][ T7892] do_syscall_64+0x10b/0xf80 [ 208.794831][ T7892] ? clear_bhb_loop+0x40/0x90 [ 208.794849][ T7892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.794871][ T7892] RIP: 0033:0x7f7ce459cdd9 [ 208.794885][ T7892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.794898][ T7892] RSP: 002b:00007f7ce27ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 208.794913][ T7892] RAX: ffffffffffffffda RBX: 00007f7ce4815fa0 RCX: 00007f7ce459cdd9 [ 208.794923][ T7892] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 208.794932][ T7892] RBP: 00007f7ce4632d69 R08: 0000000000000000 R09: 0000000000000000 [ 208.794941][ T7892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.794949][ T7892] R13: 00007f7ce4816038 R14: 00007f7ce4815fa0 R15: 00007ffe46af3958 [ 208.794969][ T7892] [ 209.504260][ T7910] kvm: vcpu 4: requested lapic timer restore with starting count register 0x390=4294967104 (137438947328 ns) > initial count (6624 ns). Using initial count to start timer. [ 210.051181][ T7922] netlink: 12 bytes leftover after parsing attributes in process `syz.0.438'. [ 210.669596][ T5623] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 210.677097][ T5623] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 210.692407][ T7935] binder: 7934:7935 ioctl c0306201 200000000000 returned -11 [ 211.037255][ T7945] futex_wake_op: syz.3.444 tries to shift op by -2048; fix this program [ 211.120047][ T7945] futex_wake_op: syz.3.444 tries to shift op by -2048; fix this program [ 211.984894][ T7956] netlink: 326 bytes leftover after parsing attributes in process `syz.3.446'. [ 212.074365][ T7956] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.082022][ T7956] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.069411][ T7971] FAULT_INJECTION: forcing a failure. [ 213.069411][ T7971] name failslab, interval 1, probability 0, space 0, times 0 [ 213.141635][ T7971] CPU: 0 UID: 0 PID: 7971 Comm: syz.1.449 Tainted: G L syzkaller #0 PREEMPT(full) [ 213.141662][ T7971] Tainted: [L]=SOFTLOCKUP [ 213.141667][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 213.141676][ T7971] Call Trace: [ 213.141681][ T7971] [ 213.141687][ T7971] dump_stack_lvl+0x100/0x190 [ 213.141709][ T7971] should_fail_ex.cold+0x5/0xa [ 213.141729][ T7971] should_failslab+0xc2/0x120 [ 213.141747][ T7971] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 213.141769][ T7971] ? vm_area_alloc+0x1f/0x160 [ 213.141795][ T7971] vm_area_alloc+0x1f/0x160 [ 213.141816][ T7971] __mmap_region+0x104d/0x2da0 [ 213.141847][ T7971] ? __pfx___mmap_region+0x10/0x10 [ 213.141872][ T7971] ? post_alloc_hook+0x140/0x170 [ 213.141893][ T7971] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 213.141919][ T7971] ? mas_prev_node+0x1da/0xf00 [ 213.141941][ T7971] ? mas_prev_slot+0x760/0x1d20 [ 213.141969][ T7971] ? __pfx_mas_prev+0x10/0x10 [ 213.141997][ T7971] ? __pfx_unmapped_area_topdown+0x10/0x10 [ 213.142043][ T7971] mmap_region+0x35d/0x620 [ 213.142058][ T7971] ? __pfx_mmap_region+0x10/0x10 [ 213.142072][ T7971] ? thp_get_unmapped_area_vmflags+0x27f/0x2d0 [ 213.142094][ T7971] ? cap_mmap_addr+0x4b/0x120 [ 213.142114][ T7971] ? bpf_lsm_mmap_addr+0x9/0x30 [ 213.142127][ T7971] ? security_mmap_addr+0x71/0x1e0 [ 213.142143][ T7971] ? __get_unmapped_area+0x255/0x3e0 [ 213.142163][ T7971] do_mmap+0xc63/0x12f0 [ 213.142184][ T7971] ? __pfx_do_mmap+0x10/0x10 [ 213.142201][ T7971] ? __pfx_down_write_killable+0x10/0x10 [ 213.142226][ T7971] vm_mmap_pgoff+0x29e/0x470 [ 213.142248][ T7971] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 213.142270][ T7971] ? find_held_lock+0x2b/0x80 [ 213.142288][ T7971] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 213.142307][ T7971] ksys_mmap_pgoff+0xe4/0x610 [ 213.142325][ T7971] ? find_held_lock+0x2b/0x80 [ 213.142344][ T7971] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 213.142359][ T7971] ? exc_page_fault+0x6f/0xd0 [ 213.142380][ T7971] __x64_sys_mmap+0x125/0x190 [ 213.142399][ T7971] do_syscall_64+0x10b/0xf80 [ 213.142416][ T7971] ? clear_bhb_loop+0x40/0x90 [ 213.142434][ T7971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.142449][ T7971] RIP: 0033:0x7f7ce459cb42 [ 213.142462][ T7971] Code: 4f 01 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6e 5b 5d c3 0f 1f 00 48 c7 c0 e8 ff ff ff 64 [ 213.142476][ T7971] RSP: 002b:00007f7ce27ecd08 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 213.142497][ T7971] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7ce459cb42 [ 213.142507][ T7971] RDX: 0000000000000000 RSI: 0000000008000000 RDI: 0000000000000000 [ 213.142516][ T7971] RBP: 0000000000000022 R08: 00000000ffffffff R09: 0000000000000000 [ 213.142524][ T7971] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000004000000 [ 213.142533][ T7971] R13: 0000000000001000 R14: 0000000000000022 R15: 00007f7ce465002f [ 213.142552][ T7971] [ 213.761427][ T5623] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 213.768955][ T5623] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 213.783281][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.1.453'. [ 213.854804][ T7985] netlink: 28 bytes leftover after parsing attributes in process `syz.1.454'. [ 214.105388][ T7989] netlink: 20 bytes leftover after parsing attributes in process `syz.1.455'. [ 215.338745][ T7998] FAULT_INJECTION: forcing a failure. [ 215.338745][ T7998] name failslab, interval 1, probability 0, space 0, times 0 [ 215.338774][ T7998] CPU: 0 UID: 0 PID: 7998 Comm: syz.0.459 Tainted: G L syzkaller #0 PREEMPT(full) [ 215.338796][ T7998] Tainted: [L]=SOFTLOCKUP [ 215.338801][ T7998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 215.338809][ T7998] Call Trace: [ 215.338815][ T7998] [ 215.338821][ T7998] dump_stack_lvl+0x100/0x190 [ 215.338840][ T7998] should_fail_ex.cold+0x5/0xa [ 215.338860][ T7998] should_failslab+0xc2/0x120 [ 215.338878][ T7998] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 215.338900][ T7998] ? do_getname+0x35/0x390 [ 215.338925][ T7998] do_getname+0x35/0x390 [ 215.338947][ T7998] do_sys_openat2+0xc5/0x1e0 [ 215.338969][ T7998] ? __pfx_do_sys_openat2+0x10/0x10 [ 215.338991][ T7998] ? up_write+0x28c/0x4f0 [ 215.339010][ T7998] __x64_sys_openat+0x12d/0x210 [ 215.339032][ T7998] ? __pfx___x64_sys_openat+0x10/0x10 [ 215.339057][ T7998] ? rcu_is_watching+0x12/0xc0 [ 215.339077][ T7998] do_syscall_64+0x10b/0xf80 [ 215.339094][ T7998] ? clear_bhb_loop+0x40/0x90 [ 215.339112][ T7998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.339127][ T7998] RIP: 0033:0x7f8a8a59cdd9 [ 215.339139][ T7998] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 215.339153][ T7998] RSP: 002b:00007f8a8b4bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 215.339167][ T7998] RAX: ffffffffffffffda RBX: 00007f8a8a815fa0 RCX: 00007f8a8a59cdd9 [ 215.339177][ T7998] RDX: 0000000000062301 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 215.339186][ T7998] RBP: 00007f8a8a632d69 R08: 0000000000000000 R09: 0000000000000000 [ 215.339195][ T7998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 215.339203][ T7998] R13: 00007f8a8a816038 R14: 00007f8a8a815fa0 R15: 00007ffc1402f0f8 [ 215.339222][ T7998] [ 215.414929][ T8002] zswap: compressor not available [ 215.594575][ T8014] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 215.619578][ T5623] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 215.619602][ T5623] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 217.980056][ T8069] futex_wake_op: syz.3.475 tries to shift op by -2048; fix this program [ 219.662467][ T8114] FAULT_INJECTION: forcing a failure. [ 219.662467][ T8114] name failslab, interval 1, probability 0, space 0, times 0 [ 219.739527][ T8114] CPU: 0 UID: 0 PID: 8114 Comm: syz.0.483 Tainted: G L syzkaller #0 PREEMPT(full) [ 219.739553][ T8114] Tainted: [L]=SOFTLOCKUP [ 219.739559][ T8114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 219.739567][ T8114] Call Trace: [ 219.739572][ T8114] [ 219.739578][ T8114] dump_stack_lvl+0x100/0x190 [ 219.739599][ T8114] should_fail_ex.cold+0x5/0xa [ 219.739620][ T8114] should_failslab+0xc2/0x120 [ 219.739638][ T8114] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 219.739660][ T8114] ? mpol_new+0x11b/0x2d0 [ 219.739678][ T8114] mpol_new+0x11b/0x2d0 [ 219.739693][ T8114] do_set_mempolicy+0x85/0x3d0 [ 219.739709][ T8114] ? __pfx_do_set_mempolicy+0x10/0x10 [ 219.739728][ T8114] ? __x64_sys_futex+0x34f/0x4d0 [ 219.739746][ T8114] kernel_set_mempolicy+0x198/0x1e0 [ 219.739763][ T8114] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 219.739782][ T8114] ? rcu_is_watching+0x12/0xc0 [ 219.739802][ T8114] do_syscall_64+0x10b/0xf80 [ 219.739819][ T8114] ? clear_bhb_loop+0x40/0x90 [ 219.739837][ T8114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.739851][ T8114] RIP: 0033:0x7f8a8a59cdd9 [ 219.739865][ T8114] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.739879][ T8114] RSP: 002b:00007f8a8b479028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ee [ 219.739893][ T8114] RAX: ffffffffffffffda RBX: 00007f8a8a816180 RCX: 00007f8a8a59cdd9 [ 219.739903][ T8114] RDX: 0000000000000009 RSI: 0000200000000000 RDI: 0000000000000006 [ 219.739911][ T8114] RBP: 00007f8a8a632d69 R08: 0000000000000000 R09: 0000000000000000 [ 219.739920][ T8114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 219.739928][ T8114] R13: 00007f8a8a816218 R14: 00007f8a8a816180 R15: 00007ffc1402f0f8 [ 219.739946][ T8114] [ 220.834717][ T8107] futex_wake_op: syz.2.484 tries to shift op by -2048; fix this program [ 220.878893][ T8107] futex_wake_op: syz.2.484 tries to shift op by -2048; fix this program [ 220.944623][ T8107] 0x000000000001-0x000000020000 : "" [ 221.176514][ T8107] ftl_cs: FTL header corrupt! [ 221.300348][ T8144] FAULT_INJECTION: forcing a failure. [ 221.300348][ T8144] name failslab, interval 1, probability 0, space 0, times 0 [ 221.380720][ T8144] CPU: 0 UID: 0 PID: 8144 Comm: syz.0.491 Tainted: G L syzkaller #0 PREEMPT(full) [ 221.380747][ T8144] Tainted: [L]=SOFTLOCKUP [ 221.380753][ T8144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 221.380763][ T8144] Call Trace: [ 221.380768][ T8144] [ 221.380775][ T8144] dump_stack_lvl+0x100/0x190 [ 221.380797][ T8144] should_fail_ex.cold+0x5/0xa [ 221.380817][ T8144] should_failslab+0xc2/0x120 [ 221.380834][ T8144] __kmalloc_cache_noprof+0x7a/0x6f0 [ 221.380856][ T8144] ? snd_seq_fifo_new+0x42/0x270 [ 221.380878][ T8144] ? _raw_spin_unlock_irq+0x2e/0x50 [ 221.380903][ T8144] ? __pfx_snd_seq_open+0x10/0x10 [ 221.380920][ T8144] snd_seq_fifo_new+0x42/0x270 [ 221.380943][ T8144] snd_seq_open+0x3d2/0x540 [ 221.380961][ T8144] ? __pfx_snd_seq_open+0x10/0x10 [ 221.380976][ T8144] snd_open+0x201/0x450 [ 221.380995][ T8144] ? __pfx_snd_open+0x10/0x10 [ 221.381013][ T8144] chrdev_open+0x234/0x6a0 [ 221.381031][ T8144] ? __pfx_apparmor_file_open+0x10/0x10 [ 221.381054][ T8144] ? __pfx_chrdev_open+0x10/0x10 [ 221.381073][ T8144] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 221.381096][ T8144] do_dentry_open+0x6d8/0x1660 [ 221.381114][ T8144] ? __pfx_chrdev_open+0x10/0x10 [ 221.381136][ T8144] vfs_open+0x82/0x3f0 [ 221.381159][ T8144] path_openat+0x208c/0x31a0 [ 221.381183][ T8144] ? __pfx_path_openat+0x10/0x10 [ 221.381208][ T8144] do_file_open+0x20e/0x430 [ 221.381227][ T8144] ? __pfx_do_file_open+0x10/0x10 [ 221.381258][ T8144] ? alloc_fd+0x476/0x790 [ 221.381277][ T8144] ? do_getname+0x191/0x390 [ 221.381299][ T8144] do_sys_openat2+0x10d/0x1e0 [ 221.381321][ T8144] ? __pfx_do_sys_openat2+0x10/0x10 [ 221.381349][ T8144] __x64_sys_openat+0x12d/0x210 [ 221.381371][ T8144] ? __pfx___x64_sys_openat+0x10/0x10 [ 221.381397][ T8144] ? rcu_is_watching+0x12/0xc0 [ 221.381417][ T8144] do_syscall_64+0x10b/0xf80 [ 221.381434][ T8144] ? clear_bhb_loop+0x40/0x90 [ 221.381452][ T8144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.381467][ T8144] RIP: 0033:0x7f8a8a59cdd9 [ 221.381481][ T8144] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.381495][ T8144] RSP: 002b:00007f8a8b4bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 221.381510][ T8144] RAX: ffffffffffffffda RBX: 00007f8a8a815fa0 RCX: 00007f8a8a59cdd9 [ 221.381519][ T8144] RDX: 0000000000004002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 221.381529][ T8144] RBP: 00007f8a8a632d69 R08: 0000000000000000 R09: 0000000000000000 [ 221.381538][ T8144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.381547][ T8144] R13: 00007f8a8a816038 R14: 00007f8a8a815fa0 R15: 00007ffc1402f0f8 [ 221.381566][ T8144] [ 221.736952][ T5623] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 223.419034][ T8188] futex_wake_op: syz.0.499 tries to shift op by -2048; fix this program [ 223.562168][ T8189] futex_wake_op: syz.0.499 tries to shift op by -2048; fix this program [ 223.615398][ T8188] futex_wake_op: syz.0.499 tries to shift op by -2048; fix this program [ 224.320404][ T8203] futex_wake_op: syz.2.502 tries to shift op by -2048; fix this program [ 224.372656][ T8203] 0x000000000001-0x000000020000 : "" [ 224.750048][ T8211] FAULT_INJECTION: forcing a failure. [ 224.750048][ T8211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.871419][ T8203] ftl_cs: FTL header corrupt! [ 225.049759][ T8211] CPU: 0 UID: 0 PID: 8211 Comm: syz.3.504 Tainted: G L syzkaller #0 PREEMPT(full) [ 225.049786][ T8211] Tainted: [L]=SOFTLOCKUP [ 225.049791][ T8211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 225.049800][ T8211] Call Trace: [ 225.049806][ T8211] [ 225.049812][ T8211] dump_stack_lvl+0x100/0x190 [ 225.049833][ T8211] should_fail_ex.cold+0x5/0xa [ 225.049852][ T8211] _copy_from_user+0x2e/0xd0 [ 225.049877][ T8211] __x64_sys_epoll_ctl+0x131/0x1e0 [ 225.049899][ T8211] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 225.049918][ T8211] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 225.049940][ T8211] ? syscall_user_dispatch+0x76/0x130 [ 225.049960][ T8211] do_syscall_64+0x10b/0xf80 [ 225.049978][ T8211] ? clear_bhb_loop+0x40/0x90 [ 225.049996][ T8211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.050011][ T8211] RIP: 0033:0x7fa9df59cdd9 [ 225.050024][ T8211] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 225.050038][ T8211] RSP: 002b:00007fa9e0471028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 225.050053][ T8211] RAX: ffffffffffffffda RBX: 00007fa9df815fa0 RCX: 00007fa9df59cdd9 [ 225.050062][ T8211] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 225.050071][ T8211] RBP: 00007fa9e0471090 R08: 0000000000000000 R09: 0000000000000000 [ 225.050079][ T8211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.050088][ T8211] R13: 00007fa9df816038 R14: 00007fa9df815fa0 R15: 00007ffe04435bf8 [ 225.050106][ T8211] [ 225.237827][ T8214] FAULT_INJECTION: forcing a failure. [ 225.237827][ T8214] name failslab, interval 1, probability 0, space 0, times 0 [ 225.250756][ T8214] CPU: 0 UID: 0 PID: 8214 Comm: syz.3.504 Tainted: G L syzkaller #0 PREEMPT(full) [ 225.250781][ T8214] Tainted: [L]=SOFTLOCKUP [ 225.250786][ T8214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 225.250804][ T8214] Call Trace: [ 225.250811][ T8214] [ 225.250818][ T8214] dump_stack_lvl+0x100/0x190 [ 225.250839][ T8214] should_fail_ex.cold+0x5/0xa [ 225.250858][ T8214] should_failslab+0xc2/0x120 [ 225.250876][ T8214] __kmalloc_cache_noprof+0x7a/0x6f0 [ 225.250897][ T8214] ? snd_seq_port_connect+0x61/0x550 [ 225.250915][ T8214] ? snd_seq_port_use_ptr+0x136/0x1a0 [ 225.250931][ T8214] ? snd_seq_port_use_ptr+0x136/0x1a0 [ 225.250951][ T8214] snd_seq_port_connect+0x61/0x550 [ 225.250968][ T8214] ? _raw_read_unlock+0x28/0x50 [ 225.250984][ T8214] ? check_subscription_permission.isra.0+0x146/0x240 [ 225.251005][ T8214] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 225.251026][ T8214] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 225.251054][ T8214] call_seq_client_ctl+0xa3/0x130 [ 225.251072][ T8214] snd_seq_kernel_client_ctl+0x77/0xd0 [ 225.251091][ T8214] snd_seq_oss_midi_open+0x474/0x690 [ 225.251115][ T8214] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 225.251137][ T8214] ? snd_seq_oss_midi_reset+0x11a/0x4c0 [ 225.251166][ T8214] ? __mutex_lock+0x26d/0x1b10 [ 225.251188][ T8214] snd_seq_oss_synth_reset+0x439/0x890 [ 225.251210][ T8214] ? __pfx___mutex_lock+0x10/0x10 [ 225.251229][ T8214] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 225.251252][ T8214] ? __pfx___fsnotify_parent+0x10/0x10 [ 225.251274][ T8214] ? __pfx_odev_release+0x10/0x10 [ 225.251291][ T8214] snd_seq_oss_reset+0x73/0x290 [ 225.251310][ T8214] ? __pfx_odev_release+0x10/0x10 [ 225.251328][ T8214] snd_seq_oss_release+0x7c/0x180 [ 225.251350][ T8214] ? __pfx_odev_release+0x10/0x10 [ 225.251366][ T8214] odev_release+0x4c/0x70 [ 225.251382][ T8214] __fput+0x3ff/0xb50 [ 225.251407][ T8214] task_work_run+0x150/0x240 [ 225.251424][ T8214] ? __pfx_task_work_run+0x10/0x10 [ 225.251440][ T8214] ? rcu_is_watching+0x12/0xc0 [ 225.251460][ T8214] exit_to_user_mode_loop+0x100/0x4a0 [ 225.251475][ T8214] ? do_syscall_64+0x519/0xf80 [ 225.251497][ T8214] do_syscall_64+0x6f2/0xf80 [ 225.251514][ T8214] ? clear_bhb_loop+0x40/0x90 [ 225.251533][ T8214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.251551][ T8214] RIP: 0033:0x7fa9df59cdd9 [ 225.251565][ T8214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 225.251579][ T8214] RSP: 002b:00007fa9e0450028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 225.251594][ T8214] RAX: 0000000000000000 RBX: 00007fa9df816090 RCX: 00007fa9df59cdd9 [ 225.251603][ T8214] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 225.251611][ T8214] RBP: 00007fa9df632d69 R08: 0000000000000000 R09: 0000000000000000 [ 225.251620][ T8214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.251629][ T8214] R13: 00007fa9df816128 R14: 00007fa9df816090 R15: 00007ffe04435bf8 [ 225.251648][ T8214] [ 225.682839][ T8213] netlink: 342 bytes leftover after parsing attributes in process `syz.0.503'. [ 226.429932][ T8224] FAULT_INJECTION: forcing a failure. [ 226.429932][ T8224] name fail_futex, interval 1, probability 0, space 0, times 0 [ 226.490934][ T8224] CPU: 0 UID: 0 PID: 8224 Comm: syz.0.505 Tainted: G L syzkaller #0 PREEMPT(full) [ 226.490961][ T8224] Tainted: [L]=SOFTLOCKUP [ 226.490967][ T8224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 226.490976][ T8224] Call Trace: [ 226.490982][ T8224] [ 226.490988][ T8224] dump_stack_lvl+0x100/0x190 [ 226.491009][ T8224] should_fail_ex.cold+0x5/0xa [ 226.491029][ T8224] get_futex_key+0x1d2/0x1510 [ 226.491046][ T8224] ? __pfx_get_futex_key+0x10/0x10 [ 226.491062][ T8224] ? __lock_acquire+0x4a5/0x2630 [ 226.491080][ T8224] futex_wait_setup+0x83/0x510 [ 226.491104][ T8224] __futex_wait+0x19f/0x300 [ 226.491125][ T8224] ? __pfx___futex_wait+0x10/0x10 [ 226.491147][ T8224] ? __pfx_futex_wake_mark+0x10/0x10 [ 226.491168][ T8224] ? futex_hash+0x2ad/0x370 [ 226.491183][ T8224] ? futex_hash+0x141/0x370 [ 226.491199][ T8224] futex_wait+0xe6/0x370 [ 226.491218][ T8224] ? __pfx_futex_wait+0x10/0x10 [ 226.491240][ T8224] ? __lock_acquire+0x4a5/0x2630 [ 226.491258][ T8224] do_futex+0x1ef/0x350 [ 226.491274][ T8224] ? __pfx_do_futex+0x10/0x10 [ 226.491289][ T8224] ? __might_fault+0xc5/0x140 [ 226.491314][ T8224] __x64_sys_futex+0x34f/0x4d0 [ 226.491332][ T8224] ? __pfx___x64_sys_futex+0x10/0x10 [ 226.491349][ T8224] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 226.491367][ T8224] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 226.491389][ T8224] ? syscall_user_dispatch+0x76/0x130 [ 226.491409][ T8224] do_syscall_64+0x10b/0xf80 [ 226.491427][ T8224] ? clear_bhb_loop+0x40/0x90 [ 226.491445][ T8224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.491469][ T8224] RIP: 0033:0x7f8a8a59cdd9 [ 226.491482][ T8224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 226.491497][ T8224] RSP: 002b:00007f8a8b4bb0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 226.491512][ T8224] RAX: ffffffffffffffda RBX: 00007f8a8a815fa8 RCX: 00007f8a8a59cdd9 [ 226.491522][ T8224] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8a8a815fa8 [ 226.491532][ T8224] RBP: 00007f8a8a815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 226.491541][ T8224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 226.491551][ T8224] R13: 00007f8a8a816038 R14: 00007ffc1402f010 R15: 00007ffc1402f0f8 [ 226.491570][ T8224] [ 227.717654][ T8253] netlink: 4 bytes leftover after parsing attributes in process `syz.0.512'. [ 227.931765][ T5623] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 227.940649][ T5623] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 228.242492][ T8272] random: crng reseeded on system resumption [ 228.529882][ T8280] FAULT_INJECTION: forcing a failure. [ 228.529882][ T8280] name failslab, interval 1, probability 0, space 0, times 0 [ 228.718081][ T8280] CPU: 0 UID: 0 PID: 8280 Comm: syz.2.519 Tainted: G L syzkaller #0 PREEMPT(full) [ 228.718109][ T8280] Tainted: [L]=SOFTLOCKUP [ 228.718115][ T8280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 228.718124][ T8280] Call Trace: [ 228.718130][ T8280] [ 228.718136][ T8280] dump_stack_lvl+0x100/0x190 [ 228.718158][ T8280] should_fail_ex.cold+0x5/0xa [ 228.718178][ T8280] should_failslab+0xc2/0x120 [ 228.718196][ T8280] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 228.718218][ T8280] ? security_inode_alloc+0x3b/0x2c0 [ 228.718241][ T8280] ? lockdep_init_map_type+0x5c/0x250 [ 228.718259][ T8280] security_inode_alloc+0x3b/0x2c0 [ 228.718291][ T8280] inode_init_always_gfp+0xcc0/0x1000 [ 228.718313][ T8280] alloc_inode+0x8e/0x250 [ 228.718335][ T8280] new_inode+0x22/0x1c0 [ 228.718358][ T8280] __debugfs_create_file+0x105/0x4f0 [ 228.718383][ T8280] debugfs_create_file_full+0x41/0x60 [ 228.718407][ T8280] kvm_dev_ioctl+0x16c8/0x1a50 [ 228.718435][ T8280] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 228.718461][ T8280] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 228.718485][ T8280] __x64_sys_ioctl+0x18e/0x210 [ 228.718501][ T8280] do_syscall_64+0x10b/0xf80 [ 228.718519][ T8280] ? clear_bhb_loop+0x40/0x90 [ 228.718537][ T8280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.718552][ T8280] RIP: 0033:0x7fc7d699cdd9 [ 228.718566][ T8280] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 228.718581][ T8280] RSP: 002b:00007fc7d78fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 228.718595][ T8280] RAX: ffffffffffffffda RBX: 00007fc7d6c16090 RCX: 00007fc7d699cdd9 [ 228.718605][ T8280] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000009 [ 228.718614][ T8280] RBP: 00007fc7d6a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 228.718623][ T8280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 228.718632][ T8280] R13: 00007fc7d6c16128 R14: 00007fc7d6c16090 R15: 00007ffc19009308 [ 228.718652][ T8280] [ 228.720178][ T8280] debugfs: out of free dentries, can not create file 'halt_attempted_poll' [ 229.451952][ T8302] netlink: 'syz.3.526': attribute type 1 has an invalid length. [ 229.827411][ T8307] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 230.132371][ T8308] smpboot: CPU 1 is now offline [ 232.393635][ T5623] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 233.397085][ T8396] NFSD: Failed to start, no listeners configured. [ 233.406739][ T8392] FAULT_INJECTION: forcing a failure. [ 233.406739][ T8392] name failslab, interval 1, probability 0, space 0, times 0 [ 233.565289][ T8392] CPU: 0 UID: 0 PID: 8392 Comm: syz.2.539 Tainted: G L syzkaller #0 PREEMPT(full) [ 233.565317][ T8392] Tainted: [L]=SOFTLOCKUP [ 233.565322][ T8392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 233.565331][ T8392] Call Trace: [ 233.565337][ T8392] [ 233.565343][ T8392] dump_stack_lvl+0x100/0x190 [ 233.565365][ T8392] should_fail_ex.cold+0x5/0xa [ 233.565385][ T8392] ? tomoyo_realpath_from_path+0xb6/0x690 [ 233.565403][ T8392] should_failslab+0xc2/0x120 [ 233.565420][ T8392] __kmalloc_noprof+0xe0/0x850 [ 233.565442][ T8392] ? kfree+0x1dd/0x6c0 [ 233.565465][ T8392] tomoyo_realpath_from_path+0xb6/0x690 [ 233.565488][ T8392] tomoyo_path_number_perm+0x23c/0x580 [ 233.565502][ T8392] ? tomoyo_path_number_perm+0x22e/0x580 [ 233.565518][ T8392] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 233.565542][ T8392] ? do_raw_spin_lock+0x128/0x260 [ 233.565569][ T8392] ? find_held_lock+0x2b/0x80 [ 233.565587][ T8392] ? current_check_access_path+0x269/0x430 [ 233.565606][ T8392] ? __pfx_current_check_access_path+0x10/0x10 [ 233.565623][ T8392] ? do_raw_spin_unlock+0x145/0x1e0 [ 233.565642][ T8392] ? simple_lookup+0x105/0x1d0 [ 233.565663][ T8392] tomoyo_path_mknod+0x164/0x190 [ 233.565683][ T8392] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 233.565704][ T8392] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 233.565729][ T8392] security_path_mknod+0x161/0x300 [ 233.565748][ T8392] filename_mknodat+0x241/0x7f0 [ 233.565770][ T8392] ? __pfx_filename_mknodat+0x10/0x10 [ 233.565789][ T8392] ? strncpy_from_user+0x19d/0x2d0 [ 233.565806][ T8392] ? do_getname+0x191/0x390 [ 233.565828][ T8392] __x64_sys_mknod+0x8f/0xc0 [ 233.565848][ T8392] do_syscall_64+0x10b/0xf80 [ 233.565865][ T8392] ? clear_bhb_loop+0x40/0x90 [ 233.565883][ T8392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.565899][ T8392] RIP: 0033:0x7fc7d699cdd9 [ 233.565921][ T8392] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 233.565936][ T8392] RSP: 002b:00007fc7d78fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 233.565952][ T8392] RAX: ffffffffffffffda RBX: 00007fc7d6c16090 RCX: 00007fc7d699cdd9 [ 233.565962][ T8392] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000200000000040 [ 233.565972][ T8392] RBP: 00007fc7d6a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 233.565981][ T8392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 233.565990][ T8392] R13: 00007fc7d6c16128 R14: 00007fc7d6c16090 R15: 00007ffc19009308 [ 233.566010][ T8392] [ 233.938207][ T8404] netlink: 28 bytes leftover after parsing attributes in process `syz.1.546'. [ 234.280952][ T8413] futex_wake_op: syz.3.547 tries to shift op by -2048; fix this program [ 234.360234][ T8413] futex_wake_op: syz.3.547 tries to shift op by -2048; fix this program [ 234.731315][ T8404] veth1_macvtap: left promiscuous mode [ 234.738567][ T8404] macsec0: entered promiscuous mode [ 234.756999][ T8404] macsec0: entered allmulticast mode [ 234.822888][ T8420] random: crng reseeded on system resumption [ 234.949835][ T8420] netlink: 342 bytes leftover after parsing attributes in process `syz.0.550'. [ 235.498924][ T8392] ERROR: Out of memory at tomoyo_realpath_from_path. [ 235.606746][ T6112] bridge_slave_1: left allmulticast mode [ 235.626460][ T6112] bridge_slave_1: left promiscuous mode [ 235.654641][ T6112] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.197854][ T8453] size and base must be multiples of 4 kiB [ 236.282925][ T8442] device-mapper: ioctl: Invalid ioctl structure: name a, dev 3000000009 [ 236.347532][ T8453] CPU: 0 UID: 0 PID: 8453 Comm: syz.0.554 Tainted: G L syzkaller #0 PREEMPT(full) [ 236.347577][ T8453] Tainted: [L]=SOFTLOCKUP [ 236.347582][ T8453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 236.347602][ T8453] Call Trace: [ 236.347607][ T8453] [ 236.347613][ T8453] dump_stack_lvl+0x100/0x190 [ 236.347636][ T8453] mtrr_del.cold+0x72/0x85 [ 236.347653][ T8453] mtrr_ioctl+0xbc8/0xcf0 [ 236.347670][ T8453] ? __pfx_mtrr_ioctl+0x10/0x10 [ 236.347688][ T8453] ? find_held_lock+0x2b/0x80 [ 236.347712][ T8453] ? __fget_files+0x21f/0x3d0 [ 236.347729][ T8453] ? __pfx_mtrr_ioctl+0x10/0x10 [ 236.347743][ T8453] proc_reg_unlocked_ioctl+0x229/0x320 [ 236.347761][ T8453] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 236.347780][ T8453] __x64_sys_ioctl+0x18e/0x210 [ 236.347796][ T8453] do_syscall_64+0x10b/0xf80 [ 236.347814][ T8453] ? clear_bhb_loop+0x40/0x90 [ 236.347832][ T8453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.347848][ T8453] RIP: 0033:0x7f8a8a59cdd9 [ 236.347861][ T8453] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 236.347875][ T8453] RSP: 002b:00007f8a8b458028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 236.347894][ T8453] RAX: ffffffffffffffda RBX: 00007f8a8a816270 RCX: 00007f8a8a59cdd9 [ 236.347904][ T8453] RDX: 0000000000000003 RSI: 00000000400c4d04 RDI: 0000000000000003 [ 236.347913][ T8453] RBP: 00007f8a8a632d69 R08: 0000000000000000 R09: 0000000000000000 [ 236.347921][ T8453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 236.347930][ T8453] R13: 00007f8a8a816308 R14: 00007f8a8a816270 R15: 00007ffc1402f0f8 [ 236.347948][ T8453] [ 237.505131][ T6112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 237.564462][ T6112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 237.602804][ T6112] bond0 (unregistering): Released all slaves [ 237.704393][ T8452] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 237.749437][ T8452] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 237.954894][ T8452] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 237.999187][ T8452] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 238.057582][ T8452] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 238.100325][ T8452] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 238.178020][ T8452] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 238.222246][ T8452] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 238.259813][ T8452] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 238.313008][ T8452] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 238.538555][ T8472] ubi: mtd0 is already attached to ubi0 [ 238.604759][ T8470] ubi0: detaching mtd0 [ 238.852941][ T8470] ubi0: mtd0 is detached [ 239.049463][ T6112] hsr_slave_0: left promiscuous mode [ 239.088433][ T6112] hsr_slave_1: left promiscuous mode [ 239.134950][ T6112] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.181680][ T6112] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.228833][ T6112] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.271800][ T6112] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.389973][ T6112] veth1_macvtap: left promiscuous mode [ 239.427527][ T6112] veth0_macvtap: left promiscuous mode [ 239.467599][ T6112] veth1_vlan: left promiscuous mode [ 239.496179][ T6112] veth0_vlan: left promiscuous mode [ 239.746123][ T5623] Bluetooth: hci2: command 0x0406 tx timeout [ 239.986901][ T5623] Bluetooth: hci1: command 0x0406 tx timeout [ 240.065807][ T5623] Bluetooth: hci3: command 0x0406 tx timeout [ 240.074937][ T6112] team0 (unregistering): Port device team_slave_1 removed [ 240.108161][ T6112] team0 (unregistering): Port device team_slave_0 removed [ 240.225879][ T5623] Bluetooth: hci0: command 0x0c1a tx timeout [ 241.547739][ T8528] netlink: 17 bytes leftover after parsing attributes in process `syz.2.568'. [ 241.653181][ T8528] netlink: 2 bytes leftover after parsing attributes in process `syz.2.568'. [ 241.755336][ T8537] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 241.826683][ T5623] Bluetooth: hci2: command 0x0406 tx timeout [ 242.066329][ T5623] Bluetooth: hci1: command 0x0406 tx timeout [ 242.125047][ T8540] futex_wake_op: syz.0.572 tries to shift op by -2048; fix this program [ 242.146741][ T5623] Bluetooth: hci3: command 0x0406 tx timeout [ 242.305945][ T5623] Bluetooth: hci0: command 0x0c1a tx timeout [ 242.363007][ T8551] netlink: 342 bytes leftover after parsing attributes in process `syz.0.574'. [ 242.473978][ T8551] netlink: 342 bytes leftover after parsing attributes in process `syz.0.574'. [ 243.511593][ T8581] netlink: 4 bytes leftover after parsing attributes in process `syz.0.579'. [ 243.564854][ T8581] netlink: 25 bytes leftover after parsing attributes in process `syz.0.579'. [ 244.225785][ T5627] Bluetooth: hci3: command 0x0406 tx timeout [ 244.386016][ T5627] Bluetooth: hci0: command 0x0c1a tx timeout [ 244.545973][ T5623] Bluetooth: hci4: Opcode 0x0c03 failed: -110 Ijn9_UVQ8j@:Un M%Ux[ 246.506450][ T8623] syz.0.589(8623): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 246.653605][ T8630] netlink: 252 bytes leftover after parsing attributes in process `syz.2.588'. [ 248.400129][ T8666] ima: policy update failed [ 248.434036][ T29] audit: type=1802 audit(1777561482.880:4): pid=8666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.595" res=0 errno=0 [ 249.128428][ T8683] vhci_hcd vhci_hcd.2: default hub control req: 2304 v0004 i0006 l2044 [ 250.095392][ T5623] Bluetooth: hci2: unexpected subevent 0x18 length: 123 > 19 [ 250.103045][ T5623] Bluetooth: hci2: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 250.304819][ T8697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.598'. [ 254.729828][ T8773] can: request_module (can-proto-5) failed. [ 255.748700][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.755280][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.428609][ T8792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.621'. [ 256.480150][ T8792] netlink: 25 bytes leftover after parsing attributes in process `syz.2.621'. [ 257.651496][ T8820] futex_wake_op: syz.1.627 tries to shift op by -2048; fix this program [ 257.792106][ T8820] futex_wake_op: syz.1.627 tries to shift op by -2048; fix this program [ 257.845134][ T8820] futex_wake_op: syz.1.627 tries to shift op by -2048; fix this program [ 257.950089][ T8841] ubi0: attaching mtd0 [ 258.007141][ T8841] ubi0: scanning is finished [ 258.035014][ T8841] ubi0 error: vtbl_check: bad CRC at record 2: 0xa8e6260c, not 0x6465762f [ 258.088251][ T8841] Volume table record 2 dump: [ 258.118366][ T8841] reserved_pebs 0 [ 258.133595][ T8841] alignment 0 [ 258.164727][ T8841] data_pad 0 [ 258.213067][ T8841] vol_type 0 [ 258.275415][ T8841] upd_marker 0 [ 258.344613][ T8841] name_len 0 [ 258.413163][ T8841] name NULL [ 258.464561][ T8841] ubi0 error: ubi_read_volume_table: both volume tables are corrupted [ 259.160022][ T8841] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 259.551906][ T5623] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 259.551930][ T5623] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 259.567083][ T5623] Bluetooth: hci2: Dropping invalid advertising data [ 259.574990][ T5623] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 259.903364][ T8873] netlink: 334 bytes leftover after parsing attributes in process `syz.2.634'. [ 260.093647][ T8872] FAULT_INJECTION: forcing a failure. [ 260.093647][ T8872] name failslab, interval 1, probability 0, space 0, times 0 [ 260.196265][ T8872] CPU: 0 UID: 0 PID: 8872 Comm: syz.1.635 Tainted: G L syzkaller #0 PREEMPT(full) [ 260.196293][ T8872] Tainted: [L]=SOFTLOCKUP [ 260.196298][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 260.196307][ T8872] Call Trace: [ 260.196313][ T8872] [ 260.196318][ T8872] dump_stack_lvl+0x100/0x190 [ 260.196342][ T8872] should_fail_ex.cold+0x5/0xa [ 260.196362][ T8872] ? sk_prot_alloc+0x10b/0x2a0 [ 260.196380][ T8872] should_failslab+0xc2/0x120 [ 260.196398][ T8872] __kmalloc_noprof+0xe0/0x850 [ 260.196428][ T8872] sk_prot_alloc+0x10b/0x2a0 [ 260.196447][ T8872] sk_alloc+0x36/0xe80 [ 260.196470][ T8872] xsk_create+0x117/0x760 [ 260.196494][ T8872] __sock_create+0x339/0x860 [ 260.196517][ T8872] __sys_socket+0x14d/0x260 [ 260.196538][ T8872] ? __pfx___sys_socket+0x10/0x10 [ 260.196563][ T8872] __x64_sys_socket+0x72/0xb0 [ 260.196581][ T8872] ? lockdep_hardirqs_on+0x78/0x100 [ 260.196599][ T8872] do_syscall_64+0x10b/0xf80 [ 260.196616][ T8872] ? clear_bhb_loop+0x40/0x90 [ 260.196634][ T8872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.196649][ T8872] RIP: 0033:0x7f7ce459cdd9 [ 260.196662][ T8872] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.196681][ T8872] RSP: 002b:00007f7ce27ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 260.196696][ T8872] RAX: ffffffffffffffda RBX: 00007f7ce4815fa0 RCX: 00007f7ce459cdd9 [ 260.196706][ T8872] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000000002c [ 260.196715][ T8872] RBP: 00007f7ce4632d69 R08: 0000000000000000 R09: 0000000000000000 [ 260.196725][ T8872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.196735][ T8872] R13: 00007f7ce4816038 R14: 00007f7ce4815fa0 R15: 00007ffe46af3958 [ 260.196754][ T8872] [ 260.492453][ T8875] kexec: Could not allocate control_code_buffer [ 260.738773][ T8887] netlink: 334 bytes leftover after parsing attributes in process `syz.2.639'. [ 260.946476][ T8890] ================================================================== [ 260.946493][ T8890] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 260.946515][ T8890] Read of size 26 at addr ffff88802c6378ea by task syz.1.638/8890 [ 260.946529][ T8890] [ 260.946538][ T8890] CPU: 0 UID: 0 PID: 8890 Comm: syz.1.638 Tainted: G L syzkaller #0 PREEMPT(full) [ 260.946559][ T8890] Tainted: [L]=SOFTLOCKUP [ 260.946564][ T8890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 260.946573][ T8890] Call Trace: [ 260.946579][ T8890] [ 260.946584][ T8890] dump_stack_lvl+0x100/0x190 [ 260.946600][ T8890] print_report+0x13d/0x4b0 [ 260.946622][ T8890] ? __virt_addr_valid+0x239/0x430 [ 260.946647][ T8890] ? fbcon_prepare_logo+0x94e/0xc60 [ 260.946662][ T8890] kasan_report+0xdf/0x1d0 [ 260.946679][ T8890] ? fbcon_prepare_logo+0x94e/0xc60 [ 260.946696][ T8890] kasan_check_range+0x10f/0x1e0 [ 260.946716][ T8890] __asan_memcpy+0x23/0x60 [ 260.946738][ T8890] fbcon_prepare_logo+0x94e/0xc60 [ 260.946756][ T8890] fbcon_init+0x1065/0x1830 [ 260.946773][ T8890] visual_init+0x320/0x620 [ 260.946790][ T8890] do_bind_con_driver.isra.0+0x636/0x9c0 [ 260.946812][ T8890] store_bind+0x609/0x730 [ 260.946832][ T8890] ? __pfx_store_bind+0x10/0x10 [ 260.946850][ T8890] dev_attr_store+0x58/0x80 [ 260.946867][ T8890] ? __pfx_dev_attr_store+0x10/0x10 [ 260.946884][ T8890] sysfs_kf_write+0xf2/0x150 [ 260.946914][ T8890] kernfs_fop_write_iter+0x3e0/0x5f0 [ 260.946935][ T8890] ? __pfx_sysfs_kf_write+0x10/0x10 [ 260.946958][ T8890] vfs_write+0x6ac/0x1070 [ 260.946974][ T8890] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 260.946996][ T8890] ? __pfx_vfs_write+0x10/0x10 [ 260.947017][ T8890] ksys_write+0x12a/0x250 [ 260.947033][ T8890] ? __pfx_ksys_write+0x10/0x10 [ 260.947050][ T8890] ? rcu_is_watching+0x12/0xc0 [ 260.947068][ T8890] do_syscall_64+0x10b/0xf80 [ 260.947085][ T8890] ? clear_bhb_loop+0x40/0x90 [ 260.947102][ T8890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.947117][ T8890] RIP: 0033:0x7f7ce459cdd9 [ 260.947129][ T8890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.947144][ T8890] RSP: 002b:00007f7ce27cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.947158][ T8890] RAX: ffffffffffffffda RBX: 00007f7ce4816090 RCX: 00007f7ce459cdd9 [ 260.947168][ T8890] RDX: 0000000000000081 RSI: 0000200000000040 RDI: 0000000000000003 [ 260.947177][ T8890] RBP: 00007f7ce4632d69 R08: 0000000000000000 R09: 0000000000000000 [ 260.947186][ T8890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.947195][ T8890] R13: 00007f7ce4816128 R14: 00007f7ce4816090 R15: 00007ffe46af3958 [ 260.947209][ T8890] [ 260.947215][ T8890] [ 260.947218][ T8890] Allocated by task 5624: [ 260.947230][ T8890] kasan_save_stack+0x30/0x50 [ 260.947244][ T8890] kasan_save_track+0x14/0x30 [ 260.947257][ T8890] __kasan_kmalloc+0xaa/0xb0 [ 260.947269][ T8890] __kmalloc_node_noprof+0x307/0x850 [ 260.947291][ T8890] alloc_slab_obj_exts+0xae/0x270 [ 260.947310][ T8890] __memcg_slab_post_alloc_hook+0x3c2/0xff0 [ 260.947329][ T8890] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 260.947350][ T8890] sock_alloc_inode+0x26/0x290 [ 260.947366][ T8890] alloc_inode+0x68/0x250 [ 260.947389][ T8890] sock_alloc+0x44/0x280 [ 260.947402][ T8890] __sock_create+0xc2/0x860 [ 260.947419][ T8890] __sys_socket+0x14d/0x260 [ 260.947436][ T8890] __x64_sys_socket+0x72/0xb0 [ 260.947453][ T8890] do_syscall_64+0x10b/0xf80 [ 260.947469][ T8890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.947483][ T8890] [ 260.947486][ T8890] The buggy address belongs to the object at ffff88802c637800 [ 260.947486][ T8890] which belongs to the cache kmalloc-192 of size 192 [ 260.947498][ T8890] The buggy address is located 66 bytes to the right of [ 260.947498][ T8890] allocated 168-byte region [ffff88802c637800, ffff88802c6378a8) [ 260.947513][ T8890] [ 260.947520][ T8890] The buggy address belongs to the physical page: [ 260.947526][ T8890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c637 [ 260.947543][ T8890] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 260.947562][ T8890] page_type: f5(slab) [ 260.947576][ T8890] raw: 00fff00000000000 ffff88813fe2d3c0 dead000000000100 dead000000000122 [ 260.947593][ T8890] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 260.947602][ T8890] page dumped because: kasan: bad access detected [ 260.947614][ T8890] page_owner tracks the page as allocated [ 260.947619][ T8890] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13456833508, free_ts 13447507013 [ 260.947646][ T8890] post_alloc_hook+0x153/0x170 [ 260.947670][ T8890] get_page_from_freelist+0x11a6/0x33b0 [ 260.947692][ T8890] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 260.947714][ T8890] new_slab+0xa6/0x6c0 [ 260.947732][ T8890] refill_objects+0x277/0x420 [ 260.947752][ T8890] __pcs_replace_empty_main+0x375/0x650 [ 260.947773][ T8890] __kmalloc_noprof+0x688/0x850 [ 260.947794][ T8890] usb_alloc_urb+0x66/0xa0 [ 260.947809][ T8890] usb_control_msg+0x1d3/0x4b0 [ 260.947825][ T8890] usb_get_descriptor+0xbb/0x1b0 [ 260.947843][ T8890] usb_get_device_descriptor+0x71/0xe0 [ 260.947862][ T8890] register_root_hub+0x146/0x639 [ 260.947879][ T8890] usb_add_hcd.cold+0xccd/0x1158 [ 260.947902][ T8890] dummy_hcd_probe+0x189/0x2fa [ 260.947921][ T8890] platform_probe+0x106/0x1d0 [ 260.947941][ T8890] really_probe+0x241/0xa60 [ 260.947954][ T8890] page last free pid 9 tgid 9 stack trace: [ 260.947961][ T8890] __free_frozen_pages+0x747/0x1040 [ 260.947979][ T8890] vfree+0x15f/0x8d0 [ 260.947994][ T8890] delayed_vfree_work+0x56/0x80 [ 260.948011][ T8890] process_one_work+0xa0e/0x1980 [ 260.948024][ T8890] worker_thread+0x5ef/0xe50 [ 260.948037][ T8890] kthread+0x370/0x450 [ 260.948047][ T8890] ret_from_fork+0x72b/0xd50 [ 260.948061][ T8890] ret_from_fork_asm+0x1a/0x30 [ 260.948080][ T8890] [ 260.948083][ T8890] Memory state around the buggy address: [ 260.948090][ T8890] ffff88802c637780: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 260.948100][ T8890] ffff88802c637800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 260.948110][ T8890] >ffff88802c637880: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 260.948118][ T8890] ^ [ 260.948126][ T8890] ffff88802c637900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 260.948137][ T8890] ffff88802c637980: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 260.948144][ T8890] ================================================================== [ 260.965331][ T8890] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 260.965350][ T8890] CPU: 0 UID: 0 PID: 8890 Comm: syz.1.638 Tainted: G L syzkaller #0 PREEMPT(full) [ 260.965373][ T8890] Tainted: [L]=SOFTLOCKUP [ 260.965379][ T8890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 260.965388][ T8890] Call Trace: [ 260.965394][ T8890] [ 260.965400][ T8890] dump_stack_lvl+0x100/0x190 [ 260.965420][ T8890] vpanic+0x552/0x970 [ 260.965435][ T8890] ? __pfx_vpanic+0x10/0x10 [ 260.965451][ T8890] ? fbcon_prepare_logo+0x94e/0xc60 [ 260.965468][ T8890] panic+0xd1/0xe0 [ 260.965482][ T8890] ? __pfx_panic+0x10/0x10 [ 260.965496][ T8890] ? fbcon_prepare_logo+0x94e/0xc60 [ 260.965511][ T8890] ? preempt_schedule_common+0x42/0xc0 [ 260.965531][ T8890] check_panic_on_warn.cold+0x19/0x34 [ 260.965547][ T8890] end_report.part.0+0x3a/0x90 [ 260.965567][ T8890] kasan_report.cold+0xe/0x18 [ 260.965588][ T8890] ? fbcon_prepare_logo+0x94e/0xc60 [ 260.965610][ T8890] kasan_check_range+0x10f/0x1e0 [ 260.965630][ T8890] __asan_memcpy+0x23/0x60 [ 260.965651][ T8890] fbcon_prepare_logo+0x94e/0xc60 [ 260.965670][ T8890] fbcon_init+0x1065/0x1830 [ 260.965704][ T8890] visual_init+0x320/0x620 [ 260.965722][ T8890] do_bind_con_driver.isra.0+0x636/0x9c0 [ 260.965745][ T8890] store_bind+0x609/0x730 [ 260.965767][ T8890] ? __pfx_store_bind+0x10/0x10 [ 260.965786][ T8890] dev_attr_store+0x58/0x80 [ 260.965804][ T8890] ? __pfx_dev_attr_store+0x10/0x10 [ 260.965821][ T8890] sysfs_kf_write+0xf2/0x150 [ 260.965844][ T8890] kernfs_fop_write_iter+0x3e0/0x5f0 [ 260.965864][ T8890] ? __pfx_sysfs_kf_write+0x10/0x10 [ 260.965886][ T8890] vfs_write+0x6ac/0x1070 [ 260.965909][ T8890] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 260.965931][ T8890] ? __pfx_vfs_write+0x10/0x10 [ 260.965953][ T8890] ksys_write+0x12a/0x250 [ 260.965969][ T8890] ? __pfx_ksys_write+0x10/0x10 [ 260.965986][ T8890] ? rcu_is_watching+0x12/0xc0 [ 260.966006][ T8890] do_syscall_64+0x10b/0xf80 [ 260.966024][ T8890] ? clear_bhb_loop+0x40/0x90 [ 260.966041][ T8890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.966057][ T8890] RIP: 0033:0x7f7ce459cdd9 [ 260.966070][ T8890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.966085][ T8890] RSP: 002b:00007f7ce27cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.966101][ T8890] RAX: ffffffffffffffda RBX: 00007f7ce4816090 RCX: 00007f7ce459cdd9 [ 260.966112][ T8890] RDX: 0000000000000081 RSI: 0000200000000040 RDI: 0000000000000003 [ 260.966122][ T8890] RBP: 00007f7ce4632d69 R08: 0000000000000000 R09: 0000000000000000 [ 260.966131][ T8890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.966141][ T8890] R13: 00007f7ce4816128 R14: 00007f7ce4816090 R15: 00007ffe46af3958 [ 260.966156][ T8890] [ 260.966210][ T8890] Kernel Offset: disabled