last executing test programs: 39.621439202s ago: executing program 0 (id=5207): r0 = socket(0x2, 0x1, 0x106) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f00000001c0)={0x8, 0x72f7, 0x4, 0x7, 0x0, 0xffffffffffffffff}) sendmsg$auto_NL80211_CMD_SET_QOS_MAP(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000001200)={0x1930, r2, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0x15d6, 0x84, 0x0, 0x1, [@nested={0x1a3, 0x110, 0x0, 0x1, [@generic="022c600484624be11ccb34743e98aaedce6e3b46dafec488ed796d48c13d8b672a6d4eee60739cbdead2eda2631df3f474210cff1b42aa69e3bc66b9ddb78e8e7228dcd381c57ccd943e5ce7e00e63186be15a6f1c3073ab2bc1e87ed0f9287f1b449e31cff56f8ef3aca33b095448a77a4e5cab95483ab276da876fa02500e3c0a519812f723f8c98a10a21c5ca44e45e9a152f68ffc708505b6cfdb6a1fc20ef9859299fbf84f0cc5bdbdbad8056aade5bfe2fc2fc3663c0d780b549c89ad6d84371bf4c0ed7eaade4cd", @generic="fac9931f7ec42fbc78b807f97e521958458b8995816864a09c24f9ee8a5c424b19070a63d6f3909d5ec653a9f34db5991525d14c6dd4ea79e91a94bde67df6165299140036bffd7ce1339b508fab52e9f7f7cc52143f485f43032407138a803f3549c61426586b1071fe9544a1f2064cdf5060592a14efcbc275f6364a1a4eb06db5793aabd2e63ca16e1392e07147f8df3ebc5c4bf8eb43220c377ade210fa6028901ef3e00b91efb73cce0aabd0554f069d91b1d66a14893489d75967abe5689ce11fc88d6ee4c463c0f60", @nested={0x4, 0x9c}, @nested={0x4, 0x59}]}, @generic="cae6afa22f820770e41db9f25d0cfcf8e45e5f3d348863fae351a111de328fe5a90a971e4f711230c02fca1abc0a5ab2e6ed25095e7e7250ae47644075fa0a9da1a4e59f2217f231f45fa4606469517c590058ca768e2c45649c71d322788fd0071c101336a3c6ee35e65812b7fec989ff9a302564fd8bcd70a32a85725f4fb75063f6523d3a743b43e2810a9d73af12cc6355cd52697aebb21f196a717807b5459a26d3d8c9c1787b6fe1da3e3035321ebd3948061e09f2e6adadf8a325f6b0cc10", @nested={0x1004, 0x29, 0x0, 0x1, [@generic="dbe645b9830ddaf948658ae61a38a84cb17704032f74314de5fbf7eecf0a9b6b19da7a6c48264c924dd0db0090bc6a377d2c085e0d1aa0e5dbb1bc8999d792a651be9253dd39d650185e6b159df35536aa5b39e6acd5ad63dea3f7bb930ea5cf7142aca13f143b56141ecae04a250a21ba37499107141f6f709edfbd6a15ba8e8d6d00c07acf9848dbd3baa28f276588df1ad7d980c057c61c3de0e2926e8667bab500de63b870c0b8c906d6d6e7ba42420694af777e56d059f938abedd700ecdb495281ae7f868d424d4557fd2e100dd9200c491a07028f11836c863e5cf2f0cfda570d50cfe01412907018993bac1665b90ec9f3580800e9b200c237eb853ab4f1179a2f43de94e4d4401da849aee654712ae6ac8a5aba4aa9beb4fa0a036bc1a8ad4f1d7d249f025e35a2c1b6463dd92d6d5bdd901f2bd10a2d26f97cff8c44b5a7e6801dc1a36fdca1fb8952f58d1a1e9f3d11e38ec7b9f279887b3e3be87e47d1cf606b2c3632f09f7f91815aec0b81a2f2df6e49a050ba3f691a0ef70c6831c69338c471b5e75b06e75aa1d785743d0f304282407c6694c517af8c1f4ae63f570b61e3bb3a17bd4ebe1522542f7152d34f4f75e831ef82e4c3e13199a12f6710f22deace0418bd3aaea6f774a190c0e97599a0b07aede6aeaac14eaa6a0d31eb83d7464d672c82568efece2cf90ce0ed8eb117bd15fb6aa2271663c5acb095de73c67f2578a41437722187a2d69eab4354d5a47e217766dede90575c7b49a93e7d4f26750cd96313302d01bf4905e77c8619dff6a00fe43874d3f6e865fb13757379e68205d97f02d04cf02ccb9cca5b6985e0b8cfcf652c7f99fda8d1745fd8224becdcd62c44d894c1248aed5f834b004492b9113229df6f8a2ded74c786edeb192b0197712cbbcf25844575397090d3aed9aa4c67a4e59fbfed4729430791ed6919d259dbd1a9620b04c2caa51f2504e10f4699de0e79e1ccbbf1c6721ef312648bcbfd4fb9632ee8ec5354d879f917064c5a3ea2f77aa4c36185010e9181634431e98c4ea7893ed126d78a85e50b6b442f0c69a40c65e9fd8535e7af0dbf514721d875df0141790ed1a607b2454556f11d4f7e72ddbf244922737e20f12df1d45b32c16fbcbddb0ca165359c56f3588552b6878f45ea528c20f18f235df5cd55f9f408307ffcd2af800d4d1e09dc69cb82e76cb7d9423abbd22ae1bcb4658aad63749da31083d4c948e3fc429e4684aca5a62780ebf8d39ec58f4b960dd3687d6931bc6f68cca026d16ac6a134e1cb7b3957d3a29e53b44b2511892be05611f06f7c1929089f6ff2b47b6147e244a2d0f7e18c4b555a25a046ec411276ef86700d45788a7e8e0a6327a8fd471411d281ae2b1cb78f237d3ddff8bb869e0c32db7702419aa9dfd5459be6f93f1ec1c4e685ae4f2013bf38caf171bdc9ddf06c4eff6a2327f3ca7b0b51b5a739825d0ec72f52c7f8c3c423aaa872d56ec2377241bf21673cac8b661cbec3043f0966c69285d61fa71d677e2ab60b726787dacb9fd2b9e209e5d4e820b91afe7011eca6e4130fef73d2a71236742cbee3fd7ca3e8f1fb8b80ef4c63c15ea8c98cff093a2f2b84ec0381ee142c25c42da6811c96ab22b1808a941b26d45e0e95331293ec48730941a0a8dc9f970e3665d916a75ab1fe3e3153a56ea0a478f0ae548649dbf1a93e4c7f5687396d9a86efc11f058f8fadce0dd023e91c4a2b344cc45d7634182a1e77a269ed1838519b6f8335002afe82459c48735e49028355312c1672ba0c85c469e580499ec38dc42a00d00c2bdeb9de8921ca75ca3d8dbc16ddefe1d27b95984832a0d59736fd1827c52c95c19a932ca2815bf2ac0ffefc4b4e67da3ebe9bfec45fb7514fc7a1bfd295c16cabf77b1124c7315b39a50141905772f21efaac3b5eef6fced16e56a1c90c2f6333c8bc88eef1b44bb6e3dc7cde0328536ec037706d694014968535ddc8bab9f1dd9661ecf3a8c15cfbb5915b60839adaa1e861a941c674e6a846c6ed32f328e0e8e53c7c39c19d7b8c1fa45c546fb68073dd996af60a95df2972cf59ad62ba11f73f6646e15d022b50825197c88e08a3b13535d44ef9c9f688e1d977ca5998c6f49d4ae68ee06e0914e9a3173ca364007c635656e83a9c27aa6e140c801182276329889fee7285ef3b533eef0b0d4573dd22bf4529de7bf016112acecf8ccd7552dfc10e22c6c0ab39bedefb5f3cd6ff166fc6b0e431a5d92f8c08b982ea5a99b6b6c0dc996d3e8d97ebad9bfff156855230a6cb3237866a262a16be0a6e48df411d64cf6351baeada2323fdda4b693e2a631a8481b2b5d8f65e56b2eaa13a9b952de29fac1af5a6305449391cd2217f83636c809411104086b1c003c2e85d657973a244b3269a5d076260c55e43dfcfc5fbf52cef0c69afb1014c634051ec596864d825ebe657f9a1881b98e5ad6cf54023c3524a634c175776467e3e4aaa9e4fd4e7b65fe215efcbe6f06faaddec840e68a68b8636bc0da0221f08f1534bbfb27ba287a98da93ccc225fc261065b5e190c67d51e45f9be5dd6d92db12b12d5028af1cd164dc8973a414576932c03018d7cfd39b08cb4d8e38a594d7e953c01fe99b563f85790eedbb2e239e5995d15a53b7b2ac21ab7dd5024afd89ccffd81630c0e2fecfdad51a7b3e72d9cf9501a5ad6b6ad0203265120d83b4ac307e02bd8be90bd06dda462e7f45ba100527b7959302ca6ff646b446dd2141bcedd3ecc77ff759047c66d49e687f2515b35da7b6025af003322f56ccb5d0329d18da613978284e41da4581f938e7d2b6669a55a199fd5468e2bfaed7ed665e4539f9f4a8ba10fb7fb0cbf47cce8d1a702d8244b86b07d287cd3c9bd3592d42262d3bdd56a4be4e04d23b2482d457f7478a7d3be9c4ce698923e6dd3af9b7c0d251c18529d7f53493321704a40ae6da2bbb9cfc40b385f40c6e044507914b810cf2bf3f89fd8638b191e95c8c286a296f1e295b96454ef9d9e957f3b5cf0bf624b68c1c03e2edb699c4809f2308f14bbe5e243daa42352380e68edc362d181b6ba696fa2fa1be4d973c2ae6010ffd39b869a07f79a9e6e74eeabb6d4efefaedd8c5bec312f1a0dc6143ef102301b6d130d246391fd1dcba8c8ce309373fc46fdbfa4141c99c4f51252ed0cd090ee5bde753bcbd176b1070696d37c4e7ee94067cca1043b88fb3f816083d12b41c81081b6741f22adf722a4c90b4c46f98cec948f603d9dbf29f4304f1731d01f9558326642a283d16078d4ecb6d3644979a8c0c665013b237572d17eea370f5bca3462ba9111587561d29eac7f38c7c1872dacec66571e98f2eebe23dbcf1037698363edbcb002614564eac2d52c36ebe18f94e93da2483407dc992b47d14b5ebcb22169a7c6dacda604faae950767c809bcc5e6f7b7466596f06885d7002705a84814e3bd6bfc1ff7549565279b92ea6a4d5230c39b0590500267cc7f999286d1299376e971926daa44d0e0cb1b4227e0f30ae30ba6c79d0b4db7a57520d8465b2ae3f70fbf6ff24f71f716793f2ca8cb391fe55566a48f076f0de33b366443d98b41ba481a5e6cb5a23fe6ccc83ffd56e4de5ff540962223886a6b365432ceecde48ca6adb9ec36f2928534483fc2e23bf2abf0d563a055644957844d667f2c7a40f2a6cbf1bdbf8bb00fc79d7b6e6c0af870159dc9df98519cdaa6cc604b0932e2f8410b2dece161a6b92ec9905a20b8be637ab921a4d4625b10e741e597b6b56083cbdfc3f941a9f6fd8991a80e7dac9d83d81fa635a20ef371b1fe0481536ac787eb5bcc27ec4d6b748c927793cbdb81740d6b60ad582826eb3faf05d198d003e35c67c005a80eea0fc4cbaf682453475fc38a9afc14914e018eabe4cd13c9bd9ec26e54aeaef445b20923982aac811e44d66b2b98bd728e5bac5d94f2b7c66bfbaed4c0143fe7b5db89a0f2654f1b7179da77a4a79797bb77dd7cff85b6b69f103c2873db4eecb51399ccac82f15e99decde867562b8827b165f1513eb8a0134658bdeccec0c5cda69f5925451332e71b02fa748161b7a1c84cea4197ff64266fb207c89951c2ae2d8f6b3c0919c27be8fc2ae7107c3476a82c3bdb99afa3ef128da2e647ac51a1268e1d968d3242b1c6d3df81fb406ec1e5910a8754b1b3c846a4fd970c52cbf9cb754e7a2cf42e298dfd6d355b56d82fa9218d95fe2bf21a5d4f0d81750396c4544e031db3fa921ea7cd70eb107361919e7cd9818b335679e1cc2127756c643c376205186568d0182d1a46d4be0da58c93220ba3e2bf2ddf4a2b863d1b1e06c8d0d5557c3b978ce978356f2dd51456548dd522d95f77e852e010e3ae8f4bd4a5c839919f6d94f754cfca989254901a570c65974112359f8e0adac4e79c4d4b098f5558cbedf25a9e78acc2f6ed45b1a40159f5ad62edd74e9bacb8e13fdb95a60e84d0ea16f63d5a25b3bb79fad1e8696192c2881ac70e4f2286b6071e131ec9aaf06c0ecdc5a25fdfe7f1434bbbf5b93563e49cb2f783356882d58d4187007e99730c68f36fba23ddd46ecd3f6def969087e599735fe7267a991b4a26bd0d814e62c1d7c6a6ea55851670b265d76eb7ab9623aac4795b15da77816a3cba7a5f1b2024e7ff37c0da41f16266d9846fe5ee2576867bd020680388d66ec0fb791a1935a9af6fce30a1ecb58c33854334e2088feb37151bab7035e00564c5d3fe562949749b0db2cf38166aabefb31089e634641e6ea3274286273e2f474158d5dc603ffdc1ed9343d45475f66d950edba6a5dcea5b73a46e564d4d7ce736d4fb8d3da24c5aec7e5f511913415078d7970d838b746690cd955d964e2796b8d786fbf32e3f55897950dd1d0afe0c32a63ad02fac419ab76dd8e8b89dd4c00411899c489e9939afe5eeae3852f756fef938c8cb73b4a468579619d5e5ad081f020c1d25fbc3eea335dbc01295703bc65b33a5bd7a4e5b877a860ce337fcb85ec7888535c93cb0dd173b21f9aa097cbaab7c6fe015b789a9a300078f3f986eb9957e2b5b3c9f937a9a09ae5570be21b5991b124b96db97db61d89de0ea3701371c1799200b9d9f31a72a433db6db15e837759cd2f2cb0fde542ca1044792214c274cb148397c83c7834f7f906e12dd54e6d5690e7be3d0710b729e0feaa3117b9bc7bc8c0b5925e3008dd68bac6b41fb8d298952508babd2d4c13f61fcb1d09c5d7d5f37252ae1fb982265183ee07c36c33e93519a6f418b19076bb7d1f28a598dafca2588682f9d020c41957b94c205b5b58af64e3bfc2777348a4ae134373284af475dac6ddbaa95b1bbcd915fa7d9f77b7daff883eea5a174fe56d89c8e4ed514ee9619890c1129ca65f4e47b48744470bde92a55efb8604c93a4cf374b03bb2a05d2fc8eaaf953d6edebee0cd7dca93c0eb330c602e361c0743770cae4eeb32a69850d6e924eb5c76da4619cace8a5d3b33f53a662188cbcf4bacf1107c0628690cd07eaca479f3e6ea276ae6ba5ac0d3ae6cebfe853e7fb52f866dcd3c8ce00eeaea81b53aea1ad5f438c2e2864b07dc04c67426e319e80c3b681013125f9e342d2d6fb896ea20ce7aa1dec64f12633b1c35583ce194e1e5993477621c50c9faec35f5c5ce4defd6bd1be3f8789252455970fd3ebd3fb58498f0262cb970142e33d4299286a76c85d9d9c41bd0ed99232c2d2030ea93fe34809f538087f60e36e9bdf4e0d58068e920944d4cf2479a5448ae7a43079fa127303c9a48f59fde0c94c726405d5a70e84f6a"]}, @nested={0x4, 0x82}, @nested={0x17d, 0xfd, 0x0, 0x1, [@generic="3c368e61cd4b2ba95a129fb64612b098c6c04837943aeb6aec43bcbb34cc276b67491847d47a6bdae4ae5680113d7587786523a826d9650c3b698926ce3e05c857a4fe6b5774f9e498a9d55447c499ddbda0674155bd1ce7a8196f968ab86c645ade6c9dd8b43012f3c3f289c4de78beb3fd95b5168bdaeb7b624db18aa7", @generic="73fcd68677cfd4684cfbb2350e1a060f025c6ec61d1e3e5fa545e58c08aa543b8fe7bfd3bb63a5a4f6cde0a8c38d967edc40e96db950b76ea716edbbdf445090b20c9265f724673fbdf3e4cd433dacce3174142763ba7fe989baa450f78e707887e8b8d1a3159763ad368aaf373d191e7733b8cb43b3b4e2330c0134546665a8e55d51acdbd78aba635eb5665010ee16cdf7a1fd73aa79f10e99e4fd52f1433e24bcce3c5d75375d61f4f8", @typed={0x3a, 0x43, 0x0, 0x0, @str='/sys/kernel/debug/netdevsim/netdevsim1/psample/out_tc\x00'}, @typed={0x8, 0x97, 0x0, 0x0, @ipv4=@empty}, @typed={0x8, 0x116, 0x0, 0x0, @ipv4=@empty}, @typed={0x4, 0xc9, 0x0, 0x0, @binary}]}, @nested={0xc, 0x124, 0x0, 0x1, [@typed={0x8, 0xcb, 0x0, 0x0, @ipv4=@multicast2}]}, @nested={0xc, 0x119, 0x0, 0x1, [@typed={0x8, 0x118, 0x0, 0x0, @u32=0x3}]}, @typed={0xc, 0x58, 0x0, 0x0, @u64=0x7}, @nested={0x1be, 0x13d, 0x0, 0x1, [@typed={0x8, 0x104, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @generic="cc794555815a823bb43f4b38368537139dada90ceeb3caacfcaba616422ab87f2b639a0a0d9025567cee5b7e7e2323d3646b394f61c7b7ffc3520863bb02106b3e245989bbddba95fb6cd80656a550ba98be695ad5974225a3e713390438c30ae6b8697e82173f24ade0fabfc637c0ac2ec3d043c220a45f0e92b91c6fc9ac7af1d01c8a6c204ce25db856e1fdb99be6f4138c2da29635f377a8519d18be72621bbd4f5f5c552af890f50c9674cb41e65f2c85fc4d", @generic="9a8405d35b8e8abf1e044ace5ba9ad9ad9f6cae16f6d179762e9e960cb055bea3f04b16c9f1a0a53efcf80e1773c3274ba01a0bf0a425eef258fb63191fd8610b42ac775f409bebba293bf8471d461a53dcee77b824e0e119677ed422b07d151101c8c46ea6b945219acb0057bb4d0e8eb5c50ebfbce3263d366f281c9e14c88fb21e5295e27e7b069e3477a38cf8008b632f91e5077e255bcced6651c21d4defc3b29cceb23e98d6667efdd6ffdfafda58d70cddd5530517a5f3f523753ba54bc108d304a756ffdc54d3b04fb8d635814f1c6c61ea41d12df9ab679dc18fc246d181bb5976309abd50ae084cf9f09e06c68b7eb81161063a559e20c2e"]}]}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x2}, @NL80211_ATTR_CSA_IES={0x339, 0xb9, 0x0, 0x1, [@nested={0x267, 0x74, 0x0, 0x1, [@generic="ddde2720d6ca77f2e08256c8e3eeee012ab34a93d3aa2a3d6629cc519d02e207f442d184613b3c93bb3634c936232b0896391723bd2668310445c23ea14b9f4c464258a6a01c079616865514e8a056f9d79a2a1c633c59a7675f8ca47ea63394e3967bd387296f3ad008917e8f683b985a1853a883828c7e8c2a09a20bc673589e054f0321d38de503be86082caecf012458bf9e5c891e47735f522336863b1073de9139a9f7a84ba3b3f896d45bb515694d", @generic="3642178e0c546e48d368fe9c9dcbb38d27aa1d5482c82e105c373823715697aef891461e725be81ea26a3f65b61b11c5adc880a2bb234520f71c0fd864236dbd60802aae1d384e8ecf2f0dd7419e4f32a74de171a6f9a1ea5183853c4aff74023483ced3de3cf2afd7017a2ecc4980874b527bdb7fe73fb3b8bf32665097fc7cf2314929300176b0964fb105e38f782057aa6e0560d34cfdc050ea1ba1eb05417913d27785f46dac4a", @typed={0x8, 0x13a, 0x0, 0x0, @u32=0x1}, @typed={0xfd, 0xb3, 0x0, 0x0, @binary="da4bef6db5f8f2c9ec15d9b937ad54f38134c85dad5a32dc10d9b0a95fa27461850d941ac325bc444f5f90f06da6aa8e5dcbe6755033eb16ef9261229454f9379e822bf9a8c2a797322e2fe4a5582741ed333b1fb2b6b079d56c4bbb4459a43ba4f9aa83cc2a0d9e40922b76aa33ba120a95447585095a1dd4b3160f6b3a394e7f1054979b565c610fb8dec179700e5af892a84c531c6b11d3cf02a7469913a78f4b17b4c9eb39fe1963fc986f4c9f836b42459d84e2e2fffe6c5360f4b409675d95f7a25912a13f94e94a9dabe0884ab712a2e2ed2ace2fafb6283348ace09ffad033ff66722dc842c2c2d0b86bf455ce4dd75c9b4bb4f3a4"}]}, @nested={0x8c, 0x10e, 0x0, 0x1, [@generic="d5e7452ea4821299be8e2be010d3ff2169b199b5bfd613fdfaa07535b679cdb1f5b8fbb79af53570bcfd566e6cc2cd4a140e0a1a01498ca8e4168291c2198b91cf2401c91d129335401dbfeadbb2b27123e4524a8f3f02920a55b5c8d88e1f482a5c62c1ad265952ce4e665edeefb594f2a61a642dcccbb1957d38ae0d5c0eb7b7deed46", @nested={0x4, 0xb3}]}, @typed={0x8, 0xdc, 0x0, 0x0, @fd=r0}, @typed={0x8, 0x136, 0x0, 0x0, @pid=r3}, @generic="1d86999cba8582ebaf78c8b7c4f653863fd291c0fdaf5d157a803d24bebe82adbc261b1f0bcf590ddb", @typed={0x8, 0x28, 0x0, 0x0, @u32=0x3}]}]}, 0x1930}, 0x1, 0x0, 0x0, 0x4080}, 0x4004010) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="01000000", @ANYRES16=r4, @ANYBLOB="000000efff000000000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0) ioctl$auto(r5, 0x80045430, 0x38) sendmsg$auto_OVS_VPORT_CMD_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4100}, 0x20000000) setsockopt$auto(r0, 0x6, 0x5, &(0x7f0000000080)='*\x00', 0xe6) mmap$auto(0x0, 0x20000000000003, 0x2, 0x40eb2, r0, 0x300000000800) r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r6, 0xc0b45545, 0x0) sysfs$auto(0x2, 0x3c, 0x0) r7 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/011/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x6, 0x10, 0x5, 0x7fb, &(0x7f00000002c0)}) timer_gettime$auto(0x3, &(0x7f0000000340)={{0x1, 0x8}, {0x5, 0x400000000000}}) connect$auto(r1, &(0x7f0000000300)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x41, 0x4, 0x2}}, 0x100) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r8 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r8, 0x65, 0x3, 0x0, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r9 = socket(0x1, 0x5, 0x0) getsockname$auto(r9, 0x0, 0x0) openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/debug/netdevsim/netdevsim1/psample/out_tc\x00', 0x8800, 0x0) r10 = fsopen$auto(0x0, 0x1) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x19, 0x5}, 0x7) fsconfig$auto(r10, 0x8, 0x0, 0x0, 0x0) 38.748904594s ago: executing program 0 (id=5208): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x80000, 0x0) write$auto_tty_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x1) mincore$auto(0x1000, 0x8001, 0x0) mmap$auto(0x7, 0xfffffffffffffffc, 0x5, 0x13, 0xffffffffffffffff, 0xb69) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x280903, 0x0) ioctl$auto(r1, 0x800064be, 0x1e6) mmap$auto(0x0, 0x40005, 0xd79, 0x9b72, r2, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0) ioctl$auto_UI_SET_LEDBIT(r3, 0x40045569, &(0x7f00000003c0)=0x698d) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x3, 0x1, 0x5) socket(0x1, 0x80000, 0x2) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r5 = openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000080), 0x290000, 0x0) write$auto_ocfs2_control_fops_stack_user(r5, &(0x7f00000000c0)="883592d7797644dec85a5ff5fd0abc7bd912b09f1f6cfd85ed6d8d946ae229a3e867ce08e41f2003a17b455b62389711e684e7830b48a4c7f35113f4216d939a", 0x40) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x204843, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x25, 0x3, 0x1) getpriority$auto_PRIO_USER(0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@can, 0x6a) close_range$auto(0x2, 0x8, 0x0) 37.431451124s ago: executing program 0 (id=5213): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/arp\x00', 0xc0a00, 0x0) pread64$auto(r0, &(0x7f0000000040)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\x8d\xa8\xcfM9\\\xd6\xcfUq\x05#\xed\x1c\xd1G\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94p\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xbasG\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1', 0x10fd42, 0x9) 37.173613767s ago: executing program 0 (id=5215): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x1, 0xc, 0x9c0d, 0x10, 0x10006, 0x300000000000) r0 = socket(0x2, 0x3, 0x6) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000180)=@bpf_attr_0={0x3ff, 0x8, 0xffff, 0x7fffffff, 0xc2, r0, 0x7, "3f8850b8c665dabcdf3c01e5fde04738", 0x0, 0xffffffffffffffff, 0x10001, 0x0, 0x1, 0x2, r0, r0}, 0xffffffc0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000440)="671f264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4b9b4c", 0x24) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/psmouse/parameters/proto\x00', 0x20a42, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001080)=""/4076, 0xfec) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/bdi/1:15/wb_stats\x00', 0x40, 0x0) mmap$auto(0x0, 0xfffffffffffffb1f, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x51) sendmmsg$auto(0x3, &(0x7f0000000240)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x7, 0x0, 0x0, 0x2}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 36.904988681s ago: executing program 0 (id=5216): openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x8102, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty21\x00', 0x101801, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f00000001c0)="976f09bd689a850edbe36136c8535f593331280bb0b4ba0edd7932ab185cca064833fd9b47", 0x25) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x102, 0x0) fcntl$auto_F_SETLK(r1, 0x6, 0x7) openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x80040, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) socket(0xa, 0x1, 0x0) ioctl$auto(0x3, 0x894b, 0x38) semget$auto(0x0, 0x13c, 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_ADD(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002c37297f28b24fbc3dab3bffffffffffffff7f0000292bd3a7489e4bde2390808b000b00"], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x40d0) semtimedop$auto(0x0, &(0x7f00000000c0)={0xa, 0x81, 0x70}, 0x1f4, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x8000, 0x36ec}, 0x1, 0x0) semctl$auto(0x0, 0x9, 0x0, 0x2) read$auto(r2, &(0x7f000000be80)='batadv0\x00', 0xf) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r5 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r5, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) 35.934259774s ago: executing program 0 (id=5218): r0 = openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/debug/cec/cec20/status\x00', 0x80440, 0x0) read$auto_debugfs_devm_entry_ops_file(r0, &(0x7f0000000940)=""/46, 0x2e) (fail_nth: 1) 33.644015609s ago: executing program 1 (id=5225): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x1, 0xc, 0x9c0d, 0x10, 0x10006, 0x300000000000) r0 = socket(0x2, 0x3, 0x6) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000180)=@bpf_attr_0={0x3ff, 0x8, 0xffff, 0x7fffffff, 0xc2, r0, 0x7, "3f8850b8c665dabcdf3c01e5fde04738", 0x0, 0xffffffffffffffff, 0x10001, 0x0, 0x1, 0x2, r0, r0}, 0xffffffc0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000440)="671f264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4b9b4c", 0x24) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/psmouse/parameters/proto\x00', 0x20a42, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001080)=""/4076, 0xfec) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/bdi/1:15/wb_stats\x00', 0x40, 0x0) mmap$auto(0x0, 0xfffffffffffffb1f, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x51) sendmmsg$auto(0x3, &(0x7f0000000240)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x7, 0x0, 0x0, 0x2}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 32.761229895s ago: executing program 1 (id=5226): socket(0xa, 0x1, 0x84) (async) r0 = socket(0xa, 0x1, 0x84) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x700) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getdents64$auto(r0, &(0x7f0000000000)={0x3, 0x3, 0x6, 0x10, "17be14843f08b27768fced1e33cc7f16149094d6fb506b3d0d74adda49accab50d7a9ab36f73a0e0ecaec287dd69558c2b"}, 0x400) shutdown$auto(0x200000003, 0x2) uname$auto(0x0) (async) uname$auto(0x0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @private=0xa010100}, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x4, 0x53000000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) (async) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x4, 0x53000000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) bpf$auto(0x18, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) 31.65836271s ago: executing program 1 (id=5229): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS_EXT32(r0, 0xc06c4124, 0x0) io_uring_setup$auto(0x406, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/pcm0c/sub2/info\x00', 0x80, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)=""/87, 0x57) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x402202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x0) capset$auto(0x0, 0x0) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, 0x0, 0x6f3) write$auto_nsim_dev_take_snapshot_fops_dev(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00'}) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_udc.1/udc/dummy_udc.1/uevent\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)=""/195, 0xc3) sendmsg$auto_ILA_CMD_ADD(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="c763e5964772f789cfc770ffd778ba08fb5273d2149dc5d9531ce4bdaadd69896617a092bb84295a39e59f6d966b9c0d413c477b98b951098315a9f23becdf965653bfe75da4b2de6be8f7eabcf6f4996b333c924fce9fe1da4ae519723833b65ff243e88575416b65fec5adfbd80ef50d26b773918b907c43bdbc7452dafe48c24eb095596239a1050136037fd5f1ffd88dcb861c80fc90df08e98c1ba83534bd8d1c7e7e05ac471bd5798a126cf2d2ab318c5dc91969227b062e4ff31d7295687697ff260799cfa351c1b3f11c60ce2d8d3a0c9a4b0704fe", @ANYRES8=r2, @ANYRESOCT=r0, @ANYBLOB="9bef01e909914f54cd158eea380700000065eb27fe0cdba399089b3b1fb36c8d1e40a9895f6c1e4df5d916ae4392c6ab7dce383af61c6c9e749037640c72c41ab38abf3b498ccb520182f14560958a96889986ce147fa7e4ac9f2a6be2c4525e90ad7fa913147adf22522a990f600f016b595dd4d503f6dbc154ce6c009522e230c691db6f9208c2cf56a790d76b7930a7a79465fc17378e87dc2e678058a5c5869837d0d327ba87efd3744410fa505b6ff044d2a9310ea3eac84f5802a232e30b6119a62402da010ebc4bdb44683a6a6f09c1c72c3b8e8d8c4ebd82d822f2f5"], 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x829) sendmsg$auto_ILA_CMD_ADD(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400000012ad90cf6cca7bffac67dc7477fa27fc6ae51d55a80555fa03c2fa52fff0da14085e1bb58b9d4b73e1c680b294957529681d1ae304", @ANYRES16=r4, @ANYBLOB="010026bd7000fedbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x48884}, 0x4) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC0\x00', 0x8100, 0x0) socket(0x23, 0x80805, 0x0) epoll_create$auto(0x107fb9) 30.257716484s ago: executing program 1 (id=5231): sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRESHEX, @ANYRES16=0x0, @ANYBLOB="25171294b0aefcdbdf13819a531bb8b92ed1632f8330883d185cf3f8d1d3454e8a01000000695b6d49f6f3e43deb5ca4af2aef2b70bb9ee5b7a1e431d3295df089"], 0x14}, 0x1, 0x0, 0x0, 0x41000}, 0x64810) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) read$auto_sco_debugfs_fops_(r0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000001) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x80000000, &(0x7f0000000000)="085a1056b6aa2f10d8ddee0633aea682a5ff", 0x12, 0x0, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x10, 0x2, 0xa) setsockopt$auto(r2, 0x104000000000010e, 0x1, 0x0, 0x16) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r3, &(0x7f0000000000)='-\x00', 0x2fb) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x800000404, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) shutdown$auto(0x200000003, 0x2) 25.838242333s ago: executing program 1 (id=5238): openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x8102, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty21\x00', 0x101801, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f00000001c0)="976f09bd689a850edbe36136c8535f593331280bb0b4ba0edd7932ab185cca064833fd9b47", 0x25) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x102, 0x0) fcntl$auto_F_SETLK(r1, 0x6, 0x7) openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x80040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) socket(0xa, 0x1, 0x0) ioctl$auto(0x3, 0x894b, 0x38) semget$auto(0x0, 0x13c, 0x1ff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_ADD(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002c37297f28b24fbc3dab3bffffffffffffff7f0000292bd3a7489e4bde2390808b000b00"], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x40d0) semtimedop$auto(0x0, &(0x7f00000000c0)={0xa, 0x81, 0x70}, 0x1f4, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x8000, 0x36ec}, 0x1, 0x0) semctl$auto(0x0, 0x9, 0x0, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r4 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r4, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) 24.656582483s ago: executing program 1 (id=5239): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/lru_gen_full\x00', 0x2085c2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000240)='//ev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x0, 0x0) pread64$auto(r2, 0x0, 0x8, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x400c058) r3 = io_uring_setup$auto(0x1, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0x902, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(r3, &(0x7f0000000300)='/sys/device\a\x00\x00\x00\x00\x00\x00\x00l/net/bod0/bondactive\x00', 0x5) write$auto(0x3, 0x0, 0xffd8) socket$nl_generic(0x10, 0x3, 0x10) 9.647115818s ago: executing program 32 (id=5239): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/lru_gen_full\x00', 0x2085c2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000240)='//ev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x0, 0x0) pread64$auto(r2, 0x0, 0x8, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x400c058) r3 = io_uring_setup$auto(0x1, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0x902, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(r3, &(0x7f0000000300)='/sys/device\a\x00\x00\x00\x00\x00\x00\x00l/net/bod0/bondactive\x00', 0x5) write$auto(0x3, 0x0, 0xffd8) socket$nl_generic(0x10, 0x3, 0x10) 5.720864903s ago: executing program 3 (id=5267): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x1100, &(0x7f0000000580)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 5.552529957s ago: executing program 3 (id=5268): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = memfd_create$auto(0x0, 0x2) write$auto_proc_pid_attr_operations_base(r0, &(0x7f0000000240)="c837b82802749ee4f24b4e9af6634e3353e6", 0x12) r1 = fcntl$auto(0xff80000000000000, 0x409, 0x3f) socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000000), r1) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r3) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x18, r4, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_TDLS_SUPPORT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(r3, 0x0, 0x40000) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bdi/43:192/wb_stats\x00', 0x40, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x582, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180), 0x9}, 0xb) prctl$auto(0x43, 0x80000000000000, 0x0, 0x2, 0x0) socket(0x18, 0x2, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC0D0p\x00', 0x44000, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) 4.901779701s ago: executing program 2 (id=5269): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram2\x00', 0x20c000, 0x0) mmap$auto(0x80000000, 0x10000810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000000000000001) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) r1 = socket(0x29, 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="eeffff9a", @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x6404c804}, 0x40010) recvmmsg$auto(r2, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r1, 0x89f0, 0x24) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0ro\x00', 0x2c00, 0x0) ioctl$auto_MEMREADOOB(r4, 0xc0104d04, &(0x7f0000000080)={0x4007761, 0x7ae900f3, 0x0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bpf$auto_BPF_OBJ_PIN(0x6, &(0x7f0000000280)=@link_create={@map_fd=r3, @target_ifindex, 0x4, 0x7fffffff, @uprobe_multi={0xfffffffffffffffd, 0x1, 0x80000001, 0x6, 0x5, 0x800}}, 0x5) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000000)=""/226, 0xe2) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000e80)=""/193, 0xc1) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cuse\x00', 0x41000, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) mmap$auto(0x2000, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) 3.294873045s ago: executing program 2 (id=5270): r0 = socket(0x10, 0xa, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) ioctl$auto_VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000180)=0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_HW_TIMESTAMP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010027bd7000fddbdf259400000008000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x804}, 0x4080) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRESDEC=r7, @ANYBLOB="000228bd7000fedb62c9ba6e73e5395f2a0110000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8800) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff) read$auto(r8, 0x0, 0x20) r9 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/fail-nth\x00', 0x7c7882, 0x0) writev$auto(r9, &(0x7f0000000200)={0x0, 0x7}, 0x3) sendmsg$auto_NL80211_CMD_DEL_NAN_FUNCTION(r5, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000500)={0xe4, r4, 0xdf2059c44be8a256, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x3}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x8}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x3}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x9}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x3}, @NL80211_ATTR_MAC_HINT={0xa5, 0xc8, "358d75f402ff819576c1f12ccc1d49927f903b818461c3bff69011c23781e066109f8b1323b51578afb8c339be8a7807291a204afeb7b5a3da0665f0c30ba8aba5497d74f126146c4ccb8670c5de936cbd01b965bc11966b56e6a9dad15bbf97f4e34c467b45a13cb63efaf2b0e74601405ae2b9d45c03ee06175ab79e7657e7dd904c15d55283bf9a7bb9c49e211cc6d2a6f439e82f55e84dcfd68cee895e7a3f"}]}, 0xe4}, 0x1, 0x0, 0x0, 0x24044011}, 0x1) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x8000, 0x0) madvise$auto(0x0, 0x200007, 0x8) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) shmctl$auto_SHM_LOCK(0x6, 0xb, &(0x7f0000000300)={{0x9, 0x0, 0xffffffffffffffff, 0xffffffbf, 0xfffffc01, 0x2, 0x7f}, 0x5, 0x5, 0x8000, 0x101, @raw=0x303c21db, @inferred, 0x200, 0x0, &(0x7f00000004c0)="0b3b231dc6bd7ebd610de747e6eb9ea600788f8589f38315570acdd01514f0bb70029de75a542488b82a", 0x0}) r10 = socket(0x2b, 0x1, 0x1) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) ioctl$auto(r10, 0x89a0, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 3.294754098s ago: executing program 3 (id=5271): mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2d, 0x2, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x202940, 0x0) select$auto(0x5, 0x0, &(0x7f00000001c0)={[0x8, 0x9e7, 0xf, 0x2, 0xe, 0x1, 0x9, 0x4, 0xc68, 0x3, 0x40, 0x8f66, 0x5, 0x9, 0x9, 0x7fffffffffffffff]}, 0x0, 0x0) pselect6$auto(0xa36, &(0x7f0000000080)={[0x1, 0x7, 0xfff, 0x5, 0xfffffffffffffff8, 0x3ff, 0x7f, 0x2, 0xa1, 0x81, 0x8, 0x2, 0x200, 0x176, 0x10001, 0x5]}, &(0x7f0000000240)={[0xd, 0x4, 0xa9d, 0x4faf, 0x8, 0xfffffffffffffff9, 0xa, 0x4, 0x52, 0x1, 0x0, 0x8, 0x0, 0xa, 0x81, 0x81]}, &(0x7f00000002c0)={[0x4, 0x5, 0x4, 0x0, 0x340, 0x1, 0x5, 0x0, 0x0, 0x1, 0x3, 0x6, 0x8, 0x9, 0x5935eb7e, 0x7]}, &(0x7f0000000000)={0xffffffffffffffff, 0x80000000}, &(0x7f0000000340)="a8ca33e6683eed133d1f397d879c212caeaa0c80ae3fe3732d635060db986e73cf6cf191eacb20e0d0f3806536fff0b3aff1f521ccd399701ea611f19c2fc11d4a37695fbecdd9061f056677d995f68e95581413c7bc7ec0632da314b12c5df8d0cee409197fe73bac216b3f9662e879931d493b789c9f040eb377885ee9bc566674435357e01724605c25e28eaf4e27b99be5b8766d7d644275bb7748961501e8d510303e5b1edcc4849ea118d09e45cd099d460319f9589dfedcaaf15b317136e2234e8e0ce7332128be8fc6faaf005d74a815179b3c8e09d261612e015595e619fde27eca1835cd6b6fdfca77e031309bfd4942b3464173") openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, 0x0, 0x20000000) (async) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) ioctl$auto(0x3, 0x89e0, 0x91) 2.958360995s ago: executing program 3 (id=5272): madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) read$auto_uinput_fops_uinput(r0, &(0x7f0000000040)=""/250, 0xfa) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x341102, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0xff97) ioctl$auto(0x3, 0xae41, r2) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x2040, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) sysfs$auto(0x2, 0x4a, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x6, 0x0, 0x0, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x1eb702, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mprotect$auto(0x200000000000, 0x806121, 0x6) 2.513601878s ago: executing program 2 (id=5273): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x12, 0x401, 0x8000) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vlan1\x00'}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2000, 0x0) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cgroup\x00', 0x181100, 0x0) read$auto_proc_single_file_operations_base(r1, &(0x7f0000000080)=""/112, 0x70) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ttye1\x00', 0x101001, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb1, 0xd, 0x300000000000) bpf$auto(0x5, 0x0, 0x4a) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mmap$auto(0x0, 0x8000000004020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x200000000004) close_range$auto(0x2, 0x8, 0x0) semget$auto(0x8, 0x3, 0xfffffffe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x15, 0x5, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) io_uring_setup$auto(0x6, 0x0) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x3, 0x100) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) ioctl$auto(r4, 0x40045431, r0) r5 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010028bd7000fdbcdf2501"], 0x1c}}, 0x40000) sendmsg$auto_ILA_CMD_FLUSH(r2, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000540)={0x14, r5, 0x1, 0x2, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x40844) 1.499192874s ago: executing program 2 (id=5274): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/ipvlan1/retrans_time\x00', 0x242, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r1 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/current_tracer\x00', 0x40482, 0x0) pwrite64$auto(r0, 0x0, 0x4, 0x4) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) r2 = socket(0xf, 0x3, 0x2) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x420001, 0x0) r4 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000140), r2) sendmsg$auto_IPVS_CMD_GET_DEST(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="eade9047376b0e3500000000000000000000000000000000004e204729", @ANYRES16=r4, @ANYRESOCT=r3], 0x24}, 0x1, 0x0, 0x0, 0x24004090}, 0x20000004) prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x1) socket(0x2, 0x2, 0x0) socket(0x29, 0x80000, 0xff) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0xa, 0x3, 0x3a) close$auto(r1) r5 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r5, 0xd6b, 0x0, 0x6) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0x8, 0xeb1, 0x401, 0x6) open(&(0x7f0000000200)='./file0\x00', 0xa4200, 0x15c) mmap$auto(0xfffffffffffffffe, 0xe983, 0xdf, 0xeb1, 0x401, 0xfffffffffffffff7) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto_PTRACE_SET_THREAD_AREA(0x1a, r6, 0x7fffffff, 0x1) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYBLOB="04002bbd7000ffdbdf250500000008000500030000000c0001800800030008"], 0x28}, 0x1, 0x0, 0x0, 0x278e18a297a8387c}, 0x24000802) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x3a) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd6/trace/act_mask\x00', 0x80302, 0x0) sendfile$auto(r7, r7, 0x0, 0xffffffff) 1.498725818s ago: executing program 3 (id=5275): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x1, 0xc, 0x9c0d, 0x10, 0x10006, 0x300000000000) r0 = socket(0x2, 0x3, 0x6) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000180)=@bpf_attr_0={0x3ff, 0x8, 0xffff, 0x7fffffff, 0xc2, r0, 0x7, "3f8850b8c665dabcdf3c01e5fde04738", 0x0, 0xffffffffffffffff, 0x10001, 0x0, 0x1, 0x2, r0, r0}, 0xffffffc0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000440)="671f264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4b9b4c", 0x24) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/psmouse/parameters/proto\x00', 0x20a42, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001080)=""/4076, 0xfec) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/bdi/1:15/wb_stats\x00', 0x40, 0x0) mmap$auto(0x0, 0xfffffffffffffb1f, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 1.266811112s ago: executing program 3 (id=5276): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop13/queue/discard_zeroes_data\x00', 0x20b02, 0x0) sendfile$auto(r0, r0, &(0x7f0000000000)=0x3, 0x9) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x4001, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x2, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000140), 0x48ac80, 0x0) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r3, 0x40186f40, &(0x7f0000000080)={0xffffffff, 0x0, 0xf7d, 0x4, 0x1}) ioctl$auto(0xffffffffffffffff, 0x80405600, 0xffffffffffffffff) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4) process_madvise$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x0, 0x5, 0x4, 0x0) mmap$auto(0x3, 0x4, 0x9, 0x78, 0x4, 0x300000000000) fsetxattr$auto(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0) iopl$auto(0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) select$auto(0xf, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x1a, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0xffffffff, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYRES16], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000) sendmsg$auto_NL80211_CMD_GET_REG(r2, 0x0, 0x8004) mmap$auto(0x0, 0x2000b, 0xe2, 0xeb1, 0x405, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x4000001, 0x4, 0x3, 0x35e, 0x3, 0x81, 0x3, 0x5, 0x2, 0x6d3c, 0x9, 0x2, 0x8]}, 0x0) mmap$auto(0xfffffffffffffffd, 0x8, 0xdc, 0xeb1, 0x0, 0x8002) socket(0xa, 0x5, 0x8) 1.11641837s ago: executing program 2 (id=5277): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyu5\x00', 0x11b542, 0x0) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/snd/pcmC1D0c\x00', 0x10800, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_REWIND2(r1, 0x40084146, &(0x7f00000001c0)=0x6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) socket(0xa, 0x2, 0x3a) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000040)='.\x00', 0x4) umount2$auto(&(0x7f0000000000)='.\x00', 0x4) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9) setsockopt$auto_SO_ATTACH_FILTER(r0, 0xfffffffc, 0x1a, &(0x7f0000000200)='/dev/virtual_nci\x00', 0x5) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) write$auto_tty_fops_tty_io(r0, &(0x7f0000000280)="352c8efa618c0bcf83a4ebdb278754e15f", 0x11) mmap$auto(0x0, 0xa, 0x2, 0x100000040eb2, 0xffffffffffffffff, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) io_uring_setup$auto(0x800, 0x0) bpf$auto(0x5, 0x0, 0x102) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(r3, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="000027bd7000fedbdf252000000004001a00"], 0x18}, 0x1, 0x0, 0x0, 0x404c084}, 0x0) 0s ago: executing program 2 (id=5278): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), r1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r4 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/meminfo\x00', 0x42080, 0x0) read$auto_proc_mountinfo_operations_mnt_namespace(r4, &(0x7f0000000040)=""/66, 0x42) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r5, 0x0, 0xe) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'erspan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'pimreg0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'dvmrp0\x00', 0x0}) r9 = socket(0x2, 0x1, 0x0) r10 = getsockopt$auto(r9, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x200039) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PRIVFLAGS_GET(r1, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x74, r2, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x100}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x20004800) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', 0x0}) r13 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r1) ioctl$auto_NS_GET_PID_FROM_PIDNS(r10, 0x8004b706, &(0x7f0000000440)=0xf056) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000300)={0x30, r13, 0x1, 0x70bd2a, 0x25dfdc00, {}, [@ETHTOOL_A_CHANNELS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8800}, 0x4) modify_ldt$auto(0x1ff, &(0x7f00000003c0)="023a1288af3046d52508c240ef134b534a188fe80856dbf00ba4499109407de28d216127e98f502f891b60c1934253e9cdac5dbd78c10c67e4511152009d6e35e2defb712dfbfb33e873a3e90bba1c58", 0xfcb7) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 [ 1728.809574][ T31] audit: type=1800 audit(4294967328.874:14): pid=28298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4190" name="dbroot" dev="configfs" ino=101732 res=0 errno=0 [ 1728.855802][T28298] FAULT_INJECTION: forcing a failure. [ 1728.855802][T28298] name failslab, interval 1, probability 0, space 0, times 0 [ 1728.955478][T28298] CPU: 0 UID: 0 PID: 28298 Comm: syz.0.4190 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1728.955514][T28298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1728.955530][T28298] Call Trace: [ 1728.955538][T28298] [ 1728.955547][T28298] dump_stack_lvl+0x16c/0x1f0 [ 1728.955584][T28298] should_fail_ex+0x512/0x640 [ 1728.955618][T28298] ? fs_reclaim_acquire+0xae/0x150 [ 1728.955658][T28298] ? mempool_init_node+0x305/0x6e0 [ 1728.955694][T28298] should_failslab+0xc2/0x120 [ 1728.955727][T28298] __kmalloc_noprof+0xd2/0x510 [ 1728.955762][T28298] ? __pfx_mempool_kmalloc+0x10/0x10 [ 1728.955796][T28298] mempool_init_node+0x305/0x6e0 [ 1728.955838][T28298] ? __pfx_mempool_kmalloc+0x10/0x10 [ 1728.955872][T28298] ? __pfx_mempool_kfree+0x10/0x10 [ 1728.955914][T28298] mempool_init_noprof+0x3a/0x50 [ 1728.955955][T28298] do_fanotify_mark+0x2db2/0x3600 [ 1728.956008][T28298] ? __pfx_do_fanotify_mark+0x10/0x10 [ 1728.956050][T28298] ? __x64_sys_futex+0x1e9/0x4c0 [ 1728.956087][T28298] ? xfd_validate_state+0x61/0x180 [ 1728.956122][T28298] ? __pfx_ksys_write+0x10/0x10 [ 1728.956155][T28298] __x64_sys_fanotify_mark+0xbd/0x160 [ 1728.956195][T28298] ? do_syscall_64+0x91/0x490 [ 1728.956225][T28298] ? lockdep_hardirqs_on+0x7c/0x110 [ 1728.956255][T28298] do_syscall_64+0xcd/0x490 [ 1728.956288][T28298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1728.956313][T28298] RIP: 0033:0x7f9a5d78ebe9 [ 1728.956331][T28298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1728.956356][T28298] RSP: 002b:00007f9a5e5e4038 EFLAGS: 00000246 ORIG_RAX: 000000000000012d [ 1728.956378][T28298] RAX: ffffffffffffffda RBX: 00007f9a5d9b5fa0 RCX: 00007f9a5d78ebe9 [ 1728.956394][T28298] RDX: 0000000000008009 RSI: 0000000000000105 RDI: 0000000000000000 [ 1728.956408][T28298] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1728.956428][T28298] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1728.956442][T28298] R13: 00007f9a5d9b6038 R14: 00007f9a5d9b5fa0 R15: 00007ffed6cc0af8 [ 1728.956472][T28298] [ 1730.250613][T28321] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4196'. [ 1731.652645][T28338] svc: failed to register nfsdv3 RPC service (errno 111). [ 1731.701573][T28338] svc: failed to register nfsaclv3 RPC service (errno 111). [ 1732.998570][T28354] openvswitch: netlink: IP tunnel attribute has 122 unknown bytes. [ 1733.761891][ T31] audit: type=1800 audit(4294967333.860:15): pid=28363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4206" name="discovery_nqn" dev="configfs" ino=101941 res=0 errno=0 [ 1734.605092][T28363] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1736.118172][ T5870] Bluetooth: hci2: unexpected subevent 0x0c length: 0 < 5 [ 1736.812887][T28396] Invalid ELF header magic: != ELF [ 1738.340560][T28407] ubi0: attaching mtd0 [ 1738.401903][T28407] ubi0: scanning is finished [ 1738.501297][T28407] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1739.114776][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1739.123646][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1739.247098][T28407] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1741.120846][T28437] Invalid ELF header magic: != ELF [ 1744.704974][T28476] Invalid ELF header magic: != ELF [ 1745.134093][T28478] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4226'. [ 1746.300558][T28465] hub 8-0:1.0: USB hub found [ 1746.427448][T28465] hub 8-0:1.0: 1 port detected [ 1748.348805][T28529] Invalid ELF header magic: != ELF [ 1748.812996][T28538] FAULT_INJECTION: forcing a failure. [ 1748.812996][T28538] name failslab, interval 1, probability 0, space 0, times 0 [ 1748.879187][T28538] CPU: 0 UID: 0 PID: 28538 Comm: syz.0.4242 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1748.879224][T28538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1748.879239][T28538] Call Trace: [ 1748.879247][T28538] [ 1748.879257][T28538] dump_stack_lvl+0x16c/0x1f0 [ 1748.879292][T28538] should_fail_ex+0x512/0x640 [ 1748.879326][T28538] ? fs_reclaim_acquire+0xae/0x150 [ 1748.879364][T28538] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1748.879398][T28538] should_failslab+0xc2/0x120 [ 1748.879430][T28538] __kmalloc_noprof+0xd2/0x510 [ 1748.879464][T28538] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1748.879501][T28538] ? tomoyo_profile+0x47/0x60 [ 1748.879541][T28538] tomoyo_path_number_perm+0x245/0x580 [ 1748.879568][T28538] ? tomoyo_path_number_perm+0x237/0x580 [ 1748.879600][T28538] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1748.879630][T28538] ? find_held_lock+0x2b/0x80 [ 1748.879679][T28538] ? find_held_lock+0x2b/0x80 [ 1748.879701][T28538] ? hook_file_ioctl_common+0x145/0x410 [ 1748.879743][T28538] ? __fget_files+0x20e/0x3c0 [ 1748.879774][T28538] security_file_ioctl+0x9b/0x240 [ 1748.879806][T28538] __x64_sys_ioctl+0xb7/0x210 [ 1748.879845][T28538] do_syscall_64+0xcd/0x490 [ 1748.879879][T28538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1748.879903][T28538] RIP: 0033:0x7f9a5d78ebe9 [ 1748.879921][T28538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1748.879945][T28538] RSP: 002b:00007f9a5e5c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1748.879969][T28538] RAX: ffffffffffffffda RBX: 00007f9a5d9b6090 RCX: 00007f9a5d78ebe9 [ 1748.879985][T28538] RDX: 0000000000000004 RSI: 00000000c0086202 RDI: 0000000000000003 [ 1748.879999][T28538] RBP: 00007f9a5e5c3090 R08: 0000000000000000 R09: 0000000000000000 [ 1748.880014][T28538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1748.880027][T28538] R13: 00007f9a5d9b6128 R14: 00007f9a5d9b6090 R15: 00007ffed6cc0af8 [ 1748.880057][T28538] [ 1748.880066][T28538] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1751.140987][T28558] ubi0: attaching mtd0 [ 1751.187894][T28558] ubi0: scanning is finished [ 1751.192567][T28558] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1751.936068][T28558] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1754.689230][T28589] Invalid ELF header magic: != ELF [ 1755.813090][T28608] futex_wake_op: syz.3.4258 tries to shift op by 64; fix this program [ 1758.744731][T28641] Invalid ELF header magic: != ELF [ 1766.018325][T28720] FAULT_INJECTION: forcing a failure. [ 1766.018325][T28720] name failslab, interval 1, probability 0, space 0, times 0 [ 1766.084579][T28720] CPU: 0 UID: 0 PID: 28720 Comm: syz.0.4283 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1766.084616][T28720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1766.084632][T28720] Call Trace: [ 1766.084641][T28720] [ 1766.084651][T28720] dump_stack_lvl+0x16c/0x1f0 [ 1766.084688][T28720] should_fail_ex+0x512/0x640 [ 1766.084723][T28720] ? __kvmalloc_node_noprof+0x124/0x620 [ 1766.084755][T28720] should_failslab+0xc2/0x120 [ 1766.084787][T28720] __kvmalloc_node_noprof+0x137/0x620 [ 1766.084815][T28720] ? v4l2_ctrl_new+0x97d/0x2180 [ 1766.084847][T28720] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1766.084888][T28720] ? v4l2_ctrl_new+0x97d/0x2180 [ 1766.084920][T28720] v4l2_ctrl_new+0x97d/0x2180 [ 1766.084963][T28720] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 1766.084994][T28720] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 1766.085035][T28720] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1766.085081][T28720] v4l2_ctrl_new_std+0x1be/0x290 [ 1766.085124][T28720] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 1766.085157][T28720] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 1766.085194][T28720] ? rcu_is_watching+0x12/0xc0 [ 1766.085220][T28720] ? trace_kmalloc+0x2b/0xd0 [ 1766.085252][T28720] ? __kvmalloc_node_noprof+0x298/0x620 [ 1766.085286][T28720] ? media_request_object_init+0x100/0x180 [ 1766.085327][T28720] vim2m_open+0x184/0x8a0 [ 1766.085364][T28720] v4l2_open+0x222/0x490 [ 1766.085393][T28720] ? __pfx_v4l2_open+0x10/0x10 [ 1766.085421][T28720] chrdev_open+0x231/0x6a0 [ 1766.085452][T28720] ? __pfx_apparmor_file_open+0x10/0x10 [ 1766.085478][T28720] ? __pfx_chrdev_open+0x10/0x10 [ 1766.085511][T28720] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1766.085544][T28720] do_dentry_open+0x97f/0x1530 [ 1766.085574][T28720] ? __pfx_chrdev_open+0x10/0x10 [ 1766.085611][T28720] vfs_open+0x82/0x3f0 [ 1766.085651][T28720] path_openat+0x1de4/0x2cb0 [ 1766.085689][T28720] ? __pfx_path_openat+0x10/0x10 [ 1766.085726][T28720] do_filp_open+0x20b/0x470 [ 1766.085755][T28720] ? __pfx_do_filp_open+0x10/0x10 [ 1766.085805][T28720] ? alloc_fd+0x471/0x7d0 [ 1766.085838][T28720] do_sys_openat2+0x11b/0x1d0 [ 1766.085875][T28720] ? __pfx_do_sys_openat2+0x10/0x10 [ 1766.085923][T28720] __x64_sys_openat+0x174/0x210 [ 1766.085961][T28720] ? __pfx___x64_sys_openat+0x10/0x10 [ 1766.086011][T28720] do_syscall_64+0xcd/0x490 [ 1766.086044][T28720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1766.086075][T28720] RIP: 0033:0x7f9a5d78ebe9 [ 1766.086094][T28720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1766.086118][T28720] RSP: 002b:00007f9a5e5c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1766.086141][T28720] RAX: ffffffffffffffda RBX: 00007f9a5d9b6090 RCX: 00007f9a5d78ebe9 [ 1766.086157][T28720] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1766.086172][T28720] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1766.086187][T28720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1766.086201][T28720] R13: 00007f9a5d9b6128 R14: 00007f9a5d9b6090 R15: 00007ffed6cc0af8 [ 1766.086232][T28720] [ 1766.568495][T28720] size and base must be multiples of 4 kiB [ 1766.574537][T28720] CPU: 0 UID: 0 PID: 28720 Comm: syz.0.4283 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1766.574572][T28720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1766.574588][T28720] Call Trace: [ 1766.574596][T28720] [ 1766.574606][T28720] dump_stack_lvl+0x16c/0x1f0 [ 1766.574641][T28720] mtrr_add+0xdf/0x110 [ 1766.574677][T28720] mtrr_ioctl+0x7ef/0xcf0 [ 1766.574712][T28720] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1766.574770][T28720] ? find_held_lock+0x2b/0x80 [ 1766.574802][T28720] ? __fget_files+0x20e/0x3c0 [ 1766.574830][T28720] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1766.574864][T28720] proc_reg_unlocked_ioctl+0x229/0x320 [ 1766.574899][T28720] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1766.574936][T28720] __x64_sys_ioctl+0x18e/0x210 [ 1766.574976][T28720] do_syscall_64+0xcd/0x490 [ 1766.575009][T28720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1766.575034][T28720] RIP: 0033:0x7f9a5d78ebe9 [ 1766.575054][T28720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1766.575078][T28720] RSP: 002b:00007f9a5e5c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1766.575101][T28720] RAX: ffffffffffffffda RBX: 00007f9a5d9b6090 RCX: 00007f9a5d78ebe9 [ 1766.575118][T28720] RDX: 0000000000000005 RSI: 00000000400c4d01 RDI: 0000000000000005 [ 1766.575133][T28720] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1766.575147][T28720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1766.575162][T28720] R13: 00007f9a5d9b6128 R14: 00007f9a5d9b6090 R15: 00007ffed6cc0af8 [ 1766.575192][T28720] [ 1767.446205][T28732] FAULT_INJECTION: forcing a failure. [ 1767.446205][T28732] name failslab, interval 1, probability 0, space 0, times 0 [ 1767.537799][T28732] CPU: 0 UID: 7 PID: 28732 Comm: syz.0.4286 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1767.537834][T28732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1767.537850][T28732] Call Trace: [ 1767.537858][T28732] [ 1767.537868][T28732] dump_stack_lvl+0x16c/0x1f0 [ 1767.537903][T28732] should_fail_ex+0x512/0x640 [ 1767.537937][T28732] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1767.537966][T28732] should_failslab+0xc2/0x120 [ 1767.537999][T28732] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1767.538025][T28732] ? alloc_super+0x52/0xbd0 [ 1767.538056][T28732] alloc_super+0x52/0xbd0 [ 1767.538079][T28732] ? sget_fc+0xd3/0xc20 [ 1767.538109][T28732] sget_fc+0x116/0xc20 [ 1767.538136][T28732] ? __pfx_set_anon_super_fc+0x10/0x10 [ 1767.538161][T28732] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1767.538200][T28732] get_tree_nodev+0x28/0x190 [ 1767.538229][T28732] mqueue_get_tree+0xf1/0x130 [ 1767.538267][T28732] vfs_get_tree+0x8b/0x340 [ 1767.538290][T28732] fc_mount_longterm+0x18/0x160 [ 1767.538329][T28732] mq_init_ns+0x426/0x620 [ 1767.538358][T28732] copy_ipcs+0x383/0x610 [ 1767.538383][T28732] ? copy_utsname+0xab/0x470 [ 1767.538419][T28732] create_new_namespaces+0x20a/0xa90 [ 1767.538447][T28732] ? security_capable+0x7e/0x260 [ 1767.538474][T28732] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1767.538506][T28732] ksys_unshare+0x45b/0xa40 [ 1767.538540][T28732] ? __pfx_ksys_unshare+0x10/0x10 [ 1767.538574][T28732] ? xfd_validate_state+0x61/0x180 [ 1767.538618][T28732] __x64_sys_unshare+0x31/0x40 [ 1767.538658][T28732] do_syscall_64+0xcd/0x490 [ 1767.538692][T28732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1767.538718][T28732] RIP: 0033:0x7f9a5d78ebe9 [ 1767.538737][T28732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1767.538761][T28732] RSP: 002b:00007f9a5e5e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1767.538784][T28732] RAX: ffffffffffffffda RBX: 00007f9a5d9b5fa0 RCX: 00007f9a5d78ebe9 [ 1767.538801][T28732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 1767.538816][T28732] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1767.538831][T28732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1767.538845][T28732] R13: 00007f9a5d9b6038 R14: 00007f9a5d9b5fa0 R15: 00007ffed6cc0af8 [ 1767.538875][T28732] [ 1770.109162][T28746] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.0.4290: Error -117 reading block bitmap for 2 [ 1770.155771][T28748] ptp ptp0: delete virtual clock ptp3 [ 1770.305141][T28746] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.0.4290: Error -117 reading block bitmap for 2 [ 1770.346824][T28748] ptp ptp0: delete virtual clock ptp2 [ 1770.485079][T28748] ptp ptp0: delete virtual clock ptp1 [ 1770.704382][T28748] ptp ptp0: only physical clock in use now [ 1772.032413][T28774] Invalid ELF header magic: != ELF [ 1776.477348][T28819] Invalid ELF header magic: != ELF [ 1778.475097][T28851] Invalid ELF header magic: != ELF [ 1780.223718][T28876] Invalid ELF header magic: != ELF [ 1783.377800][T28925] Invalid ELF header magic: != ELF [ 1783.983643][T28929] Invalid ELF header magic: != ELF [ 1788.590080][T28989] Invalid ELF header magic: != ELF [ 1794.424124][T29063] Invalid ELF header magic: != ELF [ 1795.844729][T29076] Invalid ELF header magic: != ELF [ 1798.972499][T29123] Invalid ELF header magic: != ELF [ 1800.140640][T29145] mkiss: ax0: crc mode is auto. [ 1800.235015][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1800.241754][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1800.525040][T29154] ptp ptp0: new virtual clock ptp1 [ 1800.679743][T29154] ptp ptp0: new virtual clock ptp2 [ 1800.865391][T29154] ptp ptp0: new virtual clock ptp3 [ 1801.030030][T29154] ptp ptp0: guarantee physical clock free running [ 1802.565367][T29183] Invalid ELF header magic: != ELF [ 1803.428119][T29195] Invalid ELF header magic: != ELF [ 1804.417019][T29201] Invalid ELF header magic: != ELF [ 1807.102605][T29250] Invalid ELF header magic: != ELF [ 1812.196000][T29304] Invalid ELF header magic: != ELF [ 1812.203719][T29308] Invalid ELF header magic: != ELF [ 1816.778363][T29367] FAULT_INJECTION: forcing a failure. [ 1816.778363][T29367] name failslab, interval 1, probability 0, space 0, times 0 [ 1816.838224][T29367] CPU: 0 UID: 0 PID: 29367 Comm: syz.0.4430 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1816.838261][T29367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1816.838276][T29367] Call Trace: [ 1816.838284][T29367] [ 1816.838293][T29367] dump_stack_lvl+0x16c/0x1f0 [ 1816.838328][T29367] should_fail_ex+0x512/0x640 [ 1816.838361][T29367] ? __kvmalloc_node_noprof+0x124/0x620 [ 1816.838391][T29367] should_failslab+0xc2/0x120 [ 1816.838423][T29367] __kvmalloc_node_noprof+0x137/0x620 [ 1816.838451][T29367] ? v4l2_ctrl_new+0x97d/0x2180 [ 1816.838482][T29367] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1816.838522][T29367] ? v4l2_ctrl_new+0x97d/0x2180 [ 1816.838553][T29367] v4l2_ctrl_new+0x97d/0x2180 [ 1816.838596][T29367] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 1816.838632][T29367] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 1816.838672][T29367] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1816.838711][T29367] v4l2_ctrl_new_std+0x1be/0x290 [ 1816.838752][T29367] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 1816.838785][T29367] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 1816.838821][T29367] ? rcu_is_watching+0x12/0xc0 [ 1816.838846][T29367] ? trace_kmalloc+0x2b/0xd0 [ 1816.838877][T29367] ? __kvmalloc_node_noprof+0x298/0x620 [ 1816.838910][T29367] ? media_request_object_init+0x100/0x180 [ 1816.838951][T29367] vim2m_open+0x184/0x8a0 [ 1816.838987][T29367] v4l2_open+0x222/0x490 [ 1816.839015][T29367] ? __pfx_v4l2_open+0x10/0x10 [ 1816.839042][T29367] chrdev_open+0x231/0x6a0 [ 1816.839072][T29367] ? __pfx_apparmor_file_open+0x10/0x10 [ 1816.839098][T29367] ? __pfx_chrdev_open+0x10/0x10 [ 1816.839130][T29367] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1816.839162][T29367] do_dentry_open+0x97f/0x1530 [ 1816.839192][T29367] ? __pfx_chrdev_open+0x10/0x10 [ 1816.839227][T29367] vfs_open+0x82/0x3f0 [ 1816.839266][T29367] path_openat+0x1de4/0x2cb0 [ 1816.839302][T29367] ? __pfx_path_openat+0x10/0x10 [ 1816.839338][T29367] do_filp_open+0x20b/0x470 [ 1816.839366][T29367] ? __pfx_do_filp_open+0x10/0x10 [ 1816.839414][T29367] ? alloc_fd+0x471/0x7d0 [ 1816.839447][T29367] do_sys_openat2+0x11b/0x1d0 [ 1816.839483][T29367] ? __pfx_do_sys_openat2+0x10/0x10 [ 1816.839530][T29367] __x64_sys_openat+0x174/0x210 [ 1816.839567][T29367] ? __pfx___x64_sys_openat+0x10/0x10 [ 1816.839621][T29367] do_syscall_64+0xcd/0x490 [ 1816.839655][T29367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1816.839681][T29367] RIP: 0033:0x7f9a5d78ebe9 [ 1816.839700][T29367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1816.839724][T29367] RSP: 002b:00007f9a5e5c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1816.839747][T29367] RAX: ffffffffffffffda RBX: 00007f9a5d9b6090 RCX: 00007f9a5d78ebe9 [ 1816.839763][T29367] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1816.839779][T29367] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1816.839793][T29367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1816.839808][T29367] R13: 00007f9a5d9b6128 R14: 00007f9a5d9b6090 R15: 00007ffed6cc0af8 [ 1816.839838][T29367] [ 1817.481932][T29367] size and base must be multiples of 4 kiB [ 1817.487872][T29367] CPU: 0 UID: 0 PID: 29367 Comm: syz.0.4430 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1817.487906][T29367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1817.487920][T29367] Call Trace: [ 1817.487930][T29367] [ 1817.487939][T29367] dump_stack_lvl+0x16c/0x1f0 [ 1817.487973][T29367] mtrr_add+0xdf/0x110 [ 1817.488007][T29367] mtrr_ioctl+0x7ef/0xcf0 [ 1817.488040][T29367] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1817.488078][T29367] ? find_held_lock+0x2b/0x80 [ 1817.488108][T29367] ? __fget_files+0x20e/0x3c0 [ 1817.488135][T29367] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1817.488167][T29367] proc_reg_unlocked_ioctl+0x229/0x320 [ 1817.488200][T29367] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1817.488234][T29367] __x64_sys_ioctl+0x18e/0x210 [ 1817.488279][T29367] do_syscall_64+0xcd/0x490 [ 1817.488311][T29367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1817.488336][T29367] RIP: 0033:0x7f9a5d78ebe9 [ 1817.488354][T29367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1817.488377][T29367] RSP: 002b:00007f9a5e5c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1817.488399][T29367] RAX: ffffffffffffffda RBX: 00007f9a5d9b6090 RCX: 00007f9a5d78ebe9 [ 1817.488415][T29367] RDX: 0000000000000005 RSI: 00000000400c4d01 RDI: 0000000000000005 [ 1817.488429][T29367] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1817.488444][T29367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1817.488458][T29367] R13: 00007f9a5d9b6128 R14: 00007f9a5d9b6090 R15: 00007ffed6cc0af8 [ 1817.488487][T29367] [ 1818.402482][T29377] Invalid ELF header magic: != ELF [ 1821.023053][T29412] ubi0: attaching mtd0 [ 1821.042000][T29412] netlink: 245 bytes leftover after parsing attributes in process `syz.3.4445'. [ 1821.905397][T29422] Invalid ELF header magic: != ELF [ 1824.198814][T29458] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1824.333969][T29458] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1824.530641][T29458] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1824.696230][T29458] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1824.804055][T29458] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1826.065271][T29473] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1826.078340][T29473] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1826.087671][T29473] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1826.116850][T29473] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1826.124420][T29473] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1826.256777][T29473] Bluetooth: hci3: command 0x0406 tx timeout [ 1826.495741][T29473] Bluetooth: hci2: command 0x0406 tx timeout [ 1826.527911][T20288] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 1826.812765][T29473] Bluetooth: hci0: command 0x0406 tx timeout [ 1828.170529][T29473] Bluetooth: hci1: command tx timeout [ 1828.325777][T29473] Bluetooth: hci3: command 0x0406 tx timeout [ 1828.533329][T29491] Invalid ELF header magic: != ELF [ 1829.262713][T24188] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1829.356451][T29472] chnl_net:caif_netlink_parms(): no params data found [ 1830.235617][T29473] Bluetooth: hci1: command tx timeout [ 1830.246850][T24188] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1830.620665][T24188] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1830.801164][T24188] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1830.946681][T29472] bridge0: port 1(bridge_slave_0) entered blocking state [ 1830.969402][T29472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1830.991619][T29472] bridge_slave_0: entered allmulticast mode [ 1831.011506][T29472] bridge_slave_0: entered promiscuous mode [ 1831.037635][T29472] bridge0: port 2(bridge_slave_1) entered blocking state [ 1831.059461][T29472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1831.089435][T29472] bridge_slave_1: entered allmulticast mode [ 1831.097531][T29472] bridge_slave_1: entered promiscuous mode [ 1831.333988][T29472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1831.369217][T29472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1831.537360][T29472] team0: Port device team_slave_0 added [ 1831.576525][T24188] bridge_slave_1: left allmulticast mode [ 1831.601426][T24188] bridge_slave_1: left promiscuous mode [ 1831.608401][T24188] bridge0: port 2(bridge_slave_1) entered disabled state [ 1831.730496][T24188] bridge_slave_0: left allmulticast mode [ 1831.736179][T24188] bridge_slave_0: left promiscuous mode [ 1831.777478][T24188] bridge0: port 1(bridge_slave_0) entered disabled state [ 1832.305080][T29473] Bluetooth: hci1: command tx timeout [ 1833.554243][T24188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1833.596541][T24188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1833.632624][T24188] bond0 (unregistering): Released all slaves [ 1833.684155][T29472] team0: Port device team_slave_1 added [ 1834.154949][T29472] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1834.176030][T29472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1834.239343][T29472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1834.361796][T29472] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1834.373387][T29473] Bluetooth: hci1: command tx timeout [ 1834.397495][T29472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1834.497319][T29472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1834.996608][T29472] hsr_slave_0: entered promiscuous mode [ 1835.054885][T29472] hsr_slave_1: entered promiscuous mode [ 1835.092999][T29472] debugfs: 'hsr0' already exists in 'hsr' [ 1835.098793][T29472] Cannot create hsr debugfs directory [ 1835.926803][T29564] Invalid ELF header magic: != ELF [ 1836.262492][T24188] hsr_slave_0: left promiscuous mode [ 1836.321345][T24188] hsr_slave_1: left promiscuous mode [ 1836.347952][T24188] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1836.401350][T24188] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1836.456263][T24188] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1836.493489][T24188] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1836.604742][T24188] veth1_macvtap: left promiscuous mode [ 1836.642670][T24188] veth0_macvtap: left promiscuous mode [ 1836.648280][T24188] veth1_vlan: left promiscuous mode [ 1836.677171][T24188] veth0_vlan: left promiscuous mode [ 1837.752938][T24188] team0 (unregistering): Port device team_slave_1 removed [ 1837.853262][T24188] team0 (unregistering): Port device team_slave_0 removed [ 1841.203701][T29472] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1841.254950][T29618] Invalid ELF header magic: != ELF [ 1841.291244][T29472] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1841.379238][T29472] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1841.431825][T29472] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1841.807733][T29634] FAULT_INJECTION: forcing a failure. [ 1841.807733][T29634] name failslab, interval 1, probability 0, space 0, times 0 [ 1841.900981][T29472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1841.930460][T29634] CPU: 0 UID: 1 PID: 29634 Comm: syz.3.4482 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1841.930507][T29634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1841.930522][T29634] Call Trace: [ 1841.930531][T29634] [ 1841.930541][T29634] dump_stack_lvl+0x16c/0x1f0 [ 1841.930582][T29634] should_fail_ex+0x512/0x640 [ 1841.930625][T29634] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1841.930656][T29634] should_failslab+0xc2/0x120 [ 1841.930688][T29634] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1841.930714][T29634] ? trace_pid_list_alloc+0x1b0/0x3f0 [ 1841.930750][T29634] trace_pid_list_alloc+0x1b0/0x3f0 [ 1841.930785][T29634] trace_pid_write+0x10e/0x460 [ 1841.930823][T29634] ? __mutex_unlock_slowpath+0x163/0x800 [ 1841.930857][T29634] ? __pfx_trace_pid_write+0x10/0x10 [ 1841.930894][T29634] ? __pfx___mutex_lock+0x10/0x10 [ 1841.930923][T29634] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1841.930974][T29634] event_pid_write.isra.0+0x1e4/0x7f0 [ 1841.931010][T29634] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 1841.931070][T29634] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 1841.931117][T29634] vfs_write+0x29d/0x11d0 [ 1841.931154][T29634] ? __pfx___mutex_lock+0x10/0x10 [ 1841.931198][T29634] ? __pfx_vfs_write+0x10/0x10 [ 1841.931257][T29634] ? __fget_files+0x20e/0x3c0 [ 1841.931310][T29634] ksys_write+0x12a/0x250 [ 1841.931353][T29634] ? __pfx_ksys_write+0x10/0x10 [ 1841.931407][T29634] do_syscall_64+0xcd/0x490 [ 1841.931464][T29634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1841.931506][T29634] RIP: 0033:0x7fe36fb8ebe9 [ 1841.931533][T29634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1841.931582][T29634] RSP: 002b:00007fe3709d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1841.931619][T29634] RAX: ffffffffffffffda RBX: 00007fe36fdb6090 RCX: 00007fe36fb8ebe9 [ 1841.931641][T29634] RDX: 000000000000fdf3 RSI: 0000000000000000 RDI: 0000000000000003 [ 1841.931656][T29634] RBP: 00007fe36fc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1841.931671][T29634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1841.931685][T29634] R13: 00007fe36fdb6128 R14: 00007fe36fdb6090 R15: 00007ffc345a3fc8 [ 1841.931722][T29634] [ 1842.417658][T29472] 8021q: adding VLAN 0 to HW filter on device team0 [ 1842.446333][T16126] bridge0: port 1(bridge_slave_0) entered blocking state [ 1842.453495][T16126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1842.548275][T16126] bridge0: port 2(bridge_slave_1) entered blocking state [ 1842.555531][T16126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1843.740437][T29472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1844.230261][T29472] veth0_vlan: entered promiscuous mode [ 1844.277022][T29472] veth1_vlan: entered promiscuous mode [ 1844.534832][T29472] veth0_macvtap: entered promiscuous mode [ 1844.602282][T29472] veth1_macvtap: entered promiscuous mode [ 1844.704152][T29472] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1844.811618][T29472] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1844.904186][T24189] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1844.953667][T24189] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1845.062811][T24189] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1845.134355][T24189] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1845.556360][T16126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1845.564222][T16126] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1845.809959][ T3038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1845.869250][ T3038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1846.548668][T29712] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1847.057409][T29707] Invalid ELF header magic: != ELF [ 1852.943064][T29821] openvswitch: netlink: Missing valid actions attribute. [ 1853.627502][T29826] Invalid ELF header magic: != ELF [ 1855.224597][T29845] random: crng reseeded on system resumption [ 1856.925783][T29878] Invalid ELF header magic: != ELF [ 1861.373404][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1861.389689][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1861.611239][T29930] Invalid ELF header magic: != ELF [ 1861.623279][T29928] kAFS: Invalid Command on /proc/fs/afs/cells file [ 1866.420787][T30008] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 1867.304118][T30013] serio: Serial port pty6 [ 1868.295717][T30027] Invalid ELF header magic: != ELF [ 1872.459787][T30080] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4558'. [ 1873.088811][T30080] bond0: (slave bond_slave_0): Releasing backup interface [ 1875.067001][T30096] Invalid ELF header magic: != ELF [ 1877.618937][T30132] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4569'. [ 1879.813240][T30152] Invalid ELF header magic: != ELF [ 1891.412899][T30245] Invalid ELF header magic: != ELF [ 1895.745567][T30316] ubi0: attaching mtd0 [ 1895.750980][T30316] ubi0: scanning is finished [ 1895.778701][T30316] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1896.091893][T30316] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1896.359356][T30326] Invalid ELF header magic: != ELF [ 1899.533723][T30381] Invalid ELF header magic: != ELF [ 1902.012530][T30419] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4628'. [ 1902.341414][T30432] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4632'. [ 1903.621539][T30446] ubi0: attaching mtd0 [ 1903.652351][T30446] ubi0: scanning is finished [ 1903.675444][T30446] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1904.139354][T30446] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1907.744939][T30505] Invalid ELF header magic: != ELF [ 1912.529486][T30572] Invalid ELF header magic: != ELF [ 1918.374303][T30659] Invalid ELF header magic: != ELF [ 1922.479477][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1922.485915][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1922.659926][T30726] Invalid ELF header magic: != ELF [ 1931.644986][T30839] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1931.686377][T30839] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1931.749195][T30839] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1931.780148][T30839] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1931.808843][T30839] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1932.011380][T30839] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1932.939879][T30871] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input105 [ 1933.540236][T29473] Bluetooth: hci3: command 0x0406 tx timeout [ 1933.562807][T30872] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input106 [ 1933.717389][T29473] Bluetooth: hci2: command 0x0406 tx timeout [ 1933.776487][T29473] Bluetooth: hci1: command 0x0c1a tx timeout [ 1933.782552][ T5870] Bluetooth: hci0: command 0x0406 tx timeout [ 1933.831639][T30878] Invalid ELF header magic: != ELF [ 1935.708853][T30905] Invalid ELF header magic: != ELF [ 1935.848541][T29473] Bluetooth: hci1: command 0x0c1a tx timeout [ 1937.915487][T29473] Bluetooth: hci1: command 0x0c1a tx timeout [ 1938.785770][T29473] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 1939.474279][T30970] Invalid ELF header magic: != ELF [ 1942.865208][T31010] Invalid ELF header magic: != ELF [ 1944.642132][T31036] cifs: Unknown parameter '$' [ 1947.937527][T31076] Invalid ELF header magic: != ELF [ 1949.828196][T31093] Invalid ELF header magic: != ELF [ 1955.510857][T31150] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 1955.593605][T31150] CPU: 0 UID: 0 PID: 31150 Comm: syz.0.4783 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1955.593641][T31150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1955.593657][T31150] Call Trace: [ 1955.593665][T31150] [ 1955.593674][T31150] dump_stack_lvl+0x16c/0x1f0 [ 1955.593709][T31150] sysfs_warn_dup+0x7f/0xa0 [ 1955.593739][T31150] sysfs_do_create_link_sd+0x124/0x140 [ 1955.593772][T31150] sysfs_create_link+0x61/0xc0 [ 1955.593801][T31150] device_add+0x62c/0x1aa0 [ 1955.593842][T31150] ? __pfx_device_add+0x10/0x10 [ 1955.593877][T31150] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1955.593914][T31150] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1955.593947][T31150] wiphy_register+0x1df4/0x29f0 [ 1955.593977][T31150] ? netdev_run_todo+0x864/0x1320 [ 1955.594009][T31150] ? __dev_printk+0x220/0x270 [ 1955.594044][T31150] ? __pfx_wiphy_register+0x10/0x10 [ 1955.594084][T31150] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 1955.594119][T31150] ieee80211_register_hw+0x24a9/0x4060 [ 1955.594162][T31150] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1955.594206][T31150] ? find_held_lock+0x2b/0x80 [ 1955.594231][T31150] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1955.594267][T31150] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1955.594298][T31150] ? __hrtimer_setup+0x176/0x280 [ 1955.594338][T31150] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1955.594376][T31150] ? trace_kmalloc+0x2b/0xd0 [ 1955.594409][T31150] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 1955.594439][T31150] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1955.594462][T31150] ? hwsim_new_radio_nl+0xa0e/0x12c0 [ 1955.594484][T31150] ? __asan_memcpy+0x3c/0x60 [ 1955.594512][T31150] hwsim_new_radio_nl+0xb51/0x12c0 [ 1955.594539][T31150] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1955.594571][T31150] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1955.594610][T31150] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1955.594653][T31150] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1955.594692][T31150] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1955.594738][T31150] ? bpf_lsm_capable+0x9/0x10 [ 1955.594759][T31150] ? security_capable+0x7e/0x260 [ 1955.594783][T31150] ? ns_capable+0xd7/0x110 [ 1955.594815][T31150] genl_rcv_msg+0x55c/0x800 [ 1955.594873][T31150] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1955.594910][T31150] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1955.594945][T31150] netlink_rcv_skb+0x158/0x420 [ 1955.594977][T31150] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1955.595014][T31150] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1955.595059][T31150] ? netlink_deliver_tap+0x1ae/0xd30 [ 1955.595094][T31150] genl_rcv+0x28/0x40 [ 1955.595125][T31150] netlink_unicast+0x5a7/0x870 [ 1955.595162][T31150] ? __pfx_netlink_unicast+0x10/0x10 [ 1955.595211][T31150] ? __pfx___might_resched+0x10/0x10 [ 1955.595235][T31150] ? __lock_acquire+0xb97/0x1ce0 [ 1955.595276][T31150] netlink_sendmsg+0x8d1/0xdd0 [ 1955.595313][T31150] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1955.595350][T31150] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1955.595381][T31150] ____sys_sendmsg+0xa95/0xc70 [ 1955.595420][T31150] ? copy_msghdr_from_user+0x10a/0x160 [ 1955.595451][T31150] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1955.595503][T31150] ___sys_sendmsg+0x134/0x1d0 [ 1955.595535][T31150] ? __pfx____sys_sendmsg+0x10/0x10 [ 1955.595604][T31150] __sys_sendmsg+0x16d/0x220 [ 1955.595635][T31150] ? __pfx___sys_sendmsg+0x10/0x10 [ 1955.595664][T31150] ? __x64_sys_futex+0x1e0/0x4c0 [ 1955.595714][T31150] do_syscall_64+0xcd/0x490 [ 1955.595747][T31150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1955.595772][T31150] RIP: 0033:0x7f9a5d78ebe9 [ 1955.595792][T31150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1955.595815][T31150] RSP: 002b:00007f9a5e5e4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1955.595838][T31150] RAX: ffffffffffffffda RBX: 00007f9a5d9b5fa0 RCX: 00007f9a5d78ebe9 [ 1955.595855][T31150] RDX: 0000000004000800 RSI: 00002000000000c0 RDI: 0000000000000004 [ 1955.595870][T31150] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1955.595885][T31150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1955.595900][T31150] R13: 00007f9a5d9b6038 R14: 00007f9a5d9b5fa0 R15: 00007ffed6cc0af8 [ 1955.595931][T31150] [ 1956.453074][T29473] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1956.471975][T29473] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1956.481625][T29473] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1956.499698][T29473] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1956.508223][T29473] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1957.940879][T31158] chnl_net:caif_netlink_parms(): no params data found [ 1958.341587][T31158] bridge0: port 1(bridge_slave_0) entered blocking state [ 1958.364109][T31158] bridge0: port 1(bridge_slave_0) entered disabled state [ 1958.394144][T31158] bridge_slave_0: entered allmulticast mode [ 1958.426322][T31158] bridge_slave_0: entered promiscuous mode [ 1958.459102][T31158] bridge0: port 2(bridge_slave_1) entered blocking state [ 1958.486628][T31158] bridge0: port 2(bridge_slave_1) entered disabled state [ 1958.512471][T31158] bridge_slave_1: entered allmulticast mode [ 1958.527920][ T5870] Bluetooth: hci4: command tx timeout [ 1958.553274][T31158] bridge_slave_1: entered promiscuous mode [ 1958.736327][T31158] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1958.791853][T31158] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1959.128318][T31158] team0: Port device team_slave_0 added [ 1959.165862][T31158] team0: Port device team_slave_1 added [ 1959.825709][T31158] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1959.858013][T31158] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1959.980700][T31158] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1960.048118][T31158] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1960.096273][T31158] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1960.240971][T31158] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1960.598509][ T5870] Bluetooth: hci4: command tx timeout [ 1960.625410][T31158] hsr_slave_0: entered promiscuous mode [ 1960.655809][T31158] hsr_slave_1: entered promiscuous mode [ 1962.673163][ T5870] Bluetooth: hci4: command tx timeout [ 1962.812227][T31158] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1962.982744][T31158] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1963.128148][T31158] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1963.285610][T31158] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1963.726476][T31158] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1963.759310][T31158] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1963.965421][T31158] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1964.055044][T31158] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1964.440194][T31158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1964.522746][T31158] 8021q: adding VLAN 0 to HW filter on device team0 [ 1964.588528][ T2987] bridge0: port 1(bridge_slave_0) entered blocking state [ 1964.595701][ T2987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1964.649949][ T2987] bridge0: port 2(bridge_slave_1) entered blocking state [ 1964.657140][ T2987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1964.735821][ T5870] Bluetooth: hci4: command tx timeout [ 1964.859057][T31158] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1965.160037][T31226] ubi0: attaching mtd0 [ 1965.190792][T31226] ubi0: scanning is finished [ 1965.230832][T31226] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1965.650290][T31158] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1965.675703][T31226] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1965.912813][T31158] veth0_vlan: entered promiscuous mode [ 1965.977569][T31158] veth1_vlan: entered promiscuous mode [ 1966.121201][T31158] veth0_macvtap: entered promiscuous mode [ 1966.166513][T31158] veth1_macvtap: entered promiscuous mode [ 1966.250497][T31158] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1966.312433][T31158] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1966.338187][T31243] Invalid ELF header magic: != ELF [ 1966.394922][T24190] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1966.430288][T24190] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1966.474706][T24190] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1966.514716][T24190] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1966.710686][T24189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1966.744668][T24189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1966.853318][T24189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1966.910967][T24189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1967.289748][T31250] ubi0: attaching mtd0 [ 1967.311019][T31250] ubi0: scanning is finished [ 1967.348060][T31250] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1967.840502][T31250] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1968.858664][T31275] Invalid ELF header magic: != ELF [ 1970.006756][T31298] Invalid ELF header magic: != ELF [ 1970.031938][T31291] Invalid ELF header magic: != ELF [ 1970.167979][T31297] ubi0: attaching mtd0 [ 1970.186608][T31297] ubi0: scanning is finished [ 1970.211915][T31297] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1970.572833][T31297] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1971.940766][T31317] Invalid ELF header magic: != ELF [ 1972.321607][T31328] Invalid ELF header magic: != ELF [ 1972.967798][T31334] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1973.055541][T31334] ubi0: attaching mtd0 [ 1973.093666][T31334] ubi0: scanning is finished [ 1973.098350][T31334] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1973.434155][T31334] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1973.682738][T31348] Invalid ELF header magic: != ELF [ 1975.842686][T31376] Invalid ELF header magic: != ELF [ 1979.346794][T31429] Invalid ELF header magic: != ELF [ 1983.601445][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1983.617045][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1991.251110][T31572] Invalid ELF header magic: != ELF [ 1996.156160][T31639] FAULT_INJECTION: forcing a failure. [ 1996.156160][T31639] name failslab, interval 1, probability 0, space 0, times 0 [ 1996.229162][T31639] CPU: 0 UID: 0 PID: 31639 Comm: syz.0.4880 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 1996.229196][T31639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1996.229210][T31639] Call Trace: [ 1996.229217][T31639] [ 1996.229226][T31639] dump_stack_lvl+0x16c/0x1f0 [ 1996.229258][T31639] should_fail_ex+0x512/0x640 [ 1996.229289][T31639] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1996.229314][T31639] should_failslab+0xc2/0x120 [ 1996.229343][T31639] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1996.229366][T31639] ? percpu_ref_init+0xec/0x410 [ 1996.229396][T31639] ? __pfx_blkg_release+0x10/0x10 [ 1996.229431][T31639] percpu_ref_init+0xec/0x410 [ 1996.229457][T31639] ? kasan_save_track+0x14/0x30 [ 1996.229484][T31639] blkg_alloc+0xea/0xb00 [ 1996.229525][T31639] blkcg_init_disk+0x51/0x160 [ 1996.229550][T31639] __alloc_disk_node+0x299/0x630 [ 1996.229584][T31639] __blk_mq_alloc_disk+0x89/0x120 [ 1996.229614][T31639] loop_add+0x490/0xb70 [ 1996.229638][T31639] ? __pfx_loop_add+0x10/0x10 [ 1996.229678][T31639] ? find_held_lock+0x2b/0x80 [ 1996.229703][T31639] loop_control_ioctl+0x13e/0x630 [ 1996.229727][T31639] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1996.229755][T31639] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1996.229780][T31639] __x64_sys_ioctl+0x18e/0x210 [ 1996.229822][T31639] do_syscall_64+0xcd/0x490 [ 1996.229853][T31639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1996.229876][T31639] RIP: 0033:0x7f9a5d78ebe9 [ 1996.229893][T31639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1996.229915][T31639] RSP: 002b:00007f9a5e5e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1996.229935][T31639] RAX: ffffffffffffffda RBX: 00007f9a5d9b5fa0 RCX: 00007f9a5d78ebe9 [ 1996.229950][T31639] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 1996.229964][T31639] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1996.229977][T31639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1996.229990][T31639] R13: 00007f9a5d9b6038 R14: 00007f9a5d9b5fa0 R15: 00007ffed6cc0af8 [ 1996.230017][T31639] [ 1999.010291][ T3038] bridge_slave_1: left allmulticast mode [ 1999.027140][ T3038] bridge_slave_1: left promiscuous mode [ 1999.063136][ T3038] bridge0: port 2(bridge_slave_1) entered disabled state [ 1999.134252][ T3038] bridge_slave_0: left allmulticast mode [ 1999.176190][ T3038] bridge_slave_0: left promiscuous mode [ 1999.181916][ T3038] bridge0: port 1(bridge_slave_0) entered disabled state [ 2001.012538][T31696] FAULT_INJECTION: forcing a failure. [ 2001.012538][T31696] name failslab, interval 1, probability 0, space 0, times 0 [ 2001.088377][T31696] CPU: 0 UID: 0 PID: 31696 Comm: syz.2.4890 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2001.088409][T31696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2001.088423][T31696] Call Trace: [ 2001.088430][T31696] [ 2001.088439][T31696] dump_stack_lvl+0x16c/0x1f0 [ 2001.088471][T31696] should_fail_ex+0x512/0x640 [ 2001.088502][T31696] ? fs_reclaim_acquire+0xae/0x150 [ 2001.088537][T31696] should_failslab+0xc2/0x120 [ 2001.088567][T31696] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 2001.088594][T31696] ? security_inode_alloc+0x3b/0x2b0 [ 2001.088622][T31696] security_inode_alloc+0x3b/0x2b0 [ 2001.088648][T31696] inode_init_always_gfp+0xce4/0x1030 [ 2001.088677][T31696] alloc_inode+0x86/0x240 [ 2001.088709][T31696] new_inode+0x22/0x1c0 [ 2001.088742][T31696] bdev_alloc+0x2b/0x420 [ 2001.088767][T31696] __alloc_disk_node+0x116/0x630 [ 2001.088802][T31696] __blk_mq_alloc_disk+0x89/0x120 [ 2001.088832][T31696] loop_add+0x490/0xb70 [ 2001.088856][T31696] ? __pfx_loop_add+0x10/0x10 [ 2001.088896][T31696] ? find_held_lock+0x2b/0x80 [ 2001.088922][T31696] loop_control_ioctl+0x13e/0x630 [ 2001.088950][T31696] ? __pfx_loop_control_ioctl+0x10/0x10 [ 2001.088978][T31696] ? __pfx_loop_control_ioctl+0x10/0x10 [ 2001.089003][T31696] __x64_sys_ioctl+0x18e/0x210 [ 2001.089040][T31696] do_syscall_64+0xcd/0x490 [ 2001.089071][T31696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2001.089094][T31696] RIP: 0033:0x7f473578ebe9 [ 2001.089111][T31696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2001.089133][T31696] RSP: 002b:00007f4736552038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2001.089153][T31696] RAX: ffffffffffffffda RBX: 00007f47359b5fa0 RCX: 00007f473578ebe9 [ 2001.089167][T31696] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 2001.089181][T31696] RBP: 00007f4735811e19 R08: 0000000000000000 R09: 0000000000000000 [ 2001.089194][T31696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2001.089206][T31696] R13: 00007f47359b6038 R14: 00007f47359b5fa0 R15: 00007ffdc15513a8 [ 2001.089233][T31696] [ 2002.435258][ T3038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2002.487606][ T3038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2002.561400][ T3038] bond0 (unregistering): Released all slaves [ 2003.406338][ T3038] hsr_slave_0: left promiscuous mode [ 2003.440979][ T3038] hsr_slave_1: left promiscuous mode [ 2003.469026][ T3038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2003.497466][ T3038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2003.530069][ T3038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2003.561842][ T3038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2003.642522][ T3038] veth1_macvtap: left promiscuous mode [ 2003.668844][ T3038] veth0_macvtap: left promiscuous mode [ 2003.689075][ T3038] veth1_vlan: left promiscuous mode [ 2003.707078][ T3038] veth0_vlan: left promiscuous mode [ 2004.014684][T31725] Invalid ELF header magic: != ELF [ 2004.253858][T31722] FAULT_INJECTION: forcing a failure. [ 2004.253858][T31722] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2004.343001][T31722] CPU: 0 UID: 0 PID: 31722 Comm: syz.2.4897 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2004.343037][T31722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2004.343053][T31722] Call Trace: [ 2004.343061][T31722] [ 2004.343071][T31722] dump_stack_lvl+0x16c/0x1f0 [ 2004.343105][T31722] should_fail_ex+0x512/0x640 [ 2004.343142][T31722] should_fail_alloc_page+0xe7/0x130 [ 2004.343177][T31722] prepare_alloc_pages+0x3c2/0x610 [ 2004.343213][T31722] ? rcu_is_watching+0x12/0xc0 [ 2004.343240][T31722] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 2004.343269][T31722] ? css_rstat_updated+0x1c2/0x510 [ 2004.343295][T31722] ? __pfx_css_rstat_updated+0x10/0x10 [ 2004.343318][T31722] ? find_held_lock+0x2b/0x80 [ 2004.343349][T31722] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2004.343389][T31722] ? __lock_acquire+0x62e/0x1ce0 [ 2004.343427][T31722] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2004.343464][T31722] ? policy_nodemask+0xea/0x4e0 [ 2004.343497][T31722] alloc_pages_mpol+0x1fb/0x550 [ 2004.343529][T31722] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2004.343566][T31722] ? __lock_acquire+0x62e/0x1ce0 [ 2004.343600][T31722] folio_alloc_mpol_noprof+0x36/0x2f0 [ 2004.343637][T31722] vma_alloc_folio_noprof+0xed/0x1e0 [ 2004.343673][T31722] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 2004.343717][T31722] do_pte_missing+0x2230/0x3ba0 [ 2004.343742][T31722] ? find_held_lock+0x2b/0x80 [ 2004.343771][T31722] __handle_mm_fault+0x152a/0x2a50 [ 2004.343805][T31722] ? __pfx___handle_mm_fault+0x10/0x10 [ 2004.343831][T31722] ? __pte_offset_map_lock+0x174/0x310 [ 2004.343862][T31722] ? find_held_lock+0x2b/0x80 [ 2004.343893][T31722] ? follow_page_pte.constprop.0+0x5cf/0x1390 [ 2004.343943][T31722] handle_mm_fault+0x589/0xd10 [ 2004.343972][T31722] __get_user_pages+0x551/0x34a0 [ 2004.344019][T31722] ? __pfx___get_user_pages+0x10/0x10 [ 2004.344063][T31722] populate_vma_page_range+0x267/0x3f0 [ 2004.344102][T31722] ? __pfx_populate_vma_page_range+0x10/0x10 [ 2004.344138][T31722] ? __pfx_find_vma_intersection+0x10/0x10 [ 2004.344179][T31722] __mm_populate+0x1d8/0x380 [ 2004.344217][T31722] ? __pfx___mm_populate+0x10/0x10 [ 2004.344256][T31722] ? up_write+0x209/0x520 [ 2004.344293][T31722] vm_mmap_pgoff+0x37f/0x470 [ 2004.344331][T31722] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 2004.344361][T31722] ? __fget_files+0x204/0x3c0 [ 2004.344393][T31722] ? __x64_sys_futex+0x1e0/0x4c0 [ 2004.344421][T31722] ? __x64_sys_futex+0x1e9/0x4c0 [ 2004.344454][T31722] ksys_mmap_pgoff+0x7d/0x5c0 [ 2004.344485][T31722] ? xfd_validate_state+0x61/0x180 [ 2004.344520][T31722] ? __sys_setsockopt+0x140/0x1a0 [ 2004.344551][T31722] __x64_sys_mmap+0x125/0x190 [ 2004.344591][T31722] do_syscall_64+0xcd/0x490 [ 2004.344623][T31722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2004.344647][T31722] RIP: 0033:0x7f473578ebe9 [ 2004.344666][T31722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2004.344689][T31722] RSP: 002b:00007f4736552038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2004.344711][T31722] RAX: ffffffffffffffda RBX: 00007f47359b5fa0 RCX: 00007f473578ebe9 [ 2004.344727][T31722] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 2004.344741][T31722] RBP: 00007f4735811e19 R08: 0000000000000002 R09: 0000000000008000 [ 2004.344756][T31722] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 2004.344770][T31722] R13: 00007f47359b6038 R14: 00007f47359b5fa0 R15: 00007ffdc15513a8 [ 2004.344800][T31722] [ 2005.219130][ T3038] team0 (unregistering): Port device team_slave_1 removed [ 2005.304113][ T3038] team0 (unregistering): Port device team_slave_0 removed [ 2007.878671][T31759] FAULT_INJECTION: forcing a failure. [ 2007.878671][T31759] name failslab, interval 1, probability 0, space 0, times 0 [ 2007.974408][T31759] CPU: 0 UID: 0 PID: 31759 Comm: syz.1.4903 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2007.974441][T31759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2007.974454][T31759] Call Trace: [ 2007.974463][T31759] [ 2007.974471][T31759] dump_stack_lvl+0x16c/0x1f0 [ 2007.974505][T31759] should_fail_ex+0x512/0x640 [ 2007.974543][T31759] ? fs_reclaim_acquire+0xae/0x150 [ 2007.974578][T31759] ? mempool_init_node+0x305/0x6e0 [ 2007.974611][T31759] should_failslab+0xc2/0x120 [ 2007.974640][T31759] __kmalloc_noprof+0xd2/0x510 [ 2007.974666][T31759] ? lockdep_init_map_type+0x11/0x280 [ 2007.974696][T31759] ? mempool_init_node+0x11f/0x6e0 [ 2007.974728][T31759] ? __init_waitqueue_head+0xca/0x150 [ 2007.974765][T31759] ? __pfx_mempool_kmalloc+0x10/0x10 [ 2007.974795][T31759] mempool_init_node+0x305/0x6e0 [ 2007.974832][T31759] ? __pfx_mempool_kmalloc+0x10/0x10 [ 2007.974862][T31759] ? __pfx_mempool_kfree+0x10/0x10 [ 2007.974912][T31759] mempool_init_noprof+0x3a/0x50 [ 2007.974969][T31759] do_fanotify_mark+0x2db2/0x3600 [ 2007.975021][T31759] ? __pfx_do_fanotify_mark+0x10/0x10 [ 2007.975062][T31759] ? __x64_sys_futex+0x1e9/0x4c0 [ 2007.975099][T31759] ? xfd_validate_state+0x61/0x180 [ 2007.975133][T31759] ? __pfx_ksys_write+0x10/0x10 [ 2007.975165][T31759] __x64_sys_fanotify_mark+0xbd/0x160 [ 2007.975203][T31759] ? do_syscall_64+0x91/0x490 [ 2007.975233][T31759] ? lockdep_hardirqs_on+0x7c/0x110 [ 2007.975261][T31759] do_syscall_64+0xcd/0x490 [ 2007.975294][T31759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2007.975318][T31759] RIP: 0033:0x7f2ca058ebe9 [ 2007.975336][T31759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2007.975360][T31759] RSP: 002b:00007f2ca1368038 EFLAGS: 00000246 ORIG_RAX: 000000000000012d [ 2007.975383][T31759] RAX: ffffffffffffffda RBX: 00007f2ca07b5fa0 RCX: 00007f2ca058ebe9 [ 2007.975399][T31759] RDX: 0000000000008009 RSI: 0000000000000105 RDI: 0000000000000000 [ 2007.975414][T31759] RBP: 00007f2ca0611e19 R08: 0000000000000000 R09: 0000000000000000 [ 2007.975428][T31759] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 2007.975442][T31759] R13: 00007f2ca07b6038 R14: 00007f2ca07b5fa0 R15: 00007ffe14728148 [ 2007.975472][T31759] [ 2008.609891][T31765] FAULT_INJECTION: forcing a failure. [ 2008.609891][T31765] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2008.636429][T31766] Invalid ELF header magic: != ELF [ 2008.700327][T31765] CPU: 0 UID: 0 PID: 31765 Comm: syz.0.4907 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2008.700362][T31765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2008.700377][T31765] Call Trace: [ 2008.700384][T31765] [ 2008.700394][T31765] dump_stack_lvl+0x16c/0x1f0 [ 2008.700429][T31765] should_fail_ex+0x512/0x640 [ 2008.700473][T31765] should_fail_alloc_page+0xe7/0x130 [ 2008.700511][T31765] prepare_alloc_pages+0x3c2/0x610 [ 2008.700565][T31765] ? rcu_is_watching+0x12/0xc0 [ 2008.700593][T31765] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 2008.700623][T31765] ? css_rstat_updated+0x1c2/0x510 [ 2008.700650][T31765] ? __pfx_css_rstat_updated+0x10/0x10 [ 2008.700685][T31765] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 2008.700727][T31765] ? __lock_acquire+0x62e/0x1ce0 [ 2008.700764][T31765] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2008.700813][T31765] ? policy_nodemask+0xea/0x4e0 [ 2008.700847][T31765] alloc_pages_mpol+0x1fb/0x550 [ 2008.700878][T31765] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2008.700932][T31765] ? __lock_acquire+0x62e/0x1ce0 [ 2008.700966][T31765] folio_alloc_mpol_noprof+0x36/0x2f0 [ 2008.701004][T31765] vma_alloc_folio_noprof+0xed/0x1e0 [ 2008.701040][T31765] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 2008.701085][T31765] do_pte_missing+0x2230/0x3ba0 [ 2008.701111][T31765] ? find_held_lock+0x2b/0x80 [ 2008.701141][T31765] __handle_mm_fault+0x152a/0x2a50 [ 2008.701174][T31765] ? __pfx___handle_mm_fault+0x10/0x10 [ 2008.701202][T31765] ? __pte_offset_map_lock+0x174/0x310 [ 2008.701236][T31765] ? find_held_lock+0x2b/0x80 [ 2008.701267][T31765] ? follow_page_pte.constprop.0+0x5cf/0x1390 [ 2008.701312][T31765] handle_mm_fault+0x589/0xd10 [ 2008.701342][T31765] __get_user_pages+0x551/0x34a0 [ 2008.701390][T31765] ? __pfx___get_user_pages+0x10/0x10 [ 2008.701446][T31765] populate_vma_page_range+0x267/0x3f0 [ 2008.701492][T31765] ? __pfx_populate_vma_page_range+0x10/0x10 [ 2008.701529][T31765] ? __pfx_find_vma_intersection+0x10/0x10 [ 2008.701565][T31765] ? do_mmap+0x69c/0x1210 [ 2008.701601][T31765] __mm_populate+0x1d8/0x380 [ 2008.701639][T31765] ? __pfx___mm_populate+0x10/0x10 [ 2008.701677][T31765] ? up_write+0x1b2/0x520 [ 2008.701714][T31765] vm_mmap_pgoff+0x37f/0x470 [ 2008.701750][T31765] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 2008.701781][T31765] ? __fget_files+0x204/0x3c0 [ 2008.701811][T31765] ? __x64_sys_futex+0x1e0/0x4c0 [ 2008.701840][T31765] ? __x64_sys_futex+0x1e9/0x4c0 [ 2008.701872][T31765] ksys_mmap_pgoff+0x7d/0x5c0 [ 2008.701904][T31765] ? xfd_validate_state+0x61/0x180 [ 2008.701938][T31765] ? __sys_setsockopt+0x140/0x1a0 [ 2008.701969][T31765] __x64_sys_mmap+0x125/0x190 [ 2008.702008][T31765] do_syscall_64+0xcd/0x490 [ 2008.702041][T31765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2008.702065][T31765] RIP: 0033:0x7f9a5d78ebe9 [ 2008.702083][T31765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2008.702107][T31765] RSP: 002b:00007f9a5e5c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2008.702129][T31765] RAX: ffffffffffffffda RBX: 00007f9a5d9b6090 RCX: 00007f9a5d78ebe9 [ 2008.702145][T31765] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 2008.702177][T31765] RBP: 00007f9a5d811e19 R08: 0000000000000002 R09: 0000000000008000 [ 2008.702192][T31765] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 2008.702207][T31765] R13: 00007f9a5d9b6128 R14: 00007f9a5d9b6090 R15: 00007ffed6cc0af8 [ 2008.702238][T31765] [ 2012.486775][T31829] FAULT_INJECTION: forcing a failure. [ 2012.486775][T31829] name failslab, interval 1, probability 0, space 0, times 0 [ 2012.608924][T31829] CPU: 0 UID: 0 PID: 31829 Comm: syz.2.4919 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2012.608955][T31829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2012.608968][T31829] Call Trace: [ 2012.608976][T31829] [ 2012.608984][T31829] dump_stack_lvl+0x16c/0x1f0 [ 2012.609052][T31829] should_fail_ex+0x512/0x640 [ 2012.609086][T31829] ? fs_reclaim_acquire+0xae/0x150 [ 2012.609125][T31829] ? mempool_init_node+0x305/0x6e0 [ 2012.609161][T31829] should_failslab+0xc2/0x120 [ 2012.609194][T31829] __kmalloc_noprof+0xd2/0x510 [ 2012.609222][T31829] ? lockdep_init_map_type+0x11/0x280 [ 2012.609254][T31829] ? mempool_init_node+0x11f/0x6e0 [ 2012.609290][T31829] ? __init_waitqueue_head+0xca/0x150 [ 2012.609335][T31829] ? __pfx_mempool_kmalloc+0x10/0x10 [ 2012.609368][T31829] mempool_init_node+0x305/0x6e0 [ 2012.609411][T31829] ? __pfx_mempool_kmalloc+0x10/0x10 [ 2012.609448][T31829] ? __pfx_mempool_kfree+0x10/0x10 [ 2012.609482][T31829] mempool_init_noprof+0x3a/0x50 [ 2012.609522][T31829] do_fanotify_mark+0x2db2/0x3600 [ 2012.609573][T31829] ? __pfx_do_fanotify_mark+0x10/0x10 [ 2012.609614][T31829] ? __x64_sys_futex+0x1e9/0x4c0 [ 2012.609651][T31829] ? xfd_validate_state+0x61/0x180 [ 2012.609687][T31829] ? __pfx_ksys_write+0x10/0x10 [ 2012.609719][T31829] __x64_sys_fanotify_mark+0xbd/0x160 [ 2012.609758][T31829] ? do_syscall_64+0x91/0x490 [ 2012.609788][T31829] ? lockdep_hardirqs_on+0x7c/0x110 [ 2012.609817][T31829] do_syscall_64+0xcd/0x490 [ 2012.609850][T31829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2012.609875][T31829] RIP: 0033:0x7f473578ebe9 [ 2012.609894][T31829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2012.609917][T31829] RSP: 002b:00007f4736552038 EFLAGS: 00000246 ORIG_RAX: 000000000000012d [ 2012.609940][T31829] RAX: ffffffffffffffda RBX: 00007f47359b5fa0 RCX: 00007f473578ebe9 [ 2012.609960][T31829] RDX: 0000000000008009 RSI: 0000000000000105 RDI: 0000000000000000 [ 2012.609975][T31829] RBP: 00007f4735811e19 R08: 0000000000000000 R09: 0000000000000000 [ 2012.609990][T31829] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 2012.610005][T31829] R13: 00007f47359b6038 R14: 00007f47359b5fa0 R15: 00007ffdc15513a8 [ 2012.610041][T31829] [ 2012.840650][ C0] vkms_vblank_simulate: vblank timer overrun [ 2014.223937][T31838] Invalid ELF header magic: != ELF [ 2020.054683][T29473] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2020.064145][T29473] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2020.072137][T29473] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2020.080282][T29473] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2020.087896][T29473] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2022.196933][T29473] Bluetooth: hci2: command tx timeout [ 2023.878928][T24189] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2024.266393][T29473] Bluetooth: hci2: command tx timeout [ 2024.371547][T24189] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2024.726743][T24189] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2025.025948][T24189] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2025.283993][T31904] chnl_net:caif_netlink_parms(): no params data found [ 2025.834441][T31940] Invalid ELF header magic: != ELF [ 2026.317949][T31904] bridge0: port 1(bridge_slave_0) entered blocking state [ 2026.335222][T29473] Bluetooth: hci2: command tx timeout [ 2026.349214][T31904] bridge0: port 1(bridge_slave_0) entered disabled state [ 2026.374907][T31904] bridge_slave_0: entered allmulticast mode [ 2026.398637][T31904] bridge_slave_0: entered promiscuous mode [ 2026.436390][T31904] bridge0: port 2(bridge_slave_1) entered blocking state [ 2026.462979][T31904] bridge0: port 2(bridge_slave_1) entered disabled state [ 2026.492492][T31904] bridge_slave_1: entered allmulticast mode [ 2026.517591][T31904] bridge_slave_1: entered promiscuous mode [ 2026.849287][T31904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2026.930011][T24189] bridge_slave_1: left allmulticast mode [ 2026.958834][T24189] bridge_slave_1: left promiscuous mode [ 2026.990537][T24189] bridge0: port 2(bridge_slave_1) entered disabled state [ 2027.103833][T24189] bridge_slave_0: left allmulticast mode [ 2027.139636][T24189] bridge_slave_0: left promiscuous mode [ 2027.149272][T24189] bridge0: port 1(bridge_slave_0) entered disabled state [ 2028.404299][T29473] Bluetooth: hci2: command tx timeout [ 2029.184807][T24189] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2029.315485][T24189] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2029.354281][T24189] bond0 (unregistering): Released all slaves [ 2029.398658][T31904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2029.592442][T24189] HfR: left promiscuous mode [ 2029.932501][T31904] team0: Port device team_slave_0 added [ 2030.000653][T24189] .SR: left promiscuous mode [ 2030.062426][T31904] team0: Port device team_slave_1 added [ 2030.432750][T31904] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2030.488763][T31904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2030.640913][T31904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2030.750370][T31904] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2030.820303][T31904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2030.940616][T31904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2031.650023][T31904] hsr_slave_0: entered promiscuous mode [ 2031.698273][T31904] hsr_slave_1: entered promiscuous mode [ 2031.742866][T31904] debugfs: 'hsr0' already exists in 'hsr' [ 2031.791535][T31904] Cannot create hsr debugfs directory [ 2032.669595][T32026] ubi0: attaching mtd0 [ 2032.728015][T24189] hsr_slave_0: left promiscuous mode [ 2032.815377][T32026] ubi0: scanning is finished [ 2032.820111][T24189] hsr_slave_1: left promiscuous mode [ 2032.849545][T24189] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2032.883676][T24189] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2032.932869][T32026] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 2032.961770][T24189] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2032.985943][T24189] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2033.059447][T24189] veth1_macvtap: left promiscuous mode [ 2033.105683][T24189] veth0_macvtap: left promiscuous mode [ 2033.145918][T24189] veth1_vlan: left promiscuous mode [ 2033.171416][T24189] veth0_vlan: left promiscuous mode [ 2033.384224][T32026] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 2034.640400][T24189] team0 (unregistering): Port device team_slave_0 removed [ 2037.640576][T31904] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2037.682930][T31904] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2037.740843][T31904] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2037.801907][T31904] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2038.192461][T31904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2038.281865][T31904] 8021q: adding VLAN 0 to HW filter on device team0 [ 2038.367365][ T2987] bridge0: port 1(bridge_slave_0) entered blocking state [ 2038.374539][ T2987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2038.510235][T32079] Invalid ELF header magic: != ELF [ 2038.520581][ T2987] bridge0: port 2(bridge_slave_1) entered blocking state [ 2038.527748][ T2987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2039.541360][T31904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2039.741212][T31904] veth0_vlan: entered promiscuous mode [ 2039.820104][T31904] veth1_vlan: entered promiscuous mode [ 2040.042924][T31904] veth0_macvtap: entered promiscuous mode [ 2040.191219][T32099] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4963'. [ 2040.224650][T31904] veth1_macvtap: entered promiscuous mode [ 2040.359714][T32101] hub 8-0:1.0: USB hub found [ 2040.401725][T32101] hub 8-0:1.0: 1 port detected [ 2040.619971][T31904] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2040.805158][T31904] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2040.912958][T24188] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2040.969989][T24188] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2041.034574][T24188] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2041.080117][ T2987] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2041.698163][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2041.755507][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2041.951092][ T3038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2042.033939][ T3038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2044.735425][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 2044.741968][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 2045.761531][T32187] Invalid ELF header magic: != ELF [ 2049.163668][T32253] blktrace: Concurrent blktraces are not allowed on loop2 [ 2051.301458][T32275] Invalid ELF header magic: != ELF [ 2053.449582][T32300] Invalid ELF header magic: != ELF [ 2055.055388][T32315] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 2063.992770][T32396] Invalid ELF header magic: != ELF [ 2069.631553][T32444] Invalid ELF header magic: != ELF [ 2072.622636][T32470] Invalid ELF header magic: != ELF [ 2073.088924][T32477] Invalid ELF header magic: != ELF [ 2075.884189][T32514] Invalid ELF header magic: != ELF [ 2077.088476][T32523] Invalid ELF header magic: != ELF [ 2079.506405][T32534] Invalid ELF header magic: != ELF [ 2079.993395][T32549] usb usb2: usbfs: process 32549 (syz.1.5029) did not claim interface 0 before use [ 2080.126915][T32548] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2080.158600][T32548] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 2080.187704][T32548] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2080.193665][T32548] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 2080.358783][T32545] FAULT_INJECTION: forcing a failure. [ 2080.358783][T32545] name failslab, interval 1, probability 0, space 0, times 0 [ 2080.541226][T32545] CPU: 0 UID: 0 PID: 32545 Comm: syz.0.5028 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2080.541259][T32545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2080.541273][T32545] Call Trace: [ 2080.541281][T32545] [ 2080.541289][T32545] dump_stack_lvl+0x16c/0x1f0 [ 2080.541334][T32545] should_fail_ex+0x512/0x640 [ 2080.541365][T32545] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 2080.541391][T32545] should_failslab+0xc2/0x120 [ 2080.541421][T32545] __kmalloc_cache_noprof+0x6a/0x3e0 [ 2080.541444][T32545] ? snd_seq_create_port+0xf7/0xae0 [ 2080.541479][T32545] snd_seq_create_port+0xf7/0xae0 [ 2080.541517][T32545] snd_seq_ioctl_create_port+0x253/0x950 [ 2080.541558][T32545] ? __pfx_snd_seq_ioctl_create_port+0x10/0x10 [ 2080.541588][T32545] ? kasan_save_stack+0x42/0x60 [ 2080.541669][T32545] ? kasan_save_stack+0x33/0x60 [ 2080.541691][T32545] ? kasan_save_track+0x14/0x30 [ 2080.541737][T32545] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 2080.541774][T32545] create_port+0x197/0x260 [ 2080.541806][T32545] ? __pfx_create_port+0x10/0x10 [ 2080.541842][T32545] ? __pfx_snd_seq_oss_event_input+0x10/0x10 [ 2080.541876][T32545] ? __pfx_free_devinfo+0x10/0x10 [ 2080.541926][T32545] ? mark_held_locks+0x49/0x80 [ 2080.541953][T32545] ? _raw_spin_unlock_irq+0x23/0x50 [ 2080.541978][T32545] snd_seq_oss_open+0x36c/0xa20 [ 2080.542013][T32545] odev_open+0x6f/0x90 [ 2080.542039][T32545] ? __pfx_odev_open+0x10/0x10 [ 2080.542067][T32545] soundcore_open+0x409/0x580 [ 2080.542097][T32545] ? __pfx_soundcore_open+0x10/0x10 [ 2080.542124][T32545] chrdev_open+0x231/0x6a0 [ 2080.542150][T32545] ? __pfx_apparmor_file_open+0x10/0x10 [ 2080.542173][T32545] ? __pfx_chrdev_open+0x10/0x10 [ 2080.542200][T32545] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 2080.542228][T32545] do_dentry_open+0x97f/0x1530 [ 2080.542254][T32545] ? __pfx_chrdev_open+0x10/0x10 [ 2080.542289][T32545] vfs_open+0x82/0x3f0 [ 2080.542323][T32545] path_openat+0x1de4/0x2cb0 [ 2080.542365][T32545] ? __pfx_path_openat+0x10/0x10 [ 2080.542397][T32545] do_filp_open+0x20b/0x470 [ 2080.542439][T32545] ? __pfx_do_filp_open+0x10/0x10 [ 2080.542485][T32545] ? alloc_fd+0x471/0x7d0 [ 2080.542516][T32545] do_sys_openat2+0x11b/0x1d0 [ 2080.542549][T32545] ? __pfx_do_sys_openat2+0x10/0x10 [ 2080.542593][T32545] __x64_sys_openat+0x174/0x210 [ 2080.542633][T32545] ? __pfx___x64_sys_openat+0x10/0x10 [ 2080.542678][T32545] do_syscall_64+0xcd/0x490 [ 2080.542709][T32545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2080.542732][T32545] RIP: 0033:0x7f9a5d78ebe9 [ 2080.542753][T32545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2080.542775][T32545] RSP: 002b:00007f9a5e5e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2080.542795][T32545] RAX: ffffffffffffffda RBX: 00007f9a5d9b5fa0 RCX: 00007f9a5d78ebe9 [ 2080.542810][T32545] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 2080.542824][T32545] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 2080.542838][T32545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2080.542851][T32545] R13: 00007f9a5d9b6038 R14: 00007f9a5d9b5fa0 R15: 00007ffed6cc0af8 [ 2080.542878][T32545] [ 2082.087909][T32548] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 2082.125364][ T5870] Bluetooth: hci0: command 0x0406 tx timeout [ 2082.197165][T32548] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 2082.205188][ T5870] Bluetooth: hci1: command 0x0c1a tx timeout [ 2082.211236][T29473] Bluetooth: hci4: command 0x0c1a tx timeout [ 2082.229919][T32548] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 2082.428218][T32548] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 2083.901293][T32545] ALSA: seq_oss: can't create port [ 2084.180685][T32573] kexec: Could not allocate control_code_buffer [ 2084.207825][T29473] Bluetooth: hci2: command 0x0c1a tx timeout [ 2084.273601][T29473] Bluetooth: hci4: command 0x0c1a tx timeout [ 2084.699651][T32594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5037'. [ 2086.263315][T29473] Bluetooth: hci2: command 0x0c1a tx timeout [ 2086.344313][T29473] Bluetooth: hci4: command 0x0c1a tx timeout [ 2088.332643][T29473] Bluetooth: hci2: command 0x0c1a tx timeout [ 2089.721949][T32635] Invalid ELF header magic: != ELF [ 2091.661947][T32645] Invalid ELF header magic: != ELF [ 2093.239292][T32661] Invalid ELF header magic: != ELF [ 2095.278434][T32689] Invalid ELF header magic: != ELF [ 2097.209994][T32719] Invalid ELF header magic: != ELF [ 2099.790896][T32738] Invalid ELF header magic: != ELF [ 2103.987669][ T314] usb usb2: usbfs: process 314 (syz.2.5080) did not claim interface 0 before use [ 2104.127552][ T311] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2104.166133][ T311] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 2104.250266][ T311] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2104.322948][ T311] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 2104.563713][ T320] Invalid ELF header magic: != ELF [ 2105.863316][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 2105.869670][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 2106.159933][T29473] Bluetooth: hci0: command 0x0406 tx timeout [ 2106.244060][T29473] Bluetooth: hci1: command 0x0c1a tx timeout [ 2106.319215][T29473] Bluetooth: hci2: command 0x0c1a tx timeout [ 2106.326526][T29473] Bluetooth: hci4: command 0x0c1a tx timeout [ 2110.449801][ T367] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5082'. [ 2124.680260][ T493] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5107'. [ 2124.733328][ T493] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5107'. [ 2126.716351][ T525] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 2129.876896][ T574] ubi0: attaching mtd0 [ 2129.901804][ T574] ubi0: scanning is finished [ 2129.921962][ T574] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 2130.120558][ T581] FAULT_INJECTION: forcing a failure. [ 2130.120558][ T581] name failslab, interval 1, probability 0, space 0, times 0 [ 2130.174425][ T581] CPU: 0 UID: 0 PID: 581 Comm: syz.0.5127 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2130.174460][ T581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2130.174475][ T581] Call Trace: [ 2130.174483][ T581] [ 2130.174491][ T581] dump_stack_lvl+0x16c/0x1f0 [ 2130.174525][ T581] should_fail_ex+0x512/0x640 [ 2130.174556][ T581] ? __kvmalloc_node_noprof+0x124/0x620 [ 2130.174585][ T581] should_failslab+0xc2/0x120 [ 2130.174615][ T581] __kvmalloc_node_noprof+0x137/0x620 [ 2130.174641][ T581] ? v4l2_ctrl_new+0x97d/0x2180 [ 2130.174671][ T581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2130.174714][ T581] ? v4l2_ctrl_new+0x97d/0x2180 [ 2130.174744][ T581] v4l2_ctrl_new+0x97d/0x2180 [ 2130.174785][ T581] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 2130.174815][ T581] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 2130.174853][ T581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2130.174895][ T581] v4l2_ctrl_new_std+0x1be/0x290 [ 2130.174936][ T581] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 2130.174987][ T581] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 2130.175026][ T581] ? rcu_is_watching+0x12/0xc0 [ 2130.175051][ T581] ? trace_kmalloc+0x2b/0xd0 [ 2130.175085][ T581] ? __kvmalloc_node_noprof+0x298/0x620 [ 2130.175119][ T581] ? media_request_object_init+0x100/0x180 [ 2130.175162][ T581] vim2m_open+0x184/0x8a0 [ 2130.175200][ T581] v4l2_open+0x222/0x490 [ 2130.175230][ T581] ? __pfx_v4l2_open+0x10/0x10 [ 2130.175266][ T581] chrdev_open+0x231/0x6a0 [ 2130.175298][ T581] ? __pfx_apparmor_file_open+0x10/0x10 [ 2130.175326][ T581] ? __pfx_chrdev_open+0x10/0x10 [ 2130.175359][ T581] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 2130.175393][ T581] do_dentry_open+0x97f/0x1530 [ 2130.175424][ T581] ? __pfx_chrdev_open+0x10/0x10 [ 2130.175462][ T581] vfs_open+0x82/0x3f0 [ 2130.175502][ T581] path_openat+0x1de4/0x2cb0 [ 2130.175542][ T581] ? __pfx_path_openat+0x10/0x10 [ 2130.175578][ T581] do_filp_open+0x20b/0x470 [ 2130.175608][ T581] ? __pfx_do_filp_open+0x10/0x10 [ 2130.175658][ T581] ? alloc_fd+0x471/0x7d0 [ 2130.175692][ T581] do_sys_openat2+0x11b/0x1d0 [ 2130.175730][ T581] ? __pfx_do_sys_openat2+0x10/0x10 [ 2130.175779][ T581] __x64_sys_openat+0x174/0x210 [ 2130.175818][ T581] ? __pfx___x64_sys_openat+0x10/0x10 [ 2130.175869][ T581] do_syscall_64+0xcd/0x490 [ 2130.175903][ T581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2130.175929][ T581] RIP: 0033:0x7f9a5d78ebe9 [ 2130.175949][ T581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2130.175987][ T581] RSP: 002b:00007f9a5e5c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2130.176012][ T581] RAX: ffffffffffffffda RBX: 00007f9a5d9b6090 RCX: 00007f9a5d78ebe9 [ 2130.176030][ T581] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 2130.176046][ T581] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 2130.176062][ T581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2130.176077][ T581] R13: 00007f9a5d9b6128 R14: 00007f9a5d9b6090 R15: 00007ffed6cc0af8 [ 2130.176121][ T581] [ 2130.479003][ C0] vkms_vblank_simulate: vblank timer overrun [ 2130.917717][ T583] size and base must be multiples of 4 kiB [ 2130.947854][ T583] CPU: 0 UID: 0 PID: 583 Comm: syz.0.5127 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2130.947888][ T583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2130.947903][ T583] Call Trace: [ 2130.947910][ T583] [ 2130.947919][ T583] dump_stack_lvl+0x16c/0x1f0 [ 2130.947952][ T583] mtrr_add+0xdf/0x110 [ 2130.947984][ T583] mtrr_ioctl+0x7ef/0xcf0 [ 2130.948017][ T583] ? __pfx_mtrr_ioctl+0x10/0x10 [ 2130.948055][ T583] ? find_held_lock+0x2b/0x80 [ 2130.948084][ T583] ? __fget_files+0x20e/0x3c0 [ 2130.948110][ T583] ? __pfx_mtrr_ioctl+0x10/0x10 [ 2130.948142][ T583] proc_reg_unlocked_ioctl+0x229/0x320 [ 2130.948173][ T583] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 2130.948207][ T583] __x64_sys_ioctl+0x18e/0x210 [ 2130.948245][ T583] do_syscall_64+0xcd/0x490 [ 2130.948277][ T583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2130.948300][ T583] RIP: 0033:0x7f9a5d78ebe9 [ 2130.948328][ T583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2130.948349][ T583] RSP: 002b:00007f9a5e5a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2130.948370][ T583] RAX: ffffffffffffffda RBX: 00007f9a5d9b6180 RCX: 00007f9a5d78ebe9 [ 2130.948393][ T583] RDX: 0000000000000006 RSI: 00000000400c4d01 RDI: 0000000000000006 [ 2130.948407][ T583] RBP: 00007f9a5d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 2130.948420][ T583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2130.948433][ T583] R13: 00007f9a5d9b6218 R14: 00007f9a5d9b6180 R15: 00007ffed6cc0af8 [ 2130.948460][ T583] [ 2131.112562][ C0] vkms_vblank_simulate: vblank timer overrun [ 2131.258647][ T574] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 2131.279238][ T576] ubi0: attaching mtd0 [ 2131.285815][ T576] ubi0: scanning is finished [ 2131.291016][ T576] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 2131.581946][ T576] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 2132.286772][ T601] FAULT_INJECTION: forcing a failure. [ 2132.286772][ T601] name failslab, interval 1, probability 0, space 0, times 0 [ 2132.347936][ T602] size and base must be multiples of 4 kiB [ 2132.395767][ T602] CPU: 0 UID: 0 PID: 602 Comm: syz.1.5129 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2132.395801][ T602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2132.395815][ T602] Call Trace: [ 2132.395823][ T602] [ 2132.395833][ T602] dump_stack_lvl+0x16c/0x1f0 [ 2132.395868][ T602] mtrr_add+0xdf/0x110 [ 2132.395902][ T602] mtrr_ioctl+0x7ef/0xcf0 [ 2132.395937][ T602] ? __pfx_mtrr_ioctl+0x10/0x10 [ 2132.395999][ T602] ? find_held_lock+0x2b/0x80 [ 2132.396030][ T602] ? __fget_files+0x20e/0x3c0 [ 2132.396062][ T602] ? __pfx_mtrr_ioctl+0x10/0x10 [ 2132.396095][ T602] proc_reg_unlocked_ioctl+0x229/0x320 [ 2132.396139][ T602] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 2132.396185][ T602] __x64_sys_ioctl+0x18e/0x210 [ 2132.396221][ T602] do_syscall_64+0xcd/0x490 [ 2132.396250][ T602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2132.396272][ T602] RIP: 0033:0x7f2ca058ebe9 [ 2132.396289][ T602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2132.396314][ T602] RSP: 002b:00007f2ca1326038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2132.396335][ T602] RAX: ffffffffffffffda RBX: 00007f2ca07b6180 RCX: 00007f2ca058ebe9 [ 2132.396349][ T602] RDX: 0000000000000006 RSI: 00000000400c4d01 RDI: 0000000000000006 [ 2132.396362][ T602] RBP: 00007f2ca0611e19 R08: 0000000000000000 R09: 0000000000000000 [ 2132.396375][ T602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2132.396391][ T602] R13: 00007f2ca07b6218 R14: 00007f2ca07b6180 R15: 00007ffe14728148 [ 2132.396418][ T602] [ 2132.558530][ C0] vkms_vblank_simulate: vblank timer overrun [ 2133.411037][ T601] CPU: 0 UID: 0 PID: 601 Comm: syz.1.5129 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2133.411070][ T601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2133.411083][ T601] Call Trace: [ 2133.411090][ T601] [ 2133.411099][ T601] dump_stack_lvl+0x16c/0x1f0 [ 2133.411132][ T601] should_fail_ex+0x512/0x640 [ 2133.411162][ T601] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 2133.411191][ T601] should_failslab+0xc2/0x120 [ 2133.411220][ T601] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 2133.411246][ T601] ? getname_flags.part.0+0x4c/0x550 [ 2133.411283][ T601] getname_flags.part.0+0x4c/0x550 [ 2133.411319][ T601] getname_flags+0x93/0xf0 [ 2133.411342][ T601] do_sys_openat2+0xb8/0x1d0 [ 2133.411374][ T601] ? __pfx_do_sys_openat2+0x10/0x10 [ 2133.411409][ T601] ? __fget_files+0x20e/0x3c0 [ 2133.411437][ T601] __x64_sys_openat+0x174/0x210 [ 2133.411470][ T601] ? __pfx___x64_sys_openat+0x10/0x10 [ 2133.411502][ T601] ? ksys_write+0x1ac/0x250 [ 2133.411535][ T601] do_syscall_64+0xcd/0x490 [ 2133.411564][ T601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2133.411587][ T601] RIP: 0033:0x7f2ca058ebe9 [ 2133.411604][ T601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2133.411625][ T601] RSP: 002b:00007f2ca1347038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2133.411645][ T601] RAX: ffffffffffffffda RBX: 00007f2ca07b6090 RCX: 00007f2ca058ebe9 [ 2133.411660][ T601] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 2133.411673][ T601] RBP: 00007f2ca1347090 R08: 0000000000000000 R09: 0000000000000000 [ 2133.411686][ T601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2133.411699][ T601] R13: 00007f2ca07b6128 R14: 00007f2ca07b6090 R15: 00007ffe14728148 [ 2133.411725][ T601] [ 2133.594464][ C0] vkms_vblank_simulate: vblank timer overrun [ 2133.622951][ T618] ubi0: attaching mtd0 [ 2133.629088][ T618] ubi0: scanning is finished [ 2133.634656][ T618] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 2134.389117][ T618] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 2135.046584][ T651] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 2135.143165][ T651] .SR: entered promiscuous mode [ 2135.388748][ T651] Invalid ELF header magic: != ELF [ 2135.738345][ T664] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.0.5142: bg 4: bad block bitmap checksum [ 2135.764037][ T664] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 2135.764126][ T664] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2135.764126][ T664] [ 2138.673541][ T718] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 2138.690703][ T717] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2138.772313][ T717] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2138.772313][ T717] [ 2141.413478][ T761] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 2144.774932][ T3038] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:10: bg 5: bad block bitmap checksum [ 2144.838375][ T3038] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 3318 with max blocks 164 with error 74 [ 2144.909818][ T3038] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2144.909818][ T3038] [ 2146.023912][ T831] FAULT_INJECTION: forcing a failure. [ 2146.023912][ T831] name fail_futex, interval 1, probability 0, space 0, times 0 [ 2146.199798][ T831] CPU: 0 UID: 0 PID: 831 Comm: syz.1.5177 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2146.199831][ T831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2146.199847][ T831] Call Trace: [ 2146.199855][ T831] [ 2146.199864][ T831] dump_stack_lvl+0x16c/0x1f0 [ 2146.199896][ T831] should_fail_ex+0x512/0x640 [ 2146.199942][ T831] get_futex_key+0x1d0/0x1560 [ 2146.199970][ T831] ? __pfx_get_futex_key+0x10/0x10 [ 2146.199993][ T831] ? trace_pid_list_is_set+0xfb/0x150 [ 2146.200039][ T831] ? do_raw_spin_unlock+0x172/0x230 [ 2146.200078][ T831] futex_wait_setup+0x9d/0x550 [ 2146.200117][ T831] __futex_wait+0x194/0x2f0 [ 2146.200150][ T831] ? __pfx___futex_wait+0x10/0x10 [ 2146.200181][ T831] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 2146.200205][ T831] ? lockdep_hardirqs_on+0x7c/0x110 [ 2146.200235][ T831] ? __pfx_futex_wake_mark+0x10/0x10 [ 2146.200270][ T831] ? futex_private_hash_put+0x176/0x300 [ 2146.200299][ T831] ? futex_private_hash_put+0x18a/0x300 [ 2146.200327][ T831] futex_wait+0xe8/0x380 [ 2146.200359][ T831] ? __pfx_futex_wait+0x10/0x10 [ 2146.200405][ T831] do_futex+0x229/0x350 [ 2146.200433][ T831] ? __pfx_do_futex+0x10/0x10 [ 2146.200459][ T831] ? fput+0x9b/0xd0 [ 2146.200489][ T831] ? __sys_sendmsg+0x18c/0x220 [ 2146.200520][ T831] __x64_sys_futex+0x1e0/0x4c0 [ 2146.200554][ T831] ? __pfx___x64_sys_futex+0x10/0x10 [ 2146.200593][ T831] do_syscall_64+0xcd/0x490 [ 2146.200624][ T831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2146.200646][ T831] RIP: 0033:0x7f2ca058ebe9 [ 2146.200663][ T831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2146.200685][ T831] RSP: 002b:00007f2ca13680e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2146.200709][ T831] RAX: ffffffffffffffda RBX: 00007f2ca07b5fa8 RCX: 00007f2ca058ebe9 [ 2146.200724][ T831] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2ca07b5fa8 [ 2146.200746][ T831] RBP: 00007f2ca07b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 2146.200760][ T831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2146.200773][ T831] R13: 00007f2ca07b6038 R14: 00007ffe14728060 R15: 00007ffe14728148 [ 2146.200800][ T831] [ 2146.888569][ T840] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2147.130907][ T840] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2147.130907][ T840] [ 2150.012593][T24189] EXT4-fs (sda1): Delayed block allocation failed for inode 2028 at logical offset 3 with max blocks 2 with error 117 [ 2150.070207][T24189] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2150.070207][T24189] [ 2150.851134][ T869] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2151.016642][ T869] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2151.016642][ T869] [ 2151.948445][ T894] mkiss: ax0: crc mode is auto. [ 2152.973488][ T906] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5193'. [ 2154.588974][ T931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5198'. [ 2155.345007][ T942] vivid-007: ================= START STATUS ================= [ 2155.624752][ T942] vivid-007: Generate PTS: true [ 2155.737116][ T942] vivid-007: Generate SCR: true [ 2156.275743][ T942] tpg source WxH: 320x240 (Y'CbCr) [ 2156.410003][ T942] tpg field: 1 [ 2156.489149][ T942] tpg crop: (0,0)/320x240 [ 2156.625306][ T942] tpg compose: (0,0)/320x240 [ 2156.636553][ T965] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2156.745946][ T959] can: request_module (can-proto-3) failed. [ 2156.868982][ T942] tpg colorspace: 8 [ 2156.927062][ T942] tpg transfer function: 0/0 [ 2156.931694][ T942] tpg Y'CbCr encoding: 0/0 [ 2156.946330][ T965] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2156.946330][ T965] [ 2157.116861][ T942] tpg quantization: 0/0 [ 2157.242474][ T942] tpg RGB range: 0/2 [ 2157.313592][ T942] vivid-007: ================== END STATUS ================== [ 2158.065619][ T973] bond0: option all_slaves_active: invalid value () [ 2158.133552][ T976] bond0: option all_slaves_active: invalid value () [ 2160.199303][T24189] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2160.273657][T24189] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2160.273657][T24189] [ 2160.671215][ T1022] FAULT_INJECTION: forcing a failure. [ 2160.671215][ T1022] name failslab, interval 1, probability 0, space 0, times 0 [ 2160.770664][ T1022] CPU: 0 UID: 0 PID: 1022 Comm: syz.0.5218 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2160.770696][ T1022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2160.770709][ T1022] Call Trace: [ 2160.770716][ T1022] [ 2160.770725][ T1022] dump_stack_lvl+0x16c/0x1f0 [ 2160.770757][ T1022] should_fail_ex+0x512/0x640 [ 2160.770787][ T1022] ? __kvmalloc_node_noprof+0x124/0x620 [ 2160.770814][ T1022] should_failslab+0xc2/0x120 [ 2160.770844][ T1022] __kvmalloc_node_noprof+0x137/0x620 [ 2160.770869][ T1022] ? seq_read_iter+0x826/0x12c0 [ 2160.770900][ T1022] ? seq_read_iter+0x826/0x12c0 [ 2160.770919][ T1022] seq_read_iter+0x826/0x12c0 [ 2160.770951][ T1022] seq_read+0x3a3/0x570 [ 2160.770971][ T1022] ? __pfx_seq_read+0x10/0x10 [ 2160.771011][ T1022] full_proxy_read+0x131/0x1a0 [ 2160.771044][ T1022] ? __pfx_full_proxy_read+0x10/0x10 [ 2160.771077][ T1022] vfs_read+0x1e4/0xcf0 [ 2160.771105][ T1022] ? __pfx___mutex_lock+0x10/0x10 [ 2160.771133][ T1022] ? __pfx_vfs_read+0x10/0x10 [ 2160.771164][ T1022] ? __fget_files+0x20e/0x3c0 [ 2160.771195][ T1022] ksys_read+0x12a/0x250 [ 2160.771218][ T1022] ? __pfx_ksys_read+0x10/0x10 [ 2160.771250][ T1022] do_syscall_64+0xcd/0x490 [ 2160.771280][ T1022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2160.771302][ T1022] RIP: 0033:0x7f9a5d78ebe9 [ 2160.771318][ T1022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2160.771339][ T1022] RSP: 002b:00007f9a5e5e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2160.771360][ T1022] RAX: ffffffffffffffda RBX: 00007f9a5d9b5fa0 RCX: 00007f9a5d78ebe9 [ 2160.771374][ T1022] RDX: 000000000000002e RSI: 0000200000000940 RDI: 0000000000000003 [ 2160.771388][ T1022] RBP: 00007f9a5e5e4090 R08: 0000000000000000 R09: 0000000000000000 [ 2160.771412][ T1022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2160.771424][ T1022] R13: 00007f9a5d9b6038 R14: 00007f9a5d9b5fa0 R15: 00007ffed6cc0af8 [ 2160.771450][ T1022] [ 2160.975219][ C0] vkms_vblank_simulate: vblank timer overrun [ 2161.593408][ T1030] phram: not enough arguments [ 2161.625173][ T1030] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd12 [ 2162.641175][ T1043] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2163.127570][ T1043] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2163.127570][ T1043] [ 2163.762723][T29473] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2163.772719][T29473] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2163.782615][T29473] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2163.791666][T29473] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2163.799123][T29473] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2165.071122][ T1073] FAULT_INJECTION: forcing a failure. [ 2165.071122][ T1073] name fail_futex, interval 1, probability 0, space 0, times 0 [ 2165.404262][ T1073] CPU: 0 UID: 0 PID: 1073 Comm: syz.3.5228 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2165.404298][ T1073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2165.404313][ T1073] Call Trace: [ 2165.404321][ T1073] [ 2165.404330][ T1073] dump_stack_lvl+0x16c/0x1f0 [ 2165.404364][ T1073] should_fail_ex+0x512/0x640 [ 2165.404407][ T1073] get_futex_key+0x1d0/0x1560 [ 2165.404439][ T1073] ? __pfx_get_futex_key+0x10/0x10 [ 2165.404467][ T1073] ? __mutex_trylock_common+0xe9/0x250 [ 2165.404507][ T1073] futex_wake+0xea/0x530 [ 2165.404545][ T1073] ? __pfx_futex_wake+0x10/0x10 [ 2165.404592][ T1073] do_futex+0x1e3/0x350 [ 2165.404622][ T1073] ? __pfx_do_futex+0x10/0x10 [ 2165.404649][ T1073] ? __might_fault+0xe3/0x190 [ 2165.404685][ T1073] mm_release+0x24e/0x300 [ 2165.404712][ T1073] do_exit+0x68e/0x2bf0 [ 2165.404761][ T1073] ? __pfx_do_exit+0x10/0x10 [ 2165.404791][ T1073] ? do_raw_spin_lock+0x12c/0x2b0 [ 2165.404824][ T1073] ? find_held_lock+0x2b/0x80 [ 2165.404849][ T1073] do_group_exit+0xd3/0x2a0 [ 2165.404882][ T1073] get_signal+0x2673/0x26d0 [ 2165.404917][ T1073] ? __pfx_get_signal+0x10/0x10 [ 2165.404960][ T1073] ? find_held_lock+0x2b/0x80 [ 2165.404989][ T1073] arch_do_signal_or_restart+0x8f/0x790 [ 2165.405021][ T1073] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 2165.405059][ T1073] ? ksys_read+0x1ac/0x250 [ 2165.405085][ T1073] ? __pfx_ksys_read+0x10/0x10 [ 2165.405117][ T1073] exit_to_user_mode_loop+0x84/0x110 [ 2165.405153][ T1073] do_syscall_64+0x3f6/0x490 [ 2165.405186][ T1073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2165.405209][ T1073] RIP: 0033:0x7fae2cf8ebe9 [ 2165.405227][ T1073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2165.405250][ T1073] RSP: 002b:00007fae2ddf4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2165.405272][ T1073] RAX: 0000000000000000 RBX: 00007fae2d1b6090 RCX: 00007fae2cf8ebe9 [ 2165.405287][ T1073] RDX: 0000000000001000 RSI: 00002000000000c0 RDI: 0000000000000002 [ 2165.405301][ T1073] RBP: 00007fae2ddf4090 R08: 0000000000000000 R09: 0000000000000000 [ 2165.405316][ T1073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2165.405330][ T1073] R13: 00007fae2d1b6128 R14: 00007fae2d1b6090 R15: 00007ffdcca14658 [ 2165.405358][ T1073] [ 2165.640175][ C0] vkms_vblank_simulate: vblank timer overrun [ 2166.098222][T29473] Bluetooth: hci3: command tx timeout [ 2166.976752][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 2166.983102][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 2167.176485][ T1091] vivid-007: ================= START STATUS ================= [ 2167.257599][ T1091] vivid-007: Generate PTS: true [ 2167.326269][ T1091] vivid-007: Generate SCR: true [ 2167.331199][ T1091] tpg source WxH: 320x240 (Y'CbCr) [ 2167.452052][ T1091] tpg field: 1 [ 2167.455472][ T1091] tpg crop: (0,0)/320x240 [ 2167.459829][ T1091] tpg compose: (0,0)/320x240 [ 2167.632237][ T1091] tpg colorspace: 8 [ 2167.753448][ T1091] tpg transfer function: 0/0 [ 2167.775372][T16126] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2167.810812][ T1091] tpg Y'CbCr encoding: 0/0 [ 2167.940426][ T1091] tpg quantization: 0/0 [ 2167.944645][ T1091] tpg RGB range: 0/2 [ 2167.982655][ T1097] can: request_module (can-proto-3) failed. [ 2168.062681][ T1091] vivid-007: ================== END STATUS ================== [ 2168.146460][ T1059] chnl_net:caif_netlink_parms(): no params data found [ 2168.162787][T29473] Bluetooth: hci3: command tx timeout [ 2168.904288][T16126] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2169.514643][T16126] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2169.723546][ T1059] bridge0: port 1(bridge_slave_0) entered blocking state [ 2169.756520][ T1059] bridge0: port 1(bridge_slave_0) entered disabled state [ 2169.792360][ T1059] bridge_slave_0: entered allmulticast mode [ 2169.822620][ T1059] bridge_slave_0: entered promiscuous mode [ 2169.891264][ T1059] bridge0: port 2(bridge_slave_1) entered blocking state [ 2169.915679][ T1059] bridge0: port 2(bridge_slave_1) entered disabled state [ 2169.948269][ T1059] bridge_slave_1: entered allmulticast mode [ 2169.976912][ T1059] bridge_slave_1: entered promiscuous mode [ 2170.229117][T29473] Bluetooth: hci3: command tx timeout [ 2170.262924][ T1059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2170.330353][ T1059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2170.950140][ T1059] team0: Port device team_slave_0 added [ 2170.976629][ T1059] team0: Port device team_slave_1 added [ 2171.754787][T16126] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2172.004039][ T1059] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2172.061121][ T1059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2172.231605][ T1059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2172.300280][T29473] Bluetooth: hci3: command tx timeout [ 2172.316153][ T1059] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2172.360736][ T1059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2172.514762][ T1059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2172.637215][ T1147] netlink: 'syz.2.5242': attribute type 15 has an invalid length. [ 2172.770254][ T1147] netlink: 186 bytes leftover after parsing attributes in process `syz.2.5242'. [ 2173.632650][ T1059] hsr_slave_0: entered promiscuous mode [ 2173.660658][ T1059] hsr_slave_1: entered promiscuous mode [ 2173.667214][ T1059] debugfs: 'hsr0' already exists in 'hsr' [ 2173.723978][ T1059] Cannot create hsr debugfs directory [ 2173.767596][T16126] bridge_slave_1: left allmulticast mode [ 2173.800731][T16126] bridge_slave_1: left promiscuous mode [ 2173.806567][T16126] bridge0: port 2(bridge_slave_1) entered disabled state [ 2174.081145][T16126] bridge_slave_0: left allmulticast mode [ 2174.089772][T16126] bridge_slave_0: left promiscuous mode [ 2174.095532][T16126] bridge0: port 1(bridge_slave_0) entered disabled state [ 2175.338033][ T1170] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2175.450173][ T1170] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2175.450173][ T1170] [ 2176.627400][T16126] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2176.661922][T16126] bond0 (unregistering): Released all slaves [ 2178.092097][T16126] hsr_slave_0: left promiscuous mode [ 2178.154488][T16126] hsr_slave_1: left promiscuous mode [ 2178.198331][T16126] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2178.238928][T16126] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2178.448855][T16126] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2178.483777][T16126] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2178.601022][T16126] veth1_macvtap: left promiscuous mode [ 2178.678358][T16126] veth0_macvtap: left promiscuous mode [ 2178.707372][T16126] veth1_vlan: left promiscuous mode [ 2178.740905][T16126] veth0_vlan: left promiscuous mode [ 2179.760759][ T1239] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2179.838091][ T1239] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2179.838091][ T1239] [ 2181.157221][ T1252] FAULT_INJECTION: forcing a failure. [ 2181.157221][ T1252] name failslab, interval 1, probability 0, space 0, times 0 [ 2181.195418][ T1252] CPU: 0 UID: 0 PID: 1252 Comm: syz.3.5255 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2181.195455][ T1252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2181.195469][ T1252] Call Trace: [ 2181.195478][ T1252] [ 2181.195488][ T1252] dump_stack_lvl+0x16c/0x1f0 [ 2181.195523][ T1252] should_fail_ex+0x512/0x640 [ 2181.195558][ T1252] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 2181.195586][ T1252] should_failslab+0xc2/0x120 [ 2181.195618][ T1252] __kmalloc_cache_noprof+0x6a/0x3e0 [ 2181.195643][ T1252] ? snd_seq_timer_new+0x44/0x1b0 [ 2181.195680][ T1252] ? lockdep_init_map_type+0x5c/0x280 [ 2181.195717][ T1252] snd_seq_timer_new+0x44/0x1b0 [ 2181.195748][ T1252] snd_seq_queue_alloc+0x177/0x5a0 [ 2181.195778][ T1252] snd_seq_ioctl_create_queue+0xa9/0x380 [ 2181.195813][ T1252] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 2181.195853][ T1252] alloc_seq_queue+0xda/0x180 [ 2181.195888][ T1252] ? __pfx_alloc_seq_queue+0x10/0x10 [ 2181.195941][ T1252] ? mark_held_locks+0x49/0x80 [ 2181.195970][ T1252] ? _raw_spin_unlock_irq+0x23/0x50 [ 2181.195999][ T1252] snd_seq_oss_open+0x38c/0xa20 [ 2181.196041][ T1252] odev_open+0x6f/0x90 [ 2181.196071][ T1252] ? __pfx_odev_open+0x10/0x10 [ 2181.196116][ T1252] soundcore_open+0x409/0x580 [ 2181.196150][ T1252] ? __pfx_soundcore_open+0x10/0x10 [ 2181.196181][ T1252] chrdev_open+0x231/0x6a0 [ 2181.196229][ T1252] ? __pfx_apparmor_file_open+0x10/0x10 [ 2181.196253][ T1252] ? __pfx_chrdev_open+0x10/0x10 [ 2181.196282][ T1252] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 2181.196313][ T1252] do_dentry_open+0x97f/0x1530 [ 2181.196340][ T1252] ? __pfx_chrdev_open+0x10/0x10 [ 2181.196373][ T1252] vfs_open+0x82/0x3f0 [ 2181.196408][ T1252] path_openat+0x1de4/0x2cb0 [ 2181.196443][ T1252] ? __pfx_path_openat+0x10/0x10 [ 2181.196475][ T1252] do_filp_open+0x20b/0x470 [ 2181.196502][ T1252] ? __pfx_do_filp_open+0x10/0x10 [ 2181.196546][ T1252] ? alloc_fd+0x471/0x7d0 [ 2181.196577][ T1252] do_sys_openat2+0x11b/0x1d0 [ 2181.196609][ T1252] ? __pfx_do_sys_openat2+0x10/0x10 [ 2181.196644][ T1252] ? lock_acquire+0x179/0x350 [ 2181.196683][ T1252] __x64_sys_openat+0x174/0x210 [ 2181.196718][ T1252] ? __pfx___x64_sys_openat+0x10/0x10 [ 2181.196763][ T1252] do_syscall_64+0xcd/0x490 [ 2181.196799][ T1252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2181.196822][ T1252] RIP: 0033:0x7fae2cf8ebe9 [ 2181.196839][ T1252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2181.196861][ T1252] RSP: 002b:00007fae2ddf4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2181.196882][ T1252] RAX: ffffffffffffffda RBX: 00007fae2d1b6090 RCX: 00007fae2cf8ebe9 [ 2181.196897][ T1252] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 2181.196912][ T1252] RBP: 00007fae2d011e19 R08: 0000000000000000 R09: 0000000000000000 [ 2181.196925][ T1252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2181.196939][ T1252] R13: 00007fae2d1b6128 R14: 00007fae2d1b6090 R15: 00007ffdcca14658 [ 2181.196966][ T1252] [ 2181.495564][ C0] vkms_vblank_simulate: vblank timer overrun [ 2182.090462][ T1256] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2182.160689][ T1256] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2182.160689][ T1256] [ 2182.206824][ T1257] ptrace attach of "./syz-executor exec"[31904] was attempted by "./syz-executor exec"[1257] [ 2185.649717][T16126] team0 (unregistering): Port device team_slave_1 removed [ 2185.835105][T16126] team0 (unregistering): Port device team_slave_0 removed [ 2187.542750][ T5870] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2187.553147][ T5870] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2187.561901][ T5870] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2187.569816][ T5870] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2187.578315][ T5870] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2188.667499][ T1291] Invalid ELF header magic: != ELF [ 2189.645754][ T5870] Bluetooth: hci5: command tx timeout [ 2190.522086][ T2987] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 2190.580820][ T2987] EXT4-fs (sda1): This should not happen!! Data will be lost [ 2190.580820][ T2987] [ 2190.948623][T16126] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2191.081782][ T1279] chnl_net:caif_netlink_parms(): no params data found [ 2191.344962][T16126] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2191.633031][T16126] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2191.714901][ T5870] Bluetooth: hci5: command tx timeout [ 2192.170289][T16126] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2192.257171][ T1279] bridge0: port 1(bridge_slave_0) entered blocking state [ 2192.288769][ T1279] bridge0: port 1(bridge_slave_0) entered disabled state [ 2192.311959][ T1279] bridge_slave_0: entered allmulticast mode [ 2192.332296][ T1279] bridge_slave_0: entered promiscuous mode [ 2192.355848][ T1059] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2192.393150][ T1279] bridge0: port 2(bridge_slave_1) entered blocking state [ 2192.400324][ T1279] bridge0: port 2(bridge_slave_1) entered disabled state [ 2192.436832][ T1279] bridge_slave_1: entered allmulticast mode [ 2192.455870][ T1279] bridge_slave_1: entered promiscuous mode [ 2192.510117][ T1059] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2192.614493][ T1279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2192.667377][ T1279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2192.710718][ T1059] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2192.747265][ T1059] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2193.197300][ T5870] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 2193.197334][ T5870] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 2193.212471][ T5870] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 2193.212531][ T5870] Bluetooth: hci2: adv larger than maximum supported [ 2193.225133][ T5870] Bluetooth: hci2: Malformed LE Event: 0x0d [ 2193.261083][ T1279] team0: Port device team_slave_0 added [ 2193.314404][ T1279] team0: Port device team_slave_1 added [ 2193.663056][ T1279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2193.714716][ T1279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2193.791074][ T5870] Bluetooth: hci5: command tx timeout [ 2193.871324][ T1279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2193.948123][ T1279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2193.978293][ T1279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2194.105519][ T1279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2194.161454][T16126] bridge_slave_1: left allmulticast mode [ 2194.196851][T16126] bridge_slave_1: left promiscuous mode [ 2194.225890][T16126] bridge0: port 2(bridge_slave_1) entered disabled state [ 2194.283797][T16126] bridge_slave_0: left allmulticast mode [ 2194.289505][T16126] bridge_slave_0: left promiscuous mode [ 2194.334487][T16126] bridge0: port 1(bridge_slave_0) entered disabled state [ 2194.473720][ T1379] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5273'. [ 2195.352323][ T1388] ubi0: attaching mtd0 [ 2195.400185][ T1388] ubi0: scanning is finished [ 2195.404892][ T1388] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 2195.700564][ T1388] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 2195.853488][ T5870] Bluetooth: hci5: command tx timeout [ 2196.504992][ T1401] ================================================================== [ 2196.513119][ T1401] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 2196.521050][ T1401] Read of size 8 at addr ffff88805b9d9000 by task syz.2.5278/1401 [ 2196.528868][ T1401] [ 2196.531202][ T1401] CPU: 0 UID: 0 PID: 1401 Comm: syz.2.5278 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2196.531245][ T1401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2196.531265][ T1401] Call Trace: [ 2196.531278][ T1401] [ 2196.531291][ T1401] dump_stack_lvl+0x116/0x1f0 [ 2196.531339][ T1401] print_report+0xcd/0x630 [ 2196.531372][ T1401] ? __virt_addr_valid+0x81/0x610 [ 2196.531402][ T1401] ? __phys_addr+0xe8/0x180 [ 2196.531432][ T1401] ? force_devcd_write+0x312/0x340 [ 2196.531464][ T1401] kasan_report+0xe0/0x110 [ 2196.531495][ T1401] ? force_devcd_write+0x312/0x340 [ 2196.531530][ T1401] force_devcd_write+0x312/0x340 [ 2196.531561][ T1401] ? __pfx_force_devcd_write+0x10/0x10 [ 2196.531594][ T1401] ? __debugfs_file_get+0x1fe/0x840 [ 2196.531631][ T1401] ? __pfx___debugfs_file_get+0x10/0x10 [ 2196.531672][ T1401] full_proxy_write+0x131/0x1a0 [ 2196.531709][ T1401] ? __pfx_full_proxy_write+0x10/0x10 [ 2196.531746][ T1401] vfs_write+0x29d/0x11d0 [ 2196.531775][ T1401] ? __pfx___mutex_lock+0x10/0x10 [ 2196.531807][ T1401] ? __pfx_vfs_write+0x10/0x10 [ 2196.531838][ T1401] ? __fget_files+0x20e/0x3c0 [ 2196.531868][ T1401] ksys_write+0x12a/0x250 [ 2196.531896][ T1401] ? __pfx_ksys_write+0x10/0x10 [ 2196.531928][ T1401] do_syscall_64+0xcd/0x490 [ 2196.531960][ T1401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2196.531986][ T1401] RIP: 0033:0x7f473578ebe9 [ 2196.532005][ T1401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2196.532030][ T1401] RSP: 002b:00007f4736552038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2196.532052][ T1401] RAX: ffffffffffffffda RBX: 00007f47359b5fa0 RCX: 00007f473578ebe9 [ 2196.532069][ T1401] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 2196.532084][ T1401] RBP: 00007f4735811e19 R08: 0000000000000000 R09: 0000000000000000 [ 2196.532100][ T1401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2196.532115][ T1401] R13: 00007f47359b6038 R14: 00007f47359b5fa0 R15: 00007ffdc15513a8 [ 2196.532138][ T1401] [ 2196.532147][ T1401] [ 2196.741149][ T1401] Allocated by task 1328: [ 2196.745484][ T1401] kasan_save_stack+0x33/0x60 [ 2196.750220][ T1401] kasan_save_track+0x14/0x30 [ 2196.754911][ T1401] __kasan_kmalloc+0xaa/0xb0 [ 2196.759517][ T1401] __kmalloc_noprof+0x223/0x510 [ 2196.764467][ T1401] ieee802_11_parse_elems_full+0x1db/0x3780 [ 2196.770372][ T1401] ieee80211_inform_bss+0x10b/0x1140 [ 2196.775678][ T1401] cfg80211_inform_single_bss_data+0x8e7/0x1df0 [ 2196.781933][ T1401] cfg80211_inform_bss_data+0x224/0x3bd0 [ 2196.787585][ T1401] cfg80211_inform_bss_frame_data+0x26f/0x750 [ 2196.793696][ T1401] ieee80211_bss_info_update+0x310/0xab0 [ 2196.799478][ T1401] ieee80211_scan_rx+0x4cf/0xb30 [ 2196.804457][ T1401] ieee80211_rx_list+0x1bdb/0x2980 [ 2196.809594][ T1401] ieee80211_rx_napi+0xdc/0x410 [ 2196.814511][ T1401] ieee80211_handle_queued_frames+0xd5/0x130 [ 2196.820548][ T1401] tasklet_action_common+0x284/0x400 [ 2196.825912][ T1401] handle_softirqs+0x219/0x8e0 [ 2196.830784][ T1401] __irq_exit_rcu+0x109/0x170 [ 2196.835497][ T1401] irq_exit_rcu+0x9/0x30 [ 2196.839845][ T1401] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 2196.845509][ T1401] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2196.851522][ T1401] [ 2196.853867][ T1401] Freed by task 1328: [ 2196.857859][ T1401] kasan_save_stack+0x33/0x60 [ 2196.862576][ T1401] kasan_save_track+0x14/0x30 [ 2196.867276][ T1401] kasan_save_free_info+0x3b/0x60 [ 2196.872344][ T1401] __kasan_slab_free+0x60/0x70 [ 2196.877249][ T1401] kfree+0x2b4/0x4d0 [ 2196.881182][ T1401] ieee80211_inform_bss+0x77c/0x1140 [ 2196.886509][ T1401] cfg80211_inform_single_bss_data+0x8e7/0x1df0 [ 2196.892783][ T1401] cfg80211_inform_bss_data+0x224/0x3bd0 [ 2196.898804][ T1401] cfg80211_inform_bss_frame_data+0x26f/0x750 [ 2196.905197][ T1401] ieee80211_bss_info_update+0x310/0xab0 [ 2196.910874][ T1401] ieee80211_scan_rx+0x4cf/0xb30 [ 2196.915854][ T1401] ieee80211_rx_list+0x1bdb/0x2980 [ 2196.920977][ T1401] ieee80211_rx_napi+0xdc/0x410 [ 2196.925853][ T1401] ieee80211_handle_queued_frames+0xd5/0x130 [ 2196.931888][ T1401] tasklet_action_common+0x284/0x400 [ 2196.937207][ T1401] handle_softirqs+0x219/0x8e0 [ 2196.942000][ T1401] __irq_exit_rcu+0x109/0x170 [ 2196.946727][ T1401] irq_exit_rcu+0x9/0x30 [ 2196.951015][ T1401] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 2196.956717][ T1401] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2196.962729][ T1401] [ 2196.965064][ T1401] The buggy address belongs to the object at ffff88805b9d9000 [ 2196.965064][ T1401] which belongs to the cache kmalloc-1k of size 1024 [ 2196.979139][ T1401] The buggy address is located 0 bytes inside of [ 2196.979139][ T1401] freed 1024-byte region [ffff88805b9d9000, ffff88805b9d9400) [ 2196.993489][ T1401] [ 2196.995828][ T1401] The buggy address belongs to the physical page: [ 2197.002337][ T1401] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b9d8 [ 2197.011198][ T1401] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 2197.019819][ T1401] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 2197.027397][ T1401] page_type: f5(slab) [ 2197.031517][ T1401] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000ccd400 dead000000000002 [ 2197.040754][ T1401] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 2197.049365][ T1401] head: 00fff00000000040 ffff88801b841dc0 ffffea0000ccd400 dead000000000002 [ 2197.058073][ T1401] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 2197.066773][ T1401] head: 00fff00000000003 ffffea00016e7601 00000000ffffffff 00000000ffffffff [ 2197.075472][ T1401] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 2197.084177][ T1401] page dumped because: kasan: bad access detected [ 2197.090603][ T1401] page_owner tracks the page as allocated [ 2197.096321][ T1401] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5872, tgid 5872 (syz-executor), ts 107138150785, free_ts 35928591301 [ 2197.115706][ T1401] post_alloc_hook+0x1c0/0x230 [ 2197.120514][ T1401] get_page_from_freelist+0x132b/0x38e0 [ 2197.126099][ T1401] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 2197.132005][ T1401] alloc_pages_mpol+0x1fb/0x550 [ 2197.136970][ T1401] new_slab+0x247/0x330 [ 2197.141152][ T1401] ___slab_alloc+0xcf2/0x1740 [ 2197.145845][ T1401] __slab_alloc.constprop.0+0x56/0xb0 [ 2197.151244][ T1401] __kmalloc_cache_noprof+0xfb/0x3e0 [ 2197.156554][ T1401] batadv_hard_if_event+0xb13/0x1550 [ 2197.161985][ T1401] notifier_call_chain+0xbc/0x410 [ 2197.167043][ T1401] call_netdevice_notifiers_info+0xbe/0x140 [ 2197.172972][ T1401] register_netdevice+0x182e/0x2270 [ 2197.178196][ T1401] nsim_create+0xdd5/0x1260 [ 2197.182723][ T1401] __nsim_dev_port_add+0x435/0x7d0 [ 2197.187869][ T1401] nsim_drv_probe+0xe40/0x1520 [ 2197.192668][ T1401] really_probe+0x23e/0xa90 [ 2197.197205][ T1401] page last free pid 1 tgid 1 stack trace: [ 2197.203038][ T1401] __free_frozen_pages+0x7d5/0x10f0 [ 2197.208250][ T1401] free_contig_range+0x183/0x4b0 [ 2197.213218][ T1401] destroy_args+0x7f6/0xa60 [ 2197.217754][ T1401] debug_vm_pgtable+0x1a32/0x3640 [ 2197.222800][ T1401] do_one_initcall+0x120/0x6e0 [ 2197.227596][ T1401] kernel_init_freeable+0x5c2/0x910 [ 2197.232839][ T1401] kernel_init+0x1c/0x2b0 [ 2197.237189][ T1401] ret_from_fork+0x5d4/0x6f0 [ 2197.241817][ T1401] ret_from_fork_asm+0x1a/0x30 [ 2197.246611][ T1401] [ 2197.248958][ T1401] Memory state around the buggy address: [ 2197.254590][ T1401] ffff88805b9d8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2197.262753][ T1401] ffff88805b9d8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2197.270833][ T1401] >ffff88805b9d9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2197.278901][ T1401] ^ [ 2197.282993][ T1401] ffff88805b9d9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2197.291068][ T1401] ffff88805b9d9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2197.299131][ T1401] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2198.162024][ T1401] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 2198.169275][ T1401] CPU: 0 UID: 0 PID: 1401 Comm: syz.2.5278 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 2198.181268][ T1401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2198.191535][ T1401] Call Trace: [ 2198.194821][ T1401] [ 2198.197761][ T1401] dump_stack_lvl+0x3d/0x1f0 [ 2198.202378][ T1401] vpanic+0x6e8/0x7a0 [ 2198.206397][ T1401] ? __pfx_vpanic+0x10/0x10 [ 2198.210924][ T1401] ? __pfx_vprintk_emit+0x10/0x10 [ 2198.215986][ T1401] ? force_devcd_write+0x312/0x340 [ 2198.221118][ T1401] panic+0xca/0xd0 [ 2198.224885][ T1401] ? __pfx_panic+0x10/0x10 [ 2198.229323][ T1401] ? force_devcd_write+0x312/0x340 [ 2198.234478][ T1401] ? preempt_schedule_common+0x44/0xc0 [ 2198.239956][ T1401] ? preempt_schedule_thunk+0x16/0x30 [ 2198.245354][ T1401] check_panic_on_warn+0xab/0xb0 [ 2198.250332][ T1401] end_report+0x107/0x170 [ 2198.254682][ T1401] kasan_report+0xee/0x110 [ 2198.259120][ T1401] ? force_devcd_write+0x312/0x340 [ 2198.264256][ T1401] force_devcd_write+0x312/0x340 [ 2198.269218][ T1401] ? __pfx_force_devcd_write+0x10/0x10 [ 2198.274718][ T1401] ? __debugfs_file_get+0x1fe/0x840 [ 2198.279971][ T1401] ? __pfx___debugfs_file_get+0x10/0x10 [ 2198.285633][ T1401] full_proxy_write+0x131/0x1a0 [ 2198.290546][ T1401] ? __pfx_full_proxy_write+0x10/0x10 [ 2198.295947][ T1401] vfs_write+0x29d/0x11d0 [ 2198.300326][ T1401] ? __pfx___mutex_lock+0x10/0x10 [ 2198.305390][ T1401] ? __pfx_vfs_write+0x10/0x10 [ 2198.310178][ T1401] ? __fget_files+0x20e/0x3c0 [ 2198.314874][ T1401] ksys_write+0x12a/0x250 [ 2198.319225][ T1401] ? __pfx_ksys_write+0x10/0x10 [ 2198.324126][ T1401] do_syscall_64+0xcd/0x490 [ 2198.328658][ T1401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2198.334596][ T1401] RIP: 0033:0x7f473578ebe9 [ 2198.339024][ T1401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2198.358658][ T1401] RSP: 002b:00007f4736552038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2198.367113][ T1401] RAX: ffffffffffffffda RBX: 00007f47359b5fa0 RCX: 00007f473578ebe9 [ 2198.375117][ T1401] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 2198.383192][ T1401] RBP: 00007f4735811e19 R08: 0000000000000000 R09: 0000000000000000 [ 2198.391386][ T1401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2198.399396][ T1401] R13: 00007f47359b6038 R14: 00007f47359b5fa0 R15: 00007ffdc15513a8 [ 2198.407397][ T1401] [ 2198.410497][ T1401] Kernel Offset: disabled [ 2198.414862][ T1401] Rebooting in 86400 seconds..