last executing test programs: 5.726860282s ago: executing program 1 (id=4916): clone3$auto(0x0, 0x7ff) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x24, 0x0, 0x8) r0 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000006cc0), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000006d80)={0x0, 0x0, &(0x7f0000006d40)={&(0x7f0000006d00)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="01002abd7000fbdbdf19030000000800010002000000"], 0x1c}}, 0x24044880) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x40000080) 4.874968868s ago: executing program 2 (id=4920): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, &(0x7f0000000340)={{r0, &(0x7f0000000000)="5963a72e0fb3c20ad7e273ed", 0x4, &(0x7f0000000040), 0x2, 0x0, &(0x7f0000000180)=0x1ff}, 0x2, &(0x7f0000000300)={0x6, 0x7fff, &(0x7f00000001c0)="6811c59cddb917fd127970567b4ec6412b0a5cd26381a1c6239527f23c4ac289f64d4f509b80d03a20cb83111d41fe80c66a4015eba0c626f9c7a9fb22622f9cf29e1e341a53bdeaea4ae49ae531e23d52e36c89933d9cd7c9ccf76047b9652530dfc5a68a7db7f9bea64d78aeb670", &(0x7f00000002c0)="3fe90cafe87c27db66de6e56", 0xce, 0x8}}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x400053, 0x9) socket(0x10, 0x2, 0x0) socket(0x18, 0xa, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) syz_genetlink_get_family_id$auto_nlbl_mgmt(0x0, 0xffffffffffffffff) socket(0x2b, 0x2, 0x300) r2 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/etherd/flush\x00', 0x1, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x101401, 0x0) write$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f0000000040)="86ad180916cd35e093b9901f03de02ef", 0x5d) socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) brk$auto(0x7fffffffefff) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(r2, r1, 0x0, 0x4) 4.817790429s ago: executing program 1 (id=4921): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0) semctl$auto_IPC_INFO(0x3, 0x3, 0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x250800, 0x0) r1 = socket(0x23, 0x80805, 0x8000000) r2 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/dri/vkms/Virtual-1/edid_override\x00', 0x801, 0x0) write$auto_drm_edid_fops_drm_debugfs(r2, 0x0, 0x0) listen$auto(r1, 0x4) poll$auto(&(0x7f0000000000)={r1, 0x1963, 0x81}, 0x5, 0x10001) read$auto_ctl_device_fops_user(r3, &(0x7f0000000080)=""/34, 0x22) socket(0x25, 0x1, 0x2) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/netdevsim0/power/autosuspend_delay_ms\x00', 0x7c7741, 0x0) write$auto(r4, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) setsockopt$auto(r0, 0xfffffffd, 0x5, 0xfffffffffffffffd, 0x10004) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) epoll_create$auto(0x4) get_robust_list$auto(0x0, 0x0, 0x0) ioctl$auto(0x3, 0xffffffff40088a01, 0x1) write$auto(0x3, 0x0, 0x8) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/netdevsim/new_device\x00', 0x149b01, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x9}, 0x7) 4.708813719s ago: executing program 2 (id=4922): setfsuid$auto(0xee00) r0 = setfsuid$auto(0xee01) shmctl$auto_SHM_INFO(0x7, 0xe, &(0x7f0000000180)={{0xfffffffb, 0xee01, 0xee00, 0x3, 0x200, 0x1, 0x3}, 0x3, 0x8, 0x40, 0xfffffffffffffc00, @raw=0x4, @raw=0xfff80000, 0x3, 0x0, &(0x7f0000000040)="69683b7f3a1618026be60bdc6a8035181ee2b892e8a9d150978c358e833b4fe3c14d7f01c819146d6f538ee315f5a3b1fc", &(0x7f0000000080)="9770517cdec3d3aa42a70e99151575b625445a6456ddc7fbc06a8240ee8e810218d9f67ef763a2242846d218483c73f07219e4ab80076cfa7d0c4b0aad6351536f6a7cef69f3718f96910a166ec95c9e0fbff54526ff9d2fdd2dda8355a5457e25309cf021997aa11c32e03b55974d26b12bf40f21cf44ed588cac2cc4621a62c60ceb7825da51ee4be070a6712d51187975045d4f59dabba2b11473c89f5cdd2ae2a58c3a7e605ee48e35e397c86f597fdad5cbfcba48907254beb97690a0c0f3d578083e94974a5827198a66"}) msgctl$auto_IPC_SET(0x3, 0x1, &(0x7f0000000280)={{0xf, r0, r1, 0x20e, 0x108, 0x7fffffff, 0x7}, &(0x7f0000000200)=0xa, &(0x7f0000000240)=0x1, 0x5, 0x9, 0x5, 0x2, 0xf2a, 0x10, 0x400, 0x0, @inferred, @raw=0x6}) 4.504599105s ago: executing program 2 (id=4923): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000) syz_genetlink_get_family_id$auto_batadv(0x0, r0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x200, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x400000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/io\x00', 0x0, 0x0) read$auto_proc_single_file_operations_base(r2, &(0x7f00000051c0)=""/103, 0x67) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) write$auto(r3, &(0x7f0000000180)='1\x00\\\xa0\x04|\x9d$\xdcM)\xb9\xdd\xd6', 0x5) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) socket(0xa, 0x1, 0x84) connect$auto(0x3, 0x0, 0x0) preadv$auto(0x3, 0x0, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0xa, 0x20009, 0x0, 0xeb1, r3, 0x6) readv$auto(0x3, 0x0, 0x1) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000040), 0x80880, 0x0) io_uring_setup$auto(0x59, 0x0) clock_adjtime$auto(0x354d, 0x0) syz_clone3(&(0x7f0000000100)={0x2100000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28001) rt_sigsuspend$auto(0x0, 0x8) 4.393641887s ago: executing program 1 (id=4924): clone3$auto(0x0, 0x7ff) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x24, 0x0, 0x8) r0 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000006cc0), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000006d80)={0x0, 0x0, &(0x7f0000006d40)={&(0x7f0000006d00)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="01002abd7000fbdbdf19030000000800010002000000"], 0x1c}}, 0x24044880) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), 0xffffffffffffffff) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x40000080) 4.155670114s ago: executing program 3 (id=4925): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000009d0dcb4bb756f7ed2d68310e4fb5fd15dc9a9d34dec012832a3c5b2aa0f21bdd551bf2b20df4958960de8949eb6c86fcad92c6df113e2aebdd3943f89dc8c7bff1736bff57d79c3927762dcce7b2d5ef064b35168e41a8d240b2f9c1902a3d66291a183313b793f8dc63ebdd89e9eea25eca29f9ca4d5bfc0baf407b11e524db702fee50cfa726518c8404553b6494a1602e80c5005efa6cb461372c298d44879f59cb1cbfafb7bc0b9be6d03008ae8c7da04806d97d3a0df2dbb7417247db650e9787ab8e2ca7e914", @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf250c000000080005009be300000800040000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) wait4$auto(0x0, 0x0, 0xf, &(0x7f0000000140)={{0x2599}, {0xffffffffffffffff, 0x1000000009}, 0x2, 0x800080000001, 0x1, 0x1000, 0x5, 0x7, 0x5, 0x5, 0xb11c, 0x8, 0xfffffffffffffffd, 0xfffffffffffffeff, 0xffff, 0x801c0000003}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a07000000000000000e00000a00"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) unshare$auto(0x40000080) r2 = socket(0xa, 0x5, 0x0) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r2, 0x7ffe) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) poll$auto(&(0x7f0000000180)={r4, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x0) r6 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) ioctl$auto_UBI_IOCDET(r6, 0x40046f41, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2) ioctl$auto_VHOST_SET_LOG_FD2(r4, 0x4004af07, &(0x7f00000003c0)) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0x8, 0xfffffffffffffffa, 0x9, 0xfffffffffffffbff) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/idVendor\x00', 0x80000, 0x0) splice$auto(r7, &(0x7f0000000040)=0x7, r6, &(0x7f0000000080)=0x4, 0x26c4, 0x895) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0xfdd5, 0xd, 0x378, 0x9) 3.71585167s ago: executing program 0 (id=4927): memfd_secret$auto(0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) socket(0x9, 0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f00000001c0)="4cacf2d988274610e12c861bb2bfd9800e9b396146b9063d5a38a077b7c4a14cd1cdccb41e1f7dc31e8dfa4834", 0x2d) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r2, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) 3.15427686s ago: executing program 2 (id=4928): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x80}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x13e, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, 0x0, 0x200, 0x0) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x10, 0x2, 0xf) statx$auto(r2, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r5 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r5, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x1c}}, 0x4000) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 2.956430154s ago: executing program 3 (id=4929): clone3$auto(0x0, 0x7ff) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x24, 0x0, 0x8) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x40000080) 2.302631815s ago: executing program 3 (id=4930): close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:03/uid\x00', 0x103080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000003c0)=""/176, 0xffffffcf) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x103080, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x103080, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000000), r4) (async) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000000), r4) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x44, r5, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@HWSIM_ATTR_CIPHER_SUPPORT={0x30, 0x18, "05ac0f0032ebf97695400700ffe0b758d2c73164a1f6ae0699ce56379ef99a84df0cae6adee96b3394a81968"}]}, 0x44}, 0x1, 0x0, 0x0, 0x22008004}, 0x40448a0) sendmsg$auto_HWSIM_CMD_GET_RADIO(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r5, 0x300, 0x70bd2c, 0x25dfdbfc, {}, [@HWSIM_ATTR_PERM_ADDR={0x2c, 0x16, "af13684a2e69c3d8967ca68f0258a81ae617d75abc5908a1de268b60dd975b2bb2f07b8f0fbad2ac"}, @HWSIM_ATTR_FREQ={0x8, 0x13, 0xfc}, @HWSIM_ATTR_NO_VIF={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4080}, 0x20008810) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) (async) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x40000001, 0x400, 0x718c1257}]}) (async) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x40000001, 0x400, 0x718c1257}]}) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x311000, 0x20) 2.051106713s ago: executing program 3 (id=4931): setfsuid$auto(0xee00) r0 = setfsuid$auto(0xee01) shmctl$auto_SHM_INFO(0x7, 0xe, &(0x7f0000000180)={{0xfffffffb, 0xee01, 0xee00, 0x3, 0x200, 0x1, 0x3}, 0x3, 0x8, 0x40, 0xfffffffffffffc00, @raw=0x4, @raw=0xfff80000, 0x3, 0x0, &(0x7f0000000040)="69683b7f3a1618026be60bdc6a8035181ee2b892e8a9d150978c358e833b4fe3c14d7f01c819146d6f538ee315f5a3b1fc", &(0x7f0000000080)="9770517cdec3d3aa42a70e99151575b625445a6456ddc7fbc06a8240ee8e810218d9f67ef763a2242846d218483c73f07219e4ab80076cfa7d0c4b0aad6351536f6a7cef69f3718f96910a166ec95c9e0fbff54526ff9d2fdd2dda8355a5457e25309cf021997aa11c32e03b55974d26b12bf40f21cf44ed588cac2cc4621a62c60ceb7825da51ee4be070a6712d51187975045d4f59dabba2b11473c89f5cdd2ae2a58c3a7e605ee48e35e397c86f597fdad5cbfcba48907254beb97690a0c0f3d578083e94974a5827198a66"}) msgctl$auto_IPC_SET(0x3, 0x1, &(0x7f0000000280)={{0xf, r0, r1, 0x20e, 0x108, 0x7fffffff, 0x7}, &(0x7f0000000200)=0xa, &(0x7f0000000240)=0x1, 0x5, 0x9, 0x5, 0x2, 0xf2a, 0x10, 0x400, 0x0, @inferred, @raw=0x6}) 2.046889292s ago: executing program 1 (id=4932): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram9\x00', 0x4ea02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x6, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r1 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x26241, 0x20) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000000)="b68161a86e8da4110338a92ca863a91beaa8558206154cc5fbaf33") ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) listen$auto(0x3, 0x81) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x1, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x7fff, 0x3) 1.961027673s ago: executing program 3 (id=4933): socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0x2400c840) mmap$auto(0x0, 0x40009, 0xdf, 0x1009b72, 0x7, 0x28400) epoll_ctl$auto(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x6) ioctl$auto_SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000340)) syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r0, 0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x5, 0x801, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0xffffff39) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r3 = socket(0x23, 0x2, 0x0) sendto$auto(r3, 0x0, 0x8000000008000, 0x0, 0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_max_cpu\x00', 0x103001, 0x0) open(0x0, 0x22040, 0x75) 1.740545371s ago: executing program 2 (id=4934): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x9, 0x20000000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0x7, 0xfffffffe, 0x8, 0x7fff, 0x8, 0xffffffffffffffff, [0x80000, 0x0, 0x7], {0x9, 0x10000, 0xf, 0x25e, 0x508, 0x1, 0x101, 0x6, 0xb}, {0xfff7ffff, 0x400002, 0x3ff, 0x5, 0x9, 0xffff0001, 0x76c5, 0x8, 0x7e97c04c}}) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) r1 = socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x29, 0x30, 0x0, 0x56b) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9) sendmmsg$auto(0x4, 0x0, 0x9a2, 0x4e) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) r2 = open(&(0x7f0000000400)='./bus\x00', 0x42b42, 0x1c0) pwrite64$auto(r2, 0x0, 0x2, 0xfffd) r3 = open(&(0x7f0000000340)='./bus\x00', 0x18f03e, 0x8) sendfile$auto(r3, r3, 0x0, 0x7ffff000) sendfile$auto(r3, r2, 0x0, 0x2000) r4 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) lseek$auto(r4, 0x7ff, 0x1) 1.511605596s ago: executing program 0 (id=4935): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/irq/5/chip_name\x00', 0x40000, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace_marker\x00', 0x341, 0x0) mmap$auto(0x401000000000, 0x40000004020009, 0xc, 0x15, 0xffffffffffffffff, 0x7ffe) mmap$auto(0x0, 0x2, 0xdf, 0x9b75, 0x2, 0x668) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) getuid() setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x48000, 0x0) ioctl$auto_MEMGETINFO(r2, 0x80204d01, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff) write$auto(r3, &(0x7f00000000c0)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xe7k', 0x2) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) 1.294333669s ago: executing program 1 (id=4936): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) mmap$auto(0x0, 0x2020009, 0xb, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone3(&(0x7f0000001340)={0x0, &(0x7f0000000000)=0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0), {0x3}, &(0x7f0000000240)=""/133, 0x85, &(0x7f0000000300)=""/4096, &(0x7f0000001300)=[0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x5}, 0x58) process_madvise$auto_MADV_PAGEOUT(r0, &(0x7f00000014c0)={&(0x7f00000013c0)="4f12321c367de8ada0bc836346e2e6d018bfad2acbcdeaa309f2f06eec42d6a27a7c51195f81d142962bb62e4b7e5a7bc1a7d091a5345b2ca397a68ecfbde167d12762fc83a106077b42dc04477a1a3a91c82f10a356c1cf1d3ce07fa54c7c5d5590f66024724d9361807f2e8564a3e610136e07f299591c58cb0850a4de0027991ff4853da44c24c0715ad2b17ffb09a70daf0db7353797a82d66ced91b8897db40f8ca1900410f4d3a6956fead3822f63bfe9f2dea39e621b7b480e98d9e529210ba4e7ef27393d05af2a8e3011888b560acf4d728a6a6c5337adb065fe11c72f227d022aec540dcdfc0", 0x800000000}, 0x1, 0x15, 0x8000) r1 = socket(0xa, 0x801, 0x84) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/fs/cifs/SecurityFlags\x00', 0x40, 0x0) pread64$auto(r2, 0x0, 0x80000000, 0x9fffffffd) read$auto_stat_fops_per_vm_kvm_main(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_iommufd_fops_main(0xffffffffffffff9c, 0x0, 0x80001, 0x0) r4 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(r4, 0xc018620c, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) r5 = syz_genetlink_get_family_id$auto_nlbl_mgmt(0x0, 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYRES8=r5, @ANYRES16=0x0, @ANYBLOB="a9e126bd7000ffdbc02501000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000014}, 0x10) sendmsg$auto_NLBL_MGMT_C_VERSION(r1, &(0x7f00000015c0)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001580)={&(0x7f0000001540)={0x3c, r5, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@NLBL_MGMT_A_VERSION={0x8, 0x3, 0xc371}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0xc18}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x40}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x5}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x23}]}, 0x3c}}, 0x8000) sendmsg$auto_NBD_CMD_CONNECT(r3, &(0x7f00000017c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001780)={&(0x7f0000001640)={0x128, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0xe0, 0x7, 0x0, 0x1, [@nested={0xdc, 0x8c, 0x0, 0x1, [@generic="0709fdea20687197257e6638a00a07a9b98721f965aeeba82a3a0283c5656516a3cd79ef7093776b668646f2e7ec1bef671f3282c894822ff1ea9edfc492af2daa02d44748496e220a9f782094d758e84bf93ed24e4bc10611787ff616c4e6a74227d1af0263c2d9ec31c4b461c52ffc4fa4d2eeee053bbbcf24d3386512623185fd98a34e2f6214274ae36512a67886f6ba0cc16713f8eafc34793b8aacc1042ee792a2f12486cbb28bcd009c52d7a9629388696b808778edb8d66388498ca69a0d54d73d7f129fca7535656bb3a3093a0660e3", @nested={0x4, 0x7e}]}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x3}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_DEVICE_LIST={0x4}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x8}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9}]}, 0x128}, 0x1, 0x0, 0x0, 0x10}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) rmdir$auto(&(0x7f0000000040)='./file0\x00') writev$auto(r6, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 444.324634ms ago: executing program 0 (id=4937): mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x0, 0x47f, 0x0, &(0x7f0000000040)=0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/conf/team0/bc_forwarding\x00', 0x2102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x403, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev1\x00', 0xe0800, 0x0) ioctl$auto(0x3, 0xc038563b, 0x38) close_range$auto(0x2, 0xa, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x840, 0x0) ioctl$auto(r1, 0x5608, 0x7) 256.179018ms ago: executing program 0 (id=4938): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001dc0)='/proc/asound/card1/pcm0p/sub7/sw_params\x00', 0x200, 0x0) r1 = set_tid_address$auto(0x0) ioprio_get$auto_IOPRIO_WHO_PGRP(0x2, r1) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)=""/217, 0xd9) 146.773287ms ago: executing program 1 (id=4939): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) (async) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0xac6, 0xf2, 0xffffffffffffffff, 0x100000001, 0x7e37) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) (async) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) kexec_load$auto(0x2, 0x162d, &(0x7f0000000100)={@kbuf=0x0, 0x2aa7, 0x100000000, 0x400000000000007}, 0x6) (async) kexec_load$auto(0x2, 0x162d, &(0x7f0000000100)={@kbuf=0x0, 0x2aa7, 0x100000000, 0x400000000000007}, 0x6) unshare$auto(0x40000080) write$auto(0xca, 0x0, 0x7f) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) ioctl$auto(r0, 0x5427, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) lstat$auto(0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/pcrypt/pencrypt/parallel_cpumask\x00', 0x80302, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/pcrypt/pencrypt/parallel_cpumask\x00', 0x80302, 0x0) keyctl$auto(0x3, 0xfffffffffffffffd, 0x0, 0x0, 0xa00002) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r0, &(0x7f00000003c0)=',02.15.4 ]\x98\x0f7V\xd4l\xf2AC\x04\xecQ=\xa2\xce\nO}\x1d\xd7\xb5\x92\xf7\xb2\xc2\xddm\xfbR\xfb\x92x\xd8\xb2\x8a&\xda\\\xa1}&^\x03\x02\xf28\xfd|\xed~\a\xaf\x14\xb5.\x92\"-6.\xb2$\x88\xeb\xdc\x0f\xba$?c\x8b\xcb\xf4q\r\xf5>}4\x99(\xb8D\x15\xb8\xc9U\x14\xd6r\xc9\x81\xbbI\xc9+^\x00\xf6\xb5\xd9\x1e\x89G?/\xc5\x86\xd0\xab\xb3\xfd\xc9?\xa7B\x1b\xdc\xff\xab\xb6~\x96\xd6\x9f\x1d\xfb\xa1dg\x9d\x8d]\xdek\x9c0\xea\xb3\nV\x1d\x10g\xaa\xf9\xf0\xc9\n\x8c\xf25G\x9c\x19\xe5\xd8\xa3\xee\x11\x12f\xd5o\x00\xeaY\n\xe0\x9f\r\xd4\x8e9G\x01\x04\xb2j\xbfYX\x9a)OQ\xedk\xb9\x85\x03c\xf3\x80\x10eG(\x94m81PL\x8d\xa47\x1a\x16\x11\xcd\xcdf\x15\r\x19\xc3\x90\xbe\x12\x85V\xeb\x8d\x97\xf0\x9c!\x86:\xe8\x8b\xa7@l\xc8\xcb\x19\x96\xb6\xedl\xdfn\x187E!\x03\xa0\x03\xe9\xe0\xb7C*\xc4\xeb\x9e\xb6\f\xbei\x06\xb7\xf6d\xc6\xe1KP{\xc3\xa4v\x00\x1e\xdb\x16mP\a0f[\'R\xcf7\xaf\x81\x86\xe0\x0eh\xe6|\xea\xcc\x95\x19LN\xdd\xe396d\xc4\xdf\xd83\xae\xd7h\xa8\xc6\xb4#D\x89\x9cL\xd1>\x95\xc4O\xc6\xa8Mk\x13\xdf\x05\xc5i\xcd\x14|\x95\x97\xfae\x80\x00\xd6Z\xab\xd5\xb3\x16L\xc6i*\xe5\x04T\x1c@CG\x16`\xd2\x1d\xf9\xecr\xe7\xb3\xed\xf2\xc6\xe1\x9e', 0xb7fffdff80000004) getpid() openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0xc1000, 0x0) (async) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0xc1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r1, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x364f9cefc8a0a83, 0x0) (async) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x364f9cefc8a0a83, 0x0) ioctl$auto_tracing_buffers_fops_trace(r2, 0x5220, 0x0) socket(0x29, 0x2, 0x0) (async) socket(0x29, 0x2, 0x0) 136.451239ms ago: executing program 0 (id=4940): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x101000, 0x0) ioctl$auto_SOUND_MIXER_INFO2(r0, 0x401c5820, &(0x7f0000000100)) 99.398194ms ago: executing program 2 (id=4941): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020008, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) io_uring_setup$auto(0x4, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r2 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r2, 0x11e, 0x4, 0xfffffffffffffffe, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) 63.95699ms ago: executing program 3 (id=4942): r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci7/power\x00', 0x0, 0x0) ioctl$auto_BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f00000000c0)={0x4, 0x4, [0x7, 0x693f, 0xc, 0x2, 0x2]}) r1 = prctl$auto(0x3b, 0x2, 0x0, 0x4, 0x0) splice$auto(r1, &(0x7f0000000000)=0x9, r1, 0x0, 0xf, 0x400) r2 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000054c0)='/sys/kernel/tracing/events/vmalloc/enable\x00', 0x20a01, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28005) r3 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000200), r1) sendmsg$auto_NLBL_CIPSOV4_C_REMOVE(r1, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="2400000017efcfdf08414d084730dee50a0900d34dd8a88a", @ANYRES16=r3, @ANYBLOB="00022abd7000fddbdf250200000008000a00040000000800050006000000"], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4004044) write$auto(r2, &(0x7f0000000240)='/dev/vhost-net\x00', 0x4) r4 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x42842, 0x95) sendmsg$auto_NL80211_CMD_PROBE_CLIENT(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x6}, 0x20000000) read$auto(r4, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) socket(0x11, 0x800, 0x4) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r6 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$auto_XFS_IOC_ERROR_CLEARALL(r4, 0x40085875, &(0x7f00000004c0)={r6, 0x400}) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xa8, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x20000003, 0x1005, 0x80000001, 0x40, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) select$auto(0x8100000e, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x20004, 0xd, 0x6, 0x948f, 0x80000001, 0x79b3eb5d, 0x1, 0x0, 0x7, 0x4, 0xfffffffffffffff4, 0x7, 0x100000000000002, 0xe7, 0x2000000000f]}, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x100000001, 0x100) socket(0x2b, 0x1, 0x1) syz_clone(0x60000, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip_vti0\x00'}) 0s ago: executing program 0 (id=4943): r0 = socket(0x10, 0x3, 0x2) sendmsg$auto_NL80211_CMD_VENDOR(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x0, 0x20, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x8014}, 0x4004) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r2, 0x0, 0x400000000006) shutdown$auto(0x200000003, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) kernel console output (not intermixed with test programs): +0x100/0x4a0 [ 1052.187575][T25541] do_syscall_64+0x668/0xf80 [ 1052.187609][T25541] ? clear_bhb_loop+0x40/0x90 [ 1052.187645][T25541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1052.187676][T25541] RIP: 0033:0x7efeb8f9c799 [ 1052.187701][T25541] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1052.187730][T25541] RSP: 002b:00007efeb9e15028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1052.187763][T25541] RAX: 0000000000000000 RBX: 00007efeb9215fa0 RCX: 00007efeb8f9c799 [ 1052.187783][T25541] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1052.187801][T25541] RBP: 00007efeb9032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1052.187819][T25541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1052.187837][T25541] R13: 00007efeb9216038 R14: 00007efeb9215fa0 R15: 00007ffd4ba345c8 [ 1052.187877][T25541] [ 1053.345958][T25560] netlink: 204 bytes leftover after parsing attributes in process `syz.0.4356'. [ 1053.597115][T15190] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 1054.092487][T25574] netlink: 204 bytes leftover after parsing attributes in process `syz.0.4358'. [ 1054.341784][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.350129][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.834189][T25598] FAULT_INJECTION: forcing a failure. [ 1054.834189][T25598] name failslab, interval 1, probability 0, space 0, times 0 [ 1054.906633][T25598] CPU: 0 UID: 0 PID: 25598 Comm: syz.3.4364 Tainted: G U syzkaller #0 PREEMPT(full) [ 1054.906660][T25598] Tainted: [U]=USER [ 1054.906665][T25598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1054.906674][T25598] Call Trace: [ 1054.906680][T25598] [ 1054.906688][T25598] dump_stack_lvl+0x100/0x190 [ 1054.906716][T25598] should_fail_ex.cold+0x5/0xa [ 1054.906736][T25598] should_failslab+0xc2/0x120 [ 1054.906752][T25598] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1054.906771][T25598] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1054.906801][T25598] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1054.906830][T25598] ? __mutex_lock+0x26a/0x1b90 [ 1054.906851][T25598] ? snd_pcm_oss_sync+0x243/0x840 [ 1054.906865][T25598] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1054.906891][T25598] ? __pfx___mutex_lock+0x10/0x10 [ 1054.906913][T25598] ? __fsnotify_parent+0x2b4/0xca0 [ 1054.906935][T25598] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1054.906961][T25598] snd_pcm_oss_sync+0x265/0x840 [ 1054.906979][T25598] snd_pcm_oss_release+0x238/0x300 [ 1054.906994][T25598] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1054.907009][T25598] __fput+0x3ff/0xb40 [ 1054.907030][T25598] task_work_run+0x150/0x240 [ 1054.907052][T25598] ? __pfx_task_work_run+0x10/0x10 [ 1054.907078][T25598] exit_to_user_mode_loop+0x100/0x4a0 [ 1054.907100][T25598] do_syscall_64+0x668/0xf80 [ 1054.907118][T25598] ? clear_bhb_loop+0x40/0x90 [ 1054.907137][T25598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1054.907153][T25598] RIP: 0033:0x7f5872b9c799 [ 1054.907166][T25598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1054.907181][T25598] RSP: 002b:00007f5873a47028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1054.907196][T25598] RAX: 0000000000000000 RBX: 00007f5872e15fa0 RCX: 00007f5872b9c799 [ 1054.907207][T25598] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1054.907216][T25598] RBP: 00007f5872c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1054.907225][T25598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1054.907234][T25598] R13: 00007f5872e16038 R14: 00007f5872e15fa0 R15: 00007ffc770b84a8 [ 1054.907254][T25598] [ 1055.582684][T25617] FAULT_INJECTION: forcing a failure. [ 1055.582684][T25617] name failslab, interval 1, probability 0, space 0, times 0 [ 1055.654520][T25617] CPU: 0 UID: 0 PID: 25617 Comm: syz.3.4366 Tainted: G U syzkaller #0 PREEMPT(full) [ 1055.654577][T25617] Tainted: [U]=USER [ 1055.654587][T25617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1055.654603][T25617] Call Trace: [ 1055.654612][T25617] [ 1055.654622][T25617] dump_stack_lvl+0x100/0x190 [ 1055.654671][T25617] should_fail_ex.cold+0x5/0xa [ 1055.654704][T25617] should_failslab+0xc2/0x120 [ 1055.654735][T25617] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1055.654773][T25617] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1055.654829][T25617] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1055.654888][T25617] ? __mutex_lock+0x26a/0x1b90 [ 1055.654929][T25617] ? snd_pcm_oss_sync+0x243/0x840 [ 1055.654958][T25617] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1055.655008][T25617] ? __pfx___mutex_lock+0x10/0x10 [ 1055.655050][T25617] ? __fsnotify_parent+0x2b4/0xca0 [ 1055.655091][T25617] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1055.655141][T25617] snd_pcm_oss_sync+0x265/0x840 [ 1055.655174][T25617] snd_pcm_oss_release+0x238/0x300 [ 1055.655205][T25617] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1055.655235][T25617] __fput+0x3ff/0xb40 [ 1055.655277][T25617] task_work_run+0x150/0x240 [ 1055.655321][T25617] ? __pfx_task_work_run+0x10/0x10 [ 1055.655371][T25617] exit_to_user_mode_loop+0x100/0x4a0 [ 1055.655414][T25617] do_syscall_64+0x668/0xf80 [ 1055.655447][T25617] ? clear_bhb_loop+0x40/0x90 [ 1055.655484][T25617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.655512][T25617] RIP: 0033:0x7f5872b9c799 [ 1055.655536][T25617] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1055.655574][T25617] RSP: 002b:00007f5873a26028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1055.655600][T25617] RAX: 0000000000000000 RBX: 00007f5872e16090 RCX: 00007f5872b9c799 [ 1055.655618][T25617] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1055.655636][T25617] RBP: 00007f5872c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1055.655655][T25617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1055.655674][T25617] R13: 00007f5872e16128 R14: 00007f5872e16090 R15: 00007ffc770b84a8 [ 1055.655710][T25617] [ 1060.782258][T25717] netlink: 204 bytes leftover after parsing attributes in process `syz.2.4385'. [ 1060.983854][T25731] FAULT_INJECTION: forcing a failure. [ 1060.983854][T25731] name failslab, interval 1, probability 0, space 0, times 0 [ 1061.046462][T25731] CPU: 1 UID: 0 PID: 25731 Comm: syz.2.4388 Tainted: G U syzkaller #0 PREEMPT(full) [ 1061.046507][T25731] Tainted: [U]=USER [ 1061.046516][T25731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1061.046534][T25731] Call Trace: [ 1061.046544][T25731] [ 1061.046555][T25731] dump_stack_lvl+0x100/0x190 [ 1061.046605][T25731] should_fail_ex.cold+0x5/0xa [ 1061.046639][T25731] should_failslab+0xc2/0x120 [ 1061.046672][T25731] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1061.046711][T25731] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1061.046770][T25731] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1061.046827][T25731] ? __mutex_lock+0x26a/0x1b90 [ 1061.046867][T25731] ? snd_pcm_oss_sync+0x243/0x840 [ 1061.046895][T25731] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1061.046947][T25731] ? __pfx___mutex_lock+0x10/0x10 [ 1061.046999][T25731] ? __fsnotify_parent+0x2b4/0xca0 [ 1061.047042][T25731] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1061.047093][T25731] snd_pcm_oss_sync+0x265/0x840 [ 1061.047127][T25731] snd_pcm_oss_release+0x238/0x300 [ 1061.047157][T25731] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1061.047186][T25731] __fput+0x3ff/0xb40 [ 1061.047228][T25731] task_work_run+0x150/0x240 [ 1061.047272][T25731] ? __pfx_task_work_run+0x10/0x10 [ 1061.047325][T25731] exit_to_user_mode_loop+0x100/0x4a0 [ 1061.047365][T25731] do_syscall_64+0x668/0xf80 [ 1061.047398][T25731] ? clear_bhb_loop+0x40/0x90 [ 1061.047434][T25731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.047463][T25731] RIP: 0033:0x7fa07cb9c799 [ 1061.047486][T25731] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1061.047513][T25731] RSP: 002b:00007fa07da0e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1061.047541][T25731] RAX: 0000000000000000 RBX: 00007fa07ce15fa0 RCX: 00007fa07cb9c799 [ 1061.047560][T25731] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1061.047577][T25731] RBP: 00007fa07cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1061.047595][T25731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1061.047613][T25731] R13: 00007fa07ce16038 R14: 00007fa07ce15fa0 R15: 00007ffce36a5dd8 [ 1061.047653][T25731] [ 1063.794888][T25782] FAULT_INJECTION: forcing a failure. [ 1063.794888][T25782] name failslab, interval 1, probability 0, space 0, times 0 [ 1063.808432][T25782] CPU: 0 UID: 0 PID: 25782 Comm: syz.1.4400 Tainted: G U syzkaller #0 PREEMPT(full) [ 1063.808457][T25782] Tainted: [U]=USER [ 1063.808463][T25782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1063.808472][T25782] Call Trace: [ 1063.808478][T25782] [ 1063.808485][T25782] dump_stack_lvl+0x100/0x190 [ 1063.808513][T25782] should_fail_ex.cold+0x5/0xa [ 1063.808533][T25782] should_failslab+0xc2/0x120 [ 1063.808549][T25782] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1063.808570][T25782] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1063.808599][T25782] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1063.808628][T25782] ? __mutex_lock+0x26a/0x1b90 [ 1063.808650][T25782] ? snd_pcm_oss_sync+0x243/0x840 [ 1063.808664][T25782] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1063.808690][T25782] ? __pfx___mutex_lock+0x10/0x10 [ 1063.808712][T25782] ? __fsnotify_parent+0x2b4/0xca0 [ 1063.808733][T25782] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1063.808758][T25782] snd_pcm_oss_sync+0x265/0x840 [ 1063.808775][T25782] snd_pcm_oss_release+0x238/0x300 [ 1063.808790][T25782] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1063.808806][T25782] __fput+0x3ff/0xb40 [ 1063.808827][T25782] task_work_run+0x150/0x240 [ 1063.808849][T25782] ? __pfx_task_work_run+0x10/0x10 [ 1063.808875][T25782] exit_to_user_mode_loop+0x100/0x4a0 [ 1063.808897][T25782] do_syscall_64+0x668/0xf80 [ 1063.808914][T25782] ? clear_bhb_loop+0x40/0x90 [ 1063.808934][T25782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1063.808949][T25782] RIP: 0033:0x7f8cc599c799 [ 1063.808962][T25782] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1063.808977][T25782] RSP: 002b:00007f8cc67bd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1063.808993][T25782] RAX: 0000000000000000 RBX: 00007f8cc5c15fa0 RCX: 00007f8cc599c799 [ 1063.809003][T25782] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1063.809012][T25782] RBP: 00007f8cc5a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1063.809021][T25782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1063.809029][T25782] R13: 00007f8cc5c16038 R14: 00007f8cc5c15fa0 R15: 00007ffdd4e27538 [ 1063.809049][T25782] [ 1068.697240][T25881] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1068.709769][T25881] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1068.721959][T25881] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1068.730052][T25881] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1068.742282][T25881] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1068.915699][T25890] FAULT_INJECTION: forcing a failure. [ 1068.915699][T25890] name failslab, interval 1, probability 0, space 0, times 0 [ 1068.978920][T25890] CPU: 1 UID: 0 PID: 25890 Comm: syz.3.4419 Tainted: G U syzkaller #0 PREEMPT(full) [ 1068.978947][T25890] Tainted: [U]=USER [ 1068.978952][T25890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1068.978962][T25890] Call Trace: [ 1068.978968][T25890] [ 1068.978974][T25890] dump_stack_lvl+0x100/0x190 [ 1068.979002][T25890] should_fail_ex.cold+0x5/0xa [ 1068.979022][T25890] should_failslab+0xc2/0x120 [ 1068.979038][T25890] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1068.979058][T25890] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1068.979088][T25890] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1068.979116][T25890] ? __mutex_lock+0x26a/0x1b90 [ 1068.979137][T25890] ? snd_pcm_oss_sync+0x243/0x840 [ 1068.979151][T25890] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1068.979178][T25890] ? __pfx___mutex_lock+0x10/0x10 [ 1068.979200][T25890] ? __fsnotify_parent+0x2b4/0xca0 [ 1068.979221][T25890] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1068.979247][T25890] snd_pcm_oss_sync+0x265/0x840 [ 1068.979264][T25890] snd_pcm_oss_release+0x238/0x300 [ 1068.979279][T25890] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1068.979294][T25890] __fput+0x3ff/0xb40 [ 1068.979316][T25890] task_work_run+0x150/0x240 [ 1068.979337][T25890] ? __pfx_task_work_run+0x10/0x10 [ 1068.979372][T25890] exit_to_user_mode_loop+0x100/0x4a0 [ 1068.979395][T25890] do_syscall_64+0x668/0xf80 [ 1068.979413][T25890] ? clear_bhb_loop+0x40/0x90 [ 1068.979431][T25890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1068.979447][T25890] RIP: 0033:0x7f5872b9c799 [ 1068.979461][T25890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1068.979475][T25890] RSP: 002b:00007f5873a26028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1068.979490][T25890] RAX: 0000000000000000 RBX: 00007f5872e16090 RCX: 00007f5872b9c799 [ 1068.979500][T25890] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1068.979508][T25890] RBP: 00007f5872c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1068.979518][T25890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1068.979527][T25890] R13: 00007f5872e16128 R14: 00007f5872e16090 R15: 00007ffc770b84a8 [ 1068.979547][T25890] [ 1069.900075][ T5942] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.073916][ T5942] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.283799][ T5942] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.411318][ T5942] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.426860][T25912] FAULT_INJECTION: forcing a failure. [ 1070.426860][T25912] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.456376][T25912] CPU: 0 UID: 0 PID: 25912 Comm: syz.3.4423 Tainted: G U syzkaller #0 PREEMPT(full) [ 1070.456415][T25912] Tainted: [U]=USER [ 1070.456422][T25912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1070.456431][T25912] Call Trace: [ 1070.456437][T25912] [ 1070.456444][T25912] dump_stack_lvl+0x100/0x190 [ 1070.456472][T25912] should_fail_ex.cold+0x5/0xa [ 1070.456492][T25912] should_failslab+0xc2/0x120 [ 1070.456508][T25912] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1070.456527][T25912] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1070.456557][T25912] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1070.456586][T25912] ? __mutex_lock+0x26a/0x1b90 [ 1070.456606][T25912] ? snd_pcm_oss_sync+0x243/0x840 [ 1070.456621][T25912] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1070.456647][T25912] ? __pfx___mutex_lock+0x10/0x10 [ 1070.456670][T25912] ? __fsnotify_parent+0x2b4/0xca0 [ 1070.456691][T25912] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1070.456724][T25912] snd_pcm_oss_sync+0x265/0x840 [ 1070.456742][T25912] snd_pcm_oss_release+0x238/0x300 [ 1070.456758][T25912] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1070.456774][T25912] __fput+0x3ff/0xb40 [ 1070.456795][T25912] task_work_run+0x150/0x240 [ 1070.456818][T25912] ? __pfx_task_work_run+0x10/0x10 [ 1070.456844][T25912] exit_to_user_mode_loop+0x100/0x4a0 [ 1070.456865][T25912] do_syscall_64+0x668/0xf80 [ 1070.456883][T25912] ? clear_bhb_loop+0x40/0x90 [ 1070.456902][T25912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1070.456917][T25912] RIP: 0033:0x7f5872b9c799 [ 1070.456931][T25912] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1070.456946][T25912] RSP: 002b:00007f5873a47028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1070.456960][T25912] RAX: 0000000000000000 RBX: 00007f5872e15fa0 RCX: 00007f5872b9c799 [ 1070.456970][T25912] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1070.456979][T25912] RBP: 00007f5872c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1070.456989][T25912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1070.456998][T25912] R13: 00007f5872e16038 R14: 00007f5872e15fa0 R15: 00007ffc770b84a8 [ 1070.457019][T25912] [ 1070.878702][T25881] Bluetooth: hci3: command tx timeout [ 1070.910654][T25878] chnl_net:caif_netlink_parms(): no params data found [ 1071.182352][T25878] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.226906][T25878] bridge0: port 1(bridge_slave_0) entered disabled state [ 1071.245051][T25878] bridge_slave_0: entered allmulticast mode [ 1071.266708][T25878] bridge_slave_0: entered promiscuous mode [ 1071.408129][T25878] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.441763][T25878] bridge0: port 2(bridge_slave_1) entered disabled state [ 1071.508310][T25878] bridge_slave_1: entered allmulticast mode [ 1071.571078][T25878] bridge_slave_1: entered promiscuous mode [ 1071.810030][T25878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1071.829850][T25878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1071.849497][ T5942] bridge_slave_1: left allmulticast mode [ 1071.862822][ T5942] bridge_slave_1: left promiscuous mode [ 1071.871806][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 1071.914763][ T5942] bridge_slave_0: left allmulticast mode [ 1071.942885][ T5942] bridge_slave_0: left promiscuous mode [ 1071.976082][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 1071.991988][T25939] FAULT_INJECTION: forcing a failure. [ 1071.991988][T25939] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1072.029632][T25939] CPU: 1 UID: 0 PID: 25939 Comm: syz.2.4428 Tainted: G U syzkaller #0 PREEMPT(full) [ 1072.029658][T25939] Tainted: [U]=USER [ 1072.029663][T25939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1072.029673][T25939] Call Trace: [ 1072.029678][T25939] [ 1072.029685][T25939] dump_stack_lvl+0x100/0x190 [ 1072.029712][T25939] should_fail_ex.cold+0x5/0xa [ 1072.029731][T25939] get_futex_key+0x1d2/0x1620 [ 1072.029752][T25939] ? __pfx_get_futex_key+0x10/0x10 [ 1072.029776][T25939] futex_wake+0xea/0x530 [ 1072.029799][T25939] ? __pfx_futex_wake+0x10/0x10 [ 1072.029826][T25939] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 1072.029879][T25939] do_futex+0x32b/0x350 [ 1072.029915][T25939] ? __pfx_do_futex+0x10/0x10 [ 1072.029936][T25939] ? __pfx___might_resched+0x10/0x10 [ 1072.029958][T25939] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1072.029980][T25939] __x64_sys_futex+0x34f/0x4d0 [ 1072.030001][T25939] ? __pfx_task_work_run+0x10/0x10 [ 1072.030022][T25939] ? __pfx___x64_sys_futex+0x10/0x10 [ 1072.030047][T25939] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 1072.030073][T25939] do_syscall_64+0x106/0xf80 [ 1072.030093][T25939] ? clear_bhb_loop+0x40/0x90 [ 1072.030111][T25939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.030127][T25939] RIP: 0033:0x7fa07cb9c799 [ 1072.030154][T25939] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1072.030169][T25939] RSP: 002b:00007fa07d9ed0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1072.030185][T25939] RAX: ffffffffffffffda RBX: 00007fa07ce16098 RCX: 00007fa07cb9c799 [ 1072.030196][T25939] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa07ce1609c [ 1072.030206][T25939] RBP: 00007fa07ce16090 R08: 0000000000000000 R09: 0000000000000000 [ 1072.030216][T25939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1072.030225][T25939] R13: 00007fa07ce16128 R14: 00007ffce36a5cf0 R15: 00007ffce36a5dd8 [ 1072.030245][T25939] [ 1072.716848][ T5942] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1072.750984][ T5942] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1072.771047][ T5942] bond0 (unregistering): Released all slaves [ 1072.896719][T25881] Bluetooth: hci3: command tx timeout [ 1073.079344][T25878] team0: Port device team_slave_0 added [ 1073.191865][T25878] team0: Port device team_slave_1 added [ 1073.385264][T25878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1073.392455][T25878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1073.419084][T25878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1073.448074][T25878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1073.455016][T25878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1073.496627][T25878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1073.573506][ T5942] hsr_slave_0: left promiscuous mode [ 1073.582759][ T5942] hsr_slave_1: left promiscuous mode [ 1073.600453][ T5942] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1073.618901][ T5942] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1073.640971][ T5942] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1073.659735][ T5942] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1073.730129][ T5942] veth0_macvtap: left promiscuous mode [ 1073.740819][ T5942] veth1_vlan: left promiscuous mode [ 1073.746119][ T5942] veth0_vlan: left promiscuous mode [ 1074.489714][ T5942] team0 (unregistering): Port device team_slave_1 removed [ 1074.544190][ T5942] team0 (unregistering): Port device team_slave_0 removed [ 1074.976417][T25881] Bluetooth: hci3: command tx timeout [ 1075.163827][T25878] hsr_slave_0: entered promiscuous mode [ 1075.173175][T25878] hsr_slave_1: entered promiscuous mode [ 1077.057722][T25881] Bluetooth: hci3: command tx timeout [ 1077.349357][T25878] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1077.425781][T25878] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1077.588831][T25878] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1077.800037][T25878] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1078.197360][T25878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1078.262457][T25878] 8021q: adding VLAN 0 to HW filter on device team0 [ 1078.300918][T14385] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.308063][T14385] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1078.361536][ T6694] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.368738][ T6694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1078.517968][T26079] FAULT_INJECTION: forcing a failure. [ 1078.517968][T26079] name failslab, interval 1, probability 0, space 0, times 0 [ 1078.551603][T26079] CPU: 0 UID: 0 PID: 26079 Comm: syz.3.4441 Tainted: G U syzkaller #0 PREEMPT(full) [ 1078.551653][T26079] Tainted: [U]=USER [ 1078.551664][T26079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1078.551682][T26079] Call Trace: [ 1078.551693][T26079] [ 1078.551705][T26079] dump_stack_lvl+0x100/0x190 [ 1078.551763][T26079] should_fail_ex.cold+0x5/0xa [ 1078.551800][T26079] should_failslab+0xc2/0x120 [ 1078.551832][T26079] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1078.551870][T26079] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1078.551928][T26079] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1078.551985][T26079] ? __mutex_lock+0x26a/0x1b90 [ 1078.552026][T26079] ? snd_pcm_oss_sync+0x243/0x840 [ 1078.552054][T26079] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1078.552108][T26079] ? __pfx___mutex_lock+0x10/0x10 [ 1078.552152][T26079] ? __fsnotify_parent+0x2b4/0xca0 [ 1078.552194][T26079] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1078.552244][T26079] snd_pcm_oss_sync+0x265/0x840 [ 1078.552279][T26079] snd_pcm_oss_release+0x238/0x300 [ 1078.552308][T26079] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1078.552337][T26079] __fput+0x3ff/0xb40 [ 1078.552379][T26079] task_work_run+0x150/0x240 [ 1078.552423][T26079] ? __pfx_task_work_run+0x10/0x10 [ 1078.552475][T26079] exit_to_user_mode_loop+0x100/0x4a0 [ 1078.552517][T26079] do_syscall_64+0x668/0xf80 [ 1078.552552][T26079] ? clear_bhb_loop+0x40/0x90 [ 1078.552588][T26079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1078.552619][T26079] RIP: 0033:0x7f5872b9c799 [ 1078.552644][T26079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1078.552673][T26079] RSP: 002b:00007f5873a47028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1078.552702][T26079] RAX: 0000000000000000 RBX: 00007f5872e15fa0 RCX: 00007f5872b9c799 [ 1078.552721][T26079] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1078.552740][T26079] RBP: 00007f5872c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1078.552764][T26079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1078.552782][T26079] R13: 00007f5872e16038 R14: 00007f5872e15fa0 R15: 00007ffc770b84a8 [ 1078.552823][T26079] [ 1080.041074][T25878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1080.493678][T25878] veth0_vlan: entered promiscuous mode [ 1080.690894][T25878] veth1_vlan: entered promiscuous mode [ 1080.990545][T25878] veth0_macvtap: entered promiscuous mode [ 1081.028514][T26132] FAULT_INJECTION: forcing a failure. [ 1081.028514][T26132] name failslab, interval 1, probability 0, space 0, times 0 [ 1081.169697][T26132] CPU: 1 UID: 0 PID: 26132 Comm: syz.3.4447 Tainted: G U syzkaller #0 PREEMPT(full) [ 1081.169745][T26132] Tainted: [U]=USER [ 1081.169756][T26132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1081.169775][T26132] Call Trace: [ 1081.169785][T26132] [ 1081.169796][T26132] dump_stack_lvl+0x100/0x190 [ 1081.169846][T26132] should_fail_ex.cold+0x5/0xa [ 1081.169887][T26132] should_failslab+0xc2/0x120 [ 1081.169919][T26132] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1081.169958][T26132] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1081.170018][T26132] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 1081.170077][T26132] ? __mutex_lock+0x26a/0x1b90 [ 1081.170118][T26132] ? snd_pcm_oss_sync+0x243/0x840 [ 1081.170146][T26132] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1081.170200][T26132] ? __pfx___mutex_lock+0x10/0x10 [ 1081.170242][T26132] ? __fsnotify_parent+0x2b4/0xca0 [ 1081.170283][T26132] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1081.170332][T26132] snd_pcm_oss_sync+0x265/0x840 [ 1081.170367][T26132] snd_pcm_oss_release+0x238/0x300 [ 1081.170396][T26132] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1081.170425][T26132] __fput+0x3ff/0xb40 [ 1081.170473][T26132] task_work_run+0x150/0x240 [ 1081.170518][T26132] ? __pfx_task_work_run+0x10/0x10 [ 1081.170571][T26132] exit_to_user_mode_loop+0x100/0x4a0 [ 1081.170614][T26132] do_syscall_64+0x668/0xf80 [ 1081.170648][T26132] ? clear_bhb_loop+0x40/0x90 [ 1081.170684][T26132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1081.170715][T26132] RIP: 0033:0x7f5872b9c799 [ 1081.170739][T26132] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1081.170768][T26132] RSP: 002b:00007f5873a26028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1081.170797][T26132] RAX: 0000000000000000 RBX: 00007f5872e16090 RCX: 00007f5872b9c799 [ 1081.170816][T26132] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1081.170834][T26132] RBP: 00007f5872c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1081.170852][T26132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1081.170869][T26132] R13: 00007f5872e16128 R14: 00007f5872e16090 R15: 00007ffc770b84a8 [ 1081.170909][T26132] [ 1081.502105][T25878] veth1_macvtap: entered promiscuous mode [ 1081.719300][T25878] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1082.229205][T25878] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1082.510118][ T5942] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.520346][ T5942] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.641955][ T5942] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1082.682438][ T5942] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1083.364000][T25980] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1083.392708][T25980] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1083.448384][ T5950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1083.460263][ T5950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1091.763275][T26357] size and base must be multiples of 4 kiB [ 1091.796518][T26357] CPU: 1 UID: 0 PID: 26357 Comm: syz.3.4483 Tainted: G U syzkaller #0 PREEMPT(full) [ 1091.796544][T26357] Tainted: [U]=USER [ 1091.796550][T26357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1091.796559][T26357] Call Trace: [ 1091.796565][T26357] [ 1091.796571][T26357] dump_stack_lvl+0x100/0x190 [ 1091.796602][T26357] mtrr_add.cold+0x74/0x87 [ 1091.796620][T26357] mtrr_ioctl+0x25a/0xcf0 [ 1091.796642][T26357] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1091.796665][T26357] ? find_held_lock+0x2b/0x80 [ 1091.796685][T26357] ? __fget_files+0x21f/0x3d0 [ 1091.796701][T26357] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1091.796720][T26357] proc_reg_unlocked_ioctl+0x229/0x320 [ 1091.796744][T26357] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1091.796767][T26357] __x64_sys_ioctl+0x18e/0x210 [ 1091.796791][T26357] do_syscall_64+0x106/0xf80 [ 1091.796810][T26357] ? clear_bhb_loop+0x40/0x90 [ 1091.796829][T26357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1091.796845][T26357] RIP: 0033:0x7f5872b9c799 [ 1091.796859][T26357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1091.796873][T26357] RSP: 002b:00007f5873a26028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1091.796888][T26357] RAX: ffffffffffffffda RBX: 00007f5872e16090 RCX: 00007f5872b9c799 [ 1091.796899][T26357] RDX: 0000000000000004 RSI: 0000000040104d01 RDI: 0000000000000004 [ 1091.796908][T26357] RBP: 00007f5872c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1091.796918][T26357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1091.796927][T26357] R13: 00007f5872e16128 R14: 00007f5872e16090 R15: 00007ffc770b84a8 [ 1091.796947][T26357] [ 1092.417019][T26368] usb usb26: usbfs: interface 0 claimed by hub while 'syz.1.4487' resets device [ 1093.901278][T26386] zswap: compressor not available [ 1094.000528][T26397] FAULT_INJECTION: forcing a failure. [ 1094.000528][T26397] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1094.046712][T26397] CPU: 0 UID: 0 PID: 26397 Comm: syz.3.4492 Tainted: G U syzkaller #0 PREEMPT(full) [ 1094.046738][T26397] Tainted: [U]=USER [ 1094.046744][T26397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1094.046753][T26397] Call Trace: [ 1094.046759][T26397] [ 1094.046766][T26397] dump_stack_lvl+0x100/0x190 [ 1094.046794][T26397] should_fail_ex.cold+0x5/0xa [ 1094.046814][T26397] get_futex_key+0x1d2/0x1620 [ 1094.046836][T26397] ? __pfx_get_futex_key+0x10/0x10 [ 1094.046866][T26397] ? __fput+0x68a/0xb40 [ 1094.046887][T26397] futex_wait_setup+0x83/0x510 [ 1094.046915][T26397] __futex_wait+0x19f/0x300 [ 1094.046939][T26397] ? __pfx___futex_wait+0x10/0x10 [ 1094.046964][T26397] ? __pfx_futex_wake_mark+0x10/0x10 [ 1094.046988][T26397] ? futex_hash+0x2c5/0x380 [ 1094.047011][T26397] futex_wait+0xed/0x380 [ 1094.047033][T26397] ? __pfx_futex_wait+0x10/0x10 [ 1094.047064][T26397] do_futex+0x1ef/0x350 [ 1094.047083][T26397] ? __pfx_do_futex+0x10/0x10 [ 1094.047102][T26397] ? __pfx___might_resched+0x10/0x10 [ 1094.047123][T26397] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1094.047147][T26397] __x64_sys_futex+0x34f/0x4d0 [ 1094.047167][T26397] ? __pfx_task_work_run+0x10/0x10 [ 1094.047188][T26397] ? __pfx___x64_sys_futex+0x10/0x10 [ 1094.047207][T26397] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 1094.047232][T26397] do_syscall_64+0x106/0xf80 [ 1094.047250][T26397] ? clear_bhb_loop+0x40/0x90 [ 1094.047269][T26397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1094.047284][T26397] RIP: 0033:0x7f5872b9c799 [ 1094.047297][T26397] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1094.047312][T26397] RSP: 002b:00007f5873a470e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1094.047328][T26397] RAX: ffffffffffffffda RBX: 00007f5872e15fa8 RCX: 00007f5872b9c799 [ 1094.047338][T26397] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5872e15fa8 [ 1094.047347][T26397] RBP: 00007f5872e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1094.047356][T26397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1094.047365][T26397] R13: 00007f5872e16038 R14: 00007ffc770b83c0 R15: 00007ffc770b84a8 [ 1094.047384][T26397] [ 1094.676739][T26394] netlink: 'syz.0.4498': attribute type 1 has an invalid length. [ 1095.471630][T26421] FAULT_INJECTION: forcing a failure. [ 1095.471630][T26421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1095.486464][T26421] CPU: 1 UID: 0 PID: 26421 Comm: syz.2.4497 Tainted: G U syzkaller #0 PREEMPT(full) [ 1095.486504][T26421] Tainted: [U]=USER [ 1095.486513][T26421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1095.486526][T26421] Call Trace: [ 1095.486544][T26421] [ 1095.486554][T26421] dump_stack_lvl+0x100/0x190 [ 1095.486597][T26421] should_fail_ex.cold+0x5/0xa [ 1095.486626][T26421] _copy_to_user+0x32/0xd0 [ 1095.486655][T26421] simple_read_from_buffer+0xcb/0x170 [ 1095.486694][T26421] proc_fail_nth_read+0x1af/0x230 [ 1095.486726][T26421] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1095.486759][T26421] ? rw_verify_area+0xce/0x6d0 [ 1095.486796][T26421] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1095.486828][T26421] vfs_read+0x1e4/0xb30 [ 1095.486869][T26421] ? __pfx_vfs_read+0x10/0x10 [ 1095.486905][T26421] ? __do_sys_clock_adjtime+0x191/0x290 [ 1095.486942][T26421] ? __pfx___do_sys_clock_adjtime+0x10/0x10 [ 1095.486979][T26421] ? __pfx_do_sys_openat2+0x10/0x10 [ 1095.487031][T26421] ksys_read+0x12a/0x250 [ 1095.487071][T26421] ? __pfx_ksys_read+0x10/0x10 [ 1095.487122][T26421] do_syscall_64+0x106/0xf80 [ 1095.487155][T26421] ? clear_bhb_loop+0x40/0x90 [ 1095.487189][T26421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1095.487219][T26421] RIP: 0033:0x7fa07cb5cfce [ 1095.487241][T26421] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1095.487268][T26421] RSP: 002b:00007fa07da0dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1095.487294][T26421] RAX: ffffffffffffffda RBX: 00007fa07da0e6c0 RCX: 00007fa07cb5cfce [ 1095.487314][T26421] RDX: 000000000000000f RSI: 00007fa07da0e0a0 RDI: 0000000000000001 [ 1095.487332][T26421] RBP: 00007fa07da0e090 R08: 0000000000000000 R09: 0000000000000000 [ 1095.487349][T26421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1095.487366][T26421] R13: 00007fa07ce16038 R14: 00007fa07ce15fa0 R15: 00007ffce36a5dd8 [ 1095.487404][T26421] [ 1096.445176][T26440] FAULT_INJECTION: forcing a failure. [ 1096.445176][T26440] name failslab, interval 1, probability 0, space 0, times 0 [ 1096.460493][T26440] CPU: 1 UID: 0 PID: 26440 Comm: syz.1.4503 Tainted: G U syzkaller #0 PREEMPT(full) [ 1096.460520][T26440] Tainted: [U]=USER [ 1096.460525][T26440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1096.460535][T26440] Call Trace: [ 1096.460541][T26440] [ 1096.460548][T26440] dump_stack_lvl+0x100/0x190 [ 1096.460575][T26440] should_fail_ex.cold+0x5/0xa [ 1096.460595][T26440] should_failslab+0xc2/0x120 [ 1096.460612][T26440] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1096.460633][T26440] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1096.460664][T26440] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1096.460694][T26440] ? __mutex_lock+0x26a/0x1b90 [ 1096.460714][T26440] ? snd_pcm_oss_sync+0x243/0x840 [ 1096.460729][T26440] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1096.460755][T26440] ? __pfx___mutex_lock+0x10/0x10 [ 1096.460778][T26440] ? __fsnotify_parent+0x2b4/0xca0 [ 1096.460800][T26440] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1096.460826][T26440] snd_pcm_oss_sync+0x265/0x840 [ 1096.460843][T26440] snd_pcm_oss_release+0x238/0x300 [ 1096.460858][T26440] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1096.460873][T26440] __fput+0x3ff/0xb40 [ 1096.460895][T26440] task_work_run+0x150/0x240 [ 1096.460916][T26440] ? __pfx_task_work_run+0x10/0x10 [ 1096.460951][T26440] exit_to_user_mode_loop+0x100/0x4a0 [ 1096.460974][T26440] do_syscall_64+0x668/0xf80 [ 1096.460992][T26440] ? clear_bhb_loop+0x40/0x90 [ 1096.461011][T26440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1096.461026][T26440] RIP: 0033:0x7ff6a3d9c799 [ 1096.461040][T26440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1096.461054][T26440] RSP: 002b:00007ff6a4b9c028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1096.461069][T26440] RAX: 0000000000000000 RBX: 00007ff6a4015fa0 RCX: 00007ff6a3d9c799 [ 1096.461079][T26440] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1096.461088][T26440] RBP: 00007ff6a3e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1096.461097][T26440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1096.461106][T26440] R13: 00007ff6a4016038 R14: 00007ff6a4015fa0 R15: 00007ffead86ac08 [ 1096.461128][T26440] [ 1100.003954][T26502] FAULT_INJECTION: forcing a failure. [ 1100.003954][T26502] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1100.058052][T26502] CPU: 1 UID: 0 PID: 26502 Comm: syz.2.4516 Tainted: G U syzkaller #0 PREEMPT(full) [ 1100.058078][T26502] Tainted: [U]=USER [ 1100.058091][T26502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1100.058100][T26502] Call Trace: [ 1100.058106][T26502] [ 1100.058112][T26502] dump_stack_lvl+0x100/0x190 [ 1100.058140][T26502] should_fail_ex.cold+0x5/0xa [ 1100.058159][T26502] _copy_to_user+0x32/0xd0 [ 1100.058176][T26502] simple_read_from_buffer+0xcb/0x170 [ 1100.058201][T26502] proc_fail_nth_read+0x1af/0x230 [ 1100.058221][T26502] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1100.058240][T26502] ? rw_verify_area+0xce/0x6d0 [ 1100.058261][T26502] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1100.058278][T26502] vfs_read+0x1e4/0xb30 [ 1100.058303][T26502] ? __pfx_vfs_read+0x10/0x10 [ 1100.058324][T26502] ? __fget_files+0x215/0x3d0 [ 1100.058342][T26502] ? __fget_files+0x21f/0x3d0 [ 1100.058362][T26502] ksys_read+0x12a/0x250 [ 1100.058384][T26502] ? __pfx_ksys_read+0x10/0x10 [ 1100.058412][T26502] do_syscall_64+0x106/0xf80 [ 1100.058430][T26502] ? clear_bhb_loop+0x40/0x90 [ 1100.058449][T26502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.058465][T26502] RIP: 0033:0x7fa07cb5cfce [ 1100.058478][T26502] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1100.058492][T26502] RSP: 002b:00007fa07d9cbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1100.058507][T26502] RAX: ffffffffffffffda RBX: 00007fa07d9cc6c0 RCX: 00007fa07cb5cfce [ 1100.058517][T26502] RDX: 000000000000000f RSI: 00007fa07d9cc0a0 RDI: 0000000000000005 [ 1100.058526][T26502] RBP: 00007fa07d9cc090 R08: 0000000000000000 R09: 0000000000000000 [ 1100.058535][T26502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1100.058544][T26502] R13: 00007fa07ce16218 R14: 00007fa07ce16180 R15: 00007ffce36a5dd8 [ 1100.058564][T26502] [ 1100.305703][T26506] openvswitch: netlink: IP tunnel dst address not specified [ 1104.730518][T26580] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4530'. [ 1104.908075][T26553] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1104.927334][T26553] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1104.940037][T26553] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1104.960943][T26553] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1105.000910][T26553] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1105.104414][T26553] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1105.387417][T26587] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4532'. [ 1105.448548][T26587] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1105.455975][T26587] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1105.550971][T26587] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1105.576809][T26587] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1106.176670][T25881] Bluetooth: hci4: command 0x0c1a tx timeout [ 1106.520205][T26615] FAULT_INJECTION: forcing a failure. [ 1106.520205][T26615] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1106.560443][T26615] CPU: 1 UID: 0 PID: 26615 Comm: syz.2.4539 Tainted: G U syzkaller #0 PREEMPT(full) [ 1106.560468][T26615] Tainted: [U]=USER [ 1106.560473][T26615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1106.560482][T26615] Call Trace: [ 1106.560488][T26615] [ 1106.560494][T26615] dump_stack_lvl+0x100/0x190 [ 1106.560521][T26615] should_fail_ex.cold+0x5/0xa [ 1106.560540][T26615] _copy_from_user+0x2e/0xd0 [ 1106.560556][T26615] copy_msghdr_from_user+0x9f/0x4f0 [ 1106.560582][T26615] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1106.560608][T26615] ? rcu_is_watching+0x12/0xc0 [ 1106.560630][T26615] ? ___sys_sendmsg+0x19d/0x1e0 [ 1106.560651][T26615] ? kfree+0x2ec/0x6b0 [ 1106.560673][T26615] ___sys_sendmsg+0x106/0x1e0 [ 1106.560696][T26615] ? __pfx____sys_sendmsg+0x10/0x10 [ 1106.560735][T26615] ? __pfx___might_resched+0x10/0x10 [ 1106.560761][T26615] __sys_sendmmsg+0x205/0x430 [ 1106.560782][T26615] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1106.560806][T26615] ? __pfx_do_sys_openat2+0x10/0x10 [ 1106.560835][T26615] ? ksys_write+0x1ac/0x250 [ 1106.560848][T26615] ? __pfx_ksys_write+0x10/0x10 [ 1106.560865][T26615] __x64_sys_sendmmsg+0x9c/0x100 [ 1106.560883][T26615] ? lockdep_hardirqs_on+0x78/0x100 [ 1106.560903][T26615] do_syscall_64+0x106/0xf80 [ 1106.560920][T26615] ? clear_bhb_loop+0x40/0x90 [ 1106.560945][T26615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.560961][T26615] RIP: 0033:0x7fa07cb9c799 [ 1106.560974][T26615] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1106.560989][T26615] RSP: 002b:00007fa07da0e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1106.561004][T26615] RAX: ffffffffffffffda RBX: 00007fa07ce15fa0 RCX: 00007fa07cb9c799 [ 1106.561014][T26615] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1106.561023][T26615] RBP: 00007fa07da0e090 R08: 0000000000000000 R09: 0000000000000000 [ 1106.561032][T26615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1106.561041][T26615] R13: 00007fa07ce16038 R14: 00007fa07ce15fa0 R15: 00007ffce36a5dd8 [ 1106.561060][T26615] [ 1106.976539][T25881] Bluetooth: hci3: command 0x0c1a tx timeout [ 1106.986397][T15190] Bluetooth: hci0: command 0x0c1a tx timeout [ 1106.992435][T15190] Bluetooth: hci2: command 0x0c1a tx timeout [ 1107.623915][T26637] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 1108.327825][T26650] delete_channel: no stack [ 1109.057093][T26619] Bluetooth: hci3: command 0x0c1a tx timeout [ 1109.687705][T26671] netlink: 'syz.1.4546': attribute type 1 has an invalid length. [ 1111.120753][T26667] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1111.129324][T26667] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1111.137229][T26619] Bluetooth: hci3: command 0x0c1a tx timeout [ 1111.145858][T26667] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1111.179498][T26667] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1111.787614][T26619] Bluetooth: hci4: command 0x0c1a tx timeout [ 1113.107649][T26741] netlink: 'syz.3.4563': attribute type 1 has an invalid length. [ 1113.156704][T26619] Bluetooth: hci2: command 0x0c1a tx timeout [ 1113.217415][T26619] Bluetooth: hci3: command 0x0c1a tx timeout [ 1113.223478][ T6000] Bluetooth: hci0: command 0x0c1a tx timeout [ 1115.779586][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.797368][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1122.386031][T26862] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4592'. [ 1129.172909][T26976] binder: 26975:26976 ioctl c018620c 0 returned -1 [ 1131.698147][T27036] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4633'. [ 1131.739102][T27036] netlink: 28905 bytes leftover after parsing attributes in process `syz.1.4633'. [ 1132.538508][T27052] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4637'. [ 1135.091592][T27100] FAULT_INJECTION: forcing a failure. [ 1135.091592][T27100] name failslab, interval 1, probability 0, space 0, times 0 [ 1135.104532][T27100] CPU: 1 UID: 0 PID: 27100 Comm: syz.3.4649 Tainted: G U syzkaller #0 PREEMPT(full) [ 1135.104578][T27100] Tainted: [U]=USER [ 1135.104589][T27100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1135.104607][T27100] Call Trace: [ 1135.104617][T27100] [ 1135.104628][T27100] dump_stack_lvl+0x100/0x190 [ 1135.104677][T27100] should_fail_ex.cold+0x5/0xa [ 1135.104711][T27100] should_failslab+0xc2/0x120 [ 1135.104743][T27100] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1135.104797][T27100] ? alloc_empty_file+0x55/0x1c0 [ 1135.104841][T27100] alloc_empty_file+0x55/0x1c0 [ 1135.104880][T27100] alloc_file_pseudo+0x13a/0x230 [ 1135.104918][T27100] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1135.104953][T27100] ? alloc_fd+0x476/0x790 [ 1135.104984][T27100] ? do_raw_spin_unlock+0x145/0x1e0 [ 1135.105031][T27100] __anon_inode_getfile+0xe8/0x280 [ 1135.105071][T27100] anon_inode_getfile_fmode+0x37/0xa0 [ 1135.105108][T27100] __do_sys_fanotify_init+0xa79/0xe50 [ 1135.105158][T27100] do_syscall_64+0x106/0xf80 [ 1135.105192][T27100] ? clear_bhb_loop+0x40/0x90 [ 1135.105229][T27100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1135.105261][T27100] RIP: 0033:0x7f5872b9c799 [ 1135.105284][T27100] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1135.105312][T27100] RSP: 002b:00007f5873a26028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 1135.105340][T27100] RAX: ffffffffffffffda RBX: 00007f5872e16090 RCX: 00007f5872b9c799 [ 1135.105360][T27100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 1135.105377][T27100] RBP: 00007f5872c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1135.105397][T27100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1135.105414][T27100] R13: 00007f5872e16128 R14: 00007f5872e16090 R15: 00007ffc770b84a8 [ 1135.105453][T27100] [ 1140.443732][T27213] netlink: 252 bytes leftover after parsing attributes in process `syz.3.4672'. [ 1142.560563][T27260] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 1142.889067][ T30] audit: type=1800 audit(4294967327.160:21): pid=27273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4685" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1143.725268][T27281] Format for deleting device is "id" (uint). [ 1143.969421][T27285] binder: 27282:27285 ioctl c018620c 0 returned -1 [ 1144.229556][T27289] synth uevent: /devices/virtual/tty/ttyyc: unknown uevent action string [ 1144.254168][T27289] tty ttyyc: uevent: failed to send synthetic uevent: -22 [ 1147.516014][T26619] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 1148.918333][T27383] udc dummy_udc.0: soft-connect without a gadget driver [ 1149.684976][T27396] FAULT_INJECTION: forcing a failure. [ 1149.684976][T27396] name failslab, interval 1, probability 0, space 0, times 0 [ 1149.698684][T27396] CPU: 0 UID: 0 PID: 27396 Comm: syz.1.4713 Tainted: G U syzkaller #0 PREEMPT(full) [ 1149.698711][T27396] Tainted: [U]=USER [ 1149.698716][T27396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1149.698726][T27396] Call Trace: [ 1149.698733][T27396] [ 1149.698739][T27396] dump_stack_lvl+0x100/0x190 [ 1149.698767][T27396] should_fail_ex.cold+0x5/0xa [ 1149.698786][T27396] should_failslab+0xc2/0x120 [ 1149.698803][T27396] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1149.698825][T27396] ? __d_alloc+0x34/0xa80 [ 1149.698846][T27396] __d_alloc+0x34/0xa80 [ 1149.698865][T27396] d_alloc+0x4a/0x1e0 [ 1149.698882][T27396] lookup_one_qstr_excl+0x175/0x250 [ 1149.698904][T27396] start_dirop+0x59/0xb0 [ 1149.698927][T27396] simple_start_creating+0xf9/0x110 [ 1149.698950][T27396] ? __pfx_simple_start_creating+0x10/0x10 [ 1149.698973][T27396] ? mntput+0x70/0xa0 [ 1149.698994][T27396] ? simple_pin_fs+0xa3/0x190 [ 1149.699015][T27396] debugfs_start_creating.part.0+0x82/0x170 [ 1149.699139][T27396] __debugfs_create_file+0xb3/0x4f0 [ 1149.699165][T27396] debugfs_create_file_full+0x41/0x60 [ 1149.699191][T27396] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1149.699244][T27396] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1149.699261][T27396] ? rcu_is_watching+0x12/0xc0 [ 1149.699301][T27396] ? lockdep_init_map_type+0x5c/0x250 [ 1149.699323][T27396] preinit_net.part.0+0x24e/0x8f0 [ 1149.699345][T27396] copy_net_ns+0x339/0x7c0 [ 1149.699367][T27396] create_new_namespaces+0x3ea/0xac0 [ 1149.699388][T27396] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1149.699405][T27396] ksys_unshare+0x473/0xad0 [ 1149.699425][T27396] ? __pfx_ksys_unshare+0x10/0x10 [ 1149.699451][T27396] __x64_sys_unshare+0x31/0x40 [ 1149.699468][T27396] do_syscall_64+0x106/0xf80 [ 1149.699486][T27396] ? clear_bhb_loop+0x40/0x90 [ 1149.699505][T27396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.699521][T27396] RIP: 0033:0x7ff6a3d9c799 [ 1149.699535][T27396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1149.699550][T27396] RSP: 002b:00007ff6a4b9c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1149.699565][T27396] RAX: ffffffffffffffda RBX: 00007ff6a4015fa0 RCX: 00007ff6a3d9c799 [ 1149.699575][T27396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1149.699584][T27396] RBP: 00007ff6a3e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1149.699593][T27396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1149.699602][T27396] R13: 00007ff6a4016038 R14: 00007ff6a4015fa0 R15: 00007ffead86ac08 [ 1149.699623][T27396] [ 1153.070617][T27476] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4733'. [ 1153.092421][T27476] nbd: must specify a size in bytes for the device [ 1153.979058][T27487] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(8.16.0), cmd(3) [ 1154.739064][ T6000] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1154.759797][ T6000] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1154.769653][ T6000] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1154.799506][ T6000] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1154.817708][ T6000] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1155.723448][T14392] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1155.958416][T14392] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.084770][T27520] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1156.178257][T14392] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.317696][T14392] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.336689][T27504] chnl_net:caif_netlink_parms(): no params data found [ 1156.587142][T27504] bridge0: port 1(bridge_slave_0) entered blocking state [ 1156.594437][T27504] bridge0: port 1(bridge_slave_0) entered disabled state [ 1156.601687][T27504] bridge_slave_0: entered allmulticast mode [ 1156.608991][T27504] bridge_slave_0: entered promiscuous mode [ 1156.616748][T27504] bridge0: port 2(bridge_slave_1) entered blocking state [ 1156.623820][T27504] bridge0: port 2(bridge_slave_1) entered disabled state [ 1156.632155][T27504] bridge_slave_1: entered allmulticast mode [ 1156.641123][T27504] bridge_slave_1: entered promiscuous mode [ 1156.698095][T27504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1156.707491][T14392] bridge_slave_1: left allmulticast mode [ 1156.713271][T14392] bridge_slave_1: left promiscuous mode [ 1156.719229][T14392] bridge0: port 2(bridge_slave_1) entered disabled state [ 1156.728972][T14392] bridge_slave_0: left allmulticast mode [ 1156.734635][T14392] bridge_slave_0: left promiscuous mode [ 1156.741801][T14392] bridge0: port 1(bridge_slave_0) entered disabled state [ 1156.896963][ T6000] Bluetooth: hci1: command tx timeout [ 1156.909623][T14392] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1156.920461][T14392] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1156.930514][T14392] bond0 (unregistering): Released all slaves [ 1156.941691][T27504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1157.110578][T27542] FAULT_INJECTION: forcing a failure. [ 1157.110578][T27542] name failslab, interval 1, probability 0, space 0, times 0 [ 1157.129570][T27542] CPU: 0 UID: 0 PID: 27542 Comm: syz.2.4748 Tainted: G U syzkaller #0 PREEMPT(full) [ 1157.129618][T27542] Tainted: [U]=USER [ 1157.129628][T27542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1157.129645][T27542] Call Trace: [ 1157.129654][T27542] [ 1157.129667][T27542] dump_stack_lvl+0x100/0x190 [ 1157.129718][T27542] should_fail_ex.cold+0x5/0xa [ 1157.129751][T27542] should_failslab+0xc2/0x120 [ 1157.129786][T27542] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1157.129832][T27542] ? __d_alloc+0x34/0xa80 [ 1157.129872][T27542] __d_alloc+0x34/0xa80 [ 1157.129908][T27542] d_alloc+0x4a/0x1e0 [ 1157.129943][T27542] lookup_one_qstr_excl+0x175/0x250 [ 1157.129985][T27542] start_dirop+0x59/0xb0 [ 1157.130031][T27542] simple_start_creating+0xf9/0x110 [ 1157.130076][T27542] ? __pfx_simple_start_creating+0x10/0x10 [ 1157.130119][T27542] ? mntput+0x70/0xa0 [ 1157.130160][T27542] ? simple_pin_fs+0xa3/0x190 [ 1157.130202][T27542] debugfs_start_creating.part.0+0x82/0x170 [ 1157.130250][T27542] __debugfs_create_file+0xb3/0x4f0 [ 1157.130301][T27542] debugfs_create_file_full+0x41/0x60 [ 1157.130361][T27542] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1157.130398][T27542] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1157.130432][T27542] ? rcu_is_watching+0x12/0xc0 [ 1157.130510][T27542] ? lockdep_init_map_type+0x5c/0x250 [ 1157.130556][T27542] preinit_net.part.0+0x24e/0x8f0 [ 1157.130598][T27542] copy_net_ns+0x339/0x7c0 [ 1157.130643][T27542] create_new_namespaces+0x3ea/0xac0 [ 1157.130686][T27542] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1157.130722][T27542] ksys_unshare+0x473/0xad0 [ 1157.130761][T27542] ? __pfx_ksys_unshare+0x10/0x10 [ 1157.130813][T27542] __x64_sys_unshare+0x31/0x40 [ 1157.130850][T27542] do_syscall_64+0x106/0xf80 [ 1157.130885][T27542] ? clear_bhb_loop+0x40/0x90 [ 1157.130923][T27542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1157.130954][T27542] RIP: 0033:0x7fa07cb9c799 [ 1157.130981][T27542] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1157.131010][T27542] RSP: 002b:00007fa07da0e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1157.131040][T27542] RAX: ffffffffffffffda RBX: 00007fa07ce15fa0 RCX: 00007fa07cb9c799 [ 1157.131061][T27542] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1157.131080][T27542] RBP: 00007fa07cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1157.131099][T27542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1157.131118][T27542] R13: 00007fa07ce16038 R14: 00007fa07ce15fa0 R15: 00007ffce36a5dd8 [ 1157.131161][T27542] [ 1157.492010][T27504] team0: Port device team_slave_0 added [ 1157.502972][T27504] team0: Port device team_slave_1 added [ 1157.582703][T27504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1157.590612][T27504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1157.650272][T27504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1157.687030][T27504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1157.694922][T27504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1157.730353][T27504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1157.884153][T27504] hsr_slave_0: entered promiscuous mode [ 1157.892022][T27504] hsr_slave_1: entered promiscuous mode [ 1157.907244][T27504] debugfs: 'hsr0' already exists in 'hsr' [ 1157.915092][T27504] Cannot create hsr debugfs directory [ 1157.957103][T14392] hsr_slave_0: left promiscuous mode [ 1157.963172][T14392] hsr_slave_1: left promiscuous mode [ 1157.969911][T14392] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1157.977510][T14392] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1157.985454][T14392] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1157.994705][T14392] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1158.014958][T14392] veth1_macvtap: left promiscuous mode [ 1158.021453][T14392] veth0_macvtap: left promiscuous mode [ 1158.027073][T14392] veth1_vlan: left promiscuous mode [ 1158.032359][T14392] veth0_vlan: left promiscuous mode [ 1158.098775][T27566] FAULT_INJECTION: forcing a failure. [ 1158.098775][T27566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1158.112098][T27566] CPU: 1 UID: 0 PID: 27566 Comm: syz.2.4755 Tainted: G U syzkaller #0 PREEMPT(full) [ 1158.112140][T27566] Tainted: [U]=USER [ 1158.112149][T27566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1158.112165][T27566] Call Trace: [ 1158.112174][T27566] [ 1158.112185][T27566] dump_stack_lvl+0x100/0x190 [ 1158.112230][T27566] should_fail_ex.cold+0x5/0xa [ 1158.112263][T27566] _copy_from_user+0x2e/0xd0 [ 1158.112292][T27566] __do_sys_capset+0x1ec/0x460 [ 1158.112320][T27566] ? __pfx___do_sys_capset+0x10/0x10 [ 1158.112355][T27566] ? fput+0x79/0x100 [ 1158.112386][T27566] ? ksys_write+0x1ac/0x250 [ 1158.112424][T27566] do_syscall_64+0x106/0xf80 [ 1158.112456][T27566] ? clear_bhb_loop+0x40/0x90 [ 1158.112490][T27566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1158.112519][T27566] RIP: 0033:0x7fa07cb9c799 [ 1158.112542][T27566] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1158.112568][T27566] RSP: 002b:00007fa07da0e028 EFLAGS: 00000246 ORIG_RAX: 000000000000007e [ 1158.112594][T27566] RAX: ffffffffffffffda RBX: 00007fa07ce15fa0 RCX: 00007fa07cb9c799 [ 1158.112613][T27566] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200 [ 1158.112630][T27566] RBP: 00007fa07da0e090 R08: 0000000000000000 R09: 0000000000000000 [ 1158.112647][T27566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1158.112664][T27566] R13: 00007fa07ce16038 R14: 00007fa07ce15fa0 R15: 00007ffce36a5dd8 [ 1158.112702][T27566] [ 1158.359493][T27569] FAULT_INJECTION: forcing a failure. [ 1158.359493][T27569] name failslab, interval 1, probability 0, space 0, times 0 [ 1158.372388][T27569] CPU: 0 UID: 0 PID: 27569 Comm: syz.2.4756 Tainted: G U syzkaller #0 PREEMPT(full) [ 1158.372433][T27569] Tainted: [U]=USER [ 1158.372444][T27569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1158.372461][T27569] Call Trace: [ 1158.372471][T27569] [ 1158.372482][T27569] dump_stack_lvl+0x100/0x190 [ 1158.372530][T27569] should_fail_ex.cold+0x5/0xa [ 1158.372563][T27569] should_failslab+0xc2/0x120 [ 1158.372593][T27569] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1158.372627][T27569] ? do_epoll_create+0x62/0x4b0 [ 1158.372662][T27569] do_epoll_create+0x62/0x4b0 [ 1158.372691][T27569] __x64_sys_epoll_create+0x45/0x70 [ 1158.372720][T27569] do_syscall_64+0x106/0xf80 [ 1158.372750][T27569] ? clear_bhb_loop+0x40/0x90 [ 1158.372778][T27569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1158.372795][T27569] RIP: 0033:0x7fa07cb9c799 [ 1158.372809][T27569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1158.372824][T27569] RSP: 002b:00007fa07da0e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 1158.372839][T27569] RAX: ffffffffffffffda RBX: 00007fa07ce15fa0 RCX: 00007fa07cb9c799 [ 1158.372849][T27569] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000003e [ 1158.372858][T27569] RBP: 00007fa07cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1158.372868][T27569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1158.372876][T27569] R13: 00007fa07ce16038 R14: 00007fa07ce15fa0 R15: 00007ffce36a5dd8 [ 1158.372896][T27569] [ 1158.612610][T14392] team0 (unregistering): Port device team_slave_1 removed [ 1158.645539][T14392] team0 (unregistering): Port device team_slave_0 removed [ 1158.979622][ T6000] Bluetooth: hci1: command tx timeout [ 1160.495426][T27504] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1160.555646][T27504] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1160.601346][ T6000] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 1160.700505][T27504] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1160.753509][T27504] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1161.057438][ T6000] Bluetooth: hci1: command tx timeout [ 1161.855099][T27504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1161.913877][T27504] 8021q: adding VLAN 0 to HW filter on device team0 [ 1161.925781][ T6694] bridge0: port 1(bridge_slave_0) entered blocking state [ 1161.932936][ T6694] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1161.969656][ T6694] bridge0: port 2(bridge_slave_1) entered blocking state [ 1161.976772][ T6694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1162.522277][T27504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1162.602114][T27504] veth0_vlan: entered promiscuous mode [ 1162.632211][T27504] veth1_vlan: entered promiscuous mode [ 1162.691991][T27504] veth0_macvtap: entered promiscuous mode [ 1162.719947][T27504] veth1_macvtap: entered promiscuous mode [ 1162.783281][T27504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1162.800787][T27504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1162.827971][T25980] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1162.852620][T14392] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1162.871895][T14392] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1162.934407][T14392] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.047795][T14385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1163.055642][T14385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1163.121502][T14387] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1163.136647][ T6000] Bluetooth: hci1: command tx timeout [ 1163.143566][T14387] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1164.631472][T26619] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1164.642357][T26619] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1164.650328][T26619] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1164.689712][T26619] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1164.716770][T26619] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1165.867682][T26619] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 1166.689871][T27689] chnl_net:caif_netlink_parms(): no params data found [ 1166.827294][T26619] Bluetooth: hci2: command tx timeout [ 1166.959704][T27741] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1167.318110][T27689] bridge0: port 1(bridge_slave_0) entered blocking state [ 1167.325653][T27689] bridge0: port 1(bridge_slave_0) entered disabled state [ 1167.333710][T27689] bridge_slave_0: entered allmulticast mode [ 1167.343596][T27689] bridge_slave_0: entered promiscuous mode [ 1167.398956][T27689] bridge0: port 2(bridge_slave_1) entered blocking state [ 1167.418884][T27689] bridge0: port 2(bridge_slave_1) entered disabled state [ 1167.434185][T27689] bridge_slave_1: entered allmulticast mode [ 1167.451678][T27689] bridge_slave_1: entered promiscuous mode [ 1167.629968][T27689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1167.741414][T27689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1167.922688][T27689] team0: Port device team_slave_0 added [ 1168.040099][T27689] team0: Port device team_slave_1 added [ 1168.130190][T27689] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1168.137250][T27689] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1168.163458][T27689] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1168.176800][T27689] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1168.183950][T27689] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1168.211043][T27689] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1168.359395][T27689] hsr_slave_0: entered promiscuous mode [ 1168.383902][T27689] hsr_slave_1: entered promiscuous mode [ 1168.412963][T27689] debugfs: 'hsr0' already exists in 'hsr' [ 1168.440772][T27689] Cannot create hsr debugfs directory [ 1168.896837][T26619] Bluetooth: hci2: command tx timeout [ 1169.130102][T27786] FAULT_INJECTION: forcing a failure. [ 1169.130102][T27786] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.130154][T27786] CPU: 0 UID: 0 PID: 27786 Comm: syz.1.4785 Tainted: G U syzkaller #0 PREEMPT(full) [ 1169.130176][T27786] Tainted: [U]=USER [ 1169.130181][T27786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1169.130191][T27786] Call Trace: [ 1169.130197][T27786] [ 1169.130203][T27786] dump_stack_lvl+0x100/0x190 [ 1169.130229][T27786] should_fail_ex.cold+0x5/0xa [ 1169.130248][T27786] should_failslab+0xc2/0x120 [ 1169.130264][T27786] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1169.130287][T27786] ? __d_alloc+0x34/0xa80 [ 1169.130308][T27786] __d_alloc+0x34/0xa80 [ 1169.130326][T27786] d_alloc+0x4a/0x1e0 [ 1169.130343][T27786] lookup_one_qstr_excl+0x175/0x250 [ 1169.130364][T27786] start_dirop+0x59/0xb0 [ 1169.130387][T27786] simple_start_creating+0xf9/0x110 [ 1169.130410][T27786] ? __pfx_simple_start_creating+0x10/0x10 [ 1169.130433][T27786] ? mntput+0x70/0xa0 [ 1169.130454][T27786] ? simple_pin_fs+0xa3/0x190 [ 1169.130475][T27786] debugfs_start_creating.part.0+0x82/0x170 [ 1169.130500][T27786] __debugfs_create_file+0xb3/0x4f0 [ 1169.130525][T27786] debugfs_create_file_full+0x41/0x60 [ 1169.130550][T27786] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1169.130567][T27786] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1169.130583][T27786] ? rcu_is_watching+0x12/0xc0 [ 1169.130622][T27786] ? lockdep_init_map_type+0x5c/0x250 [ 1169.130644][T27786] preinit_net.part.0+0x24e/0x8f0 [ 1169.130664][T27786] copy_net_ns+0x339/0x7c0 [ 1169.130697][T27786] create_new_namespaces+0x3ea/0xac0 [ 1169.130719][T27786] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1169.130737][T27786] ksys_unshare+0x473/0xad0 [ 1169.130759][T27786] ? __pfx_ksys_unshare+0x10/0x10 [ 1169.130784][T27786] __x64_sys_unshare+0x31/0x40 [ 1169.130802][T27786] do_syscall_64+0x106/0xf80 [ 1169.130820][T27786] ? clear_bhb_loop+0x40/0x90 [ 1169.130838][T27786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1169.130854][T27786] RIP: 0033:0x7ff6a3d9c799 [ 1169.130868][T27786] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1169.130883][T27786] RSP: 002b:00007ff6a4b9c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1169.130898][T27786] RAX: ffffffffffffffda RBX: 00007ff6a4015fa0 RCX: 00007ff6a3d9c799 [ 1169.130909][T27786] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1169.130919][T27786] RBP: 00007ff6a3e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1169.130929][T27786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1169.130938][T27786] R13: 00007ff6a4016038 R14: 00007ff6a4015fa0 R15: 00007ffead86ac08 [ 1169.130959][T27786] [ 1169.721021][T27689] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1169.822643][T27689] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1169.988169][T27689] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1170.025251][T27796] FAULT_INJECTION: forcing a failure. [ 1170.025251][T27796] name failslab, interval 1, probability 0, space 0, times 0 [ 1170.025330][T27796] CPU: 0 UID: 0 PID: 27796 Comm: syz.2.4786 Tainted: G U syzkaller #0 PREEMPT(full) [ 1170.025353][T27796] Tainted: [U]=USER [ 1170.025359][T27796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1170.025369][T27796] Call Trace: [ 1170.025374][T27796] [ 1170.025380][T27796] dump_stack_lvl+0x100/0x190 [ 1170.025407][T27796] should_fail_ex.cold+0x5/0xa [ 1170.025427][T27796] should_failslab+0xc2/0x120 [ 1170.025443][T27796] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1170.025465][T27796] ? __d_alloc+0x34/0xa80 [ 1170.025486][T27796] __d_alloc+0x34/0xa80 [ 1170.025505][T27796] d_alloc_pseudo+0x1c/0xc0 [ 1170.025525][T27796] alloc_file_pseudo+0xcf/0x230 [ 1170.025545][T27796] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1170.025578][T27796] __shmem_file_setup+0x221/0x490 [ 1170.025604][T27796] ? __pfx___shmem_file_setup+0x10/0x10 [ 1170.025628][T27796] ? vm_area_alloc+0x1f/0x160 [ 1170.025651][T27796] shmem_zero_setup+0x96/0x1b0 [ 1170.025675][T27796] __mmap_region+0x2198/0x29e0 [ 1170.025699][T27796] ? __pfx___mmap_region+0x10/0x10 [ 1170.025718][T27796] ? process_measurement+0x1f4/0x2350 [ 1170.025772][T27796] ? lockdep_hardirqs_on+0x78/0x100 [ 1170.025791][T27796] ? finish_task_switch.isra.0+0x205/0xb80 [ 1170.025809][T27796] ? rcu_is_watching+0x12/0xc0 [ 1170.025853][T27796] ? rcu_is_watching+0x12/0xc0 [ 1170.025874][T27796] ? cap_capable+0x107/0x460 [ 1170.025899][T27796] mmap_region+0x180/0x3e0 [ 1170.025924][T27796] do_mmap+0xc63/0x12f0 [ 1170.025944][T27796] ? __pfx_do_mmap+0x10/0x10 [ 1170.025960][T27796] ? __pfx_down_write_killable+0x10/0x10 [ 1170.025985][T27796] vm_mmap_pgoff+0x29e/0x470 [ 1170.026005][T27796] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1170.026023][T27796] ? do_futex+0x192/0x350 [ 1170.026042][T27796] ? __pfx_do_futex+0x10/0x10 [ 1170.026064][T27796] ksys_mmap_pgoff+0xe1/0x650 [ 1170.026080][T27796] ? __x64_sys_futex+0x34f/0x4d0 [ 1170.026097][T27796] ? __x64_sys_futex+0x358/0x4d0 [ 1170.026117][T27796] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1170.026133][T27796] ? xfd_validate_state+0x129/0x190 [ 1170.026158][T27796] __x64_sys_mmap+0x125/0x190 [ 1170.026181][T27796] do_syscall_64+0x106/0xf80 [ 1170.026198][T27796] ? clear_bhb_loop+0x40/0x90 [ 1170.026217][T27796] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1170.026232][T27796] RIP: 0033:0x7fa07cb9c799 [ 1170.026246][T27796] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1170.026261][T27796] RSP: 002b:00007fa07d9cc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1170.026276][T27796] RAX: ffffffffffffffda RBX: 00007fa07ce16180 RCX: 00007fa07cb9c799 [ 1170.026286][T27796] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1170.026296][T27796] RBP: 00007fa07cc32bd9 R08: fffffffffffffffa R09: 0000000000008000 [ 1170.026306][T27796] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1170.026318][T27796] R13: 00007fa07ce16218 R14: 00007fa07ce16180 R15: 00007ffce36a5dd8 [ 1170.026350][T27796] [ 1170.233409][T27689] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1170.251720][T27796] openvswitch: netlink: Key type 261 is out of range max 32 [ 1170.313442][T27798] Invalid ELF header magic: != ELF [ 1170.827510][T27689] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1170.848754][T27689] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1170.871813][T27689] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1170.892462][T27689] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1170.977844][T26619] Bluetooth: hci2: command tx timeout [ 1171.259700][T27689] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1171.296296][T27689] 8021q: adding VLAN 0 to HW filter on device team0 [ 1171.301481][T25980] bridge0: port 1(bridge_slave_0) entered blocking state [ 1171.301626][T25980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1171.555781][T25980] bridge0: port 2(bridge_slave_1) entered blocking state [ 1171.555892][T25980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1171.955719][T27819] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4790'. [ 1171.988217][T27812] mkiss: ax0: crc mode is auto. [ 1172.264365][T27821] zswap: compressor not available [ 1172.484205][T27689] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1172.801114][T27689] veth0_vlan: entered promiscuous mode [ 1172.975760][T27689] veth1_vlan: entered promiscuous mode [ 1173.061985][T26619] Bluetooth: hci2: command tx timeout [ 1173.276516][T27689] veth0_macvtap: entered promiscuous mode [ 1173.287594][T27689] veth1_macvtap: entered promiscuous mode [ 1173.388152][T27689] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1173.435468][T27689] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1173.605263][T27864] FAULT_INJECTION: forcing a failure. [ 1173.605263][T27864] name failslab, interval 1, probability 0, space 0, times 0 [ 1173.686517][T27864] CPU: 0 UID: 0 PID: 27864 Comm: syz.0.4796 Tainted: G U syzkaller #0 PREEMPT(full) [ 1173.686567][T27864] Tainted: [U]=USER [ 1173.686579][T27864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1173.686597][T27864] Call Trace: [ 1173.686607][T27864] [ 1173.686619][T27864] dump_stack_lvl+0x100/0x190 [ 1173.686670][T27864] should_fail_ex.cold+0x5/0xa [ 1173.686706][T27864] should_failslab+0xc2/0x120 [ 1173.686737][T27864] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1173.686775][T27864] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 1173.686835][T27864] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 1173.686893][T27864] ? __mutex_lock+0x26a/0x1b90 [ 1173.686934][T27864] ? snd_pcm_oss_sync+0x243/0x840 [ 1173.686977][T27864] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1173.687030][T27864] ? __pfx___mutex_lock+0x10/0x10 [ 1173.687074][T27864] ? __fsnotify_parent+0x2b4/0xca0 [ 1173.687117][T27864] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1173.687167][T27864] snd_pcm_oss_sync+0x265/0x840 [ 1173.687202][T27864] snd_pcm_oss_release+0x238/0x300 [ 1173.687231][T27864] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1173.687260][T27864] __fput+0x3ff/0xb40 [ 1173.687312][T27864] task_work_run+0x150/0x240 [ 1173.687355][T27864] ? __pfx_task_work_run+0x10/0x10 [ 1173.687407][T27864] exit_to_user_mode_loop+0x100/0x4a0 [ 1173.687447][T27864] do_syscall_64+0x668/0xf80 [ 1173.687482][T27864] ? clear_bhb_loop+0x40/0x90 [ 1173.687519][T27864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1173.687550][T27864] RIP: 0033:0x7f254859c799 [ 1173.687576][T27864] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1173.687605][T27864] RSP: 002b:00007f2549412028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1173.687634][T27864] RAX: 0000000000000000 RBX: 00007f2548816090 RCX: 00007f254859c799 [ 1173.687653][T27864] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1173.687670][T27864] RBP: 00007f2548632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1173.687688][T27864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1173.687706][T27864] R13: 00007f2548816128 R14: 00007f2548816090 R15: 00007ffd0fe792d8 [ 1173.687746][T27864] [ 1174.345835][T25980] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.368230][T25980] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.434689][T25980] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.444866][T25980] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.625930][T25980] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1174.694744][T25980] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1174.818553][T25980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1174.861039][T25980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1175.488562][T27887] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1175.653900][T27878] mkiss: ax0: crc mode is auto. [ 1176.007922][T27908] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1176.046701][T27879] zswap: compressor not available [ 1176.164214][T27913] FAULT_INJECTION: forcing a failure. [ 1176.164214][T27913] name failslab, interval 1, probability 0, space 0, times 0 [ 1176.186471][T27913] CPU: 1 UID: 0 PID: 27913 Comm: syz.3.4802 Tainted: G U syzkaller #0 PREEMPT(full) [ 1176.186517][T27913] Tainted: [U]=USER [ 1176.186528][T27913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1176.186546][T27913] Call Trace: [ 1176.186557][T27913] [ 1176.186569][T27913] dump_stack_lvl+0x100/0x190 [ 1176.186619][T27913] should_fail_ex.cold+0x5/0xa [ 1176.186654][T27913] should_failslab+0xc2/0x120 [ 1176.186686][T27913] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1176.186749][T27913] ? __d_alloc+0x34/0xa80 [ 1176.186790][T27913] __d_alloc+0x34/0xa80 [ 1176.186826][T27913] d_alloc+0x4a/0x1e0 [ 1176.186861][T27913] lookup_one_qstr_excl+0x175/0x250 [ 1176.186902][T27913] start_dirop+0x59/0xb0 [ 1176.186954][T27913] simple_start_creating+0xf9/0x110 [ 1176.187003][T27913] ? __pfx_simple_start_creating+0x10/0x10 [ 1176.187050][T27913] ? mntput+0x70/0xa0 [ 1176.187093][T27913] ? simple_pin_fs+0xa3/0x190 [ 1176.187136][T27913] debugfs_start_creating.part.0+0x82/0x170 [ 1176.187184][T27913] __debugfs_create_file+0xb3/0x4f0 [ 1176.187235][T27913] debugfs_create_file_full+0x41/0x60 [ 1176.187284][T27913] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1176.187326][T27913] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1176.187359][T27913] ? find_held_lock+0x2b/0x80 [ 1176.187420][T27913] ? lockdep_init_map_type+0x5c/0x250 [ 1176.187464][T27913] preinit_net.part.0+0x437/0x8f0 [ 1176.187504][T27913] copy_net_ns+0x339/0x7c0 [ 1176.187547][T27913] create_new_namespaces+0x3ea/0xac0 [ 1176.187588][T27913] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1176.187623][T27913] ksys_unshare+0x473/0xad0 [ 1176.187661][T27913] ? __pfx_ksys_unshare+0x10/0x10 [ 1176.187697][T27913] ? ksys_write+0x1ac/0x250 [ 1176.187736][T27913] __x64_sys_unshare+0x31/0x40 [ 1176.187772][T27913] do_syscall_64+0x106/0xf80 [ 1176.187807][T27913] ? clear_bhb_loop+0x40/0x90 [ 1176.187845][T27913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.187877][T27913] RIP: 0033:0x7ff08b79c799 [ 1176.187903][T27913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1176.187932][T27913] RSP: 002b:00007ff08c63a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1176.187967][T27913] RAX: ffffffffffffffda RBX: 00007ff08ba15fa0 RCX: 00007ff08b79c799 [ 1176.187987][T27913] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1176.188006][T27913] RBP: 00007ff08b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1176.188024][T27913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1176.188043][T27913] R13: 00007ff08ba16038 R14: 00007ff08ba15fa0 R15: 00007ffe2c4545e8 [ 1176.188082][T27913] [ 1177.219715][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.226110][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.802821][T27936] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 1180.442266][T27990] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4822'. [ 1180.451348][T27990] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1180.462100][T27990] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1180.470455][T27990] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1180.478159][T27990] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1180.783604][T27998] netlink: 'syz.3.4824': attribute type 27 has an invalid length. [ 1180.791962][T27998] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4824'. [ 1180.891055][T28002] FAULT_INJECTION: forcing a failure. [ 1180.891055][T28002] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1180.906923][T28002] CPU: 1 UID: 0 PID: 28002 Comm: syz.0.4826 Tainted: G U syzkaller #0 PREEMPT(full) [ 1180.906948][T28002] Tainted: [U]=USER [ 1180.906953][T28002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1180.906962][T28002] Call Trace: [ 1180.906971][T28002] [ 1180.906981][T28002] dump_stack_lvl+0x100/0x190 [ 1180.907035][T28002] should_fail_ex.cold+0x5/0xa [ 1180.907054][T28002] _copy_from_user+0x2e/0xd0 [ 1180.907070][T28002] kstrtouint_from_user+0xd6/0x1d0 [ 1180.907089][T28002] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1180.907107][T28002] ? __lock_acquire+0x4a5/0x2630 [ 1180.907128][T28002] ? ocfs2_get_block+0x540/0x22f0 [ 1180.907248][T28002] proc_fail_nth_write+0x83/0x220 [ 1180.907267][T28002] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1180.907291][T28002] vfs_write+0x2aa/0x1070 [ 1180.907315][T28002] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1180.907334][T28002] ? __pfx_vfs_write+0x10/0x10 [ 1180.907358][T28002] ? __pfx_do_sys_openat2+0x10/0x10 [ 1180.907386][T28002] ksys_write+0x12a/0x250 [ 1180.907399][T28002] ? __pfx_ksys_write+0x10/0x10 [ 1180.907418][T28002] do_syscall_64+0x106/0xf80 [ 1180.907436][T28002] ? clear_bhb_loop+0x40/0x90 [ 1180.907455][T28002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1180.907470][T28002] RIP: 0033:0x7f254855cfce [ 1180.907484][T28002] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1180.907500][T28002] RSP: 002b:00007f2549432fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1180.907515][T28002] RAX: ffffffffffffffda RBX: 00007f25494336c0 RCX: 00007f254855cfce [ 1180.907525][T28002] RDX: 0000000000000001 RSI: 00007f25494330a0 RDI: 0000000000000004 [ 1180.907533][T28002] RBP: 00007f2549433090 R08: 0000000000000000 R09: 0000000000000000 [ 1180.907542][T28002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1180.907551][T28002] R13: 00007f2548816038 R14: 00007f2548815fa0 R15: 00007ffd0fe792d8 [ 1180.907571][T28002] [ 1181.559943][T28016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4831'. [ 1181.630421][T28019] vivid-007: ================= START STATUS ================= [ 1181.646577][T28019] vivid-007: Generate PTS: true [ 1181.651803][T28019] vivid-007: Generate SCR: true [ 1181.676512][T28019] tpg source WxH: 320x240 (Y'CbCr) [ 1181.687682][T28019] tpg field: 1 [ 1181.691080][T28019] tpg crop: (0,0)/320x240 [ 1181.716661][T28019] tpg compose: (0,0)/320x240 [ 1181.721280][T28019] tpg colorspace: 8 [ 1181.725066][T28019] tpg transfer function: 0/0 [ 1181.734878][T28027] FAULT_INJECTION: forcing a failure. [ 1181.734878][T28027] name failslab, interval 1, probability 0, space 0, times 0 [ 1181.761004][T28019] tpg Y'CbCr encoding: 0/0 [ 1181.765442][T28019] tpg quantization: 0/0 [ 1181.777708][T28019] tpg RGB range: 0/2 [ 1181.781770][T28019] vivid-007: ================== END STATUS ================== [ 1181.784252][T28027] CPU: 1 UID: 0 PID: 28027 Comm: syz.2.4833 Tainted: G U syzkaller #0 PREEMPT(full) [ 1181.784292][T28027] Tainted: [U]=USER [ 1181.784302][T28027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1181.784318][T28027] Call Trace: [ 1181.784328][T28027] [ 1181.784339][T28027] dump_stack_lvl+0x100/0x190 [ 1181.784393][T28027] should_fail_ex.cold+0x5/0xa [ 1181.784426][T28027] should_failslab+0xc2/0x120 [ 1181.784455][T28027] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1181.784495][T28027] ? dst_alloc+0x99/0x1a0 [ 1181.784520][T28027] ? find_held_lock+0x2b/0x80 [ 1181.784546][T28027] ? ip_check_mc_rcu+0x60e/0x780 [ 1181.784587][T28027] dst_alloc+0x99/0x1a0 [ 1181.784617][T28027] rt_dst_alloc+0x35/0x3a0 [ 1181.784655][T28027] ip_route_output_key_hash_rcu+0x87a/0x2870 [ 1181.784709][T28027] ip_route_output_key_hash+0x118/0x2b0 [ 1181.784752][T28027] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 1181.784805][T28027] ? find_held_lock+0x2b/0x80 [ 1181.784835][T28027] ip_route_output_flow+0x27/0x150 [ 1181.784865][T28027] raw_sendmsg+0xb1d/0x35f0 [ 1181.784995][T28027] ? __pfx_raw_sendmsg+0x10/0x10 [ 1181.785036][T28027] ? __lock_acquire+0x4a5/0x2630 [ 1181.785077][T28027] ? __lock_acquire+0x4a5/0x2630 [ 1181.785142][T28027] ? __import_iovec+0x1d2/0x640 [ 1181.785174][T28027] ? __pfx_raw_sendmsg+0x10/0x10 [ 1181.785217][T28027] inet_sendmsg+0x11c/0x140 [ 1181.785258][T28027] ____sys_sendmsg+0x98d/0xb70 [ 1181.785296][T28027] ? __pfx_inet_sendmsg+0x10/0x10 [ 1181.785339][T28027] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1181.785382][T28027] ? rcu_is_watching+0x12/0xc0 [ 1181.785428][T28027] ? ___sys_sendmsg+0x19d/0x1e0 [ 1181.785465][T28027] ? kfree+0x2ec/0x6b0 [ 1181.785504][T28027] ___sys_sendmsg+0x190/0x1e0 [ 1181.785547][T28027] ? __pfx____sys_sendmsg+0x10/0x10 [ 1181.785621][T28027] ? __pfx___might_resched+0x10/0x10 [ 1181.785666][T28027] __sys_sendmmsg+0x205/0x430 [ 1181.785705][T28027] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1181.785749][T28027] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1181.785800][T28027] ? fput+0x79/0x100 [ 1181.785830][T28027] ? ksys_write+0x1ac/0x250 [ 1181.785855][T28027] ? __pfx_ksys_write+0x10/0x10 [ 1181.785886][T28027] __x64_sys_sendmmsg+0x9c/0x100 [ 1181.785918][T28027] ? lockdep_hardirqs_on+0x78/0x100 [ 1181.785951][T28027] do_syscall_64+0x106/0xf80 [ 1181.785982][T28027] ? clear_bhb_loop+0x40/0x90 [ 1181.786016][T28027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1181.786045][T28027] RIP: 0033:0x7fa07cb9c799 [ 1181.786067][T28027] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1181.786094][T28027] RSP: 002b:00007fa07da0e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1181.786120][T28027] RAX: ffffffffffffffda RBX: 00007fa07ce15fa0 RCX: 00007fa07cb9c799 [ 1181.786154][T28027] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 1181.786170][T28027] RBP: 00007fa07da0e090 R08: 0000000000000000 R09: 0000000000000000 [ 1181.786187][T28027] R10: 000000000000e000 R11: 0000000000000246 R12: 0000000000000002 [ 1181.786205][T28027] R13: 00007fa07ce16038 R14: 00007fa07ce15fa0 R15: 00007ffce36a5dd8 [ 1181.786243][T28027] [ 1182.106613][T28036] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 1182.293512][T28037] Invalid ELF header magic: != ELF [ 1182.865139][ T30] audit: type=1800 audit(4294967367.120:22): pid=28051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4839" name="discovery_nqn" dev="configfs" ino=119175 res=0 errno=0 [ 1183.363769][T28060] zswap: compressor not available [ 1184.109091][T28079] FAULT_INJECTION: forcing a failure. [ 1184.109091][T28079] name failslab, interval 1, probability 0, space 0, times 0 [ 1184.190948][T28079] CPU: 1 UID: 0 PID: 28079 Comm: syz.0.4847 Tainted: G U syzkaller #0 PREEMPT(full) [ 1184.190996][T28079] Tainted: [U]=USER [ 1184.191006][T28079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1184.191024][T28079] Call Trace: [ 1184.191034][T28079] [ 1184.191045][T28079] dump_stack_lvl+0x100/0x190 [ 1184.191094][T28079] should_fail_ex.cold+0x5/0xa [ 1184.191129][T28079] should_failslab+0xc2/0x120 [ 1184.191162][T28079] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1184.191215][T28079] ? security_inode_alloc+0x3b/0x2c0 [ 1184.191257][T28079] ? lockdep_init_map_type+0x5c/0x250 [ 1184.191299][T28079] security_inode_alloc+0x3b/0x2c0 [ 1184.191340][T28079] inode_init_always_gfp+0xced/0x1040 [ 1184.191374][T28079] alloc_inode+0x8e/0x250 [ 1184.191410][T28079] new_inode+0x22/0x1c0 [ 1184.191449][T28079] shmem_get_inode+0x212/0x1040 [ 1184.191493][T28079] ? __pfx_shmem_get_inode+0x10/0x10 [ 1184.191529][T28079] ? rcu_is_watching+0x12/0xc0 [ 1184.191569][T28079] ? percpu_counter_add_batch+0xb9/0x230 [ 1184.191708][T28079] __shmem_file_setup+0x3ac/0x490 [ 1184.191746][T28079] ? __pfx___shmem_file_setup+0x10/0x10 [ 1184.191791][T28079] ? vm_area_alloc+0x1f/0x160 [ 1184.191833][T28079] shmem_zero_setup+0x96/0x1b0 [ 1184.191880][T28079] __mmap_region+0x2198/0x29e0 [ 1184.191929][T28079] ? __pfx___mmap_region+0x10/0x10 [ 1184.191992][T28079] ? __lock_acquire+0x4a5/0x2630 [ 1184.192027][T28079] ? find_held_lock+0x2b/0x80 [ 1184.192066][T28079] ? find_held_lock+0x2b/0x80 [ 1184.192091][T28079] ? finish_task_switch.isra.0+0x200/0xb80 [ 1184.192121][T28079] ? finish_task_switch.isra.0+0x200/0xb80 [ 1184.192167][T28079] ? trace_sched_exit_tp+0x13a/0x180 [ 1184.192211][T28079] ? __schedule+0x1000/0x6120 [ 1184.192292][T28079] ? rcu_is_watching+0x12/0xc0 [ 1184.192336][T28079] ? cap_capable+0x107/0x460 [ 1184.192384][T28079] mmap_region+0x180/0x3e0 [ 1184.192431][T28079] do_mmap+0xc63/0x12f0 [ 1184.192469][T28079] ? __pfx_do_mmap+0x10/0x10 [ 1184.192500][T28079] ? __pfx_down_write_killable+0x10/0x10 [ 1184.192546][T28079] vm_mmap_pgoff+0x29e/0x470 [ 1184.192585][T28079] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1184.192620][T28079] ? do_futex+0x192/0x350 [ 1184.192656][T28079] ? __pfx_do_futex+0x10/0x10 [ 1184.192697][T28079] ksys_mmap_pgoff+0xe1/0x650 [ 1184.192728][T28079] ? __x64_sys_futex+0x34f/0x4d0 [ 1184.192762][T28079] ? __x64_sys_futex+0x358/0x4d0 [ 1184.192798][T28079] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1184.192828][T28079] ? xfd_validate_state+0x129/0x190 [ 1184.192875][T28079] __x64_sys_mmap+0x125/0x190 [ 1184.192919][T28079] do_syscall_64+0x106/0xf80 [ 1184.192951][T28079] ? clear_bhb_loop+0x40/0x90 [ 1184.192987][T28079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1184.193017][T28079] RIP: 0033:0x7f254859c799 [ 1184.193043][T28079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1184.193069][T28079] RSP: 002b:00007f25493f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1184.193097][T28079] RAX: ffffffffffffffda RBX: 00007f2548816180 RCX: 00007f254859c799 [ 1184.193117][T28079] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1184.193133][T28079] RBP: 00007f2548632bd9 R08: fffffffffffffffa R09: 0000000000008000 [ 1184.193152][T28079] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1184.193170][T28079] R13: 00007f2548816218 R14: 00007f2548816180 R15: 00007ffd0fe792d8 [ 1184.193214][T28079] [ 1184.664670][T28079] openvswitch: netlink: Key type 261 is out of range max 32 [ 1185.520305][T26619] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1185.535113][T26619] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1185.562917][T26619] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1185.571057][T26619] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1185.586228][T26619] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1186.268571][T28103] chnl_net:caif_netlink_parms(): no params data found [ 1186.859079][T28125] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1187.082154][T28103] bridge0: port 1(bridge_slave_0) entered blocking state [ 1187.093672][T28103] bridge0: port 1(bridge_slave_0) entered disabled state [ 1187.101711][T28103] bridge_slave_0: entered allmulticast mode [ 1187.114369][T28103] bridge_slave_0: entered promiscuous mode [ 1187.233026][T28142] FAULT_INJECTION: forcing a failure. [ 1187.233026][T28142] name failslab, interval 1, probability 0, space 0, times 0 [ 1187.271496][T28142] CPU: 1 UID: 0 PID: 28142 Comm: syz.3.4862 Tainted: G U syzkaller #0 PREEMPT(full) [ 1187.271545][T28142] Tainted: [U]=USER [ 1187.271555][T28142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1187.271574][T28142] Call Trace: [ 1187.271585][T28142] [ 1187.271597][T28142] dump_stack_lvl+0x100/0x190 [ 1187.271646][T28142] should_fail_ex.cold+0x5/0xa [ 1187.271682][T28142] should_failslab+0xc2/0x120 [ 1187.271714][T28142] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1187.271761][T28142] ? __d_alloc+0x34/0xa80 [ 1187.271801][T28142] __d_alloc+0x34/0xa80 [ 1187.271838][T28142] d_alloc+0x4a/0x1e0 [ 1187.271888][T28142] lookup_one_qstr_excl+0x175/0x250 [ 1187.271933][T28142] start_dirop+0x59/0xb0 [ 1187.271979][T28142] simple_start_creating+0xf9/0x110 [ 1187.272025][T28142] ? __pfx_simple_start_creating+0x10/0x10 [ 1187.272073][T28142] ? mntput+0x70/0xa0 [ 1187.272115][T28142] ? simple_pin_fs+0xa3/0x190 [ 1187.272157][T28142] debugfs_start_creating.part.0+0x82/0x170 [ 1187.272206][T28142] __debugfs_create_file+0xb3/0x4f0 [ 1187.272256][T28142] debugfs_create_file_full+0x41/0x60 [ 1187.272306][T28142] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1187.272340][T28142] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1187.272372][T28142] ? rcu_is_watching+0x12/0xc0 [ 1187.272447][T28142] ? lockdep_init_map_type+0x5c/0x250 [ 1187.272492][T28142] preinit_net.part.0+0x24e/0x8f0 [ 1187.272536][T28142] copy_net_ns+0x339/0x7c0 [ 1187.272581][T28142] create_new_namespaces+0x3ea/0xac0 [ 1187.272622][T28142] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1187.272657][T28142] ksys_unshare+0x473/0xad0 [ 1187.272695][T28142] ? __pfx_ksys_unshare+0x10/0x10 [ 1187.272744][T28142] __x64_sys_unshare+0x31/0x40 [ 1187.272780][T28142] do_syscall_64+0x106/0xf80 [ 1187.272814][T28142] ? clear_bhb_loop+0x40/0x90 [ 1187.272852][T28142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1187.272890][T28142] RIP: 0033:0x7ff08b79c799 [ 1187.272914][T28142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1187.272944][T28142] RSP: 002b:00007ff08c63a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1187.272975][T28142] RAX: ffffffffffffffda RBX: 00007ff08ba15fa0 RCX: 00007ff08b79c799 [ 1187.272996][T28142] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1187.273014][T28142] RBP: 00007ff08b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1187.273033][T28142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1187.273050][T28142] R13: 00007ff08ba16038 R14: 00007ff08ba15fa0 R15: 00007ffe2c4545e8 [ 1187.273089][T28142] [ 1187.274232][T28103] bridge0: port 2(bridge_slave_1) entered blocking state [ 1187.559028][T28144] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4863'. [ 1187.621152][T26619] Bluetooth: hci4: command tx timeout [ 1187.796592][T28103] bridge0: port 2(bridge_slave_1) entered disabled state [ 1187.811882][T28103] bridge_slave_1: entered allmulticast mode [ 1187.829058][T28103] bridge_slave_1: entered promiscuous mode [ 1187.869589][T28144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1187.877136][T28144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1187.915860][T28144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1187.923631][T28144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1188.136811][T28103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1188.196980][T28103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1188.273866][T28147] FAULT_INJECTION: forcing a failure. [ 1188.273866][T28147] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1188.297028][T28103] team0: Port device team_slave_0 added [ 1188.306546][T28147] CPU: 0 UID: 0 PID: 28147 Comm: syz.0.4864 Tainted: G U syzkaller #0 PREEMPT(full) [ 1188.306585][T28147] Tainted: [U]=USER [ 1188.306594][T28147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1188.306607][T28147] Call Trace: [ 1188.306616][T28147] [ 1188.306627][T28147] dump_stack_lvl+0x100/0x190 [ 1188.306671][T28147] should_fail_ex.cold+0x5/0xa [ 1188.306699][T28147] ? page_copy_sane+0x17c/0x2d0 [ 1188.306743][T28147] copy_folio_from_iter_atomic+0x427/0x1e70 [ 1188.306789][T28147] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 1188.306820][T28147] ? shmem_write_begin+0x1ba/0x420 [ 1188.306865][T28147] ? __pfx_shmem_write_begin+0x10/0x10 [ 1188.306910][T28147] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 1188.306949][T28147] generic_perform_write+0x4cb/0xa40 [ 1188.307001][T28147] ? __pfx_generic_perform_write+0x10/0x10 [ 1188.307038][T28147] ? __mark_inode_dirty+0x55c/0x1790 [ 1188.307079][T28147] ? mnt_put_write_access_file+0x4e/0x100 [ 1188.307108][T28147] ? file_update_time_flags+0x373/0x500 [ 1188.307146][T28147] shmem_file_write_iter+0x10e/0x140 [ 1188.307179][T28147] vfs_write+0x6ac/0x1070 [ 1188.307223][T28147] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1188.307257][T28147] ? __pfx_vfs_write+0x10/0x10 [ 1188.307329][T28147] ksys_write+0x12a/0x250 [ 1188.307356][T28147] ? __pfx_ksys_write+0x10/0x10 [ 1188.307394][T28147] do_syscall_64+0x106/0xf80 [ 1188.307427][T28147] ? clear_bhb_loop+0x40/0x90 [ 1188.307462][T28147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1188.307491][T28147] RIP: 0033:0x7f254859c799 [ 1188.307515][T28147] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1188.307541][T28147] RSP: 002b:00007f2549433028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1188.307568][T28147] RAX: ffffffffffffffda RBX: 00007f2548815fa0 RCX: 00007f254859c799 [ 1188.307587][T28147] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1188.307604][T28147] RBP: 00007f2549433090 R08: 0000000000000000 R09: 0000000000000000 [ 1188.307622][T28147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1188.307638][T28147] R13: 00007f2548816038 R14: 00007f2548815fa0 R15: 00007ffd0fe792d8 [ 1188.307677][T28147] [ 1188.400408][T28103] team0: Port device team_slave_1 added [ 1188.689708][T28103] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1188.696876][T28103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1188.740670][T28103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1188.754375][T28103] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1188.761393][T28103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1188.818132][T28103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1188.964444][T28103] hsr_slave_0: entered promiscuous mode [ 1188.971405][T28103] hsr_slave_1: entered promiscuous mode [ 1188.985967][T28103] debugfs: 'hsr0' already exists in 'hsr' [ 1188.997505][T28103] Cannot create hsr debugfs directory [ 1189.632866][T28164] Invalid ELF header magic: != ELF [ 1189.696572][T26619] Bluetooth: hci4: command tx timeout [ 1190.264758][T28103] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1190.522458][T28174] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1190.538880][T28103] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1190.651287][T28103] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1190.743979][T28103] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1190.773501][T28179] HfR: entered promiscuous mode [ 1190.868396][T28180] Invalid ELF header magic: != ELF [ 1191.035868][T28103] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1191.061853][T28103] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1191.081977][T28103] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1191.117999][T28103] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1191.294756][T28103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1191.328788][T28103] 8021q: adding VLAN 0 to HW filter on device team0 [ 1191.364115][T25980] bridge0: port 1(bridge_slave_0) entered blocking state [ 1191.371436][T25980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1191.409962][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 1191.417229][ T5950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1191.465704][T28200] FAULT_INJECTION: forcing a failure. [ 1191.465704][T28200] name failslab, interval 1, probability 0, space 0, times 0 [ 1191.481971][T28200] CPU: 1 UID: 0 PID: 28200 Comm: syz.3.4875 Tainted: G U syzkaller #0 PREEMPT(full) [ 1191.482016][T28200] Tainted: [U]=USER [ 1191.482026][T28200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1191.482039][T28200] Call Trace: [ 1191.482047][T28200] [ 1191.482058][T28200] dump_stack_lvl+0x100/0x190 [ 1191.482108][T28200] should_fail_ex.cold+0x5/0xa [ 1191.482143][T28200] should_failslab+0xc2/0x120 [ 1191.482175][T28200] __kvmalloc_node_noprof+0xfa/0xa00 [ 1191.482219][T28200] ? traverse.part.0.constprop.0+0x397/0x650 [ 1191.482276][T28200] traverse.part.0.constprop.0+0x397/0x650 [ 1191.482332][T28200] seq_read_iter+0x93f/0x1270 [ 1191.482378][T28200] ? aa_file_perm+0x7f3/0x14d0 [ 1191.482423][T28200] seq_read+0x33b/0x4c0 [ 1191.482465][T28200] ? __pfx_seq_read+0x10/0x10 [ 1191.482532][T28200] ? __pfx_seq_read+0x10/0x10 [ 1191.482574][T28200] proc_reg_read+0x240/0x330 [ 1191.482616][T28200] ? __pfx_proc_reg_read+0x10/0x10 [ 1191.482660][T28200] vfs_read+0x1e4/0xb30 [ 1191.482708][T28200] ? __pfx_vfs_read+0x10/0x10 [ 1191.482749][T28200] ? find_held_lock+0x2b/0x80 [ 1191.482775][T28200] ? __fget_files+0x215/0x3d0 [ 1191.482798][T28200] ? __fget_files+0x215/0x3d0 [ 1191.482831][T28200] ? __fget_files+0x21f/0x3d0 [ 1191.482866][T28200] __x64_sys_pread64+0x1eb/0x250 [ 1191.482893][T28200] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1191.482932][T28200] do_syscall_64+0x106/0xf80 [ 1191.482975][T28200] ? clear_bhb_loop+0x40/0x90 [ 1191.483009][T28200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.483038][T28200] RIP: 0033:0x7ff08b79c799 [ 1191.483060][T28200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1191.483087][T28200] RSP: 002b:00007ff08c63a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1191.483113][T28200] RAX: ffffffffffffffda RBX: 00007ff08ba15fa0 RCX: 00007ff08b79c799 [ 1191.483133][T28200] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000003 [ 1191.483151][T28200] RBP: 00007ff08b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1191.483169][T28200] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 1191.483187][T28200] R13: 00007ff08ba16038 R14: 00007ff08ba15fa0 R15: 00007ffe2c4545e8 [ 1191.483227][T28200] [ 1191.816634][T26619] Bluetooth: hci4: command tx timeout [ 1192.257238][T28211] FAULT_INJECTION: forcing a failure. [ 1192.257238][T28211] name failslab, interval 1, probability 0, space 0, times 0 [ 1192.273934][T28211] CPU: 0 UID: 0 PID: 28211 Comm: syz.3.4877 Tainted: G U syzkaller #0 PREEMPT(full) [ 1192.273980][T28211] Tainted: [U]=USER [ 1192.273990][T28211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1192.274008][T28211] Call Trace: [ 1192.274017][T28211] [ 1192.274029][T28211] dump_stack_lvl+0x100/0x190 [ 1192.274078][T28211] should_fail_ex.cold+0x5/0xa [ 1192.274113][T28211] should_failslab+0xc2/0x120 [ 1192.274147][T28211] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1192.274191][T28211] ? __d_alloc+0x34/0xa80 [ 1192.274230][T28211] __d_alloc+0x34/0xa80 [ 1192.274265][T28211] d_alloc+0x4a/0x1e0 [ 1192.274296][T28211] lookup_one_qstr_excl+0x175/0x250 [ 1192.274336][T28211] start_dirop+0x59/0xb0 [ 1192.274379][T28211] simple_start_creating+0xf9/0x110 [ 1192.274423][T28211] ? __pfx_simple_start_creating+0x10/0x10 [ 1192.274468][T28211] ? mntput+0x70/0xa0 [ 1192.274508][T28211] ? simple_pin_fs+0xa3/0x190 [ 1192.274550][T28211] debugfs_start_creating.part.0+0x82/0x170 [ 1192.274596][T28211] __debugfs_create_file+0xb3/0x4f0 [ 1192.274647][T28211] debugfs_create_file_full+0x41/0x60 [ 1192.274695][T28211] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1192.274728][T28211] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1192.274759][T28211] ? rcu_is_watching+0x12/0xc0 [ 1192.274833][T28211] ? lockdep_init_map_type+0x5c/0x250 [ 1192.274887][T28211] preinit_net.part.0+0x24e/0x8f0 [ 1192.274928][T28211] copy_net_ns+0x339/0x7c0 [ 1192.274968][T28211] create_new_namespaces+0x3ea/0xac0 [ 1192.275008][T28211] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1192.275042][T28211] ksys_unshare+0x473/0xad0 [ 1192.275077][T28211] ? tick_program_event+0xb0/0x140 [ 1192.275106][T28211] ? __pfx_ksys_unshare+0x10/0x10 [ 1192.275156][T28211] __x64_sys_unshare+0x31/0x40 [ 1192.275191][T28211] do_syscall_64+0x106/0xf80 [ 1192.275225][T28211] ? clear_bhb_loop+0x40/0x90 [ 1192.275261][T28211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.275291][T28211] RIP: 0033:0x7ff08b79c799 [ 1192.275316][T28211] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1192.275344][T28211] RSP: 002b:00007ff08c63a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1192.275370][T28211] RAX: ffffffffffffffda RBX: 00007ff08ba15fa0 RCX: 00007ff08b79c799 [ 1192.275391][T28211] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1192.275408][T28211] RBP: 00007ff08b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1192.275427][T28211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1192.275444][T28211] R13: 00007ff08ba16038 R14: 00007ff08ba15fa0 R15: 00007ffe2c4545e8 [ 1192.275485][T28211] [ 1192.744669][T28103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1192.891560][T28221] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4878'. [ 1193.107858][T28103] veth0_vlan: entered promiscuous mode [ 1193.153900][T28103] veth1_vlan: entered promiscuous mode [ 1193.323890][T28103] veth0_macvtap: entered promiscuous mode [ 1193.504849][T28103] veth1_macvtap: entered promiscuous mode [ 1193.551838][T28103] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1193.576125][T28103] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1193.593358][T14385] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1193.643494][T14385] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1193.702851][T14385] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1193.743674][T14385] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1193.844465][T14385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1193.857001][T26619] Bluetooth: hci4: command tx timeout [ 1193.881476][T14385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1193.946101][T25980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1193.968066][T25980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1195.063505][T28255] Invalid ELF header magic: != ELF [ 1195.716587][T26619] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1197.256862][T28300] FAULT_INJECTION: forcing a failure. [ 1197.256862][T28300] name failslab, interval 1, probability 0, space 0, times 0 [ 1197.296167][T28300] CPU: 1 UID: 0 PID: 28300 Comm: syz.1.4900 Tainted: G U syzkaller #0 PREEMPT(full) [ 1197.296209][T28300] Tainted: [U]=USER [ 1197.296219][T28300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1197.296234][T28300] Call Trace: [ 1197.296243][T28300] [ 1197.296254][T28300] dump_stack_lvl+0x100/0x190 [ 1197.296299][T28300] should_fail_ex.cold+0x5/0xa [ 1197.296335][T28300] should_failslab+0xc2/0x120 [ 1197.296362][T28300] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1197.296400][T28300] ? alloc_empty_file+0x55/0x1c0 [ 1197.296433][T28300] ? __pfx_stack_trace_save+0x10/0x10 [ 1197.296467][T28300] alloc_empty_file+0x55/0x1c0 [ 1197.296500][T28300] path_openat+0xe8/0x31a0 [ 1197.296527][T28300] ? kasan_save_stack+0x3f/0x50 [ 1197.296565][T28300] ? kasan_save_stack+0x30/0x50 [ 1197.296602][T28300] ? kasan_save_track+0x14/0x30 [ 1197.296639][T28300] ? __kasan_slab_alloc+0x89/0x90 [ 1197.296663][T28300] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1197.296701][T28300] ? do_getname+0x35/0x390 [ 1197.296731][T28300] ? do_sys_openat2+0xc5/0x1e0 [ 1197.296764][T28300] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.296798][T28300] ? __pfx_path_openat+0x10/0x10 [ 1197.296848][T28300] do_file_open+0x20e/0x430 [ 1197.296879][T28300] ? __pfx_do_file_open+0x10/0x10 [ 1197.296933][T28300] ? alloc_fd+0x476/0x790 [ 1197.296963][T28300] ? do_getname+0x191/0x390 [ 1197.296998][T28300] do_sys_openat2+0x10d/0x1e0 [ 1197.297033][T28300] ? __pfx_do_sys_openat2+0x10/0x10 [ 1197.297065][T28300] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1197.297105][T28300] ? __fget_files+0x21f/0x3d0 [ 1197.297138][T28300] __x64_sys_openat+0x12d/0x210 [ 1197.297174][T28300] ? __pfx___x64_sys_openat+0x10/0x10 [ 1197.297208][T28300] ? ksys_write+0x1ac/0x250 [ 1197.297245][T28300] do_syscall_64+0x106/0xf80 [ 1197.297276][T28300] ? clear_bhb_loop+0x40/0x90 [ 1197.297310][T28300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.297339][T28300] RIP: 0033:0x7ff6a3d9c799 [ 1197.297362][T28300] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1197.297388][T28300] RSP: 002b:00007ff6a4b9c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1197.297415][T28300] RAX: ffffffffffffffda RBX: 00007ff6a4015fa0 RCX: 00007ff6a3d9c799 [ 1197.297434][T28300] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1197.297452][T28300] RBP: 00007ff6a4b9c090 R08: 0000000000000000 R09: 0000000000000000 [ 1197.297470][T28300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1197.297487][T28300] R13: 00007ff6a4016038 R14: 00007ff6a4015fa0 R15: 00007ffead86ac08 [ 1197.297525][T28300] [ 1197.852092][ T6000] Bluetooth: hci2: command 0x2016 tx timeout [ 1198.789182][T28331] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4910'. [ 1199.680766][T28353] FAULT_INJECTION: forcing a failure. [ 1199.680766][T28353] name failslab, interval 1, probability 0, space 0, times 0 [ 1199.704403][T28353] CPU: 0 UID: 0 PID: 28353 Comm: syz.2.4915 Tainted: G U syzkaller #0 PREEMPT(full) [ 1199.704447][T28353] Tainted: [U]=USER [ 1199.704458][T28353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1199.704475][T28353] Call Trace: [ 1199.704484][T28353] [ 1199.704495][T28353] dump_stack_lvl+0x100/0x190 [ 1199.704547][T28353] should_fail_ex.cold+0x5/0xa [ 1199.704583][T28353] should_failslab+0xc2/0x120 [ 1199.704624][T28353] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1199.704670][T28353] ? __d_alloc+0x34/0xa80 [ 1199.704711][T28353] __d_alloc+0x34/0xa80 [ 1199.704747][T28353] d_alloc+0x4a/0x1e0 [ 1199.704782][T28353] lookup_one_qstr_excl+0x175/0x250 [ 1199.704825][T28353] start_dirop+0x59/0xb0 [ 1199.704870][T28353] simple_start_creating+0xf9/0x110 [ 1199.704915][T28353] ? __pfx_simple_start_creating+0x10/0x10 [ 1199.704962][T28353] ? mntput+0x70/0xa0 [ 1199.705004][T28353] ? simple_pin_fs+0xa3/0x190 [ 1199.705046][T28353] debugfs_start_creating.part.0+0x82/0x170 [ 1199.705094][T28353] __debugfs_create_file+0xb3/0x4f0 [ 1199.705144][T28353] debugfs_create_file_full+0x41/0x60 [ 1199.705196][T28353] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1199.705231][T28353] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1199.705264][T28353] ? find_held_lock+0x2b/0x80 [ 1199.705324][T28353] ? lockdep_init_map_type+0x5c/0x250 [ 1199.705369][T28353] preinit_net.part.0+0x437/0x8f0 [ 1199.705409][T28353] copy_net_ns+0x339/0x7c0 [ 1199.705452][T28353] create_new_namespaces+0x3ea/0xac0 [ 1199.705492][T28353] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1199.705525][T28353] ksys_unshare+0x473/0xad0 [ 1199.705561][T28353] ? __pfx_ksys_unshare+0x10/0x10 [ 1199.705611][T28353] __x64_sys_unshare+0x31/0x40 [ 1199.705655][T28353] do_syscall_64+0x106/0xf80 [ 1199.705690][T28353] ? clear_bhb_loop+0x40/0x90 [ 1199.705727][T28353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1199.705758][T28353] RIP: 0033:0x7f5b1fb9c799 [ 1199.705783][T28353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1199.705811][T28353] RSP: 002b:00007f5b20b3f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1199.705840][T28353] RAX: ffffffffffffffda RBX: 00007f5b1fe15fa0 RCX: 00007f5b1fb9c799 [ 1199.705860][T28353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1199.705879][T28353] RBP: 00007f5b1fc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1199.705898][T28353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1199.705916][T28353] R13: 00007f5b1fe16038 R14: 00007f5b1fe15fa0 R15: 00007ffe78be61d8 [ 1199.705956][T28353] [ 1199.981130][T26619] Bluetooth: hci2: command 0x2016 tx timeout [ 1200.028198][T28356] FAULT_INJECTION: forcing a failure. [ 1200.028198][T28356] name failslab, interval 1, probability 0, space 0, times 0 [ 1200.049193][T28356] CPU: 0 UID: 0 PID: 28356 Comm: syz.1.4916 Tainted: G U syzkaller #0 PREEMPT(full) [ 1200.049242][T28356] Tainted: [U]=USER [ 1200.049254][T28356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1200.049273][T28356] Call Trace: [ 1200.049283][T28356] [ 1200.049295][T28356] dump_stack_lvl+0x100/0x190 [ 1200.049346][T28356] should_fail_ex.cold+0x5/0xa [ 1200.049382][T28356] should_failslab+0xc2/0x120 [ 1200.049414][T28356] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1200.049459][T28356] ? __d_alloc+0x34/0xa80 [ 1200.049500][T28356] __d_alloc+0x34/0xa80 [ 1200.049537][T28356] d_alloc+0x4a/0x1e0 [ 1200.049571][T28356] lookup_one_qstr_excl+0x175/0x250 [ 1200.049612][T28356] start_dirop+0x59/0xb0 [ 1200.049659][T28356] simple_start_creating+0xf9/0x110 [ 1200.049708][T28356] ? __pfx_simple_start_creating+0x10/0x10 [ 1200.049755][T28356] ? mntput+0x70/0xa0 [ 1200.049797][T28356] ? simple_pin_fs+0xa3/0x190 [ 1200.049840][T28356] debugfs_start_creating.part.0+0x82/0x170 [ 1200.049888][T28356] __debugfs_create_file+0xb3/0x4f0 [ 1200.049939][T28356] debugfs_create_file_full+0x41/0x60 [ 1200.049990][T28356] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1200.050025][T28356] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1200.050058][T28356] ? rcu_is_watching+0x12/0xc0 [ 1200.050143][T28356] ? lockdep_init_map_type+0x5c/0x250 [ 1200.050189][T28356] preinit_net.part.0+0x24e/0x8f0 [ 1200.050231][T28356] copy_net_ns+0x339/0x7c0 [ 1200.050275][T28356] create_new_namespaces+0x3ea/0xac0 [ 1200.050315][T28356] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1200.050351][T28356] ksys_unshare+0x473/0xad0 [ 1200.050390][T28356] ? __pfx_ksys_unshare+0x10/0x10 [ 1200.050441][T28356] __x64_sys_unshare+0x31/0x40 [ 1200.050477][T28356] do_syscall_64+0x106/0xf80 [ 1200.050512][T28356] ? clear_bhb_loop+0x40/0x90 [ 1200.050549][T28356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.050581][T28356] RIP: 0033:0x7ff6a3d9c799 [ 1200.050606][T28356] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1200.050635][T28356] RSP: 002b:00007ff6a4b9c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1200.050665][T28356] RAX: ffffffffffffffda RBX: 00007ff6a4015fa0 RCX: 00007ff6a3d9c799 [ 1200.050685][T28356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1200.050704][T28356] RBP: 00007ff6a3e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1200.050724][T28356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1200.050741][T28356] R13: 00007ff6a4016038 R14: 00007ff6a4015fa0 R15: 00007ffead86ac08 [ 1200.050783][T28356] [ 1200.961361][T28372] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1201.144720][T28384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4923'. [ 1201.309882][T28389] FAULT_INJECTION: forcing a failure. [ 1201.309882][T28389] name failslab, interval 1, probability 0, space 0, times 0 [ 1201.349220][T28389] CPU: 0 UID: 0 PID: 28389 Comm: syz.1.4924 Tainted: G U syzkaller #0 PREEMPT(full) [ 1201.349264][T28389] Tainted: [U]=USER [ 1201.349274][T28389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1201.349291][T28389] Call Trace: [ 1201.349300][T28389] [ 1201.349311][T28389] dump_stack_lvl+0x100/0x190 [ 1201.349359][T28389] should_fail_ex.cold+0x5/0xa [ 1201.349392][T28389] should_failslab+0xc2/0x120 [ 1201.349423][T28389] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1201.349477][T28389] ? __d_alloc+0x34/0xa80 [ 1201.349517][T28389] __d_alloc+0x34/0xa80 [ 1201.349554][T28389] d_alloc+0x4a/0x1e0 [ 1201.349588][T28389] lookup_one_qstr_excl+0x175/0x250 [ 1201.349628][T28389] start_dirop+0x59/0xb0 [ 1201.349669][T28389] simple_start_creating+0xf9/0x110 [ 1201.349710][T28389] ? __pfx_simple_start_creating+0x10/0x10 [ 1201.349750][T28389] ? mntput+0x70/0xa0 [ 1201.349788][T28389] ? simple_pin_fs+0xa3/0x190 [ 1201.349827][T28389] debugfs_start_creating.part.0+0x82/0x170 [ 1201.349869][T28389] __debugfs_create_file+0xb3/0x4f0 [ 1201.349913][T28389] debugfs_create_file_full+0x41/0x60 [ 1201.349957][T28389] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1201.349988][T28389] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1201.350018][T28389] ? rcu_is_watching+0x12/0xc0 [ 1201.350088][T28389] ? lockdep_init_map_type+0x5c/0x250 [ 1201.350129][T28389] preinit_net.part.0+0x24e/0x8f0 [ 1201.350166][T28389] copy_net_ns+0x339/0x7c0 [ 1201.350207][T28389] create_new_namespaces+0x3ea/0xac0 [ 1201.350245][T28389] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1201.350281][T28389] ksys_unshare+0x473/0xad0 [ 1201.350319][T28389] ? __pfx_ksys_unshare+0x10/0x10 [ 1201.350352][T28389] ? ksys_write+0x1ac/0x250 [ 1201.350388][T28389] __x64_sys_unshare+0x31/0x40 [ 1201.350419][T28389] do_syscall_64+0x106/0xf80 [ 1201.350462][T28389] ? clear_bhb_loop+0x40/0x90 [ 1201.350498][T28389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1201.350528][T28389] RIP: 0033:0x7ff6a3d9c799 [ 1201.350553][T28389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1201.350581][T28389] RSP: 002b:00007ff6a4b9c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1201.350608][T28389] RAX: ffffffffffffffda RBX: 00007ff6a4015fa0 RCX: 00007ff6a3d9c799 [ 1201.350627][T28389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1201.350644][T28389] RBP: 00007ff6a3e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1201.350662][T28389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1201.350679][T28389] R13: 00007ff6a4016038 R14: 00007ff6a4015fa0 R15: 00007ffead86ac08 [ 1201.350719][T28389] [ 1202.643552][T28411] FAULT_INJECTION: forcing a failure. [ 1202.643552][T28411] name failslab, interval 1, probability 0, space 0, times 0 [ 1202.693266][T28413] NFSD: Failed to start, no listeners configured. [ 1202.702637][T28411] CPU: 1 UID: 0 PID: 28411 Comm: syz.3.4929 Tainted: G U syzkaller #0 PREEMPT(full) [ 1202.702682][T28411] Tainted: [U]=USER [ 1202.702692][T28411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1202.702709][T28411] Call Trace: [ 1202.702719][T28411] [ 1202.702730][T28411] dump_stack_lvl+0x100/0x190 [ 1202.702763][T28411] should_fail_ex.cold+0x5/0xa [ 1202.702782][T28411] should_failslab+0xc2/0x120 [ 1202.702799][T28411] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1202.702830][T28411] ? alloc_inode+0x68/0x250 [ 1202.702850][T28411] ? simple_start_creating+0xb0/0x110 [ 1202.702874][T28411] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1202.702898][T28411] alloc_inode+0x68/0x250 [ 1202.702917][T28411] new_inode+0x22/0x1c0 [ 1202.702937][T28411] __debugfs_create_file+0x105/0x4f0 [ 1202.702964][T28411] debugfs_create_file_full+0x41/0x60 [ 1202.702988][T28411] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1202.703006][T28411] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1202.703023][T28411] ? rcu_is_watching+0x12/0xc0 [ 1202.703061][T28411] ? lockdep_init_map_type+0x5c/0x250 [ 1202.703083][T28411] preinit_net.part.0+0x24e/0x8f0 [ 1202.703104][T28411] copy_net_ns+0x339/0x7c0 [ 1202.703126][T28411] create_new_namespaces+0x3ea/0xac0 [ 1202.703147][T28411] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1202.703166][T28411] ksys_unshare+0x473/0xad0 [ 1202.703186][T28411] ? __pfx_ksys_unshare+0x10/0x10 [ 1202.703212][T28411] __x64_sys_unshare+0x31/0x40 [ 1202.703230][T28411] do_syscall_64+0x106/0xf80 [ 1202.703248][T28411] ? clear_bhb_loop+0x40/0x90 [ 1202.703267][T28411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1202.703282][T28411] RIP: 0033:0x7ff08b79c799 [ 1202.703297][T28411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1202.703316][T28411] RSP: 002b:00007ff08c63a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1202.703331][T28411] RAX: ffffffffffffffda RBX: 00007ff08ba15fa0 RCX: 00007ff08b79c799 [ 1202.703342][T28411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1202.703351][T28411] RBP: 00007ff08b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1202.703361][T28411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1202.703371][T28411] R13: 00007ff08ba16038 R14: 00007ff08ba15fa0 R15: 00007ffe2c4545e8 [ 1202.703392][T28411] [ 1202.703446][T28411] debugfs: out of free dentries, can not create file 'net_refcnt@ffff88802b7fa8c0' [ 1203.389702][ T6000] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1204.466241][T28446] binder: 28441:28446 ioctl c018620c 0 returned -1 [ 1205.457842][T15190] Bluetooth: hci1: command 0x2016 tx timeout [ 1205.667078][ T6000] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 1205.813077][T28468] ------------[ cut here ]------------ [ 1205.818720][T28468] !reader [ 1205.818728][T28468] WARNING: kernel/trace/ring_buffer.c:7407 at ring_buffer_map_get_reader+0x659/0x880, CPU#1: syz.1.4939/28468 [ 1205.833302][T28468] Modules linked in: [ 1205.837492][T28468] CPU: 1 UID: 0 PID: 28468 Comm: syz.1.4939 Tainted: G U syzkaller #0 PREEMPT(full) [ 1205.848445][T28468] Tainted: [U]=USER [ 1205.852228][T28468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1205.862265][T28468] RIP: 0010:ring_buffer_map_get_reader+0x659/0x880 [ 1205.868855][T28468] Code: ff e8 1b d5 fb ff 48 8d 3d 34 4a d1 0e 4c 89 fe 67 48 0f b9 3a e9 e0 fc ff ff 4c 8b 7c 24 58 4c 8b 74 24 60 e8 f8 d4 fb ff 90 <0f> 0b 90 e8 ef d4 fb ff 48 89 df 31 db e8 e5 0f fe ff 48 8b 74 24 [ 1205.888446][T28468] RSP: 0018:ffffc90000b97d90 EFLAGS: 00010093 [ 1205.894497][T28468] RAX: 0000000000000000 RBX: ffff88813fea5000 RCX: ffffffff820b74e7 [ 1205.902451][T28468] RDX: ffff8880770c3d00 RSI: ffffffff820c4148 RDI: ffff8880770c3d00 [ 1205.910407][T28468] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1205.918360][T28468] R10: 0000000000000000 R11: ffff88813fea50b0 R12: ffff88813fea50b0 [ 1205.926318][T28468] R13: dffffc0000000000 R14: ffff88813fea5190 R15: ffff88813fea5018 [ 1205.934302][T28468] FS: 00007ff6a1fd56c0(0000) GS:ffff88812444d000(0000) knlGS:0000000000000000 [ 1205.943240][T28468] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1205.949811][T28468] CR2: 0000001b312f8ff8 CR3: 00000000864b8000 CR4: 00000000003526f0 [ 1205.957772][T28468] Call Trace: [ 1205.961033][T28468] [ 1205.963956][T28468] ? __pfx_ring_buffer_map_get_reader+0x10/0x10 [ 1205.970201][T28468] ? __fget_files+0x21f/0x3d0 [ 1205.974861][T28468] tracing_buffers_ioctl+0x30d/0x400 [ 1205.980136][T28468] ? __pfx_tracing_buffers_ioctl+0x10/0x10 [ 1205.985931][T28468] __x64_sys_ioctl+0x18e/0x210 [ 1205.990683][T28468] do_syscall_64+0x106/0xf80 [ 1205.995270][T28468] ? clear_bhb_loop+0x40/0x90 [ 1205.999933][T28468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.005813][T28468] RIP: 0033:0x7ff6a3d9c799 [ 1206.010210][T28468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1206.029809][T28468] RSP: 002b:00007ff6a1fd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1206.038244][T28468] RAX: ffffffffffffffda RBX: 00007ff6a4016270 RCX: 00007ff6a3d9c799 [ 1206.046205][T28468] RDX: 0000000000000000 RSI: 0000000000005220 RDI: 000000000000000d [ 1206.054163][T28468] RBP: 00007ff6a3e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1206.062120][T28468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1206.070080][T28468] R13: 00007ff6a4016308 R14: 00007ff6a4016270 R15: 00007ffead86ac08 [ 1206.078052][T28468] [ 1206.081062][T28468] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1206.088328][T28468] CPU: 1 UID: 0 PID: 28468 Comm: syz.1.4939 Tainted: G U syzkaller #0 PREEMPT(full) [ 1206.099248][T28468] Tainted: [U]=USER [ 1206.103031][T28468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1206.113069][T28468] Call Trace: [ 1206.116338][T28468] [ 1206.119275][T28468] dump_stack_lvl+0x100/0x190 [ 1206.123950][T28468] vpanic+0x552/0x970 [ 1206.127925][T28468] ? __pfx_vpanic+0x10/0x10 [ 1206.132426][T28468] panic+0xd1/0xe0 [ 1206.136137][T28468] ? __pfx_panic+0x10/0x10 [ 1206.140553][T28468] ? check_panic_on_warn+0x1f/0x90 [ 1206.145660][T28468] check_panic_on_warn.cold+0x19/0x34 [ 1206.151020][T28468] ? ring_buffer_map_get_reader+0x659/0x880 [ 1206.156908][T28468] __warn.cold+0x191/0x348 [ 1206.161317][T28468] __report_bug+0x296/0x3d0 [ 1206.165878][T28468] ? ring_buffer_map_get_reader+0x659/0x880 [ 1206.171769][T28468] ? __pfx___report_bug+0x10/0x10 [ 1206.176787][T28468] ? add_lock_to_list+0x99/0x110 [ 1206.181715][T28468] ? lockdep_unlock+0x5a/0xc0 [ 1206.186377][T28468] ? rb_set_head_page+0x1e6/0x2f0 [ 1206.191393][T28468] ? ring_buffer_map_get_reader+0x659/0x880 [ 1206.197281][T28468] report_bug+0xb2/0x220 [ 1206.201512][T28468] ? ring_buffer_map_get_reader+0x659/0x880 [ 1206.207399][T28468] handle_bug+0x16a/0x2a0 [ 1206.211720][T28468] exc_invalid_op+0x17/0x50 [ 1206.216229][T28468] asm_exc_invalid_op+0x1a/0x20 [ 1206.221080][T28468] RIP: 0010:ring_buffer_map_get_reader+0x659/0x880 [ 1206.227581][T28468] Code: ff e8 1b d5 fb ff 48 8d 3d 34 4a d1 0e 4c 89 fe 67 48 0f b9 3a e9 e0 fc ff ff 4c 8b 7c 24 58 4c 8b 74 24 60 e8 f8 d4 fb ff 90 <0f> 0b 90 e8 ef d4 fb ff 48 89 df 31 db e8 e5 0f fe ff 48 8b 74 24 [ 1206.247184][T28468] RSP: 0018:ffffc90000b97d90 EFLAGS: 00010093 [ 1206.253240][T28468] RAX: 0000000000000000 RBX: ffff88813fea5000 RCX: ffffffff820b74e7 [ 1206.261194][T28468] RDX: ffff8880770c3d00 RSI: ffffffff820c4148 RDI: ffff8880770c3d00 [ 1206.269152][T28468] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1206.277110][T28468] R10: 0000000000000000 R11: ffff88813fea50b0 R12: ffff88813fea50b0 [ 1206.285072][T28468] R13: dffffc0000000000 R14: ffff88813fea5190 R15: ffff88813fea5018 [ 1206.293055][T28468] ? rb_get_reader_page+0x667/0x11f0 [ 1206.298337][T28468] ? ring_buffer_map_get_reader+0x658/0x880 [ 1206.304236][T28468] ? __pfx_ring_buffer_map_get_reader+0x10/0x10 [ 1206.310472][T28468] ? __fget_files+0x21f/0x3d0 [ 1206.315137][T28468] tracing_buffers_ioctl+0x30d/0x400 [ 1206.320412][T28468] ? __pfx_tracing_buffers_ioctl+0x10/0x10 [ 1206.326209][T28468] __x64_sys_ioctl+0x18e/0x210 [ 1206.330974][T28468] do_syscall_64+0x106/0xf80 [ 1206.335584][T28468] ? clear_bhb_loop+0x40/0x90 [ 1206.340270][T28468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.346152][T28468] RIP: 0033:0x7ff6a3d9c799 [ 1206.350553][T28468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1206.370162][T28468] RSP: 002b:00007ff6a1fd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1206.378562][T28468] RAX: ffffffffffffffda RBX: 00007ff6a4016270 RCX: 00007ff6a3d9c799 [ 1206.386517][T28468] RDX: 0000000000000000 RSI: 0000000000005220 RDI: 000000000000000d [ 1206.394491][T28468] RBP: 00007ff6a3e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1206.402444][T28468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1206.410396][T28468] R13: 00007ff6a4016308 R14: 00007ff6a4016270 R15: 00007ffead86ac08 [ 1206.418362][T28468] [ 1206.421673][T28468] Kernel Offset: disabled [ 1206.425995][T28468] Rebooting in 86400 seconds..