last executing test programs: 7.118790867s ago: executing program 1 (id=647): r0 = prctl$auto_SECCOMP_MODE_STRICT(0xdb4, 0x1, 0x0, 0x1, 0xffffffffffffff6f) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8004) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r1, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)={0x1c, r2, 0xbb484b3ccf0b22b, 0x70bd2b, 0x25dfdbfc, {}, [@MACSEC_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setuid$auto(0x800000000008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0xe63c, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x8000c, 0x100000000}}) r4 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r4, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffbfffd}, 0xffff}, 0x4000, 0x20000043) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty=0x20}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@sco, 0x50) ioctl$auto_VHOST_SET_VRING_BUSYLOOP_TIMEOUT2(r3, 0x4008af23, &(0x7f00000000c0)={0x7fffffff, 0x9}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) iopl$auto(0x3) 5.164009277s ago: executing program 2 (id=653): mmap$auto(0x0, 0x2000a, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) (async) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x2) setsockopt$auto(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x5f) (async) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 4.871113576s ago: executing program 2 (id=655): r0 = socket(0x2, 0x3, 0xa) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) sendmsg$auto_NL80211_CMD_LEAVE_IBSS(r1, &(0x7f0000001800)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000017c0)={&(0x7f0000000280)={0x1524, r2, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0xffff}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xb2, 0xcd, "feb9cbc10598e287ef70da2c19e5addb1ab51f2ccfa019121f533444fa57af231325b5f920b2b02c5a89d8589679fe703937b801d02ab89a70b253ce30a8b2af6b7758cd147a86ff3e3af5e9a6c45298757dda1f0321c0d4b996d81d38b01263c2c991f37d8e4f86d2821fc03949eab5e85092bcfb7c80a1ae885c642f42a72be5ca4fef67b2242612fd81d761a2715a44a6ec496a447971f08acfa1fa4d0c3aba03b0b1c260dd52ef210c5807d4"}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x5}, @NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_SCAN_FREQUENCIES={0x1441, 0x2c, 0x0, 0x1, [@generic="259fe8d95c83ca599a338c1155e9bb8f72f72dc5346368f7dd938b9c5dabe58f8b28da7221880af8d22afd521d37df218c8f4fc133ef5609ff32f318df59ca51018ff18a9d1103d3b47813e10a75b421825a74673854f1a6c6f9743139cc8bb6ce6b9ee3d4e77827de413b27c439c337d512f05e25fbd4368d667e8c134f28963046daa163b103a23a9304090636b62f0cb7a946ae686e2bcf", @nested={0x62, 0x12a, 0x0, 0x1, [@nested={0x4, 0x11d}, @generic="04d89d9b012a5bd2e6845d1fdaf86d7dd4426d37f5696352271411c64162213658245a45171e1e5d4d81ea88431805697dc7a351ecf54c675012aae6fe005a96f77c0e24b06dae95957d2c97d3a35e6ed7383f60e949b5e5d2fd"]}, @nested={0x71, 0xb9, 0x0, 0x1, [@generic="4ae784820e0e593bd67e849cd1f932388312fde614fc17b8fedeff5d7409eac7e989ac5b01d1c4414ae9379c2673092e14d9ab2051fb954163485721e03ac599a63a216910756b98a628bc50d3dcef4ffd5b98527c0384f158e89aba520c4db3d81a2fd90edbeade46be54ccc7"]}, @generic="51f2c3f4234ff4d95b2f72093b1d1af379e062d015ba93c3fcce953dcce83614d826d9ae59994ce707084da10b44af076bfa32d811", @nested={0x118c, 0xf1, 0x0, 0x1, [@generic="a929162f83ade590c37eded926524cbc2a09e589f09ad81f3622401e213a81606150b67be0896de3df73dbb6d6e52c06bf39a381ad645eb76c692a16362bb5f438d2a115021e09afd9b06809f9103776593d1414c69dc3dc6ce9a4e6bbd80f51b008a6471139884c82bb9315d6021ef26c04ec", @generic="e7037de0dc9b98e9f6c2f83e197c94b3e30265413f1770e55294eb2035293ca5daeb39d4f825b78f0b24a0e763c66b5d20b8cab982db99b844370c8eaccbcb0a22c44bdf77b02a3867b92f67792e07f14423d03b22cdbc588f1b43c48415d991eb5f0227814efe25682e01e52b8921cc18ee745c37401a6fe163dca819f87c20ce7f2f2be2466c74412e3208ea01b79a0da98a8f6104179444370ad96ff1d1e75fe933fe11e2e22d8902ec36c0", @nested={0x4, 0x1c}, @typed={0x40, 0x104, 0x0, 0x0, @binary="74f68898f9bf6e9e193d7b1e486689123e4fae735606ad61b5a7e3833a1473122bd87c1bbf519a979096396f0bb5e2fbca3725d1441b275719856eeb"}, @typed={0x8, 0x151, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @generic="bcf49d2cb74a133d5264672e078d8d8e472cc8594ba71ee0aa3a9e197edbbee14b082e19eb033d95d880cc404fc48d8bca287e2caf13c8005c863a397d71b26365a318b72cfe50fb78dda98ab08528cc6cfa7225249bcdbb706735dd9a9a8b544572a0f5ddc45992d96cece4e8ce0101923673dacce203fd7646821c18114ea856836149996334d93a6886072c2d2864ca2c16d2f26e1b2cd55c0debd301f05453cc6d988316ee7d4a7b3aaae3bce3c570643b2b8f47b9a69003f4f146af71b28df39c698399cad0a383caafd678e42a9168cad8f1f005ffcf677c7ba37d1986d3472aec053ce9596052a47c780d9566f8584504f074a0e38cedc3c058ef84a8cd1b3dcabedc2aac857c23f56cc37c1871c5a476dd20540d4d89dac06c1ca2542c0b083543ef8ddab8b98c4e212423cf1bd355b1d57f191497f67239443b71ee38b12cfb0c8bae60ea5348337797ee471648a67df86b15c1e0cb7294abe6af647147e5acf91dc1854b7c8cd6c5fd61f7b1662a6baf5f9ff24a1ea3f8729599cc0cb5fbbeb944932e35ddffb284923f56999aa63185bb31f131ca83c9ccb04202f6b58c19f973bd1a523d8b0fd1ff8b12216bbae2f4bb5709ec2bdf1753fdb460e63ee36b57718e251ad13226f931b0294d9b9d26f9e59ee164e8bbd4894569b611f151fed603d3e82c586a68b2640ce925d68d75f24b728c6d308707c7f197f29ad5468279e7fc38dc4b5b61d9956ba2f134a450090e8b9e038c2985ab13a7ff528539b7a1b59c6fcd9e2472510255115fe1ee04007b145f1ed4e0e368a7920e324050ed9be126d9d09815bf3c40a52e759607de0f82e57690a7ec6a9a8de9aa3bb3755ec80ca8682647fa79223974f7903aa1315318fd6bbfe9950ab183dfac00df7f166eedf47773175ef3bd002163f48ae1aad28244f0b470167d2336f5a5fab151d32fd6b7a9cedb55344ff57caffd68dbb0b4c72f2e82871b25aa5c53d184c16197a74d4d3175d90fc8e554ff47975919b04d5a6e046b9dee4a3748d907acaee5368a2dbed84aeaf0e702b2a934e228c3446df230a84439443d69a2b95fb6936f118be0c8bc08a8da6bc3abb70856d601d5c9328d8c3cd13ca2114b47f9968d9d28e9d3de2f21ce3b00fd8f3d39681d5d2aa8a7b46bd6491ac7ef6a8929588acef340e9d475b1c25059f0fd0e8b66774541613bc4b2c694586dafc1e97349b260c5bb392f6bf2b49d582e17a55a70e029537e1c19f5f201086796c48da102996fe420e1f2b5254b38b72fd553fa7f5590549587018c6ee550a32e2fee59152186ee3681e32e43fda38e14117d0ceea02f4a3e45979775406f011afe59eef6e315d4ce754c7baa0f5ee1220b540437af2c11f74740984f19d2825e7f210bfc9218d3f4e189a4e26b4f73dd779e73a153e06bf2bb1ef0a3ceb4bc9745b4a0ea6e41bcb82a0d82e6cf49153cf5b5dacb707564cce3e9b5e8e8c02d69780c9d47394158465757a85e6ef736d3c274959533b4960d87b44317dca2c54667464f2aba1c342e7b8fe1c440b1cc2cfb54ae00e600c03eb27641a539ca184a88efa960adf9be285e74a1fd22f532031b63daa7ed036ad446d733f71c39486bd616f8e0a997cb091b8ce69416735a6aecd6ed83f09d705f35401189062ea05fc2e3853bd0432c36bb61d22484a58de3d45d64f01cff95701cf873d62f683d1bfebcb9bf63fff857e7aebddf6fba923a8ff6ea29971469edcce10c65401a0f6502b854e4b6c59affebbeb3b0ae0c8f827fe31695de3dea5539d13d14f9e873a9d31c9824f3261041a965eccbf80204b114f4b208c51ff583e7598f0a02f5f3728fc6399c2d081db21a145f8ff8b1a68268bfa3f660ea8fb3b55cc2454db92f7eadc921447a6a3ec3cc60ff2e07c3a577f09b2877edfe89275e24d41b087e1b6ee55b0a4170f78ba1076f7eea80a58ec40290457f6282c3f0b6ebb0723ac4077e4b14fa684415ec3db376f901321d37d8a90f7f153dd44072be866330aede63c4f3152f7751e3dd5934aaf2d4da5f1f9d6d4d4afd8012a467fb6d28667df2544ecd47a61651e2bacfa087ea2773889754c1582c9ae9b77e1571dda0bfe8d75057c731f884997c344be08207579df749e4b8fc38a9750b5b2200772d9901513bbe71d9f8371bcc736c3868153bb787fd8527df0a39543e6556d941db2d3bf91d030b03eb951e9aee6bd063049e68e418ffc694fde8c83eff64f2b26379617b0f25a373bc350f34df703c5a3e2d94c096a61c206a7424e65cfae1bc03cde3c45bea2c908597b8aab6b434e10aa4641ebb1024c0267ab7d4c46f8abd5767aaae0e06d09fd77fc0bac91b485e491e6a7098c9f2e0a92e1cdb2274f2f68ed6a4f8639e1ef83a39327202bb019f4aa3e17a0b5f19a1161578112290cf76502c9ef3aaa88c16aef7f73f3a03dc9d6b4a5cb0f66fb2a7ee931abbb701a7d37e0761bcf36d6bb938d531b5c099a15871b73242413c2db5b4e92109dc698cf10c0d863e570cc83d3709eca1421684d39cb23f8e350f1cd5c91536b13d8f64ac3e45a3f5a3fb41e19f6e384c954c0497214be8ce34adf9f62c82aa8787ba4cdcc844b978491ab81a78b4ae633deb23a6621185f0fe8e08b9099a72f98918427a6e3716076a69c2b5455d9b35270660ce88fbcfe7766fdfde994ab7ae2d9e0dc4eb0d9958904bd75d5c5383d486de84ea4c4f18503177c6749638694f6d7e770ba396d799ef4592142424985b9eefd4f1249599496f5439476f2737bb9961dfd6ba5322fde9f0ba23e3870d04b229ff4e60d1d22cb8ac38d1961079ba2ff0ee8c10a50f632e4184ad0f33a906f96a78a0d4b12598959d7ceacf76a972287e1f04882095960734525d2d06ccff6210147ec5e76da6dbc559123bb81b91093e84ac3a1aa593dd0256c2ec1bf8f180dd174fd3b2cd3a4a64546d7b8925b761072aa55609223925fcdef27ac6ffdfd3673d5334663c025d0216f0c3eec009863e6351406363c1af6f6701f12567e666c28057b526bf138c9149ccee999c008b01473bfcc4f5edeb8172ca74b7e4a619fe01126353f1b15756dfd446259282387990e763adca2776d4eb83aaa56c48c0a9d8b63937566e3f0c66fc88490bf55580acd7be085af5349ce4bfdf28d1ee6fcd42ea7a1e71de0e0db1e19e9a5cd1733de656b50a7fe133894b105157ca43d5784f37ab7a16a82d21222edb2b0ecc7aec60067679a98836b395b72401e8ac2d2a1d6aa86a9ba0f520d66973a517ef8f328664ab64da174f68dc080932f75594e5dbf0f796ca9b038faa455606d7aff327b19556346ec1a8b51e8c42ad3ee550035f9c5c884c637653b193db9ccfdb495f594961bba4930f25404ef9af9002200a11ff037ff299d0cb45311628d6a475ca6ebe9c591c620fcd72e83a27e6314c90986887e492299ae4789f4d1f3f6c6066daca561ccb3bcb0f705889f488cf6e5c20f3f9e99ec9b67e8ef51e1c9ff561022447ed4f3fc0d802c1ab5a237e32fbb64e34d38eefd064137a7e0996d6ff8c7d922df713770129e56b0d35216fe2aff72832a6ce5bb058f9fde248baa738c14d83f2ce831405eebf3547537486acbb4fde859c10c219dd70fb04de5cbc820d0d00d8bdcb678491b044b9f080a9ca198e80e6357e9092c3873a721883ec27468272eb9506faf8dd873cb978ff0dd0196bc886477ccd035e25a0ed03ec1f67647007e8bcf11e5398c9b0de99a89b32eb5dde1e30ce62805868387b0614419941a5b74b1aa913cf9b278e324c0f1957828d1942706a9466c7633aee7160df48387635ee72a91eb82579d6f2654dfe12d49dba0f30931f293de200344749fd0e0dd1ad61575daa4d381d80801a850305b8e159d96ead63cb5221ceb045f6240a3443f24bf9c97cda52d7deef35ee3df0fe8e8ff581e9c4ce5708b9b132c7a4a85c40df8be071f6d185447da788b40367e29a03bc2a24f2541154bcbe905e69dc2d67269c8ef605f6b5c12fda2db04a2c4f50f77af72ea975924391e2544d521c08ffe535f1b55fc31c0f978bc9e3c6c29f95ba1e66abaf2719ffb518e586cb88bd7a723efff10404b7f4dcc5efeb994c9182dbb052579214746e322383b0972b6472c289820be5b1e8347141adfd6ad57f1c95aee2e444165f466de43923be0d7f33227077df2c3c1ce5f07d9bb0462f4b98129177be0c940bd60cb28e342847722de71ccad5272e4e7d31fae4d74c1e191fd1b0e049f67b197e4e96a8f12a79d026a0f6338a0f7299c50a09d82b28709bccab79308cf216bfca762c0e755a9d57d859e6114d2490dec86143a6bb9612047d33d9757e3aac5014399bc427aa646906e2f10b69e5ca56d3ff17e20f9164937c9cfa2b7dc76a0a303f397104b0d7a9e27def8d6e30d25bfe50c604c32f021430328b044d66b8bd19f2e046701c8810228788a27ab19de74f47088c6c3387d79b000e4fc10ae175b3f9bb21ab6da75a925a987bbadc24c4b82723a42d7bb0bae459f807139ea93822a78ac59a25b058f1082ab5dcdd229e9c00e6e346f4d87947b96aec44e38b61bdd3f36aba17aaa05380cf839612a55dbcb5a55a2a6714a5504c17ea2c55809786f9370e25708dc3d06aeb59f41892a3a7b19ba6c149ac06ea691160c8f0d7d5d4b37c69b77461e7d0ba1d234e44188f95bddb790d882e3b12e8897930766173dffca88ca4caa4e3b1de8a361fcc73cad0945421c72d6246c3e0509e6f3537ec2584450d0619c5a786c796c3a7581a41e91f7527aef4ae6638d7ffd8523d87db14af838da86c8c42f3bc12fcfa1eecfc3ac17a9449d8fe2314dfb2ad94cec3f1a30dd766f54960eefe378e0554b8c0a3a48e266c6bd8bdf7510c52c7242f6f67559b7c70f64983b09f1a4aad67d7bab8d0ad716d8b5cc44613106ed66404f62253b4e56dafceb153eb86b85bf1499b7f3e82c2df0407a92d7b03d22716aa861390df3955f256cb8668d9cf22d0dd3db508c8a63579faefa9587f4ccf9e0a78d8108beabf65cfc8df295be0f18d040dbdc5524e2cb0e7c0f9fa6231dc30e350ee9b484c10a255fa5c232eb25fa05ec4dfa4d9e07fd9c2e3c4b462bfd42d9be5f118673c454b40fe89e6b913dbaee1cffdf62f5c703677b59153fff722b6be18e4b7162eeb824c4c87bf1ee84cfce31c503c58563e24bb700976cc319137a66f0136d685a23fae41040505eb1c935f2596f1baefe6f85adddc8bf8630cccbec3f0e3deff2a1c42819f75409ac0f7f68a6db81ca040a0f85eb3e32a1e97141f95d3aab0f3e289136ce7ce9cb2e98801eb46695c4152a036a54c54fad57a66d3be4e78f9a36e4dab613b88137f8c033b6e3f3bb48466d1a310b0df60e1e2c079165f5c928d405a2a53e1b2833429acc0a814d8f76f31b33e481099934825d41866ca90b9bd09445a871379cae6c7eed5400ca440a27678b7fb4aa83a19dfb421f54bd8dbe705f06685b42ea0bcb3edbf3e8da2b40dfe8ef747e8f3f81adccc86b7a3b0729914e5975e854b71224667ce4eaea193903c74b1885e6f499818c25e56fb4ce5e4fa09c99f22e80103505daa703f958af74dcfa2f404e555a45a51ca4b4a1a36c8f500bd0263a421bc0b65e700ad105905ae1fcba8ba777419ecfe7fd19f1c3ca948ac2d3b516ff62718b6011cd09524453dba883681c6804947b84bf28e5340c3369c0125a384e3ff2a33267763dc9e650f460ba3b347dadba3bc72a2c4dab7257ab05453afca2a0e48ba7a32e70dcd0019", @nested={0x4, 0x11f}, @nested={0x4, 0x134}, @typed={0x9, 0x14c, 0x0, 0x0, @str=')%^:\x00'}, @typed={0x8, 0xc2, 0x0, 0x0, @ipv4=@multicast1}]}, @generic="be65984f198d7373cd57d77043d3e9a7e0d9437df6ff9f49fba59059e87d4d5229b7bdeaf6eda432916f0dab8c22a83977873efad42d64bdbded8d5485a7d630ec439c89a7d2d0428ecd2cdbbef931533b20c7417977a7fe6cb54e", @generic="4472ca7dcbb7c33f4588fb6b5368d95fc115d01acf0ef7737bce041d37b21ea0875ebe250252a61bc785ebfb8d3c86b19cdca6dde1e3494327bb9179deb09ce7f0cce9f7175b41dcc98251c7ab19f3e29bd29a47df5be07bf7c6730e0837dae9c223684f4edd9800af8a2d0a063e02a409e19919e94c580a110556a5b1e62e6ccd550d2dbe109ef0c0e66d7229101696d8f437e0b4238570446837dd", @typed={0x14, 0x12d, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}]}]}, 0x1524}, 0x1, 0x0, 0x0, 0x44000}, 0x4) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socket(0x2b, 0x1, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mknod$auto(&(0x7f0000000040)='.\x00', 0xc7, 0xc8) socket(0x2, 0x801, 0x106) shmctl$auto(0x4, 0xe, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) setsockopt$auto(0x1, 0x1, 0x43, &(0x7f0000000000)='\x00', 0xbb) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto_BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)=@bpf_attr_3={0x4, 0x9, 0x8000000000000001, 0x6, 0x10, 0x0, 0x7fffffffffffffff, 0x4, 0x80000001, "ff5f89c5a44800", 0x0, 0x4c7, 0xffffffffffffffff, 0xc, 0x401, 0xa, 0x86, 0x8, 0x5, 0x71e, @attach_prog_fd, 0x80000005, 0x5, 0x7, 0x10000, 0x7}, 0x3fd) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/bNumEndpoints\x00', 0x0, 0x0) sendmsg$auto_KSMBD_EVENT_LOGIN_REQUEST_EXT(0xffffffffffffffff, &(0x7f0000001840)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x20008081) read$auto(r3, 0x0, 0x20) munmap$auto(0x1, 0x9) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2}) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x8000000000000001, 0x7, 0xe) r5 = socket(0xa, 0x2, 0x73) clock_gettime$auto(0x1, 0x0) sendmmsg$auto(r5, 0x0, 0x9, 0xb7a) 3.806221751s ago: executing program 1 (id=657): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_ehash_entries\x00', 0x90d02, 0x0) listmount$auto(&(0x7f0000000080)={0x8, @inferred=r0, 0x4, 0xfffffffffffffff8, 0x6399}, 0x0, 0xb, 0xba) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.13/usb36/urbnum\x00', 0x200000, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000140)="b88c") ioctl$auto_RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, &(0x7f0000000440)=0x77b) close_range$auto(r1, 0xffffffffffffffff, 0x1000003) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/tty/ttyv7/power/control\x00', 0x22902, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000400), 0xa0483, 0x0) close_range$auto(0x2, r2, 0x0) r4 = socketcall$auto(0x5, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000002c0)={{0x0, 0xfa1, &(0x7f0000000280)={&(0x7f0000000180)="cb7978ababbc9f529978e6f2726ae03e663c080c44495b1fe078f2e9c5586aa59caa8166cf00"/50, 0x7}, 0xfffffffffffffff7, 0x0, 0x7c}, 0x800}, 0xc, 0x1) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r3, 0x4400ae8f, &(0x7f0000000240)={0x3, 0x0, [{0x100, 0x4, 0xc000}, {0xad2, 0xff, 0xffffffffffffff6f}]}) ioctl$auto_KVM_CREATE_VM(r3, 0xae80, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000001}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c76be309d592600b4247af672000000", @ANYRES16=0x0, @ANYBLOB="00082cbd7000fcdbdf2501000000060003000800000005000d0003000000050013000800000008000b00800000000600030007000000"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080) socket(0x18, 0x1, 0x106) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0xff) ioctl$auto(r4, 0x3, 0x38) openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000340), 0x40c00, 0x0) socket(0x6, 0x80000, 0x9) connect$auto(0xffffffffffffffff, &(0x7f0000000080)=@l2tp={0x2, 0x0, @multicast1, 0x4}, 0x51) socket(0x11, 0x3, 0x6) r6 = open_tree$auto(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) setsockopt$auto_SO_BUSY_POLL_BUDGET(r6, 0x45d9d054, 0x46, &(0x7f0000000300)='*(@*{-(\x00', 0x0) 3.697633401s ago: executing program 2 (id=659): unshare$auto(0x40000080) (async) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00', @ANYRES16, @ANYBLOB="e958e86e5bafd39a3f8aa96117ffbe687c"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) (async) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x1, &(0x7f00000000c0)={&(0x7f0000000340), 0xfff}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) (async) r1 = setfsuid$auto(0xffffffffffffffff) setpriority$auto_PRIO_USER(0x2, r1, 0x81) (async) shmctl$auto_SHM_INFO(0x3, 0xe, &(0x7f0000000780)={{0x4, r1, 0xffffffffffffffff, 0x7e7, 0x0, 0x8, 0x4}, 0xffff5049, 0x81, 0x200, 0x81, @inferred, @raw=0x5, 0x6, 0x0, &(0x7f0000000680), &(0x7f0000000700)="702cd3d6f4c7d12ece89d98d5bb588d457c6d3becbf886ea2af0f2245775ae0a5e5272fd8dbaf28b475e82dc4c9507811297cfcbcb9af20224c9b1703826cc64002fb13e71aa2ef2287e1cb0b98207032bfa8a9fe87a7ac9dbabfdddbbe058903a7d0d00242bed00db4081a1cc258f"}) shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000940)={{0x0, r1, r2, 0x3cc0b025, 0x8, 0x7f, 0x4}, 0x4d, 0x6, 0x5, 0xb1e2, @raw, @raw=0x4, 0x5, 0x0, &(0x7f0000000800)="b44ccefec0ae3d7ecfffaf638d451d3aa7fdcd3f59dfe8031542aadb800a861d0cb9869fe6b956e87f6c96f05239bab1fe5ba0e5d1af574290b79aa04bde4ca78d660b3faec5da3b1bc191ce720176577762351875ebb6fe918361da3e87de19b7653d2e5fd4c9e63f3bdd83edcc5690ac6a1d4c186d6b4366f2dc0265cfac5450c4da851603c57927d0d16684380abb0bfca8c6ab920db85673ea3460ad2059053c2ed59627dacbc190abac48ded6bbf3336d91ead92a3462824e2d46cfc6ebe3542f07e58c1e7d3e3536716c782db32f6d7a7db55f54a1f1743ee3b5ab2aba6760aee142723169249e19476fe601b19b6ee47590", &(0x7f0000000900)="6cc3cb0a2ece5c0042b265e0b3bd259d"}) (async, rerun: 32) msgctl$auto_IPC_SET(0x8eee, 0x1, &(0x7f00000001c0)={{0x6, 0xee01, 0xee00, 0x3347, 0x800, 0x58c, 0x6}, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x6, 0x1, 0x61ac669c, 0x2, 0x7fffffffffffffff, 0x8000000000000000, 0xfffa, 0x2, 0x80, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff}) (rerun: 32) fstat$auto(r0, &(0x7f0000000240)={0x1, 0x7fff, 0x800, 0x3, r1, r3, 0x0, 0x5, 0x9, 0x0, 0x7, 0x0, 0x101, 0x5, 0x6, 0x3ff, 0x5}) 2.96135303s ago: executing program 1 (id=664): sigaltstack$auto(&(0x7f0000000180)={0x0, 0x0, 0x2}, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0x1000000000000eb1, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0x441, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/LookupCacheEnabled\x00', 0x28102, 0x0) write$auto(r1, &(0x7f0000000180)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7ff) write$auto(r0, &(0x7f0000000080)='\\x7fF&\xb5\x8d\xddEl/trac_notrace_pid\x00\x00\x00\x00', 0x7) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000680)='/dev/loop9\x00', 0x40, 0x0) ioctl$auto_BLKGETNRZONES(r2, 0x80041285, &(0x7f00000006c0)=0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0002, 0x15) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x7d8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) madvise$auto(0x0, 0x1, 0x15) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop12\x00', 0x1e702, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f00000011c0)={0x0, 0x5d, &(0x7f0000000240)={&(0x7f0000000000)={0x20, r5, 0x301, 0x70bd29, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xc, 0x2, 'nl80211\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) syz_genetlink_get_family_id$auto_net_dm(0x0, r4) r6 = socket(0x2a, 0x5, 0x106) bind$auto(r6, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x1, {{0x0, 0x1}}}, 0x6a) write$auto(0xffffffffffffffff, &(0x7f0000000100)='\x00', 0xbf) mmap$auto(0x200000000400, 0xff, 0xe2, 0x9b72, r3, 0x8000) socket(0xa, 0x1, 0x84) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c) listen$auto(0x3, 0x81) 2.760316866s ago: executing program 0 (id=665): socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0xc, 0x0, 0x0) ioctl$auto_I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2) openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, 0x0, 0x1874c0, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) socket(0x23, 0x80805, 0x0) sendmsg$auto_OVS_FLOW_CMD_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x6004}, 0x4040) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 2.536175489s ago: executing program 2 (id=667): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) (async) prctl$auto(0x1000000003b, 0x2, 0x4, 0x1, 0x2000007) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) (async) socket(0x10, 0x3, 0x6) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="e9c8e095", @ANYRES16, @ANYBLOB="040025bd7000199fb180fedbdf25020000000500110030000000ffff27000200000064bfd8a3dbd2f36a209bdf7df8c82bbc"], 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x40000) (async) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r0, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) swapon$auto(0x0, 0x2) (async) swapon$auto(&(0x7f0000000140)='.)\x00', 0x5) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) semctl$auto(0x4, 0x1e, 0x53b, 0xa) (async) r1 = socket(0x21, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x582, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000001240), 0x0) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pwrite64$auto(r1, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) 2.354994342s ago: executing program 2 (id=668): acct$auto(0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x20342, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) ppoll$auto(&(0x7f0000000000)={r0, 0x40}, 0x2, 0x0, 0x0, 0x8) open(0x0, 0x22240, 0x154) unshare$auto(0x7) open(0x0, 0x161342, 0x1b9) read$auto_uinput_fops_uinput(0xffffffffffffffff, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x15, 0xfffffffffffffffa, 0x8000) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000140)={0x1045100, 0x0, 0x0, 0x0, {0x2d}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r1, 0x0, 0x39b8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) io_uring_setup$auto(0x85, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x200000000000003, 0xeb1, 0xffffffffffffffff, 0x8000) 2.194073548s ago: executing program 0 (id=669): symlink$auto(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000240)='./file0\x00') (async) open(&(0x7f0000000280)='./file0\x00', 0x109443, 0x10) (async, rerun: 32) open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) (rerun: 32) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002080)='/dev/ptyb1\x00', 0x480, 0x0) (async) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/smbd_send_credit_target\x00', 0x28002, 0x0) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/wakeup_total_time_ms\x00', 0x0, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) (async) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), r0) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x42200, 0x0) (async) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa8040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x2, 0x801, 0x100) (async) socketpair$auto(0x7ffd, 0x8, 0x8000, 0x0) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) 1.979987571s ago: executing program 3 (id=670): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, r1, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.942579424s ago: executing program 0 (id=671): mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) fsopen$auto(0x0, 0x1) socket(0x10, 0x2, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/dev_snmp6/dummy0\x00', 0x109800, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1, 0x8, 0x11, 0xe13, 0x81, 0xe, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0x8627, 0x9, 0x20000800001, 0x3, 0x6, 0x7, 0x6, 0x7, 0x0, 0xffffffee, 0x2a17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x18, 0xfffffffffffffffc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x27, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe]}, 0x9, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0xc090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_dfs_cpu_ops_debugfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x400, 0x0) socket(0x4, 0xa, 0x8) readv$auto(0x4, &(0x7f0000000100)={0x0, 0x1000}, 0x8) mlockall$auto(0x800000000000005) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/flush\x00', 0x80a02, 0x0) write$auto_aoe_fops_aoechr(r0, 0x0, 0x0) ppoll$auto(&(0x7f0000000000)={0xffffffffffffffff, 0x806}, 0xfc, &(0x7f0000000040)={0x69, 0x800}, &(0x7f00000000c0)={0x9}, 0x8) 1.932165369s ago: executing program 1 (id=672): getresgid$auto(&(0x7f0000000000)=0x1, &(0x7f0000000040), &(0x7f0000000080)=0x5) (async) getresgid$auto(&(0x7f00000000c0)=0x2, &(0x7f0000000100)=0x1ff, &(0x7f0000000140)=0x3) (async) getresgid$auto(&(0x7f0000000180)=0xc, &(0x7f00000001c0), &(0x7f0000000200)=0x2) getresgid$auto(&(0x7f0000000240)=0x80000001, &(0x7f0000000280)=0x6, &(0x7f00000002c0)=0x13) (async) getresgid$auto(&(0x7f0000000300)=0x4, &(0x7f0000000340)=0x4, &(0x7f0000000380)=0x8) getresgid$auto(&(0x7f00000003c0)=0x8bd, &(0x7f0000000400)=0x6281, &(0x7f0000000440)=0x1) (async) getresgid$auto(&(0x7f0000000480)=0x1, &(0x7f00000004c0)=0x5, &(0x7f0000000500)=0x20000) getresgid$auto(&(0x7f0000000540)=0x2, &(0x7f0000000580)=0x244518a5, &(0x7f00000005c0)=0x5) getresgid$auto(&(0x7f0000000600)=0x8da0, &(0x7f0000000640)=0x1, &(0x7f0000000680)=0x6888) getresgid$auto(&(0x7f00000006c0)=0xfffffbff, &(0x7f0000000700)=0x8, &(0x7f0000000740)=0x7ff) (async) getresgid$auto(&(0x7f0000000780)=0xffffff00, &(0x7f00000007c0)=0x6, &(0x7f0000000800)=0x100) (async) getresgid$auto(&(0x7f0000000840)=0x2, &(0x7f0000000880)=0x6, &(0x7f00000008c0)=0x1) (async) getresgid$auto(&(0x7f0000000900)=0x3, &(0x7f0000000940)=0x98, &(0x7f0000000980)=0x4) (async) getresgid$auto(&(0x7f00000009c0)=0xa, &(0x7f0000000a00), &(0x7f0000000a40)=0x1d0) getresgid$auto(&(0x7f0000000a80)=0x294, &(0x7f0000000ac0)=0x6, &(0x7f0000000b00)=0x77000000) (async) getresgid$auto(&(0x7f0000000b40)=0x20000, &(0x7f0000000b80)=0x2, &(0x7f0000000bc0)=0x35b) (async) getresgid$auto(&(0x7f0000000c00)=0xffffffff, &(0x7f0000000c40)=0x1, &(0x7f0000000c80)=0x3) getresgid$auto(&(0x7f0000000cc0), &(0x7f0000000d00)=0xf06, &(0x7f0000000d40)=0x8823) getresgid$auto(&(0x7f0000000d80)=0x3, &(0x7f0000000dc0)=0x81, &(0x7f0000000e00)=0x7) (async) getresgid$auto(&(0x7f0000000e40)=0xa, &(0x7f0000000e80)=0xfffffff8, &(0x7f0000000ec0)=0xc) getresgid$auto(&(0x7f0000000f00)=0x2, &(0x7f0000000f40)=0x8, &(0x7f0000000f80)=0xfffffff2) getresgid$auto(&(0x7f0000000fc0), &(0x7f0000001000)=0x9, &(0x7f0000001040)=0x8) (async) getresgid$auto(&(0x7f0000001080)=0x1c00, &(0x7f00000010c0)=0xffff, &(0x7f0000001100)=0x101) (async) getresgid$auto(&(0x7f0000001140)=0x10000, &(0x7f0000001180)=0x9, &(0x7f00000011c0)=0xffffffff) (async) getresgid$auto(&(0x7f0000001200)=0xffff0229, &(0x7f0000001240)=0xc271, &(0x7f0000001280)=0xb) (async) getresgid$auto(&(0x7f00000012c0)=0xc9b, &(0x7f0000001300)=0x8, &(0x7f0000001340)=0x3) (async) getresgid$auto(&(0x7f0000001380)=0x4, &(0x7f00000013c0)=0x4, &(0x7f0000001400)=0x4) (async) getresgid$auto(&(0x7f0000001440)=0x5, &(0x7f0000001480)=0x6, &(0x7f00000014c0)=0xb) (async) getresgid$auto(&(0x7f0000001500)=0x5, &(0x7f0000001540)=0x47e, &(0x7f0000001580)=0x8) getresgid$auto(&(0x7f00000015c0)=0x43b, &(0x7f0000001600)=0xd, &(0x7f0000001640)=0x1) 1.864203624s ago: executing program 3 (id=673): r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x183203, 0x0) r1 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@ax25={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2}, 0xa604) setpgid$auto(0x0, 0x0) prctl$auto(0x3e, 0xfffffffffffffffe, 0x0, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, 0x0, 0xc0) mmap$auto(0x0, 0xe980, 0x6, 0xeb1, 0xffffffffffffffff, 0x7ffd) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vhci_hcd.5/usb19/19-0:1.0/usb19-port6/quirks\x00', 0x59c308a3604ca2f5, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/block/nbd0/power/runtime_active_time\x00', 0x3644c0, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, 0x0, 0x378d) recvmmsg$auto(r0, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0xff, 0x7000000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pppoe\x00', 0x22001, 0x0) read$auto_proc_reg_file_ops_compat_inode(r4, &(0x7f0000000e80)=""/215, 0xd7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x88402, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) socketpair$auto(0xa8, 0x40000000, 0x7, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) write$auto(0x3, 0x0, 0xffd6) recvfrom$auto(0x3, 0x0, 0x0, 0xfffff4b4, 0x0, 0xfffffffffffffffd) 1.782479503s ago: executing program 1 (id=674): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010028bd70aaaa1a60251100400054a5bd56373692dd1ef4e08dce24db30e8161c9fc94c0c5604bee2cde636dadcc0"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) wait4$auto(0x0, 0x0, 0xf, &(0x7f0000000140)={{0x2599}, {0xffffffffffffffff, 0x1000000009}, 0x2, 0x800080000001, 0x1, 0x1000, 0x5, 0x7, 0x5, 0x5, 0xb11c, 0x8, 0xfffffffffffffffd, 0x7, 0xffff, 0x801c0000000}) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000011", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0x15, 0x401, 0x7ffe) select$auto(0x9, 0x0, &(0x7f0000000080)={[0x209c, 0x2e7d11ca, 0x6, 0x8000, 0xfffffffffffffffc, 0x100000004, 0x9, 0x800002017d, 0x4, 0xdfdffdff, 0x3ff, 0xd59, 0xfb, 0x1, 0x7f, 0x7]}, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES64=r0, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x40890) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) socket(0x28, 0x4, 0x84) bind$auto(0x3, &(0x7f0000000040)=@ax25={0x3, @bcast, 0x4}, 0xff) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram0\x00', 0x16f300, 0x0) sendfile$auto(0x3, r1, 0x0, 0x400000000006) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x4, 0xe, 0x40eb1, 0x401, 0x300000000000) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x100, 0x0) prctl$auto_SECCOMP_MODE_FILTER(0xffff, 0x2, 0x0, 0x100000000, 0x5) prctl$auto(0x101, 0x8400000000000000, 0x0, 0xfff, 0x8000) sysfs$auto(0x2, 0x4c, 0x0) openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, 0x0, 0x4000, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) 1.686094528s ago: executing program 3 (id=675): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x3, 0xa) setsockopt$auto(r0, 0x0, 0x22, 0x0, 0x28) socket(0x2c, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r2, 0x0, 0x6051) readv$auto(r1, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x1, 0x4, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) msync$auto(0x0, 0xe0, 0x6) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2, 0x80002, 0x73) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, r3, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) 1.48354214s ago: executing program 0 (id=676): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram15\x00', 0x4ea02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) socketpair$auto(0x5, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010028bd13357350f7e6883a000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x2400c815}, 0x804) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) getsockopt$auto(r3, 0x84, 0x1b, 0x0, &(0x7f0000000040)=0x400) r4 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x5) ioctl$auto(r4, 0x4008af03, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram15\x00', 0x4ea02, 0x0) (async) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) (async) socketpair$auto(0x5, 0x5, 0x8000000000000000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) (async) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010028bd13357350f7e6883a000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x2400c815}, 0x804) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0xa, 0x1, 0x84) (async) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) (async) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) (async) getsockopt$auto(r3, 0x84, 0x1b, 0x0, &(0x7f0000000040)=0x400) (async) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x5) (async) ioctl$auto(r4, 0x4008af03, 0x0) (async) 793.204529ms ago: executing program 0 (id=677): r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x3, 0x1a, &(0x7f0000000240)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 G\xa0\xcfd\xc0\xa2\x0f\xda\xc4\xef\xff(i\xa6@\x91_\vBj\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2-y\x9bR\xbc\x00\x00\xb6_\\\x8d\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5\x00'/83, 0x10000111) (async) socket(0x11, 0xa, 0x2fc) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab83, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x43040, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) (async) close_range$auto(0xffffffffffffffff, 0x8, 0x9) (async, rerun: 32) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x82401, 0x0) (rerun: 32) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_BLKTRACESETUP32(r3, 0xc0401273, &(0x7f0000000100)={"140464d274fb653cf5ef99d50162dfea66cb4c0d47457ddc83c488fd43de60fd", 0x1, 0x3, 0x1, 0xc0000000003, 0x5, 0x0}) fcntl$auto_F_SETOWN(r1, 0x8, r4) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video69\x00', 0x101, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) (async) socket(0x9, 0x2, 0x0) (async) io_uring_setup$auto(0x5, 0x0) (async) openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000014140), 0xc00, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f00000001c0), 0x280080, 0x0) (async) close_range$auto(0xffffffffffffffff, 0xe903, 0x8001) (async) open(0x0, 0x161342, 0x130) (async, rerun: 64) r5 = open(0x0, 0x40000, 0x31) (rerun: 64) mmap$auto(0x0, 0x1, 0xfd5, 0x12, r5, 0x0) (async) r6 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r6, 0x0, 0x101, 0x103) (async) read$auto_mon_fops_text_t_mon_text(r6, 0x0, 0x0) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) mmap$auto(0x0, 0x5, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 32) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) (async, rerun: 32) openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bdi/43:448/stats\x00', 0x80003, 0x0) (async, rerun: 32) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (rerun: 32) 790.36825ms ago: executing program 1 (id=678): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) socket(0xa, 0x1, 0x100) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\b\x06\x11\x00\x00\x00\x00?W\xff\xff\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\xeb\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/228, 0x8fdef, 0x4000000000000007) (async) r0 = socket(0x10, 0x80000, 0x4) (async) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x20008800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRES32=r0], 0x38}}, 0x40008c0) (async) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) pwritev2$auto(0xffffffffffffffff, 0x0, 0x4, 0x3, 0x10, 0xffffffff) (async) r1 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async) socket(0xa, 0x2, 0x3a) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ppoll$auto(&(0x7f0000000040)={r1, 0x9, 0xfffe}, 0x7, &(0x7f0000000080)={0x2, 0x9}, &(0x7f00000000c0)={0x4}, 0x8) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) (async) r2 = socket(0x2a, 0x2, 0x800009) sendto$auto(r2, 0x0, 0x402, 0x0, &(0x7f0000000700)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x1c) close_range$auto(0x2, 0x8, 0x0) (async) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfffffdef) (async, rerun: 32) fanotify_init$auto(0x1, 0x2) (async, rerun: 32) socket(0x1d, 0x2, 0x2) (async, rerun: 64) connect$auto(0x3, 0x0, 0x53) (rerun: 64) socket(0x10, 0x3, 0x6) (async) socketpair$auto(0x1e, 0xb, 0x8000000000000000, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x38}, 0x6, 0x0, 0x4, 0x9}, 0x9}, 0x6, 0x1f00) 643.70301ms ago: executing program 3 (id=679): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team_slave_0\x00', 0x0}) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x3, 0x24, 0x3ff, 0x63, 0x400, 0x0, 0xffffffffffffffff, 0x80f0c8, 0x20, "38c1d5cbcb9f6b5e511f0cd8ed068f65", r1, 0x5, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x4, 0x8, 0x0, 0x3, @attach_prog_fd, 0x4, 0xffff, 0x8, 0x4, 0x0, r0}, 0x47) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x40000003, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/ieee80211/phy1/airtime_flags\x00', 0x8000, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r3, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x6000000, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000002c0), 0xa, 0xa504}, 0x800}, 0x7, 0x4008) close_range$auto(r4, r2, 0x542) statx$auto(r2, 0x0, 0xfff, 0xbdf3, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x49, 0x4000001, 0x6, 0x1, 0x4, 0x7181, 0x3ffde, 0xbb41, 0x10, 0x9, 0x7, 0x80803, 0x4, 0x11ffffffffffa, 0x85, 0xfffffffffffffffe, 0x9, 0x50007, 0x2002, 0x0, 0x0, 0x6, 0x10000, 0x202, 0x9, 0x7ffc, 0x0, 0x0, 0x7fffffff, 0x3, 0xfffffffc, [0x1, 0x0, 0x0, 0x0, 0xd, 0xfff, 0x5, 0x2, 0x2, 0x2, 0x4, 0x0, 0x0, 0xfffffffffffffffe, 0x1, 0x2000000800000000, 0x6, 0x0, 0x0, 0x8000000000000000, 0x4, 0xfffffffffffdfffe, 0x3, 0x4, 0x6, 0x80000000, 0xfffffffffffffffe, 0x20000000, 0x2, 0x1, 0x0, 0x0, 0x800000009, 0xfffffffffffffffe, 0x4, 0x8001, 0x6, 0x0, 0x1000000000000005, 0x7ff, 0xbffffffffffffffb, 0xfffffffffffffffc, 0x6]}, 0x8, 0xd) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(0x3, 0x81484d11, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) pread64$auto(0xffffffffffffffff, 0x0, 0x4b, 0x2) mmap$auto(0x0, 0x8000000000000062, 0x100001000000003, 0x9b72, 0x2, 0x400000008000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x1, 0x0) r6 = socket(0xa, 0x801, 0x106) setsockopt$auto(r6, 0x6, 0x24, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) preadv$auto(r5, &(0x7f0000000040)={&(0x7f0000000000)="14a8f801389e4e356de0b7fe1cb7", 0x68bd}, 0x1, 0x9, 0x2) setsockopt$auto(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x9) socket(0x29, 0x2, 0x5) 572.160245ms ago: executing program 0 (id=680): mlockall$auto(0x1) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01002704000280"], 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x40) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000000)="9a14b07138617aeab1f5e5fa2356ce", 0x3ff}, 0x8) mlockall$auto(0x1) (async) socket(0x10, 0x2, 0x0) (async) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01002704000280"], 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x40) (async) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000000)="9a14b07138617aeab1f5e5fa2356ce", 0x3ff}, 0x8) (async) 171.536817ms ago: executing program 2 (id=681): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/machinecheck/machinecheck0/bank6\x00', 0x2101, 0x0) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/nfs/exports\x00', 0x400, 0x0) pread64$auto(r1, 0x0, 0x203, 0x8800000000) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='802.1\xc2y\xada\x12\xf3\x15\x84\x1f\xb0i#\xfa?\xdf\xd6\xa5\xc6\xc2\x80X\'\x9cB\xa6\xbeE\xb5\x8a\x1f\xdd\x9dpZ\xaf0\x01\xb6\xb8\x00l\xf1+)\xa4\xb1\xde\xf3\xa35`Qz\xa5\x96\x85?~\xd4\xafD\xa74\xdc\xbedYbO\x12\x02}\xcd\xbcf@4\x8e\xe5\x05W\xda\xa8\xceZ=\xbd\x18\x80\xb8\xd8a\xfb*\x84\xa1\x05\xa7~~\x97\x9c\x06\x0f\xf4X8\xaf\x1fpO(\x91\xdc\xe0l\xc1\xd8bHp\xf8r\xc0^y\xff0N\a`\xb2\xe7!e\xb55\xcd\x9a\xdc\xd2\x16K\xe0\x1b0\xe6\xe7\x03\x14\xb5\xeb\x9b\xb7\x8b\xd9@\xac\xf5\x19-\xdc\xb1\xb1\xc1\x1f\x0f', 0x4000800000000000) (rerun: 64) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/block/nbd4/sched/read0_next_rq\x00', 0x4002, 0x0) (async, rerun: 32) shmctl$auto_SHM_INFO(0x3, 0xe, &(0x7f0000000340)={{0x9, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0xfffffff7, 0x5, 0x2}, 0x1, 0x7, 0xa, 0x7, @inferred, @raw=0x2, 0xd, 0x0, 0x0, 0x0}) (rerun: 32) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x5) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1) syz_open_procfs$namespace(0x0, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) (rerun: 32) munmap$auto(0x0, 0xffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x23, 0x2, 0x8) (async) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) (async) r4 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x2000048}) (async) sendmmsg$auto(r4, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3670400000000000000ba441c1b", 0x49}, 0x5, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) (async, rerun: 64) mlock$auto(0xfbed, 0xc) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x890) (async) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/platform/dummy_hcd.7/usb8/serial\x00', 0xa2400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000001100)=""/4106, 0x100a) (async, rerun: 64) madvise$auto(0x8000, 0x87fff, 0xc) (rerun: 64) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r6) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002dbd7000f9dbdf25010e00000000020001000000050007005800000018685f62386fb52f08000a000800000008001700bf75a70b03edb51324761bf2c637263eb94f1104746914c3c3953335", @ANYRES32, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r2, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000000540)=ANY=[@ANYBLOB="f2000000", @ANYRES16=r3, @ANYBLOB="010029bd7000ffdbdf250300000008000400010000000a000200c60c6c3f7fd90000be0015003007714335f02a27aa25036120e3bdcba194d0dacb48dff01f48aab95e6d0a6f93f863889f54794a206e39bf236e16eef40b3098ca53065bf66847eb45d64c575dfd12426f5130d93b1d60c580add7be39adfba7c38b63f5094075502949c10adbe8b5bfd31270dff6ffac01877819119702e3a9e0ae2acdae6c30ab323878283b588882388a0f990bda5131e9e0074e00bc907d3e06d53657bcd400fe2081430b5b7b80f5638117103db199af17453db6eee8c6d8a78f2f3f0b000008000600ccffffff"], 0xf0}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) process_madvise$auto_MADV_DOFORK(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x1}, 0x9, 0xb, 0x0) 168.601ms ago: executing program 3 (id=682): mmap$auto(0x200000000000, 0x2020009, 0x0, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_regulator_summary_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) 0s ago: executing program 3 (id=683): r0 = openat$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim5/ports/3/udp_ports_reset\x00', 0x20000, 0x0) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x8340, 0x0) ioctl$auto_EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000080)={0x6, 0x1e, 0xd753, 0x3ef4, "8a262c10b56e26ae30e62f0a963d3230947fa8fac2b3424dce907f30f79a2ac6"}) mmap$auto(0xffffffffffffffff, 0x22, 0x3, 0xfffffffffffffff9, r0, 0xf) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/workqueue/nvmet-wq/affinity_strict\x00', 0x20461, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)='-7', 0xfffffc49) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) mmap$auto(0x0, 0x20002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x5) unshare$auto(0x20000) ioctl$auto_USB_RAW_IOCTL_VBUS_DRAW(0xffffffffffffffff, 0x4004550a, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/swradio13\x00', 0x8a2c0, 0x0) prctl$auto_PR_GET_AUXV(0x41555856, 0x5400000000000000, 0x5, 0x0, 0x5) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000001c0)=""/213, 0xd5) ioctl$auto(r3, 0x5646, r3) r4 = socket(0xa, 0x3, 0x3a) r5 = pidfd_open$auto(0x1, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xf6\x04W\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xed\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\x9bg\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) setns(r5, 0x60020000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000300)={0x153326100, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0xa7) r6 = setfsuid$auto(0xee00) ioctl$auto(r3, 0x2, r2) r7 = setfsuid$auto(0xee01) setresuid$auto(r6, r7, r6) ioctl$auto(r4, 0x8936, 0x1) read$auto(r3, &(0x7f0000000200)='{\x00', 0x4) openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/format\x00', 0x500, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.121' (ED25519) to the list of known hosts. [ 71.196507][ T5611] cgroup: Unknown subsys name 'net' [ 71.347598][ T5611] cgroup: Unknown subsys name 'cpuset' [ 71.357153][ T5611] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 72.831141][ T5611] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 74.588279][ T5628] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.609589][ T5633] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.616770][ T5633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.627646][ T5633] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.630876][ T5636] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.642437][ T5635] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.644408][ T5638] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.651247][ T5633] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.658612][ T5638] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.666522][ T5633] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.672678][ T5638] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.678666][ T5635] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.687695][ T5633] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.695178][ T5635] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.700947][ T5633] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.708463][ T5635] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.721441][ T5633] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.723529][ T5635] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.736786][ T5635] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.751972][ T5635] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.181615][ T5624] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.188992][ T5624] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.196297][ T5624] bridge_slave_0: entered allmulticast mode [ 76.203753][ T5624] bridge_slave_0: entered promiscuous mode [ 76.241448][ T5624] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.248699][ T5624] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.256122][ T5624] bridge_slave_1: entered allmulticast mode [ 76.263567][ T5624] bridge_slave_1: entered promiscuous mode [ 76.335152][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.342365][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.349949][ T5625] bridge_slave_0: entered allmulticast mode [ 76.356949][ T5625] bridge_slave_0: entered promiscuous mode [ 76.383577][ T5624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.392917][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.400629][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.407853][ T5625] bridge_slave_1: entered allmulticast mode [ 76.414879][ T5625] bridge_slave_1: entered promiscuous mode [ 76.442968][ T5624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.460596][ T5623] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.468305][ T5623] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.475587][ T5623] bridge_slave_0: entered allmulticast mode [ 76.482459][ T5623] bridge_slave_0: entered promiscuous mode [ 76.489644][ T5622] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.496828][ T5622] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.504050][ T5622] bridge_slave_0: entered allmulticast mode [ 76.511000][ T5622] bridge_slave_0: entered promiscuous mode [ 76.536993][ T5623] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.544282][ T5623] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.551393][ T5623] bridge_slave_1: entered allmulticast mode [ 76.559235][ T5623] bridge_slave_1: entered promiscuous mode [ 76.566388][ T5622] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.573636][ T5622] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.580753][ T5622] bridge_slave_1: entered allmulticast mode [ 76.587957][ T5622] bridge_slave_1: entered promiscuous mode [ 76.605556][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.632813][ T5624] team0: Port device team_slave_0 added [ 76.640687][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.671455][ T5624] team0: Port device team_slave_1 added [ 76.699213][ T5623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.710754][ T5622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.740166][ T5623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.744568][ T5635] Bluetooth: hci2: command tx timeout [ 76.762402][ T5622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.772713][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.780021][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.806187][ T5624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.819535][ T5625] team0: Port device team_slave_0 added [ 76.825218][ T5635] Bluetooth: hci1: command tx timeout [ 76.825517][ T5635] Bluetooth: hci3: command tx timeout [ 76.830661][ T5629] Bluetooth: hci0: command tx timeout [ 76.834862][ T5625] team0: Port device team_slave_1 added [ 76.867943][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.874953][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.901047][ T5624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.925857][ T5623] team0: Port device team_slave_0 added [ 76.958744][ T5623] team0: Port device team_slave_1 added [ 76.966240][ T5622] team0: Port device team_slave_0 added [ 76.974808][ T5622] team0: Port device team_slave_1 added [ 76.981008][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.988008][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.014306][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.059250][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.066415][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.092772][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.112368][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.119827][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.146091][ T5623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.182287][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.189351][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.215493][ T5623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.227118][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.234381][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.260313][ T5622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.277707][ T5624] hsr_slave_0: entered promiscuous mode [ 77.284188][ T5624] hsr_slave_1: entered promiscuous mode [ 77.297829][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.304820][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.330908][ T5622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.406746][ T5625] hsr_slave_0: entered promiscuous mode [ 77.412967][ T5625] hsr_slave_1: entered promiscuous mode [ 77.419198][ T5625] debugfs: 'hsr0' already exists in 'hsr' [ 77.425229][ T5625] Cannot create hsr debugfs directory [ 77.452452][ T5622] hsr_slave_0: entered promiscuous mode [ 77.458760][ T5622] hsr_slave_1: entered promiscuous mode [ 77.465260][ T5622] debugfs: 'hsr0' already exists in 'hsr' [ 77.470992][ T5622] Cannot create hsr debugfs directory [ 77.531782][ T5623] hsr_slave_0: entered promiscuous mode [ 77.538185][ T5623] hsr_slave_1: entered promiscuous mode [ 77.544588][ T5623] debugfs: 'hsr0' already exists in 'hsr' [ 77.550376][ T5623] Cannot create hsr debugfs directory [ 77.936434][ T5624] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 77.950172][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 77.959116][ T5624] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.968990][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 77.977071][ T5624] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.987424][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 77.998705][ T5624] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.008206][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 78.081884][ T5622] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 78.091840][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 78.100796][ T5622] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 78.112838][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 78.121254][ T5622] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 78.130927][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 78.140488][ T5622] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 78.150249][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 78.235685][ T5625] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.246206][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 78.254372][ T5625] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.265119][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 78.272932][ T5625] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.284891][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 78.299871][ T5625] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.308994][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 78.405413][ T5623] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.415550][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 78.430021][ T5623] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.439407][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 78.447946][ T5623] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.458945][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 78.467985][ T5623] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 78.477397][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 78.501521][ T5624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.564861][ T5624] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.594358][ T131] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.601701][ T131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.637264][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.644647][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.668764][ T5622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.710956][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.757270][ T5622] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.769615][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.789614][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.796714][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.817182][ T5623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.823947][ T5635] Bluetooth: hci2: command tx timeout [ 78.836509][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.843661][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.862646][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.869844][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.891715][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.898907][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.906959][ T5635] Bluetooth: hci3: command tx timeout [ 78.915841][ T5635] Bluetooth: hci0: command tx timeout [ 78.915958][ T4945] Bluetooth: hci1: command tx timeout [ 78.969388][ T5623] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.042183][ T131] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.049374][ T131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.090064][ T781] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.097187][ T781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.722945][ T5624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.884591][ T5624] veth0_vlan: entered promiscuous mode [ 79.924462][ T5624] veth1_vlan: entered promiscuous mode [ 80.014520][ T5624] veth0_macvtap: entered promiscuous mode [ 80.053609][ T5624] veth1_macvtap: entered promiscuous mode [ 80.126351][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.170962][ T5622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.182774][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.219718][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.236846][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.246250][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.261317][ T5623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.277858][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.294207][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.416036][ T5625] veth0_vlan: entered promiscuous mode [ 80.442938][ T5622] veth0_vlan: entered promiscuous mode [ 80.466967][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.470842][ T5625] veth1_vlan: entered promiscuous mode [ 80.482417][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.508587][ T5622] veth1_vlan: entered promiscuous mode [ 80.519892][ T5623] veth0_vlan: entered promiscuous mode [ 80.542565][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.550668][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.568667][ T5623] veth1_vlan: entered promiscuous mode [ 80.612395][ T5625] veth0_macvtap: entered promiscuous mode [ 80.622920][ T5624] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 80.651976][ T5625] veth1_macvtap: entered promiscuous mode [ 80.668729][ T5622] veth0_macvtap: entered promiscuous mode [ 80.705211][ T5622] veth1_macvtap: entered promiscuous mode [ 80.717112][ T5623] veth0_macvtap: entered promiscuous mode [ 80.738599][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.764401][ T5623] veth1_macvtap: entered promiscuous mode [ 80.775491][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.792470][ T5777] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4'. [ 80.800282][ T65] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.810609][ T65] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.835980][ T65] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.845212][ T65] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.858590][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.903146][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.911121][ T4945] Bluetooth: hci2: command tx timeout [ 80.950302][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.962464][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.984509][ T65] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.985330][ T4945] Bluetooth: hci1: command tx timeout [ 80.993554][ T5635] Bluetooth: hci0: command tx timeout [ 80.998639][ T4945] Bluetooth: hci3: command tx timeout [ 81.011880][ T65] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.049112][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.074863][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.101370][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.110245][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.157605][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.176726][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.231472][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.253579][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.380142][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.398919][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.482290][ T781] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.494219][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.515317][ T781] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.532715][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.663755][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.688330][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.755546][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.787879][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.557226][ T5790] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 82.984525][ T4945] Bluetooth: hci2: command tx timeout [ 83.063902][ T4945] Bluetooth: hci3: command tx timeout [ 83.073607][ T5629] Bluetooth: hci1: command tx timeout [ 83.079438][ T4945] Bluetooth: hci0: command tx timeout [ 83.445670][ T5810] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 83.878909][ T5801] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 83.905023][ T5801] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 83.969648][ T5801] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.022140][ T5801] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 84.043645][ T5801] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.078220][ T5801] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.123871][ T5801] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 84.150717][ T5801] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.180925][ T5801] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.217803][ T5801] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 84.240741][ T10] cfg80211: failed to load regulatory.db [ 84.250176][ T5801] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 84.284861][ T5801] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 85.104380][ T5831] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15'. [ 85.143802][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout [ 85.182521][ T5831] team0: Port device team_slave_1 removed [ 85.751692][ T5837] netlink: 20 bytes leftover after parsing attributes in process `syz.0.17'. [ 86.026365][ T4945] Bluetooth: hci1: command 0x0c1a tx timeout [ 86.185216][ T4945] Bluetooth: hci2: command 0x0c1a tx timeout [ 86.265061][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout [ 87.061771][ T5845] Invalid ELF header magic: != ELF [ 87.224382][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout [ 87.899255][ T48] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.069110][ T5881] input: jJǸ-9%vJ86 as /devices/virtual/input/input5 [ 88.113638][ T4945] Bluetooth: hci1: command 0x0c1a tx timeout [ 88.274072][ T4945] Bluetooth: hci2: command 0x0c1a tx timeout [ 88.344255][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout [ 88.734571][ T5892] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 88.753844][ T5889] aoe: can't write to that file. [ 89.140968][ T5905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.33'. [ 89.230588][ T5901] FAULT_INJECTION: forcing a failure. [ 89.230588][ T5901] name failslab, interval 1, probability 0, space 0, times 1 [ 89.283571][ T5901] CPU: 1 UID: 0 PID: 5901 Comm: syz.3.31 Not tainted syzkaller #0 PREEMPT(full) [ 89.283613][ T5901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 89.283638][ T5901] Call Trace: [ 89.283647][ T5901] [ 89.283659][ T5901] dump_stack_lvl+0x100/0x190 [ 89.283702][ T5901] should_fail_ex.cold+0x5/0xa [ 89.283739][ T5901] should_failslab+0xc2/0x120 [ 89.283774][ T5901] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 89.283822][ T5901] ? __d_alloc+0x34/0xa40 [ 89.283867][ T5901] __d_alloc+0x34/0xa40 [ 89.283910][ T5901] d_alloc+0x4a/0x1e0 [ 89.283950][ T5901] lookup_one_qstr_excl+0x171/0x250 [ 89.283999][ T5901] start_dirop+0x59/0xb0 [ 89.284033][ T5901] simple_start_creating+0xf9/0x110 [ 89.284067][ T5901] ? __pfx_simple_start_creating+0x10/0x10 [ 89.284104][ T5901] ? mntput+0x70/0xa0 [ 89.284134][ T5901] ? simple_pin_fs+0xa3/0x190 [ 89.284167][ T5901] debugfs_start_creating.part.0+0x82/0x170 [ 89.284224][ T5901] __debugfs_create_file+0xb3/0x4f0 [ 89.284270][ T5901] debugfs_create_file_full+0x41/0x60 [ 89.284316][ T5901] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 89.284353][ T5901] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 89.284387][ T5901] ? ida_alloc_range+0x70d/0x830 [ 89.284459][ T5901] ? lockdep_init_map_type+0x5c/0x250 [ 89.284493][ T5901] preinit_net.part.0+0x252/0x920 [ 89.284528][ T5901] copy_net_ns+0x339/0x7c0 [ 89.284573][ T5901] create_new_namespaces+0x3ea/0xac0 [ 89.284617][ T5901] unshare_nsproxy_namespaces+0xf2/0x220 [ 89.284655][ T5901] ksys_unshare+0x438/0xab0 [ 89.284697][ T5901] ? __pfx_ksys_unshare+0x10/0x10 [ 89.284733][ T5901] ? xfd_validate_state+0x129/0x190 [ 89.284759][ T5901] ? ksys_write+0x1ac/0x250 [ 89.284799][ T5901] __x64_sys_unshare+0x31/0x40 [ 89.284837][ T5901] do_syscall_64+0x10b/0xf80 [ 89.284875][ T5901] ? clear_bhb_loop+0x40/0x90 [ 89.284909][ T5901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.284936][ T5901] RIP: 0033:0x7f128b79ce59 [ 89.284958][ T5901] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.284983][ T5901] RSP: 002b:00007f128c5dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 89.285009][ T5901] RAX: ffffffffffffffda RBX: 00007f128ba16090 RCX: 00007f128b79ce59 [ 89.285026][ T5901] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 89.285042][ T5901] RBP: 00007f128b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 89.285057][ T5901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.285072][ T5901] R13: 00007f128ba16128 R14: 00007f128ba16090 R15: 00007ffe483fb398 [ 89.285106][ T5901] [ 89.555309][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout [ 90.183508][ T4945] Bluetooth: hci1: command 0x0c1a tx timeout [ 90.343691][ T4945] Bluetooth: hci2: command 0x0c1a tx timeout [ 90.423551][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout [ 91.744894][ T5924] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 91.756087][ T5924] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 91.779568][ T5924] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 91.807895][ T5924] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 92.111026][ T5943] netlink: 28 bytes leftover after parsing attributes in process `syz.0.40'. [ 92.189367][ T5943] team0: Port device team_slave_1 removed [ 92.983595][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout [ 93.115771][ T5968] Invalid ELF header magic: != ELF [ 93.783618][ T4945] Bluetooth: hci2: command 0x0c1a tx timeout [ 93.789709][ T5629] Bluetooth: hci1: command 0x0c1a tx timeout [ 93.798047][ T5977] aoe: can't write to that file. [ 93.863654][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout [ 95.011419][ T5994] netlink: 28 bytes leftover after parsing attributes in process `syz.3.54'. [ 95.034398][ T5994] team0: Port device team_slave_1 removed [ 95.983353][ T6006] input: jJǸ-9%vJ86 as /devices/virtual/input/input7 [ 97.211870][ T6020] syz.1.62 (6020) used greatest stack depth: 19720 bytes left [ 97.720462][ T6021] Invalid ELF header magic: != ELF [ 99.228882][ T6044] mmap: syz.0.67 (6044) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 99.488517][ T6056] input: jJǸ-9%vJ86 as /devices/virtual/input/input8 [ 99.972334][ T6068] process 'syz.0.75' launched './file0' with NULL argv: empty string added [ 100.407568][ T6080] syz.3.79 (6080): attempted to duplicate a private mapping with mremap. This is not supported. [ 100.700439][ T6086] netlink: 4 bytes leftover after parsing attributes in process `syz.2.80'. [ 100.710403][ T6086] netlink: 13 bytes leftover after parsing attributes in process `syz.2.80'. [ 101.192069][ T6105] FAULT_INJECTION: forcing a failure. [ 101.192069][ T6105] name failslab, interval 1, probability 0, space 0, times 0 [ 101.279711][ T6105] CPU: 0 UID: 0 PID: 6105 Comm: syz.0.92 Not tainted syzkaller #0 PREEMPT(full) [ 101.279749][ T6105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 101.279767][ T6105] Call Trace: [ 101.279777][ T6105] [ 101.279788][ T6105] dump_stack_lvl+0x100/0x190 [ 101.279826][ T6105] should_fail_ex.cold+0x5/0xa [ 101.279864][ T6105] should_failslab+0xc2/0x120 [ 101.279900][ T6105] __kmalloc_node_noprof+0xe6/0x850 [ 101.279927][ T6105] ? alloc_slab_obj_exts+0xae/0x270 [ 101.279977][ T6105] alloc_slab_obj_exts+0xae/0x270 [ 101.280023][ T6105] __memcg_slab_post_alloc_hook+0x3c2/0xff0 [ 101.280073][ T6105] ? kasan_save_track+0x14/0x30 [ 101.280107][ T6105] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 101.280154][ T6105] ? __d_alloc+0x34/0xa40 [ 101.280200][ T6105] __d_alloc+0x34/0xa40 [ 101.280243][ T6105] d_alloc+0x4a/0x1e0 [ 101.280285][ T6105] lookup_one_qstr_excl+0x171/0x250 [ 101.280343][ T6105] start_dirop+0x59/0xb0 [ 101.280378][ T6105] simple_start_creating+0xf9/0x110 [ 101.280415][ T6105] ? __pfx_simple_start_creating+0x10/0x10 [ 101.280453][ T6105] ? mntput+0x70/0xa0 [ 101.280484][ T6105] ? simple_pin_fs+0xa3/0x190 [ 101.280517][ T6105] debugfs_start_creating.part.0+0x82/0x170 [ 101.280565][ T6105] __debugfs_create_file+0xb3/0x4f0 [ 101.280617][ T6105] debugfs_create_file_full+0x41/0x60 [ 101.280666][ T6105] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 101.280706][ T6105] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 101.280741][ T6105] ? ida_alloc_range+0x70d/0x830 [ 101.280820][ T6105] ? lockdep_init_map_type+0x5c/0x250 [ 101.280856][ T6105] preinit_net.part.0+0x252/0x920 [ 101.280895][ T6105] copy_net_ns+0x339/0x7c0 [ 101.280937][ T6105] create_new_namespaces+0x3ea/0xac0 [ 101.280985][ T6105] unshare_nsproxy_namespaces+0xf2/0x220 [ 101.281023][ T6105] ksys_unshare+0x438/0xab0 [ 101.281067][ T6105] ? __pfx_ksys_unshare+0x10/0x10 [ 101.281108][ T6105] ? xfd_validate_state+0x129/0x190 [ 101.281136][ T6105] ? ksys_write+0x1ac/0x250 [ 101.281181][ T6105] __x64_sys_unshare+0x31/0x40 [ 101.281223][ T6105] do_syscall_64+0x10b/0xf80 [ 101.281266][ T6105] ? clear_bhb_loop+0x40/0x90 [ 101.281301][ T6105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.281339][ T6105] RIP: 0033:0x7f2cc1f9ce59 [ 101.281364][ T6105] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 101.281392][ T6105] RSP: 002b:00007f2cc2e85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 101.281420][ T6105] RAX: ffffffffffffffda RBX: 00007f2cc2216090 RCX: 00007f2cc1f9ce59 [ 101.281439][ T6105] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 101.281457][ T6105] RBP: 00007f2cc2032d6f R08: 0000000000000000 R09: 0000000000000000 [ 101.281476][ T6105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.281493][ T6105] R13: 00007f2cc2216128 R14: 00007f2cc2216090 R15: 00007ffed1752ce8 [ 101.281532][ T6105] [ 103.206236][ T6121] input: jJǸ-9%vJ86 as /devices/virtual/input/input9 [ 104.180533][ T6137] zswap: compressor not available [ 104.396112][ T6151] vivid-007: ================= START STATUS ================= [ 104.438430][ T6151] vivid-007: Generate PTS: true [ 104.485180][ T6151] vivid-007: Generate SCR: true [ 104.497044][ T6151] tpg source WxH: 320x240 (Y'CbCr) [ 104.519996][ T6151] tpg field: 1 [ 104.533112][ T6151] tpg crop: (0,0)/320x240 [ 104.548955][ T6151] tpg compose: (0,0)/320x240 [ 104.557819][ T6151] tpg colorspace: 8 [ 104.568824][ T6151] tpg transfer function: 0/0 [ 104.587182][ T6151] tpg Y'CbCr encoding: 0/0 [ 104.596795][ T6151] tpg quantization: 0/0 [ 104.601112][ T6151] tpg RGB range: 0/2 [ 104.605274][ T6151] vivid-007: ================== END STATUS ================== [ 104.725631][ T6160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.95'. [ 105.693994][ T6177] Zero length message leads to an empty skb [ 109.523026][ T6248] netlink: 350 bytes leftover after parsing attributes in process `syz.3.112'. [ 110.297136][ T6258] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 110.308559][ T6258] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 110.325553][ T6258] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 110.338417][ T6258] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 110.577470][ T6265] random: crng reseeded on system resumption [ 110.611683][ T6267] syz.0.116 uses obsolete (PF_INET,SOCK_PACKET) [ 111.550763][ T6280] Process accounting resumed [ 112.343581][ T5629] Bluetooth: hci2: command 0x0c1a tx timeout [ 112.343596][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 112.343629][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 112.349644][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout [ 112.862615][ T6340] smpboot: CPU 1 is now offline [ 113.100481][ T6349] ima: policy update failed [ 113.143465][ T30] audit: type=1802 audit(1779037404.821:2): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.129" res=0 errno=0 [ 116.263008][ T6429] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 116.339586][ T6427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 116.374402][ T6427] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 116.413717][ T6427] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 116.445384][ T6427] page_type: f5(slab) [ 116.458751][ T6427] raw: 00fff00000000040 ffff88801ce948c0 dead000000000100 dead000000000122 [ 116.499628][ T6427] raw: 0000000000000000 00000008000d000d 00000000f5000000 0000000000000000 [ 116.540740][ T6427] head: 00fff00000000040 ffff88801ce948c0 dead000000000100 dead000000000122 [ 116.596737][ T6427] head: 0000000000000000 00000008000d000d 00000000f5000000 0000000000000000 [ 116.638412][ T6427] head: 00fff00000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff [ 116.684247][ T6427] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 116.738066][ T6427] page dumped because: unmovable page [ 116.762919][ T6427] page_owner tracks the page as allocated [ 116.791790][ T6427] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5006, tgid 5006 (udevadm), ts 29567981527, free_ts 23026891103 [ 116.923787][ T6427] post_alloc_hook+0x153/0x170 [ 116.945806][ T6427] get_page_from_freelist+0x11a6/0x33b0 [ 116.987277][ T6427] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 117.032391][ T6427] new_slab+0xa6/0x6c0 [ 117.051927][ T6427] refill_objects+0x277/0x420 [ 117.095440][ T6427] __pcs_replace_empty_main+0x375/0x650 [ 117.124514][ T6427] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 117.161853][ T6427] alloc_inode+0x183/0x250 [ 117.181581][ T6427] iget_locked+0x1d9/0x6d0 [ 117.223734][ T6427] kernfs_get_inode+0x46/0x470 [ 117.243034][ T6427] kernfs_iop_lookup+0x1a7/0x2d0 [ 117.282356][ T6427] __lookup_slow+0x251/0x460 [ 117.304068][ T6427] lookup_slow+0x50/0x70 [ 117.340496][ T6427] link_path_walk+0x1377/0x1cc0 [ 117.355258][ T6427] path_lookupat+0x74/0xc40 [ 117.389112][ T6427] filename_lookup+0x202/0x590 [ 117.404112][ T6427] page last free pid 1 tgid 1 stack trace: [ 117.424393][ T6427] __free_frozen_pages+0x747/0x1040 [ 117.459756][ T6427] free_contig_range+0xda/0x140 [ 117.476266][ T6427] destroy_args+0xa8/0x7a0 [ 117.510181][ T6427] debug_vm_pgtable+0x1d69/0x3490 [ 117.529240][ T6427] do_one_initcall+0x121/0x750 [ 117.546924][ T6427] kernel_init_freeable+0x6ea/0x7b0 [ 117.569085][ T6427] kernel_init+0x1f/0x1e0 [ 117.582899][ T6427] ret_from_fork+0x72b/0xd50 [ 117.599264][ T6427] ret_from_fork_asm+0x1a/0x30 [ 119.227044][ T6479] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 119.281105][ T6479] netlink: 342 bytes leftover after parsing attributes in process `syz.0.159'. [ 119.340242][ T6479] netlink: 342 bytes leftover after parsing attributes in process `syz.0.159'. [ 119.641372][ T4945] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 119.702208][ T6451] Process accounting resumed [ 121.747337][ T5629] Bluetooth: hci3: command 0x0c1a tx timeout [ 122.560645][ T6557] hub 3-0:1.0: USB hub found [ 122.631177][ T6557] hub 3-0:1.0: 1 port detected [ 122.765365][ T6557] usb usb3: authorized to connect [ 122.890511][ T6562] FAULT_INJECTION: forcing a failure. [ 122.890511][ T6562] name failslab, interval 1, probability 0, space 0, times 0 [ 122.951282][ T6562] CPU: 0 UID: 0 PID: 6562 Comm: syz.0.168 Not tainted syzkaller #0 PREEMPT(full) [ 122.951305][ T6562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 122.951314][ T6562] Call Trace: [ 122.951319][ T6562] [ 122.951325][ T6562] dump_stack_lvl+0x100/0x190 [ 122.951356][ T6562] should_fail_ex.cold+0x5/0xa [ 122.951376][ T6562] should_failslab+0xc2/0x120 [ 122.951394][ T6562] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 122.951418][ T6562] ? alloc_empty_file+0x5b/0x1c0 [ 122.951443][ T6562] alloc_empty_file+0x5b/0x1c0 [ 122.951464][ T6562] alloc_file_pseudo+0x13a/0x230 [ 122.951487][ T6562] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 122.951507][ T6562] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 122.951529][ T6562] create_pipe_files+0x360/0x970 [ 122.951560][ T6562] do_pipe2+0xbd/0x1e0 [ 122.951579][ T6562] ? __pfx_do_pipe2+0x10/0x10 [ 122.951596][ T6562] ? xfd_validate_state+0x129/0x190 [ 122.951612][ T6562] ? ksys_write+0x1ac/0x250 [ 122.951634][ T6562] __x64_sys_pipe+0x33/0x50 [ 122.951653][ T6562] do_syscall_64+0x10b/0xf80 [ 122.951675][ T6562] ? clear_bhb_loop+0x40/0x90 [ 122.951693][ T6562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.951708][ T6562] RIP: 0033:0x7f2cc1f9ce59 [ 122.951724][ T6562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.951741][ T6562] RSP: 002b:00007f2cc2ea6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 122.951756][ T6562] RAX: ffffffffffffffda RBX: 00007f2cc2215fa0 RCX: 00007f2cc1f9ce59 [ 122.951767][ T6562] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000500 [ 122.951776][ T6562] RBP: 00007f2cc2032d6f R08: 0000000000000000 R09: 0000000000000000 [ 122.951784][ T6562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.951793][ T6562] R13: 00007f2cc2216038 R14: 00007f2cc2215fa0 R15: 00007ffed1752ce8 [ 122.951812][ T6562] [ 123.524137][ T6571] Invalid ELF header magic: != ELF [ 123.832354][ T6581] netlink: 4 bytes leftover after parsing attributes in process `syz.3.171'. [ 123.841269][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout [ 123.870714][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.012538][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.062201][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.101938][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.149470][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.200500][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.261682][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.321276][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.366267][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.387391][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.408526][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.427725][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.446063][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.465892][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.481727][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.496101][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.515617][ T6583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.171'. [ 124.819239][ T6614] netlink: 'syz.2.176': attribute type 4 has an invalid length. [ 124.844708][ T6614] netlink: 'syz.2.176': attribute type 1 has an invalid length. [ 125.754694][ T6645] FAULT_INJECTION: forcing a failure. [ 125.754694][ T6645] name failslab, interval 1, probability 0, space 0, times 0 [ 125.830245][ T6645] CPU: 0 UID: 0 PID: 6645 Comm: syz.3.182 Not tainted syzkaller #0 PREEMPT(full) [ 125.830274][ T6645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 125.830283][ T6645] Call Trace: [ 125.830288][ T6645] [ 125.830294][ T6645] dump_stack_lvl+0x100/0x190 [ 125.830317][ T6645] should_fail_ex.cold+0x5/0xa [ 125.830337][ T6645] ? drm_atomic_state_init+0xf4/0x490 [ 125.830359][ T6645] should_failslab+0xc2/0x120 [ 125.830378][ T6645] __kmalloc_noprof+0xe0/0x850 [ 125.830396][ T6645] drm_atomic_state_init+0xf4/0x490 [ 125.830416][ T6645] ? kasan_save_track+0x14/0x30 [ 125.830434][ T6645] drm_atomic_state_alloc+0xd3/0x120 [ 125.830456][ T6645] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 125.830472][ T6645] ? rcu_is_watching+0x12/0xc0 [ 125.830490][ T6645] ? trace_contention_end+0x122/0x170 [ 125.830508][ T6645] ? __mutex_lock+0x26d/0x1b10 [ 125.830524][ T6645] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 125.830540][ T6645] ? drm_master_internal_acquire+0x21/0x80 [ 125.830581][ T6645] drm_client_modeset_commit_locked+0x14d/0x580 [ 125.830600][ T6645] drm_client_modeset_commit+0x4f/0x80 [ 125.830616][ T6645] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 125.830645][ T6645] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 125.830670][ T6645] drm_fbdev_client_restore+0x1b/0x30 [ 125.830690][ T6645] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 125.830709][ T6645] drm_client_dev_restore+0x205/0x2a0 [ 125.830728][ T6645] drm_release+0x2c6/0x360 [ 125.830751][ T6645] ? __pfx_drm_release+0x10/0x10 [ 125.830773][ T6645] __fput+0x3ff/0xb50 [ 125.830798][ T6645] task_work_run+0x150/0x240 [ 125.830814][ T6645] ? __pfx_task_work_run+0x10/0x10 [ 125.830831][ T6645] ? rcu_is_watching+0x12/0xc0 [ 125.830851][ T6645] exit_to_user_mode_loop+0x107/0x4f0 [ 125.830866][ T6645] ? rcu_is_watching+0x12/0xc0 [ 125.830885][ T6645] do_syscall_64+0x6f2/0xf80 [ 125.830907][ T6645] ? clear_bhb_loop+0x40/0x90 [ 125.830925][ T6645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.830940][ T6645] RIP: 0033:0x7f128b79ce59 [ 125.830953][ T6645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 125.830967][ T6645] RSP: 002b:00007f128c5fd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 125.830982][ T6645] RAX: 0000000000000000 RBX: 00007f128ba15fa0 RCX: 00007f128b79ce59 [ 125.830991][ T6645] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 125.830999][ T6645] RBP: 00007f128b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 125.831008][ T6645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.831017][ T6645] R13: 00007f128ba16038 R14: 00007f128ba15fa0 R15: 00007ffe483fb398 [ 125.831037][ T6645] [ 126.397165][ T6659] netlink: 'syz.1.186': attribute type 1 has an invalid length. [ 126.764415][ T6665] FAULT_INJECTION: forcing a failure. [ 126.764415][ T6665] name failslab, interval 1, probability 0, space 0, times 0 [ 126.791444][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 126.886860][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 126.946398][ T6665] CPU: 0 UID: 0 PID: 6665 Comm: syz.2.188 Not tainted syzkaller #0 PREEMPT(full) [ 126.946419][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 126.946427][ T6665] Call Trace: [ 126.946432][ T6665] [ 126.946438][ T6665] dump_stack_lvl+0x100/0x190 [ 126.946459][ T6665] should_fail_ex.cold+0x5/0xa [ 126.946478][ T6665] should_failslab+0xc2/0x120 [ 126.946496][ T6665] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 126.946520][ T6665] ? sk_prot_alloc+0x60/0x2a0 [ 126.946544][ T6665] sk_prot_alloc+0x60/0x2a0 [ 126.946565][ T6665] sk_alloc+0x36/0xe80 [ 126.946581][ T6665] inet6_create+0x385/0x12b0 [ 126.946603][ T6665] ? inet6_create+0x7f/0x12b0 [ 126.946625][ T6665] __sock_create+0x339/0x860 [ 126.946649][ T6665] __sys_socket+0x14d/0x260 [ 126.946672][ T6665] ? __pfx___sys_socket+0x10/0x10 [ 126.946693][ T6665] ? ksys_write+0x1ac/0x250 [ 126.946715][ T6665] __x64_sys_socket+0x72/0xb0 [ 126.946736][ T6665] ? lockdep_hardirqs_on+0x78/0x100 [ 126.946762][ T6665] do_syscall_64+0x10b/0xf80 [ 126.946782][ T6665] ? clear_bhb_loop+0x40/0x90 [ 126.946801][ T6665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.946816][ T6665] RIP: 0033:0x7f9a4839ce59 [ 126.946828][ T6665] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.946841][ T6665] RSP: 002b:00007f9a49250028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 126.946856][ T6665] RAX: ffffffffffffffda RBX: 00007f9a48615fa0 RCX: 00007f9a4839ce59 [ 126.946866][ T6665] RDX: 0000000000000084 RSI: 0000000000000001 RDI: 000000000000000a [ 126.946874][ T6665] RBP: 00007f9a48432d6f R08: 0000000000000000 R09: 0000000000000000 [ 126.946882][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.946891][ T6665] R13: 00007f9a48616038 R14: 00007f9a48615fa0 R15: 00007ffc2e21f628 [ 126.946909][ T6665] [ 127.140170][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.149480][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.158549][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.167105][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.175696][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.184254][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.192882][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.201431][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.210010][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.218642][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.227192][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.235725][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.244562][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.253855][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.262932][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.271488][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.280078][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.288654][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.297216][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.305774][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.314336][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.323091][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.336932][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.345599][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.354963][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.364200][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.375909][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.385428][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.403150][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.412144][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.421076][ T6669] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 127.780791][ T6681] FAULT_INJECTION: forcing a failure. [ 127.780791][ T6681] name failslab, interval 1, probability 0, space 0, times 0 [ 127.840543][ T6681] CPU: 0 UID: 0 PID: 6681 Comm: syz.3.191 Not tainted syzkaller #0 PREEMPT(full) [ 127.840565][ T6681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 127.840574][ T6681] Call Trace: [ 127.840580][ T6681] [ 127.840586][ T6681] dump_stack_lvl+0x100/0x190 [ 127.840608][ T6681] should_fail_ex.cold+0x5/0xa [ 127.840628][ T6681] should_failslab+0xc2/0x120 [ 127.840646][ T6681] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 127.840669][ T6681] ? __proc_create+0x2cb/0x8c0 [ 127.840691][ T6681] __proc_create+0x2cb/0x8c0 [ 127.840710][ T6681] ? __pfx___proc_create+0x10/0x10 [ 127.840732][ T6681] ? _raw_spin_unlock+0x28/0x50 [ 127.840755][ T6681] proc_create_reg+0x75/0x170 [ 127.840776][ T6681] proc_create_net_data+0x8e/0x1c0 [ 127.840796][ T6681] ? __pfx_proc_create_net_data+0x10/0x10 [ 127.840820][ T6681] ? __pfx_arp_net_init+0x10/0x10 [ 127.840835][ T6681] arp_net_init+0x53/0x80 [ 127.840849][ T6681] ops_init+0x1e2/0x5f0 [ 127.840869][ T6681] setup_net+0x118/0x3a0 [ 127.840888][ T6681] ? __pfx_setup_net+0x10/0x10 [ 127.840905][ T6681] ? mutex_init_lockdep+0xf1/0x120 [ 127.840925][ T6681] copy_net_ns+0x46f/0x7c0 [ 127.840946][ T6681] create_new_namespaces+0x3ea/0xac0 [ 127.840970][ T6681] unshare_nsproxy_namespaces+0xf2/0x220 [ 127.840991][ T6681] ksys_unshare+0x438/0xab0 [ 127.841014][ T6681] ? __pfx_ksys_unshare+0x10/0x10 [ 127.841034][ T6681] ? xfd_validate_state+0x129/0x190 [ 127.841056][ T6681] __x64_sys_unshare+0x31/0x40 [ 127.841084][ T6681] do_syscall_64+0x10b/0xf80 [ 127.841106][ T6681] ? clear_bhb_loop+0x40/0x90 [ 127.841125][ T6681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.841141][ T6681] RIP: 0033:0x7f128b79ce59 [ 127.841154][ T6681] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.841167][ T6681] RSP: 002b:00007f128c5fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 127.841182][ T6681] RAX: ffffffffffffffda RBX: 00007f128ba15fa0 RCX: 00007f128b79ce59 [ 127.841191][ T6681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 127.841200][ T6681] RBP: 00007f128b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 127.841209][ T6681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.841218][ T6681] R13: 00007f128ba16038 R14: 00007f128ba15fa0 R15: 00007ffe483fb398 [ 127.841237][ T6681] [ 129.525171][ T6700] FAULT_INJECTION: forcing a failure. [ 129.525171][ T6700] name failslab, interval 1, probability 0, space 0, times 0 [ 129.594708][ T6700] CPU: 0 UID: 0 PID: 6700 Comm: syz.1.196 Not tainted syzkaller #0 PREEMPT(full) [ 129.594730][ T6700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 129.594740][ T6700] Call Trace: [ 129.594745][ T6700] [ 129.594751][ T6700] dump_stack_lvl+0x100/0x190 [ 129.594773][ T6700] should_fail_ex.cold+0x5/0xa [ 129.594794][ T6700] should_failslab+0xc2/0x120 [ 129.594812][ T6700] __kvmalloc_node_noprof+0xfa/0xa00 [ 129.594827][ T6700] ? open_substream+0x311/0x9b0 [ 129.594850][ T6700] ? lockdep_init_map_type+0x5c/0x250 [ 129.594870][ T6700] open_substream+0x311/0x9b0 [ 129.594896][ T6700] rawmidi_open_priv+0x595/0x6f0 [ 129.594921][ T6700] snd_rawmidi_open+0x4c9/0xba0 [ 129.594941][ T6700] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 129.594959][ T6700] ? __pfx_default_wake_function+0x10/0x10 [ 129.594982][ T6700] ? kobject_get_unless_zero+0x156/0x200 [ 129.595002][ T6700] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 129.595017][ T6700] snd_open+0x201/0x450 [ 129.595039][ T6700] ? __pfx_snd_open+0x10/0x10 [ 129.595059][ T6700] chrdev_open+0x234/0x6a0 [ 129.595078][ T6700] ? __pfx_apparmor_file_open+0x10/0x10 [ 129.595101][ T6700] ? __pfx_chrdev_open+0x10/0x10 [ 129.595121][ T6700] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 129.595144][ T6700] do_dentry_open+0x6d8/0x1660 [ 129.595162][ T6700] ? __pfx_chrdev_open+0x10/0x10 [ 129.595184][ T6700] vfs_open+0x82/0x3f0 [ 129.595208][ T6700] path_openat+0x208c/0x31a0 [ 129.595233][ T6700] ? __pfx_path_openat+0x10/0x10 [ 129.595258][ T6700] do_file_open+0x20e/0x430 [ 129.595278][ T6700] ? __pfx_do_file_open+0x10/0x10 [ 129.595310][ T6700] ? alloc_fd+0x476/0x790 [ 129.595329][ T6700] ? do_getname+0x191/0x390 [ 129.595352][ T6700] do_sys_openat2+0x10d/0x1e0 [ 129.595374][ T6700] ? __pfx_do_sys_openat2+0x10/0x10 [ 129.595398][ T6700] ? __fget_files+0x21f/0x3d0 [ 129.595418][ T6700] __x64_sys_openat+0x12d/0x210 [ 129.595441][ T6700] ? __pfx___x64_sys_openat+0x10/0x10 [ 129.595467][ T6700] ? rcu_is_watching+0x12/0xc0 [ 129.595487][ T6700] do_syscall_64+0x10b/0xf80 [ 129.595508][ T6700] ? clear_bhb_loop+0x40/0x90 [ 129.595528][ T6700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.595544][ T6700] RIP: 0033:0x7fd119f9ce59 [ 129.595557][ T6700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.595570][ T6700] RSP: 002b:00007fd11ae74028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 129.595585][ T6700] RAX: ffffffffffffffda RBX: 00007fd11a215fa0 RCX: 00007fd119f9ce59 [ 129.595595][ T6700] RDX: 000000000000a003 RSI: 0000200000000340 RDI: ffffffffffffff9c [ 129.595604][ T6700] RBP: 00007fd11a032d6f R08: 0000000000000000 R09: 0000000000000000 [ 129.595613][ T6700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.595621][ T6700] R13: 00007fd11a216038 R14: 00007fd11a215fa0 R15: 00007ffdc3653648 [ 129.595641][ T6700] [ 131.387023][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.401842][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.987945][ T30] audit: type=1800 audit(1779041519.768:3): pid=6777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.208" name="members" dev="configfs" ino=16109 res=0 errno=0 [ 134.269756][ T6809] capability: warning: `syz.1.215' uses deprecated v2 capabilities in a way that may be insecure [ 134.311789][ T6835] random: crng reseeded on system resumption [ 134.751113][ T6842] futex_wake_op: syz.3.222 tries to shift op by -2048; fix this program [ 141.669113][ T6995] __nla_validate_parse: 16 callbacks suppressed [ 141.669128][ T6995] netlink: 342 bytes leftover after parsing attributes in process `syz.3.248'. [ 141.756654][ T6993] Process accounting paused [ 141.903520][ T6995] IPv6: NLM_F_CREATE should be specified when creating new route [ 142.033839][ T6995] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 142.041670][ T6995] IPv6: NLM_F_CREATE should be set when creating new route [ 142.048911][ T6995] IPv6: NLM_F_CREATE should be set when creating new route [ 142.508339][ T7016] random: crng reseeded on system resumption [ 142.672876][ T7017] can: request_module (can-proto-5) failed. [ 144.395945][ T7053] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.958045][ T7077] Process accounting resumed [ 145.167905][ T7053] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.816961][ T7053] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.285363][ T7053] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.612649][ T7053] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.792907][ T5629] Bluetooth: hci1: unexpected event 0x10 length: 124 > 1 [ 147.793754][ T4945] Bluetooth: hci1: hardware error 0x00 [ 148.077363][ T7132] Process accounting resumed [ 149.842294][ T4945] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 150.734891][ T7196] Process accounting paused [ 151.444326][ T7241] futex_wake_op: syz.3.291 tries to shift op by -2048; fix this program [ 151.872064][ T7241] 0x000000000001-0x000000020000 : "" [ 152.194958][ T7241] ftl_cs: FTL header corrupt! [ 154.204432][ T7302] FAULT_INJECTION: forcing a failure. [ 154.204432][ T7302] name failslab, interval 1, probability 0, space 0, times 0 [ 154.373469][ T7302] CPU: 0 UID: 0 PID: 7302 Comm: syz.0.303 Not tainted syzkaller #0 PREEMPT(full) [ 154.373492][ T7302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 154.373502][ T7302] Call Trace: [ 154.373507][ T7302] [ 154.373513][ T7302] dump_stack_lvl+0x100/0x190 [ 154.373535][ T7302] should_fail_ex.cold+0x5/0xa [ 154.373555][ T7302] should_failslab+0xc2/0x120 [ 154.373573][ T7302] __kmalloc_cache_noprof+0x7a/0x6f0 [ 154.373595][ T7302] ? qrtr_endpoint_register+0x85/0x500 [ 154.373618][ T7302] ? lockdep_init_map_type+0x5c/0x250 [ 154.373637][ T7302] qrtr_endpoint_register+0x85/0x500 [ 154.373661][ T7302] qrtr_tun_open+0x151/0x220 [ 154.373678][ T7302] ? __pfx_qrtr_tun_open+0x10/0x10 [ 154.373695][ T7302] misc_open+0x26d/0x450 [ 154.373714][ T7302] ? __pfx_misc_open+0x10/0x10 [ 154.373732][ T7302] chrdev_open+0x234/0x6a0 [ 154.373752][ T7302] ? __pfx_chrdev_open+0x10/0x10 [ 154.373772][ T7302] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 154.373795][ T7302] do_dentry_open+0x6d8/0x1660 [ 154.373812][ T7302] ? __pfx_chrdev_open+0x10/0x10 [ 154.373835][ T7302] vfs_open+0x82/0x3f0 [ 154.373861][ T7302] path_openat+0x208c/0x31a0 [ 154.373886][ T7302] ? __pfx_path_openat+0x10/0x10 [ 154.373911][ T7302] do_file_open+0x20e/0x430 [ 154.373931][ T7302] ? __pfx_do_file_open+0x10/0x10 [ 154.373963][ T7302] ? alloc_fd+0x476/0x790 [ 154.373982][ T7302] ? do_getname+0x191/0x390 [ 154.374005][ T7302] do_sys_openat2+0x10d/0x1e0 [ 154.374027][ T7302] ? __pfx_do_sys_openat2+0x10/0x10 [ 154.374056][ T7302] __x64_sys_openat+0x12d/0x210 [ 154.374079][ T7302] ? __pfx___x64_sys_openat+0x10/0x10 [ 154.374104][ T7302] ? rcu_is_watching+0x12/0xc0 [ 154.374124][ T7302] do_syscall_64+0x10b/0xf80 [ 154.374145][ T7302] ? clear_bhb_loop+0x40/0x90 [ 154.374163][ T7302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.374178][ T7302] RIP: 0033:0x7f2cc1f9ce59 [ 154.374192][ T7302] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 154.374206][ T7302] RSP: 002b:00007f2cc2e85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 154.374220][ T7302] RAX: ffffffffffffffda RBX: 00007f2cc2216090 RCX: 00007f2cc1f9ce59 [ 154.374230][ T7302] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 154.374239][ T7302] RBP: 00007f2cc2032d6f R08: 0000000000000000 R09: 0000000000000000 [ 154.374248][ T7302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 154.374257][ T7302] R13: 00007f2cc2216128 R14: 00007f2cc2216090 R15: 00007ffed1752ce8 [ 154.374276][ T7302] [ 155.493710][ T7313] netlink: 'syz.3.307': attribute type 5 has an invalid length. [ 155.620919][ T7313] netlink: 42 bytes leftover after parsing attributes in process `syz.3.307'. [ 156.301514][ T7318] netlink: 206 bytes leftover after parsing attributes in process `syz.2.309'. [ 160.927283][ T7343] FAULT_INJECTION: forcing a failure. [ 160.927283][ T7343] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 160.997179][ T7377] futex_wake_op: syz.2.321 tries to shift op by -2048; fix this program [ 161.040192][ T7377] 0x000000000001-0x000000020000 : "" [ 161.083469][ T7377] ftl_cs: FTL header corrupt! [ 161.213167][ T7343] CPU: 0 UID: 0 PID: 7343 Comm: syz.0.313 Not tainted syzkaller #0 PREEMPT(full) [ 161.213188][ T7343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 161.213197][ T7343] Call Trace: [ 161.213202][ T7343] [ 161.213208][ T7343] dump_stack_lvl+0x100/0x190 [ 161.213228][ T7343] should_fail_ex.cold+0x5/0xa [ 161.213247][ T7343] _copy_from_user+0x2e/0xd0 [ 161.213263][ T7343] snd_seq_oss_write+0x395/0x800 [ 161.213294][ T7343] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 161.213320][ T7343] ? apparmor_file_permission+0x13f/0x1c0 [ 161.213337][ T7343] ? bpf_lsm_file_permission+0x9/0x10 [ 161.213354][ T7343] ? __pfx_odev_write+0x10/0x10 [ 161.213373][ T7343] odev_write+0x51/0xa0 [ 161.213393][ T7343] vfs_writev+0x5ea/0xe10 [ 161.213414][ T7343] ? __pfx_vfs_writev+0x10/0x10 [ 161.213442][ T7343] ? __fget_files+0x21f/0x3d0 [ 161.213464][ T7343] ? do_pwritev+0x1ac/0x270 [ 161.213478][ T7343] do_pwritev+0x1ac/0x270 [ 161.213495][ T7343] ? __pfx_do_pwritev+0x10/0x10 [ 161.213512][ T7343] ? rcu_is_watching+0x12/0xc0 [ 161.213532][ T7343] do_syscall_64+0x10b/0xf80 [ 161.213554][ T7343] ? clear_bhb_loop+0x40/0x90 [ 161.213572][ T7343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.213587][ T7343] RIP: 0033:0x7f2cc1f9ce59 [ 161.213599][ T7343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.213619][ T7343] RSP: 002b:00007f2cc2e01028 EFLAGS: 00000246 ORIG_RAX: 0000000000000128 [ 161.213634][ T7343] RAX: ffffffffffffffda RBX: 00007f2cc2216450 RCX: 00007f2cc1f9ce59 [ 161.213643][ T7343] RDX: 0000000000000007 RSI: 00002000000000c0 RDI: 0000000000000006 [ 161.213652][ T7343] RBP: 00007f2cc2032d6f R08: 0000000000000002 R09: 0000000000000000 [ 161.213660][ T7343] R10: 00000000555deb8d R11: 0000000000000246 R12: 0000000000000000 [ 161.213669][ T7343] R13: 00007f2cc22164e8 R14: 00007f2cc2216450 R15: 00007ffed1752ce8 [ 161.213687][ T7343] [ 164.323111][ T7457] ima: policy update failed [ 164.337655][ T7460] futex_wake_op: syz.1.334 tries to shift op by -2048; fix this program [ 164.351264][ T7466] : entered promiscuous mode [ 164.359524][ T30] audit: type=1802 audit(1843104519.492:4): pid=7457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.335" res=0 errno=0 [ 164.389218][ T7460] 0x000000000001-0x000000020000 : "" [ 164.426000][ T7460] ftl_cs: FTL header corrupt! [ 165.101272][ T7482] nfsd: Unknown parameter '' [ 165.490113][ T7476] can0: slcan on ttyS2. [ 165.509353][ T7503] netlink: 342 bytes leftover after parsing attributes in process `syz.2.346'. [ 166.225723][ T7473] can0 (unregistered): slcan off ttyS2. [ 170.749075][ T7615] sysfs_service_op_store: Client not running :-5: [ 170.966674][ T7622] FAULT_INJECTION: forcing a failure. [ 170.966674][ T7622] name fail_futex, interval 1, probability 0, space 0, times 1 [ 171.029712][ T7622] CPU: 0 UID: 0 PID: 7622 Comm: syz.2.365 Not tainted syzkaller #0 PREEMPT(full) [ 171.029733][ T7622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 171.029742][ T7622] Call Trace: [ 171.029747][ T7622] [ 171.029753][ T7622] dump_stack_lvl+0x100/0x190 [ 171.029774][ T7622] should_fail_ex.cold+0x5/0xa [ 171.029794][ T7622] get_futex_key+0x1d2/0x1510 [ 171.029812][ T7622] ? __pfx_get_futex_key+0x10/0x10 [ 171.029833][ T7622] futex_wake+0xea/0x530 [ 171.029853][ T7622] ? rcu_is_watching+0x12/0xc0 [ 171.029874][ T7622] ? __pfx_futex_wake+0x10/0x10 [ 171.029897][ T7622] ? putname+0xb1/0x110 [ 171.029914][ T7622] ? kmem_cache_free+0x127/0x6c0 [ 171.029940][ T7622] do_futex+0x32b/0x350 [ 171.029956][ T7622] ? __pfx_do_futex+0x10/0x10 [ 171.029971][ T7622] ? __pfx_do_sys_openat2+0x10/0x10 [ 171.029997][ T7622] __x64_sys_futex+0x34f/0x4d0 [ 171.030014][ T7622] ? __x64_sys_openat+0x12d/0x210 [ 171.030037][ T7622] ? __pfx___x64_sys_futex+0x10/0x10 [ 171.030056][ T7622] ? rcu_is_watching+0x12/0xc0 [ 171.030076][ T7622] do_syscall_64+0x10b/0xf80 [ 171.030097][ T7622] ? clear_bhb_loop+0x40/0x90 [ 171.030115][ T7622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.030130][ T7622] RIP: 0033:0x7f9a4839ce59 [ 171.030143][ T7622] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 171.030156][ T7622] RSP: 002b:00007f9a4922f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 171.030171][ T7622] RAX: ffffffffffffffda RBX: 00007f9a48616098 RCX: 00007f9a4839ce59 [ 171.030180][ T7622] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9a4861609c [ 171.030189][ T7622] RBP: 00007f9a48616090 R08: 0000000000000001 R09: 0000000000000000 [ 171.030198][ T7622] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 171.030206][ T7622] R13: 00007f9a48616128 R14: 00007ffc2e21f540 R15: 00007ffc2e21f628 [ 171.030225][ T7622] [ 171.785839][ T7627] Process accounting resumed [ 172.103366][ T7643] kvm: kvm [7639]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x186) = 0x8003 [ 172.618220][ T7654] FAULT_INJECTION: forcing a failure. [ 172.618220][ T7654] name failslab, interval 1, probability 0, space 0, times 0 [ 172.698580][ T7654] CPU: 0 UID: 0 PID: 7654 Comm: syz.3.372 Not tainted syzkaller #0 PREEMPT(full) [ 172.698600][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 172.698609][ T7654] Call Trace: [ 172.698614][ T7654] [ 172.698620][ T7654] dump_stack_lvl+0x100/0x190 [ 172.698641][ T7654] should_fail_ex.cold+0x5/0xa [ 172.698660][ T7654] ? sk_prot_alloc+0x10b/0x2a0 [ 172.698680][ T7654] should_failslab+0xc2/0x120 [ 172.698698][ T7654] __kmalloc_noprof+0xe0/0x850 [ 172.698715][ T7654] sk_prot_alloc+0x10b/0x2a0 [ 172.698737][ T7654] sk_alloc+0x36/0xe80 [ 172.698753][ T7654] __netlink_create+0x5e/0x2c0 [ 172.698771][ T7654] ? __wake_up+0x3f/0x60 [ 172.698793][ T7654] netlink_create+0x29b/0x610 [ 172.698811][ T7654] ? __pfx_genl_bind+0x10/0x10 [ 172.698832][ T7654] ? __pfx_genl_unbind+0x10/0x10 [ 172.698853][ T7654] ? __pfx_genl_release+0x10/0x10 [ 172.698868][ T7654] __sock_create+0x339/0x860 [ 172.698893][ T7654] __sys_socket+0x14d/0x260 [ 172.698915][ T7654] ? __pfx___sys_socket+0x10/0x10 [ 172.698943][ T7654] __x64_sys_socket+0x72/0xb0 [ 172.698964][ T7654] ? lockdep_hardirqs_on+0x78/0x100 [ 172.698987][ T7654] do_syscall_64+0x10b/0xf80 [ 172.699008][ T7654] ? clear_bhb_loop+0x40/0x90 [ 172.699026][ T7654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.699041][ T7654] RIP: 0033:0x7f128b79ce59 [ 172.699053][ T7654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 172.699066][ T7654] RSP: 002b:00007f128c5dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 172.699081][ T7654] RAX: ffffffffffffffda RBX: 00007f128ba16090 RCX: 00007f128b79ce59 [ 172.699090][ T7654] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 172.699099][ T7654] RBP: 00007f128b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 172.699107][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.699115][ T7654] R13: 00007f128ba16128 R14: 00007f128ba16090 R15: 00007ffe483fb398 [ 172.699133][ T7654] [ 174.484090][ T7670] can0: slcan on ttyS2. [ 174.991628][ T7668] can0 (unregistered): slcan off ttyS2. [ 178.068276][ T7764] FAULT_INJECTION: forcing a failure. [ 178.068276][ T7764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.138191][ T7764] CPU: 0 UID: 7 PID: 7764 Comm: syz.3.387 Not tainted syzkaller #0 PREEMPT(full) [ 178.138213][ T7764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 178.138222][ T7764] Call Trace: [ 178.138228][ T7764] [ 178.138234][ T7764] dump_stack_lvl+0x100/0x190 [ 178.138255][ T7764] should_fail_ex.cold+0x5/0xa [ 178.138274][ T7764] strncpy_from_user+0x3b/0x2d0 [ 178.138298][ T7764] do_getname+0x78/0x390 [ 178.138322][ T7764] do_sys_openat2+0xc5/0x1e0 [ 178.138345][ T7764] ? __pfx_do_sys_openat2+0x10/0x10 [ 178.138370][ T7764] ? __sys_sendmsg+0x18f/0x220 [ 178.138391][ T7764] __x64_sys_openat+0x12d/0x210 [ 178.138413][ T7764] ? __pfx___x64_sys_openat+0x10/0x10 [ 178.138439][ T7764] ? rcu_is_watching+0x12/0xc0 [ 178.138461][ T7764] do_syscall_64+0x10b/0xf80 [ 178.138483][ T7764] ? clear_bhb_loop+0x40/0x90 [ 178.138501][ T7764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.138516][ T7764] RIP: 0033:0x7f128b79ce59 [ 178.138528][ T7764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.138542][ T7764] RSP: 002b:00007f128c5fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 178.138556][ T7764] RAX: ffffffffffffffda RBX: 00007f128ba15fa0 RCX: 00007f128b79ce59 [ 178.138566][ T7764] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 178.138575][ T7764] RBP: 00007f128b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 178.138584][ T7764] R10: 000000000000003e R11: 0000000000000246 R12: 0000000000000000 [ 178.138592][ T7764] R13: 00007f128ba16038 R14: 00007f128ba15fa0 R15: 00007ffe483fb398 [ 178.138611][ T7764] [ 178.449452][ T7689] Process accounting paused [ 180.138938][ T7806] cgroup: fork rejected by pids controller in /syz3 [ 180.175851][ T30] audit: type=1800 audit(2147484682.662:5): pid=7831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.398" name="dbroot" dev="configfs" ino=22171 res=0 errno=0 [ 180.964664][ T7868] Process accounting resumed [ 181.074901][ T7965] netlink: 28 bytes leftover after parsing attributes in process `syz.0.403'. [ 181.108455][ T7965] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 181.159480][ T7965] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 181.196883][ T30] audit: type=1800 audit(2147484689.692:6): pid=7968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.404" name="lu_gp_id" dev="configfs" ino=22358 res=0 errno=0 [ 181.262877][ T7965] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 181.290995][ T7965] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 181.651907][ T7978] netlink: 326 bytes leftover after parsing attributes in process `syz.2.405'. [ 182.294291][ T7986] netlink: zone id is out of range [ 182.412775][ T7986] netlink: get zone limit has 4 unknown bytes [ 182.882175][ T7991] Process accounting resumed [ 183.045165][ T7998] netlink: 334 bytes leftover after parsing attributes in process `syz.0.409'. [ 185.779806][ T8033] &#$@\]\-: entered promiscuous mode [ 185.820450][ T8036] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 186.159422][ T8036] ima: policy update failed [ 186.184031][ T30] audit: type=1802 audit(2147484694.708:7): pid=8036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.415" res=0 errno=0 [ 187.617060][ T8045] netlink: 342 bytes leftover after parsing attributes in process `syz.2.418'. [ 192.767513][ T8124] blktrace: Concurrent blktraces are not allowed on sg0 [ 193.786311][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.855794][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.767689][ T8146] Process accounting resumed [ 196.205892][ T8175] FAULT_INJECTION: forcing a failure. [ 196.205892][ T8175] name failslab, interval 1, probability 0, space 0, times 0 [ 196.262428][ T8175] CPU: 0 UID: 0 PID: 8175 Comm: syz.1.447 Not tainted syzkaller #0 PREEMPT(full) [ 196.262449][ T8175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 196.262469][ T8175] Call Trace: [ 196.262474][ T8175] [ 196.262479][ T8175] dump_stack_lvl+0x100/0x190 [ 196.262500][ T8175] should_fail_ex.cold+0x5/0xa [ 196.262519][ T8175] should_failslab+0xc2/0x120 [ 196.262537][ T8175] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 196.262562][ T8175] ? __d_alloc+0x34/0xa40 [ 196.262586][ T8175] __d_alloc+0x34/0xa40 [ 196.262607][ T8175] d_alloc_pseudo+0x1c/0xc0 [ 196.262621][ T8175] alloc_file_pseudo+0xcf/0x230 [ 196.262645][ T8175] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 196.262667][ T8175] ? alloc_fd+0x476/0x790 [ 196.262687][ T8175] sock_alloc_file+0x50/0x210 [ 196.262707][ T8175] __sys_socket+0x1c0/0x260 [ 196.262729][ T8175] ? __pfx___sys_socket+0x10/0x10 [ 196.262757][ T8175] __x64_sys_socket+0x72/0xb0 [ 196.262778][ T8175] ? lockdep_hardirqs_on+0x78/0x100 [ 196.262801][ T8175] do_syscall_64+0x10b/0xf80 [ 196.262822][ T8175] ? clear_bhb_loop+0x40/0x90 [ 196.262840][ T8175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.262854][ T8175] RIP: 0033:0x7fd119f9ce59 [ 196.262867][ T8175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 196.262881][ T8175] RSP: 002b:00007fd11ae74028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 196.262895][ T8175] RAX: ffffffffffffffda RBX: 00007fd11a215fa0 RCX: 00007fd119f9ce59 [ 196.262904][ T8175] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 196.262912][ T8175] RBP: 00007fd11a032d6f R08: 0000000000000000 R09: 0000000000000000 [ 196.262921][ T8175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.262929][ T8175] R13: 00007fd11a216038 R14: 00007fd11a215fa0 R15: 00007ffdc3653648 [ 196.262947][ T8175] [ 198.579807][ T8190] random: crng reseeded on system resumption [ 199.599907][ T8203] NFSD: Failed to start, no listeners configured. [ 199.836562][ T8217] binder: 8216:8217 ioctl c018620b 0 returned -14 [ 202.400434][ T8228] Process accounting paused [ 204.653658][ T8255] random: crng reseeded on system resumption [ 205.245028][ T8267] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 205.583153][ T8272] FAULT_INJECTION: forcing a failure. [ 205.583153][ T8272] name fail_futex, interval 1, probability 0, space 0, times 0 [ 205.697073][ T8272] CPU: 0 UID: 0 PID: 8272 Comm: syz.1.469 Not tainted syzkaller #0 PREEMPT(full) [ 205.697095][ T8272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 205.697103][ T8272] Call Trace: [ 205.697108][ T8272] [ 205.697114][ T8272] dump_stack_lvl+0x100/0x190 [ 205.697136][ T8272] should_fail_ex.cold+0x5/0xa [ 205.697152][ T8272] ? __pfx___might_resched+0x10/0x10 [ 205.697171][ T8272] get_futex_key+0x1d2/0x1510 [ 205.697188][ T8272] ? __pfx_get_futex_key+0x10/0x10 [ 205.697204][ T8272] ? __pfx_aa_sk_perm+0x10/0x10 [ 205.697220][ T8272] ? __pfx_isotp_sendmsg+0x10/0x10 [ 205.697241][ T8272] futex_wait_setup+0x83/0x510 [ 205.697266][ T8272] __futex_wait+0x19f/0x300 [ 205.697287][ T8272] ? __pfx___futex_wait+0x10/0x10 [ 205.697311][ T8272] ? __pfx_futex_wake_mark+0x10/0x10 [ 205.697332][ T8272] ? futex_hash+0x2ad/0x370 [ 205.697347][ T8272] ? futex_hash+0x141/0x370 [ 205.697363][ T8272] futex_wait+0xe6/0x370 [ 205.697382][ T8272] ? __pfx_futex_wait+0x10/0x10 [ 205.697411][ T8272] do_futex+0x1ef/0x350 [ 205.697427][ T8272] ? __pfx_do_futex+0x10/0x10 [ 205.697443][ T8272] ? fput+0x79/0x100 [ 205.697467][ T8272] ? __sys_sendmsg+0x18f/0x220 [ 205.697487][ T8272] __x64_sys_futex+0x34f/0x4d0 [ 205.697505][ T8272] ? __pfx___x64_sys_futex+0x10/0x10 [ 205.697525][ T8272] ? rcu_is_watching+0x12/0xc0 [ 205.697545][ T8272] do_syscall_64+0x10b/0xf80 [ 205.697568][ T8272] ? clear_bhb_loop+0x40/0x90 [ 205.697586][ T8272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.697601][ T8272] RIP: 0033:0x7fd119f9ce59 [ 205.697613][ T8272] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.697627][ T8272] RSP: 002b:00007fd11ae740e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 205.697641][ T8272] RAX: ffffffffffffffda RBX: 00007fd11a215fa8 RCX: 00007fd119f9ce59 [ 205.697650][ T8272] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd11a215fa8 [ 205.697659][ T8272] RBP: 00007fd11a215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 205.697667][ T8272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.697676][ T8272] R13: 00007fd11a216038 R14: 00007ffdc3653560 R15: 00007ffdc3653648 [ 205.697694][ T8272] [ 206.422101][ T8284] ubi0: attaching mtd0 [ 206.447748][ T8284] ubi0: scanning is finished [ 206.465809][ T8284] ubi0: empty MTD device detected [ 207.602249][ T8284] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 207.745408][ T8284] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 207.760738][ T8321] openvswitch: netlink: Key 2 has unexpected len 20 expected 4 [ 207.814289][ T8321] netlink: 16 bytes leftover after parsing attributes in process `syz.2.479'. [ 207.844742][ T8284] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 207.952201][ T8284] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 208.083450][ T8284] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 208.219132][ T8284] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 208.368725][ T8284] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1580874766 [ 208.388525][ T8333] sock: sock_timestamping_bind_phc: sock not bind to device [ 208.451836][ T8298] syz-executor invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 208.505194][ T8284] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 208.524247][ T8298] CPU: 0 UID: 0 PID: 8298 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 208.524268][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 208.524277][ T8298] Call Trace: [ 208.524282][ T8298] [ 208.524288][ T8298] dump_stack_lvl+0x100/0x190 [ 208.524310][ T8298] dump_header+0xfb/0x606 [ 208.524327][ T8298] oom_kill_process.cold+0xd/0x330 [ 208.524346][ T8298] out_of_memory+0x340/0x14f0 [ 208.524373][ T8298] ? __pfx_out_of_memory+0x10/0x10 [ 208.524401][ T8298] mem_cgroup_out_of_memory+0xc6/0x130 [ 208.524424][ T8298] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 208.524446][ T8298] ? find_held_lock+0x2b/0x80 [ 208.524468][ T8298] ? do_raw_spin_unlock+0x145/0x1e0 [ 208.524486][ T8298] ? _raw_spin_unlock+0x28/0x50 [ 208.524508][ T8298] try_charge_memcg+0x6e5/0xdf0 [ 208.524530][ T8298] ? __pfx_try_charge_memcg+0x10/0x10 [ 208.524547][ T8298] ? find_held_lock+0x2b/0x80 [ 208.524566][ T8298] ? rcu_read_unlock+0x17/0x60 [ 208.524583][ T8298] ? rcu_read_unlock+0x17/0x60 [ 208.524601][ T8298] ? find_held_lock+0x2b/0x80 [ 208.524620][ T8298] ? rcu_read_unlock+0x17/0x60 [ 208.524642][ T8298] charge_memcg+0x19f/0x210 [ 208.524660][ T8298] __mem_cgroup_charge+0x2b/0x1c0 [ 208.524681][ T8298] do_wp_page+0xda4/0x4350 [ 208.524707][ T8298] ? __pfx_do_wp_page+0x10/0x10 [ 208.524727][ T8298] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 208.524749][ T8298] __handle_mm_fault+0x1ab6/0x2a00 [ 208.524781][ T8298] ? reacquire_held_locks+0xce/0x1e0 [ 208.524796][ T8298] ? __pfx___handle_mm_fault+0x10/0x10 [ 208.524821][ T8298] ? lock_vma_under_rcu+0x17c/0x590 [ 208.524854][ T8298] handle_mm_fault+0x36d/0xa20 [ 208.524879][ T8298] do_user_addr_fault+0x5a3/0x12f0 [ 208.524904][ T8298] exc_page_fault+0x6f/0xd0 [ 208.524927][ T8298] asm_exc_page_fault+0x26/0x30 [ 208.524941][ T8298] RIP: 0033:0x7f128b669762 [ 208.524954][ T8298] Code: 14 00 00 4c 8b 05 86 bf ed 00 48 8b 0d 3f bf ed 00 31 c0 48 8d ac 24 30 01 00 00 48 8d 15 6e a3 1c 00 be 40 00 00 00 48 89 ef 05 27 bf ed 00 01 e8 c2 1b 0e 00 31 c0 48 89 ee bf 0f 00 00 00 [ 208.524967][ T8298] RSP: 002b:00007ffe483fb500 EFLAGS: 00010246 [ 208.524979][ T8298] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000003 [ 208.524988][ T8298] RDX: 00007f128b833ac8 RSI: 0000000000000040 RDI: 00007ffe483fb630 [ 208.524997][ T8298] RBP: 00007ffe483fb630 R08: 00000000000001d3 R09: 0000000000000000 [ 208.525005][ T8298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000065 [ 208.525014][ T8298] R13: 0000555587578a00 R14: 0000000000030e9a R15: 00007ffe483fb790 [ 208.525033][ T8298] [ 208.525038][ T8298] memory: usage 307200kB, limit 307200kB, failcnt 20571 [ 208.872966][ T8285] ubi0: detaching mtd0 [ 208.961625][ T8285] ubi0: mtd0 is detached [ 209.103477][ T8346] netlink: 342 bytes leftover after parsing attributes in process `syz.2.487'. [ 209.131613][ T8346] netlink: 342 bytes leftover after parsing attributes in process `syz.2.487'. [ 209.214329][ T8298] memory+swap: usage 431640kB, limit 9007199254740988kB, failcnt 0 [ 209.231441][ T8298] kmem: usage 3296kB, limit 9007199254740988kB, failcnt 0 [ 209.250325][ T8298] Memory cgroup stats for /syz3: [ 209.250502][ T8298] cache 310702080 [ 209.274149][ T8298] rss 258048 [ 209.283350][ T8298] rss_huge 0 [ 209.295860][ T8298] shmem 310702080 [ 209.310453][ T8298] mapped_file 17039360 [ 209.320079][ T8298] dirty 0 [ 209.327138][ T8298] writeback 0 [ 209.337489][ T8298] workingset_refault_anon 1661 [ 209.348356][ T8298] workingset_refault_file 446 [ 209.363381][ T8298] swap 127426560 [ 209.376219][ T8298] swapcached 148365312 [ 209.389795][ T8298] pgpgin 198505 [ 209.398060][ T8298] pgpgout 123551 [ 209.410687][ T8298] pgfault 86324 [ 209.422369][ T8298] pgmajfault 299 [ 209.431542][ T8298] inactive_anon 165478400 [ 209.441850][ T8298] active_anon 145719296 [ 209.453313][ T8298] inactive_file 0 [ 209.464524][ T8298] active_file 0 [ 209.477157][ T8298] unevictable 0 [ 209.487803][ T8298] hierarchical_memory_limit 314572800 [ 209.501763][ T8298] hierarchical_memsw_limit 9223372036854771712 [ 209.517723][ T8298] total_cache 310702080 [ 209.529198][ T8298] total_rss 258048 [ 209.540047][ T8298] total_rss_huge 0 [ 209.549463][ T8298] total_shmem 310702080 [ 209.561402][ T8298] total_mapped_file 17039360 [ 209.576469][ T8298] total_dirty 0 [ 209.585893][ T8298] total_writeback 0 [ 209.595884][ T8298] total_workingset_refault_anon 1661 [ 209.609864][ T8298] total_workingset_refault_file 446 [ 209.625651][ T8298] total_swap 127426560 [ 209.637502][ T8298] total_swapcached 148365312 [ 209.653276][ T8298] total_pgpgin 198505 [ 209.672286][ T8298] total_pgpgout 123551 [ 209.687603][ T8298] total_pgfault 86324 [ 209.704688][ T8298] total_pgmajfault 299 [ 209.719781][ T8298] total_inactive_anon 165478400 [ 209.740193][ T8298] total_active_anon 145719296 [ 209.759507][ T8298] total_inactive_file 0 [ 209.781595][ T8298] total_active_file 0 [ 209.802180][ T8298] total_unevictable 0 [ 209.814521][ T8298] anon_cost 0 [ 209.827663][ T8298] file_cost 0 [ 209.846913][ T8298] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.396,pid=7835,uid=0 [ 209.965290][ T8298] Memory cgroup out of memory: Killed process 7835 (syz.3.396) total-vm:230916kB, anon-rss:1392kB, file-rss:21628kB, shmem-rss:16640kB, UID:0 pgtables:184kB oom_score_adj:1000 [ 210.667499][ T8372] netlink: 52 bytes leftover after parsing attributes in process `syz.2.493'. [ 211.048403][ T8370] Process accounting paused [ 215.380634][ T8420] Process accounting resumed [ 215.917945][ T8437] zswap: compressor 000 not available [ 216.151081][ T8450] openvswitch: netlink: IP tunnel dst address not specified [ 216.169623][ T7828] syz.3.396 (7828) used greatest stack depth: 19048 bytes left [ 217.099246][ T7809] syz.3.396 (7809) used greatest stack depth: 18264 bytes left [ 217.191628][ T8480] ICMPv6: process `syz.2.514' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 217.227245][ T8462] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.685967][ T8492] scsi_dev_info_list_add_str: bad dev info string ')zD 5fk+*X#R84*VsndvqQW}~YrȀ-8VGDƘLB%v†v}Ypq|?O[,! 7xWDr%[}E$3?G9Ff=lrGH;2L<=|8 -c Fո"[v9q4Mmvqk[(iNDСMX PSqqX4X`V!;r֍)y]WzfIH0,v{q8שUܹ䑉m؛HTwCz-nR%2]x05oՕ|3>lS*L/Cdgӑ[C=Cwem)l#' ''S.sHgi-TY%ܹF*8nFTH?i{' '' [ 218.391518][ T4945] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 218.391561][ T4945] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 218.407111][ T4945] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 218.407151][ T4945] Bluetooth: hci2: adv larger than maximum supported [ 218.417247][ T4945] Bluetooth: hci2: Unknown advertising packet type: 0x52 [ 218.424585][ T4945] Bluetooth: hci2: adv larger than maximum supported [ 218.432120][ T4945] Bluetooth: hci2: adv larger than maximum supported [ 218.440598][ T4945] Bluetooth: hci2: adv larger than maximum supported [ 218.447659][ T4945] Bluetooth: hci2: Malformed LE Event: 0x0d [ 220.174423][ T8549] netlink: 342 bytes leftover after parsing attributes in process `syz.3.526'. [ 221.143185][ T8572] capability: warning: `syz.2.532' uses 32-bit capabilities (legacy support in use) [ 221.376568][ T8583] FAULT_INJECTION: forcing a failure. [ 221.376568][ T8583] name failslab, interval 1, probability 0, space 0, times 0 [ 221.446437][ T8583] CPU: 0 UID: 0 PID: 8583 Comm: syz.3.534 Not tainted syzkaller #0 PREEMPT(full) [ 221.446459][ T8583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 221.446468][ T8583] Call Trace: [ 221.446474][ T8583] [ 221.446480][ T8583] dump_stack_lvl+0x100/0x190 [ 221.446502][ T8583] should_fail_ex.cold+0x5/0xa [ 221.446522][ T8583] should_failslab+0xc2/0x120 [ 221.446540][ T8583] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 221.446563][ T8583] ? __d_alloc+0x34/0xa40 [ 221.446586][ T8583] __d_alloc+0x34/0xa40 [ 221.446607][ T8583] d_alloc_pseudo+0x1c/0xc0 [ 221.446622][ T8583] alloc_file_pseudo+0xcf/0x230 [ 221.446645][ T8583] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 221.446666][ T8583] ? hugetlbfs_get_inode+0x3f5/0x700 [ 221.446691][ T8583] hugetlb_file_setup+0x2a8/0x5b0 [ 221.446714][ T8583] ksys_mmap_pgoff+0x242/0x610 [ 221.446734][ T8583] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 221.446751][ T8583] ? xfd_validate_state+0x129/0x190 [ 221.446771][ T8583] __x64_sys_mmap+0x125/0x190 [ 221.446789][ T8583] do_syscall_64+0x10b/0xf80 [ 221.446811][ T8583] ? clear_bhb_loop+0x40/0x90 [ 221.446830][ T8583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.446845][ T8583] RIP: 0033:0x7f128b79ce59 [ 221.446857][ T8583] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.446871][ T8583] RSP: 002b:00007f128c5dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 221.446886][ T8583] RAX: ffffffffffffffda RBX: 00007f128ba16090 RCX: 00007f128b79ce59 [ 221.446895][ T8583] RDX: 0000000000000002 RSI: 0000000000200006 RDI: 0000000000000000 [ 221.446904][ T8583] RBP: 00007f128b832d6f R08: 0000000000000602 R09: 0000300000000000 [ 221.446913][ T8583] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 221.446921][ T8583] R13: 00007f128ba16128 R14: 00007f128ba16090 R15: 00007ffe483fb398 [ 221.446939][ T8583] [ 221.958839][ T8591] random: crng reseeded on system resumption [ 222.206132][ T8596] syz.2.538 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 223.369404][ T8587] [ 223.817691][ T8613] FAULT_INJECTION: forcing a failure. [ 223.817691][ T8613] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.908520][ T8613] CPU: 0 UID: 0 PID: 8613 Comm: syz.3.541 Not tainted syzkaller #0 PREEMPT(full) [ 223.908540][ T8613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 223.908549][ T8613] Call Trace: [ 223.908554][ T8613] [ 223.908559][ T8613] dump_stack_lvl+0x100/0x190 [ 223.908580][ T8613] should_fail_ex.cold+0x5/0xa [ 223.908599][ T8613] _copy_from_user+0x2e/0xd0 [ 223.908615][ T8613] get_timespec64+0x8b/0x1b0 [ 223.908638][ T8613] ? __pfx_get_timespec64+0x10/0x10 [ 223.908661][ T8613] ? common_nsleep+0xa1/0xd0 [ 223.908678][ T8613] __x64_sys_clock_nanosleep+0x1ce/0x480 [ 223.908700][ T8613] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 223.908723][ T8613] ? rcu_is_watching+0x12/0xc0 [ 223.908743][ T8613] do_syscall_64+0x10b/0xf80 [ 223.908765][ T8613] ? clear_bhb_loop+0x40/0x90 [ 223.908783][ T8613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.908798][ T8613] RIP: 0033:0x7f128b75d68e [ 223.908810][ T8613] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 223.908824][ T8613] RSP: 002b:00007ffe483fb478 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 223.908838][ T8613] RAX: ffffffffffffffda RBX: 0000555587565500 RCX: 00007f128b75d68e [ 223.908847][ T8613] RDX: 00007ffe483fb4d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.908856][ T8613] RBP: 00007f128ba17da0 R08: 0000000000000000 R09: 0000000000000000 [ 223.908864][ T8613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000036dc1 [ 223.908873][ T8613] R13: 00007f128ba1609c R14: 0000000000036c7b R15: 00007f128ba16090 [ 223.908891][ T8613] [ 225.450483][ T8669] netlink: 28 bytes leftover after parsing attributes in process `syz.1.552'. [ 225.666182][ T8681] netlink: 28 bytes leftover after parsing attributes in process `syz.3.553'. [ 225.752072][ T8671] Process accounting paused [ 225.784625][ T8681] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.857948][ T8685] ptp ptp0: only physical clock in use now [ 225.934026][ T8681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 226.835964][ T8724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.563'. [ 227.881539][ T8695] ACPI: button: Initial lid state set to 'ignore' [ 228.597368][ T8770] syz.1.569(8770): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 230.723887][ T8797] blktrace: Concurrent blktraces are not allowed on sda1 [ 232.440755][ T8827] Process accounting resumed [ 232.507028][ T8861] warning: `syz.0.585' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 232.566225][ T8857] sysfs_service_op_store: Client not running :-5: [ 232.695601][ T8857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 232.738143][ T8857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.791039][ T30] audit: type=1800 audit(2147483678.487:8): pid=8865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.587" name="dbroot" dev="configfs" ino=27355 res=0 errno=0 [ 233.339158][ T8886] FAULT_INJECTION: forcing a failure. [ 233.339158][ T8886] name failslab, interval 1, probability 0, space 0, times 0 [ 233.474737][ T8886] CPU: 0 UID: 0 PID: 8886 Comm: syz.0.591 Tainted: G L syzkaller #0 PREEMPT(full) [ 233.474763][ T8886] Tainted: [L]=SOFTLOCKUP [ 233.474769][ T8886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 233.474782][ T8886] Call Trace: [ 233.474788][ T8886] [ 233.474794][ T8886] dump_stack_lvl+0x100/0x190 [ 233.474816][ T8886] should_fail_ex.cold+0x5/0xa [ 233.474836][ T8886] ? tomoyo_encode2+0xfb/0x3c0 [ 233.474855][ T8886] should_failslab+0xc2/0x120 [ 233.474873][ T8886] __kmalloc_noprof+0xe0/0x850 [ 233.474887][ T8886] ? d_absolute_path+0x136/0x1b0 [ 233.474906][ T8886] tomoyo_encode2+0xfb/0x3c0 [ 233.474927][ T8886] tomoyo_encode+0x29/0x50 [ 233.474946][ T8886] tomoyo_realpath_from_path+0x18c/0x690 [ 233.474970][ T8886] tomoyo_path_number_perm+0x23c/0x580 [ 233.474986][ T8886] ? tomoyo_path_number_perm+0x22e/0x580 [ 233.475003][ T8886] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 233.475027][ T8886] ? do_raw_spin_lock+0x128/0x260 [ 233.475053][ T8886] ? find_held_lock+0x2b/0x80 [ 233.475071][ T8886] ? current_check_access_path+0x269/0x430 [ 233.475091][ T8886] ? __pfx_current_check_access_path+0x10/0x10 [ 233.475109][ T8886] ? do_raw_spin_unlock+0x145/0x1e0 [ 233.475128][ T8886] ? simple_lookup+0x105/0x1d0 [ 233.475148][ T8886] tomoyo_path_mknod+0x164/0x190 [ 233.475169][ T8886] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 233.475192][ T8886] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 233.475216][ T8886] security_path_mknod+0x161/0x300 [ 233.475237][ T8886] filename_mknodat+0x241/0x7f0 [ 233.475259][ T8886] ? __pfx_filename_mknodat+0x10/0x10 [ 233.475279][ T8886] ? strncpy_from_user+0x19d/0x2d0 [ 233.475297][ T8886] ? do_getname+0x191/0x390 [ 233.475320][ T8886] __x64_sys_mknod+0x8f/0xc0 [ 233.475340][ T8886] do_syscall_64+0x10b/0xf80 [ 233.475362][ T8886] ? clear_bhb_loop+0x40/0x90 [ 233.475380][ T8886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.475395][ T8886] RIP: 0033:0x7f2cc1f9ce59 [ 233.475408][ T8886] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 233.475422][ T8886] RSP: 002b:00007f2cc2ea6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 233.475436][ T8886] RAX: ffffffffffffffda RBX: 00007f2cc2215fa0 RCX: 00007f2cc1f9ce59 [ 233.475446][ T8886] RDX: 0000000000000044 RSI: 0000000000001001 RDI: 0000200000000040 [ 233.475455][ T8886] RBP: 00007f2cc2032d6f R08: 0000000000000000 R09: 0000000000000000 [ 233.475464][ T8886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 233.475472][ T8886] R13: 00007f2cc2216038 R14: 00007f2cc2215fa0 R15: 00007ffed1752ce8 [ 233.475492][ T8886] [ 233.475527][ T8886] ERROR: Out of memory at tomoyo_realpath_from_path. [ 234.166973][ T8903] FAULT_INJECTION: forcing a failure. [ 234.166973][ T8903] name fail_futex, interval 1, probability 0, space 0, times 0 [ 234.167001][ T8903] CPU: 0 UID: 0 PID: 8903 Comm: syz.1.594 Tainted: G L syzkaller #0 PREEMPT(full) [ 234.167028][ T8903] Tainted: [L]=SOFTLOCKUP [ 234.167034][ T8903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 234.167043][ T8903] Call Trace: [ 234.167048][ T8903] [ 234.167054][ T8903] dump_stack_lvl+0x100/0x190 [ 234.167075][ T8903] should_fail_ex.cold+0x5/0xa [ 234.167095][ T8903] get_futex_key+0x1d2/0x1510 [ 234.167113][ T8903] ? __pfx_get_futex_key+0x10/0x10 [ 234.167130][ T8903] ? find_held_lock+0x2b/0x80 [ 234.167149][ T8903] ? futex_wake+0x456/0x530 [ 234.167171][ T8903] futex_wake+0xea/0x530 [ 234.167190][ T8903] ? __lock_acquire+0x4a5/0x2630 [ 234.167204][ T8903] ? __pfx_futex_wake+0x10/0x10 [ 234.167230][ T8903] do_futex+0x32b/0x350 [ 234.167246][ T8903] ? __pfx_do_futex+0x10/0x10 [ 234.167263][ T8903] ? __fget_files+0x21f/0x3d0 [ 234.167283][ T8903] __x64_sys_futex+0x34f/0x4d0 [ 234.167302][ T8903] ? __pfx___x64_sys_futex+0x10/0x10 [ 234.167318][ T8903] ? __pfx___x64_sys_inotify_add_watch+0x10/0x10 [ 234.167336][ T8903] ? rcu_is_watching+0x12/0xc0 [ 234.167356][ T8903] do_syscall_64+0x10b/0xf80 [ 234.167378][ T8903] ? clear_bhb_loop+0x40/0x90 [ 234.167396][ T8903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.167411][ T8903] RIP: 0033:0x7fd119f9ce59 [ 234.167424][ T8903] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 234.167437][ T8903] RSP: 002b:00007fd11ae320e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 234.167451][ T8903] RAX: ffffffffffffffda RBX: 00007fd11a216188 RCX: 00007fd119f9ce59 [ 234.167461][ T8903] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd11a21618c [ 234.167470][ T8903] RBP: 00007fd11a216180 R08: 0000000000000001 R09: 0000000000000000 [ 234.167478][ T8903] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 234.167487][ T8903] R13: 00007fd11a216218 R14: 00007ffdc3653560 R15: 00007ffdc3653648 [ 234.167505][ T8903] [ 235.604409][ T8929] openvswitch: netlink: Message has 139 unknown bytes. [ 237.107020][ T8987] netlink: 4 bytes leftover after parsing attributes in process `syz.3.607'. [ 237.183451][ T8988] netlink: 13 bytes leftover after parsing attributes in process `syz.3.607'. [ 238.726564][ T9068] sd 0:0:1:0: PR command failed: 1026 [ 238.765986][ T9068] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 238.813893][ T9068] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 238.985285][ T9068] FAULT_INJECTION: forcing a failure. [ 238.985285][ T9068] name failslab, interval 1, probability 0, space 0, times 0 [ 239.212649][ T9068] CPU: 0 UID: 0 PID: 9068 Comm: syz.1.616 Tainted: G L syzkaller #0 PREEMPT(full) [ 239.212674][ T9068] Tainted: [L]=SOFTLOCKUP [ 239.212679][ T9068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 239.212688][ T9068] Call Trace: [ 239.212693][ T9068] [ 239.212699][ T9068] dump_stack_lvl+0x100/0x190 [ 239.212721][ T9068] should_fail_ex.cold+0x5/0xa [ 239.212742][ T9068] should_failslab+0xc2/0x120 [ 239.212760][ T9068] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 239.212784][ T9068] ? __d_alloc+0x34/0xa40 [ 239.212807][ T9068] __d_alloc+0x34/0xa40 [ 239.212828][ T9068] d_alloc_pseudo+0x1c/0xc0 [ 239.212843][ T9068] alloc_file_pseudo+0xcf/0x230 [ 239.212866][ T9068] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 239.212891][ T9068] ? alloc_fd+0x476/0x790 [ 239.212911][ T9068] sock_alloc_file+0x50/0x210 [ 239.212930][ T9068] __sys_socket+0x1c0/0x260 [ 239.212953][ T9068] ? __pfx___sys_socket+0x10/0x10 [ 239.212980][ T9068] __x64_sys_socket+0x72/0xb0 [ 239.213001][ T9068] ? lockdep_hardirqs_on+0x78/0x100 [ 239.213024][ T9068] do_syscall_64+0x10b/0xf80 [ 239.213045][ T9068] ? clear_bhb_loop+0x40/0x90 [ 239.213063][ T9068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.213079][ T9068] RIP: 0033:0x7fd119f9ce59 [ 239.213092][ T9068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 239.213105][ T9068] RSP: 002b:00007fd11ae74028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 239.213120][ T9068] RAX: ffffffffffffffda RBX: 00007fd11a215fa0 RCX: 00007fd119f9ce59 [ 239.213130][ T9068] RDX: 0010000000000002 RSI: 0000000000000002 RDI: 2000000000000021 [ 239.213139][ T9068] RBP: 00007fd11a032d6f R08: 0000000000000000 R09: 0000000000000000 [ 239.213147][ T9068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.213155][ T9068] R13: 00007fd11a216038 R14: 00007fd11a215fa0 R15: 00007ffdc3653648 [ 239.213174][ T9068] [ 239.992658][ T9098] netlink: 'syz.3.623': attribute type 9 has an invalid length. [ 240.031926][ T9098] netlink: 330 bytes leftover after parsing attributes in process `syz.3.623'. [ 240.747991][ T9116] netlink: 'syz.0.628': attribute type 1 has an invalid length. [ 240.785473][ T9116] nbd: error processing sock list [ 241.150061][ T9130] random: crng reseeded on system resumption [ 241.264502][ T9137] FAULT_INJECTION: forcing a failure. [ 241.264502][ T9137] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 241.326477][ T9137] CPU: 0 UID: 0 PID: 9137 Comm: syz.0.631 Tainted: G L syzkaller #0 PREEMPT(full) [ 241.326501][ T9137] Tainted: [L]=SOFTLOCKUP [ 241.326506][ T9137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 241.326515][ T9137] Call Trace: [ 241.326520][ T9137] [ 241.326526][ T9137] dump_stack_lvl+0x100/0x190 [ 241.326549][ T9137] should_fail_ex.cold+0x5/0xa [ 241.326569][ T9137] _copy_from_user+0x2e/0xd0 [ 241.326587][ T9137] mem_rw+0x1d2/0x640 [ 241.326611][ T9137] vfs_write+0x2aa/0x1070 [ 241.326630][ T9137] ? __pfx_mem_write+0x10/0x10 [ 241.326651][ T9137] ? __pfx_vfs_write+0x10/0x10 [ 241.326668][ T9137] ? __fget_files+0x215/0x3d0 [ 241.326689][ T9137] ? __fget_files+0x21f/0x3d0 [ 241.326712][ T9137] ksys_write+0x12a/0x250 [ 241.326728][ T9137] ? __pfx_ksys_write+0x10/0x10 [ 241.326747][ T9137] ? rcu_is_watching+0x12/0xc0 [ 241.326767][ T9137] do_syscall_64+0x10b/0xf80 [ 241.326789][ T9137] ? clear_bhb_loop+0x40/0x90 [ 241.326807][ T9137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.326822][ T9137] RIP: 0033:0x7f2cc1f9ce59 [ 241.326835][ T9137] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 241.326848][ T9137] RSP: 002b:00007f2cc2e85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.326863][ T9137] RAX: ffffffffffffffda RBX: 00007f2cc2216090 RCX: 00007f2cc1f9ce59 [ 241.326872][ T9137] RDX: 00000000fffffc96 RSI: 0000200000001680 RDI: 0000000000000006 [ 241.326881][ T9137] RBP: 00007f2cc2032d6f R08: 0000000000000000 R09: 0000000000000000 [ 241.326889][ T9137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.326897][ T9137] R13: 00007f2cc2216128 R14: 00007f2cc2216090 R15: 00007ffed1752ce8 [ 241.326916][ T9137] [ 241.690046][ T9139] Console: switching to colour VGA+ 80x25 [ 241.789663][ T9143] netlink: 342 bytes leftover after parsing attributes in process `syz.2.633'. [ 242.691698][ T9171] sg_write: data in/out 262108/4 bytes for SCSI command 0x7f-- guessing data in; [ 242.691698][ T9171] program syz.2.638 not setting count and/or reply_len properly [ 247.259830][ T9180] Process accounting paused [ 249.505042][ T9259] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 250.995432][ T9306] netlink: 28 bytes leftover after parsing attributes in process `syz.0.671'. [ 251.952946][ T9315] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 251.966323][ T9315] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 251.981803][ T9315] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 252.807318][ T9359] ================================================================== [ 252.815414][ T9359] BUG: KASAN: slab-out-of-bounds in cache_seq_start_rcu+0x3fe/0x420 [ 252.823384][ T9359] Read of size 8 at addr ffff88802b88a800 by task syz.2.681/9359 [ 252.831092][ T9359] [ 252.833404][ T9359] CPU: 0 UID: 0 PID: 9359 Comm: syz.2.681 Tainted: G L syzkaller #0 PREEMPT(full) [ 252.833425][ T9359] Tainted: [L]=SOFTLOCKUP [ 252.833430][ T9359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 252.833444][ T9359] Call Trace: [ 252.833451][ T9359] [ 252.833457][ T9359] dump_stack_lvl+0x100/0x190 [ 252.833474][ T9359] print_report+0x13d/0x4b0 [ 252.833495][ T9359] ? __virt_addr_valid+0x239/0x430 [ 252.833519][ T9359] ? cache_seq_start_rcu+0x3fe/0x420 [ 252.833533][ T9359] kasan_report+0xdf/0x1d0 [ 252.833550][ T9359] ? cache_seq_start_rcu+0x3fe/0x420 [ 252.833566][ T9359] cache_seq_start_rcu+0x3fe/0x420 [ 252.833583][ T9359] seq_read_iter+0x2c1/0x1270 [ 252.833602][ T9359] seq_read+0x33b/0x4c0 [ 252.833618][ T9359] ? __pfx_seq_read+0x10/0x10 [ 252.833638][ T9359] ? __pfx_seq_read+0x10/0x10 [ 252.833652][ T9359] proc_reg_read+0x240/0x330 [ 252.833669][ T9359] ? __pfx_proc_reg_read+0x10/0x10 [ 252.833686][ T9359] vfs_read+0x1e4/0xb30 [ 252.833703][ T9359] ? __pfx_vfs_read+0x10/0x10 [ 252.833718][ T9359] ? find_held_lock+0x2b/0x80 [ 252.833737][ T9359] ? __fget_files+0x215/0x3d0 [ 252.833753][ T9359] ? __fget_files+0x215/0x3d0 [ 252.833770][ T9359] ? __fget_files+0x21f/0x3d0 [ 252.833788][ T9359] __x64_sys_pread64+0x1eb/0x250 [ 252.833806][ T9359] ? __pfx___x64_sys_pread64+0x10/0x10 [ 252.833824][ T9359] ? rcu_is_watching+0x12/0xc0 [ 252.833842][ T9359] do_syscall_64+0x10b/0xf80 [ 252.833864][ T9359] ? clear_bhb_loop+0x40/0x90 [ 252.833880][ T9359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.833895][ T9359] RIP: 0033:0x7f9a4839ce59 [ 252.833907][ T9359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 252.833921][ T9359] RSP: 002b:00007f9a4922f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 252.833938][ T9359] RAX: ffffffffffffffda RBX: 00007f9a48616090 RCX: 00007f9a4839ce59 [ 252.833948][ T9359] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000004 [ 252.833956][ T9359] RBP: 00007f9a48432d6f R08: 0000000000000000 R09: 0000000000000000 [ 252.833965][ T9359] R10: 0000008800000000 R11: 0000000000000246 R12: 0000000000000000 [ 252.833974][ T9359] R13: 00007f9a48616128 R14: 00007f9a48616090 R15: 00007ffc2e21f628 [ 252.833987][ T9359] [ 252.833992][ T9359] [ 253.061810][ T9359] Allocated by task 5623: [ 253.066122][ T9359] kasan_save_stack+0x30/0x50 [ 253.070784][ T9359] kasan_save_track+0x14/0x30 [ 253.075467][ T9359] __kasan_kmalloc+0xaa/0xb0 [ 253.080064][ T9359] __kmalloc_noprof+0x301/0x850 [ 253.084899][ T9359] cache_create_net+0xa2/0x1f0 [ 253.089649][ T9359] nfsd_export_init+0x62/0x250 [ 253.094414][ T9359] nfsd_net_init+0x69/0x3e0 [ 253.098902][ T9359] ops_init+0x1e2/0x5f0 [ 253.103040][ T9359] setup_net+0x118/0x3a0 [ 253.107305][ T9359] copy_net_ns+0x46f/0x7c0 [ 253.111712][ T9359] create_new_namespaces+0x3ea/0xac0 [ 253.116981][ T9359] unshare_nsproxy_namespaces+0xf2/0x220 [ 253.122594][ T9359] ksys_unshare+0x438/0xab0 [ 253.127085][ T9359] __x64_sys_unshare+0x31/0x40 [ 253.131836][ T9359] do_syscall_64+0x10b/0xf80 [ 253.136412][ T9359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.142283][ T9359] [ 253.144585][ T9359] The buggy address belongs to the object at ffff88802b88a000 [ 253.144585][ T9359] which belongs to the cache kmalloc-2k of size 2048 [ 253.158614][ T9359] The buggy address is located 0 bytes to the right of [ 253.158614][ T9359] allocated 2048-byte region [ffff88802b88a000, ffff88802b88a800) [ 253.173168][ T9359] [ 253.175476][ T9359] The buggy address belongs to the physical page: [ 253.181861][ T9359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b888 [ 253.190599][ T9359] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 253.199077][ T9359] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 253.206600][ T9359] page_type: f5(slab) [ 253.210558][ T9359] raw: 00fff00000000040 ffff88813fe34000 dead000000000100 dead000000000122 [ 253.219153][ T9359] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 253.227713][ T9359] head: 00fff00000000040 ffff88813fe34000 dead000000000100 dead000000000122 [ 253.236363][ T9359] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 253.245033][ T9359] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 253.253713][ T9359] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 253.262388][ T9359] page dumped because: kasan: bad access detected [ 253.268781][ T9359] page_owner tracks the page as allocated [ 253.274467][ T9359] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8870948857, free_ts 0 [ 253.294070][ T9359] post_alloc_hook+0x153/0x170 [ 253.298822][ T9359] get_page_from_freelist+0x11a6/0x33b0 [ 253.304353][ T9359] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 253.310232][ T9359] new_slab+0xa6/0x6c0 [ 253.314285][ T9359] refill_objects+0x277/0x420 [ 253.318946][ T9359] __pcs_replace_empty_main+0x375/0x650 [ 253.324503][ T9359] __kmalloc_noprof+0x688/0x850 [ 253.329328][ T9359] hub_probe.cold+0x269/0x2ed5 [ 253.334074][ T9359] usb_probe_interface+0x303/0x8f0 [ 253.339165][ T9359] really_probe+0x241/0xa60 [ 253.343649][ T9359] __driver_probe_device+0x22e/0x480 [ 253.348913][ T9359] driver_probe_device+0x4c/0x1b0 [ 253.353918][ T9359] __device_attach_driver+0x1df/0x340 [ 253.359284][ T9359] bus_for_each_drv+0x159/0x1e0 [ 253.364122][ T9359] __device_attach+0x1e4/0x4d0 [ 253.368866][ T9359] device_initial_probe+0xaf/0xd0 [ 253.373872][ T9359] page_owner free stack trace missing [ 253.379210][ T9359] [ 253.381519][ T9359] Memory state around the buggy address: [ 253.387125][ T9359] ffff88802b88a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 253.395162][ T9359] ffff88802b88a780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 253.403197][ T9359] >ffff88802b88a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 253.411228][ T9359] ^ [ 253.415295][ T9359] ffff88802b88a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 253.423331][ T9359] ffff88802b88a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 253.431364][ T9359] ================================================================== [ 253.622810][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout [ 253.974370][ T5629] Bluetooth: hci3: command 0x0c1a tx timeout [ 253.980925][ T4945] Bluetooth: hci2: command 0x0c1a tx timeout [ 254.238599][ T9359] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 254.245817][ T9359] CPU: 0 UID: 0 PID: 9359 Comm: syz.2.681 Tainted: G L syzkaller #0 PREEMPT(full) [ 254.256558][ T9359] Tainted: [L]=SOFTLOCKUP [ 254.260884][ T9359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 254.270920][ T9359] Call Trace: [ 254.274190][ T9359] [ 254.277137][ T9359] dump_stack_lvl+0x100/0x190 [ 254.281825][ T9359] vpanic+0x552/0x970 [ 254.285788][ T9359] ? __pfx_vpanic+0x10/0x10 [ 254.290272][ T9359] ? mark_held_locks+0x40/0x70 [ 254.295017][ T9359] ? cache_seq_start_rcu+0x3fe/0x420 [ 254.300286][ T9359] panic+0xd1/0xe0 [ 254.303986][ T9359] ? __pfx_panic+0x10/0x10 [ 254.308406][ T9359] ? cache_seq_start_rcu+0x3fe/0x420 [ 254.313671][ T9359] ? preempt_schedule_common+0x42/0xc0 [ 254.319120][ T9359] ? check_panic_on_warn+0x1f/0x90 [ 254.324222][ T9359] check_panic_on_warn.cold+0x19/0x34 [ 254.329576][ T9359] end_report.part.0+0x3a/0x90 [ 254.334328][ T9359] kasan_report.cold+0xe/0x18 [ 254.339017][ T9359] ? cache_seq_start_rcu+0x3fe/0x420 [ 254.344290][ T9359] cache_seq_start_rcu+0x3fe/0x420 [ 254.349382][ T9359] seq_read_iter+0x2c1/0x1270 [ 254.354043][ T9359] seq_read+0x33b/0x4c0 [ 254.358186][ T9359] ? __pfx_seq_read+0x10/0x10 [ 254.362879][ T9359] ? __pfx_seq_read+0x10/0x10 [ 254.367568][ T9359] proc_reg_read+0x240/0x330 [ 254.372140][ T9359] ? __pfx_proc_reg_read+0x10/0x10 [ 254.377247][ T9359] vfs_read+0x1e4/0xb30 [ 254.381411][ T9359] ? __pfx_vfs_read+0x10/0x10 [ 254.386070][ T9359] ? find_held_lock+0x2b/0x80 [ 254.390733][ T9359] ? __fget_files+0x215/0x3d0 [ 254.395392][ T9359] ? __fget_files+0x215/0x3d0 [ 254.400055][ T9359] ? __fget_files+0x21f/0x3d0 [ 254.404715][ T9359] __x64_sys_pread64+0x1eb/0x250 [ 254.409637][ T9359] ? __pfx___x64_sys_pread64+0x10/0x10 [ 254.415079][ T9359] ? rcu_is_watching+0x12/0xc0 [ 254.419827][ T9359] do_syscall_64+0x10b/0xf80 [ 254.424403][ T9359] ? clear_bhb_loop+0x40/0x90 [ 254.429063][ T9359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.434938][ T9359] RIP: 0033:0x7f9a4839ce59 [ 254.439333][ T9359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 254.458929][ T9359] RSP: 002b:00007f9a4922f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 254.467322][ T9359] RAX: ffffffffffffffda RBX: 00007f9a48616090 RCX: 00007f9a4839ce59 [ 254.475289][ T9359] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000004 [ 254.483237][ T9359] RBP: 00007f9a48432d6f R08: 0000000000000000 R09: 0000000000000000 [ 254.491190][ T9359] R10: 0000008800000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.499140][ T9359] R13: 00007f9a48616128 R14: 00007f9a48616090 R15: 00007ffc2e21f628 [ 254.507096][ T9359] [ 254.510172][ T9359] Kernel Offset: disabled [ 254.514484][ T9359] Rebooting in 86400 seconds..