last executing test programs: 7.364585183s ago: executing program 3 (id=136): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x8000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r2 = openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) move_mount$auto(r2, 0x0, r1, 0x0, 0x9) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x68) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x22003, 0x0) 7.26263346s ago: executing program 1 (id=137): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) setregid$auto(0x81, 0x0) clock_nanosleep$auto(0x2, 0x6, &(0x7f0000000840)={0x0, 0xc025}, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x81, 0x8000000000001, 0xa}, 0xb, 0x0) landlock_restrict_self$auto(r0, 0x8) 6.287499017s ago: executing program 1 (id=141): mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x200, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) ioctl$auto_TUNGETIFF2(r0, 0x800454d2, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) io_uring_setup$auto(0x8, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0xffffffffffff0001, 0x15) landlock_restrict_self$auto(0xffffffffffffffff, 0xfffffffc) 6.287284569s ago: executing program 3 (id=143): mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000001080)='/dev/audio1\x00', 0x121302, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x10001, 0x0) unshare$auto(0x40000080) ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, 0x0) sendmsg$auto_NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, 0x0, 0x4000084) read$auto(0x3, 0x0, 0x8080) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, 0x0, 0x0) write$auto(0x3, 0x0, 0x100082) 5.296486767s ago: executing program 3 (id=147): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) shutdown$auto(0x200000003, 0x2) shutdown$auto(0x200000003, 0x2) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r0, 0x0, 0x39b8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, 0x0, 0x80) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f00000000c0), 0x141401, 0x0) clock_adjtime$auto(0xfffffffffffffffb, 0x0) 4.32997874s ago: executing program 3 (id=148): openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec4\x00', 0x800, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) syz_genetlink_get_family_id$auto_ioam6(0x0, 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(0xffffffffffffffff, 0x0, 0x808) r1 = ioctl$auto_TIOCGPTPEER2(0xffffffffffffffff, 0x5441, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x12, r1, 0x2) getrlimit$auto(0x4, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0) 4.329172491s ago: executing program 0 (id=149): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x3, 0x3b) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x40000880}, 0x200000a1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x4000800) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mem\x00', 0x20401, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) read$auto(0x3, 0x0, 0x80) 4.328922844s ago: executing program 1 (id=157): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) shutdown$auto(0x200000003, 0x2) shutdown$auto(0x200000003, 0x2) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r0, 0x0, 0x39b8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, 0x0, 0x80) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f00000000c0), 0x141401, 0x0) clock_adjtime$auto(0xfffffffffffffffb, 0x0) 4.042939177s ago: executing program 0 (id=150): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x42000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x1, 0x2, 0xe2, 0x13, 0x405, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0x4c810) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/nvme_core/parameters/max_retries\x00', 0x101342, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x840042, 0x0) sendfile$auto(r0, 0x3, 0x0, 0xc01) 3.654569178s ago: executing program 2 (id=151): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x1c, 0x0, 0xb3eaee9e9ed11725, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x41001}, 0x64810) madvise$auto(0x0, 0x1010001, 0x100000003) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0) 3.507695109s ago: executing program 0 (id=152): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x4000000008000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x400000003) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)={0x1c, r3, 0x1, 0x70bd31, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x4}]}, 0x1c}}, 0x24048004) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r4 = socket(0x2, 0xa, 0x1) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r4, 0x10000}, 0x10) 3.418399868s ago: executing program 3 (id=153): socket(0x2b, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/amidi2\x00', 0x802, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mq_open$auto(0x0, 0x7e, 0x9, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) migrate_pages$auto(0x0, 0xa, 0x0, &(0x7f0000000140)=0x2) 2.693281802s ago: executing program 1 (id=154): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xffffffffffffffff, 0x200, r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x4a801, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x8000000000000002, 0x4000000000df, 0x11, r0, 0x64b3) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 2.643767281s ago: executing program 0 (id=155): msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8400, 0x0) msync$auto(0x78afb701, 0x3ad, 0x7) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') madvise$auto(0x0, 0xffffffffffff0005, 0x17) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x200, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) 2.616784481s ago: executing program 2 (id=158): mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) mmap$auto(0x4, 0x8004, 0x4000000000df, 0x100040eb5, 0x401, 0x300000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001140)=""/4093, 0xffd) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000040), 0x200080, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) mremap$auto(0x9, 0x3ff, 0x5d, 0x80000000, 0x100) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS2\x00', 0x101e81, 0x0) 1.950464879s ago: executing program 2 (id=159): socket(0x10, 0x3, 0x6) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x202, 0x22fad727, 0x5, 0x717b, 0x204, 0x7, 0xffffffffffffffff, 0x10, 0x2, 0x80003, 0x4, 0x1ffffffffffd, 0xb4, 0xfffffffffffffffe, 0x10004, 0x10002, 0x7f, 0x2a2, 0x2, 0xa, 0x22000, 0x200, 0x4, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2]}, 0x1fe, 0xd) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x5, 0x0) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000180), 0x1) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/personality\x00', 0x2, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setpriority$auto_PRIO_PGRP(0x1, 0x0, 0x9) 1.949433557s ago: executing program 1 (id=167): writev$auto(0xffffffffffffffff, 0x0, 0x1) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) pipe$auto(0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) unshare$auto(0x40000080) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) writev$auto(r0, &(0x7f0000000340)={0x0, 0x500000}, 0x9) 1.802128205s ago: executing program 2 (id=160): mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) sysfs$auto(0x2, 0x1f, 0x0) r1 = socket(0x2, 0x801, 0x106) listen$auto(r1, 0xf52b) getsockopt$auto(r1, 0x11c, 0x2, 0x0, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x5}, 0x4, 0x966, 0x3, @raw=0x404, @integer64={0xc, 0xeb1e, 0x34}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, 0x0) 1.543185958s ago: executing program 0 (id=161): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0) 1.500148101s ago: executing program 2 (id=162): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 906.474742ms ago: executing program 3 (id=163): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x11, 0x0, 0x5, 0x407) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), 0xffffffffffffffff) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) msgsnd$auto(0x0, &(0x7f0000000080)={0x6, 0x2}, 0xf, 0xc45) 169.268648ms ago: executing program 2 (id=164): mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) bpf$auto(0x5, &(0x7f00000001c0)=@info={r0, 0x3, 0x6}, 0x6f0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan1\x00'}) eventfd$auto(0x8c) mmap$auto(0x0, 0x400008, 0x204, 0x9b72, 0xffffffffffffffff, 0x800000000008000) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r1, &(0x7f0000001680)="a7", 0xfffffc96) 167.138651ms ago: executing program 1 (id=165): prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) socket(0x25, 0xa, 0xebff) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r0, &(0x7f0000000100)={0x0, 0x9}, 0x2) write$auto(r0, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x00\x00\x00', 0x8083a) 0s ago: executing program 0 (id=166): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.55' (ED25519) to the list of known hosts. [ 70.167020][ T5613] cgroup: Unknown subsys name 'net' [ 70.260815][ T5613] cgroup: Unknown subsys name 'cpuset' [ 70.270316][ T5613] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.449929][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.456414][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.717313][ T5613] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 73.373109][ T5625] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.381933][ T5625] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.389674][ T5625] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.400393][ T5625] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.408725][ T5625] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.481491][ T5625] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.492350][ T5625] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.512231][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.519645][ T5632] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.530970][ T5632] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.540678][ T5632] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.552390][ T5632] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.560692][ T5632] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.568049][ T5633] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.576241][ T5632] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.612801][ T5632] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.623427][ T5632] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.631866][ T5632] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.643130][ T5632] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.652491][ T5632] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.949822][ T5624] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.957048][ T5624] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.965262][ T5624] bridge_slave_0: entered allmulticast mode [ 74.972512][ T5624] bridge_slave_0: entered promiscuous mode [ 75.029037][ T5624] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.036426][ T5624] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.044906][ T5624] bridge_slave_1: entered allmulticast mode [ 75.053166][ T5624] bridge_slave_1: entered promiscuous mode [ 75.072363][ T5627] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.079525][ T5627] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.086674][ T5627] bridge_slave_0: entered allmulticast mode [ 75.093881][ T5627] bridge_slave_0: entered promiscuous mode [ 75.123535][ T5627] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.130784][ T5627] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.138146][ T5627] bridge_slave_1: entered allmulticast mode [ 75.145069][ T5627] bridge_slave_1: entered promiscuous mode [ 75.175377][ T5624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.212833][ T5624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.268073][ T5627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.292670][ T5629] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.300032][ T5629] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.307169][ T5629] bridge_slave_0: entered allmulticast mode [ 75.314463][ T5629] bridge_slave_0: entered promiscuous mode [ 75.323992][ T5627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.340603][ T5624] team0: Port device team_slave_0 added [ 75.346507][ T5629] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.353765][ T5629] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.361400][ T5629] bridge_slave_1: entered allmulticast mode [ 75.368676][ T5629] bridge_slave_1: entered promiscuous mode [ 75.395500][ T5624] team0: Port device team_slave_1 added [ 75.448611][ T5633] Bluetooth: hci0: command tx timeout [ 75.453852][ T5629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.465152][ T5627] team0: Port device team_slave_0 added [ 75.471198][ T5635] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.478558][ T5635] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.485720][ T5635] bridge_slave_0: entered allmulticast mode [ 75.493047][ T5635] bridge_slave_0: entered promiscuous mode [ 75.511283][ T5629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.522165][ T5627] team0: Port device team_slave_1 added [ 75.536716][ T5635] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.543937][ T5635] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.551206][ T5635] bridge_slave_1: entered allmulticast mode [ 75.558383][ T5635] bridge_slave_1: entered promiscuous mode [ 75.566538][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.573548][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.599625][ T5624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.608836][ T5632] Bluetooth: hci2: command tx timeout [ 75.616231][ T5633] Bluetooth: hci1: command tx timeout [ 75.645817][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.652973][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.679117][ T5624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.698042][ T5633] Bluetooth: hci3: command tx timeout [ 75.705380][ T5629] team0: Port device team_slave_0 added [ 75.711660][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.718955][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.745165][ T5627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.775511][ T5629] team0: Port device team_slave_1 added [ 75.781822][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.788816][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.814730][ T5627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.828695][ T5635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.842117][ T5635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.886291][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.893479][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.919828][ T5629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.954446][ T5635] team0: Port device team_slave_0 added [ 75.962082][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.969387][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 75.995473][ T5629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.026023][ T5635] team0: Port device team_slave_1 added [ 76.044779][ T5624] hsr_slave_0: entered promiscuous mode [ 76.051322][ T5624] hsr_slave_1: entered promiscuous mode [ 76.096373][ T5627] hsr_slave_0: entered promiscuous mode [ 76.102692][ T5627] hsr_slave_1: entered promiscuous mode [ 76.109333][ T5627] debugfs: 'hsr0' already exists in 'hsr' [ 76.115584][ T5627] Cannot create hsr debugfs directory [ 76.142023][ T5635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.149127][ T5635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.175211][ T5635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.188328][ T5635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.195289][ T5635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.221416][ T5635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.246483][ T5629] hsr_slave_0: entered promiscuous mode [ 76.253750][ T5629] hsr_slave_1: entered promiscuous mode [ 76.259968][ T5629] debugfs: 'hsr0' already exists in 'hsr' [ 76.265699][ T5629] Cannot create hsr debugfs directory [ 76.412782][ T5635] hsr_slave_0: entered promiscuous mode [ 76.419994][ T5635] hsr_slave_1: entered promiscuous mode [ 76.425985][ T5635] debugfs: 'hsr0' already exists in 'hsr' [ 76.432002][ T5635] Cannot create hsr debugfs directory [ 76.758810][ T5624] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.773870][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 76.782186][ T5624] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.793842][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 76.803138][ T5624] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.812975][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 76.828685][ T5624] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.839148][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 76.894599][ T5627] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 76.905429][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 76.918770][ T5627] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 76.928433][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 76.936307][ T5627] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 76.946466][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 76.954444][ T5627] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.966268][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 77.062480][ T5629] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 77.072573][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 77.081352][ T5629] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 77.091173][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 77.104742][ T5629] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 77.114608][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 77.145288][ T5629] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 77.154967][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 77.214600][ T5635] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 77.224395][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 77.236788][ T5635] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.248961][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 77.265686][ T5635] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.275234][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 77.289691][ T5635] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.301016][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 77.345595][ T5624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.403872][ T5624] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.421024][ T5627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.451362][ T1175] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.458878][ T1175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.477312][ T1175] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.484693][ T1175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.516854][ T5627] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.527482][ T5633] Bluetooth: hci0: command tx timeout [ 77.544189][ T1175] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.551306][ T1175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.582029][ T1175] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.589215][ T1175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.642560][ T5629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.682457][ T5635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.689495][ T5633] Bluetooth: hci1: command tx timeout [ 77.689541][ T5633] Bluetooth: hci2: command tx timeout [ 77.737998][ T5629] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.755036][ T5635] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.764359][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.768056][ T5632] Bluetooth: hci3: command tx timeout [ 77.771503][ T3314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.799212][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.806405][ T3314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.843151][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.850340][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.885445][ T1175] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.892670][ T1175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.676150][ T5624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.712435][ T5627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.831703][ T5624] veth0_vlan: entered promiscuous mode [ 78.880126][ T5624] veth1_vlan: entered promiscuous mode [ 78.920549][ T5627] veth0_vlan: entered promiscuous mode [ 78.963728][ T5627] veth1_vlan: entered promiscuous mode [ 79.009519][ T5624] veth0_macvtap: entered promiscuous mode [ 79.026801][ T5629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.042536][ T5624] veth1_macvtap: entered promiscuous mode [ 79.062875][ T5635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.109243][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.133115][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.163547][ T5627] veth0_macvtap: entered promiscuous mode [ 79.172892][ T707] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.182866][ T707] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.202044][ T707] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.228513][ T707] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.240917][ T5627] veth1_macvtap: entered promiscuous mode [ 79.258665][ T5629] veth0_vlan: entered promiscuous mode [ 79.274788][ T5635] veth0_vlan: entered promiscuous mode [ 79.313122][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.330019][ T5629] veth1_vlan: entered promiscuous mode [ 79.345173][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.385440][ T1175] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.402780][ T5635] veth1_vlan: entered promiscuous mode [ 79.411663][ T1175] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.425768][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.436849][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.452300][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.461874][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.522747][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.534901][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.608135][ T5632] Bluetooth: hci0: command tx timeout [ 79.620943][ T5629] veth0_macvtap: entered promiscuous mode [ 79.631421][ T5635] veth0_macvtap: entered promiscuous mode [ 79.634605][ T5624] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 79.644358][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.665066][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.682821][ T5629] veth1_macvtap: entered promiscuous mode [ 79.695762][ T5635] veth1_macvtap: entered promiscuous mode [ 79.769302][ T5632] Bluetooth: hci2: command tx timeout [ 79.774225][ T5633] Bluetooth: hci1: command tx timeout [ 79.786049][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.811072][ T707] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.822746][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.824679][ T707] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.847058][ T5635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.857430][ T5633] Bluetooth: hci3: command tx timeout [ 79.864420][ T5635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.905432][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.915614][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.941466][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.950761][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.981931][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.036677][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.081045][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.116957][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.495955][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.537317][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.625077][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.646889][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.692118][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.724941][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.770320][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.803999][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.686187][ T5795] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 81.718076][ T5633] Bluetooth: hci0: command tx timeout [ 81.758927][ T5794] raw_sendmsg: syz.3.7 forgot to set AF_INET. Fix it! [ 81.848169][ T5633] Bluetooth: hci2: command tx timeout [ 81.927916][ T5633] Bluetooth: hci3: command tx timeout [ 81.966650][ T5777] kexec: Could not allocate control_code_buffer [ 84.476943][ T5833] FAULT_INJECTION: forcing a failure. [ 84.476943][ T5833] name failslab, interval 1, probability 0, space 0, times 1 [ 84.557490][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT(full) [ 84.557527][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 84.557551][ T5833] Call Trace: [ 84.557560][ T5833] [ 84.557571][ T5833] dump_stack_lvl+0x100/0x190 [ 84.557612][ T5833] should_fail_ex.cold+0x5/0xa [ 84.557648][ T5833] should_failslab+0xc2/0x120 [ 84.557682][ T5833] __kmalloc_cache_noprof+0x7a/0x6f0 [ 84.557722][ T5833] ? snd_timer_user_open+0x6b/0x180 [ 84.557768][ T5833] ? __pfx_snd_timer_user_open+0x10/0x10 [ 84.557815][ T5833] snd_timer_user_open+0x6b/0x180 [ 84.557858][ T5833] snd_open+0x201/0x450 [ 84.557897][ T5833] ? __pfx_snd_open+0x10/0x10 [ 84.557933][ T5833] chrdev_open+0x234/0x6a0 [ 84.557969][ T5833] ? __pfx_chrdev_open+0x10/0x10 [ 84.558008][ T5833] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 84.558062][ T5833] do_dentry_open+0x6d8/0x1660 [ 84.558096][ T5833] ? __pfx_chrdev_open+0x10/0x10 [ 84.558140][ T5833] vfs_open+0x82/0x3f0 [ 84.558186][ T5833] path_openat+0x208c/0x31a0 [ 84.558233][ T5833] ? __pfx_path_openat+0x10/0x10 [ 84.558280][ T5833] do_file_open+0x20e/0x430 [ 84.558316][ T5833] ? __pfx_do_file_open+0x10/0x10 [ 84.558376][ T5833] ? alloc_fd+0x476/0x790 [ 84.558412][ T5833] ? do_getname+0x191/0x390 [ 84.558455][ T5833] do_sys_openat2+0x10d/0x1e0 [ 84.558498][ T5833] ? __pfx_do_sys_openat2+0x10/0x10 [ 84.558553][ T5833] __x64_sys_openat+0x12d/0x210 [ 84.558596][ T5833] ? __pfx___x64_sys_openat+0x10/0x10 [ 84.558637][ T5833] ? ksys_read+0x1ac/0x250 [ 84.558672][ T5833] ? rcu_is_watching+0x12/0xc0 [ 84.558710][ T5833] do_syscall_64+0x10b/0xf80 [ 84.558744][ T5833] ? clear_bhb_loop+0x40/0x90 [ 84.558778][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.558808][ T5833] RIP: 0033:0x7f011539cdd9 [ 84.558832][ T5833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.558858][ T5833] RSP: 002b:00007f01161a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 84.558885][ T5833] RAX: ffffffffffffffda RBX: 00007f0115615fa0 RCX: 00007f011539cdd9 [ 84.558904][ T5833] RDX: 0000000000101800 RSI: 00002000000009c0 RDI: ffffffffffffff9c [ 84.558922][ T5833] RBP: 00007f0115432d69 R08: 0000000000000000 R09: 0000000000000000 [ 84.558939][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.558955][ T5833] R13: 00007f0115616038 R14: 00007f0115615fa0 R15: 00007ffe3d1f19d8 [ 84.558992][ T5833] [ 85.271127][ T5821] kexec: Could not allocate control_code_buffer [ 86.252465][ T5837] FAULT_INJECTION: forcing a failure. [ 86.252465][ T5837] name failslab, interval 1, probability 0, space 0, times 0 [ 86.304813][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full) [ 86.304869][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 86.304886][ T5837] Call Trace: [ 86.304903][ T5837] [ 86.304914][ T5837] dump_stack_lvl+0x100/0x190 [ 86.304953][ T5837] should_fail_ex.cold+0x5/0xa [ 86.304991][ T5837] should_failslab+0xc2/0x120 [ 86.305023][ T5837] __kmalloc_cache_noprof+0x7a/0x6f0 [ 86.305062][ T5837] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 86.305110][ T5837] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 86.305148][ T5837] ? trace_contention_end+0xc5/0x170 [ 86.305178][ T5837] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 86.305221][ T5837] ? kasan_quarantine_put+0x104/0x240 [ 86.305266][ T5837] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 86.305306][ T5837] ? __pfx___mutex_lock+0x10/0x10 [ 86.305343][ T5837] ? find_held_lock+0x2b/0x80 [ 86.305378][ T5837] ? tomoyo_path_number_perm+0x28f/0x580 [ 86.305411][ T5837] ? tomoyo_path_number_perm+0x28f/0x580 [ 86.305451][ T5837] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 86.305478][ T5837] ? futex_wait+0x11e/0x370 [ 86.305521][ T5837] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 86.305567][ T5837] snd_pcm_oss_get_formats+0x7d/0x350 [ 86.305606][ T5837] ? do_vfs_ioctl+0x226/0x13e0 [ 86.305632][ T5837] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 86.305683][ T5837] snd_pcm_oss_ioctl+0x1795/0x37c0 [ 86.305725][ T5837] ? find_held_lock+0x2b/0x80 [ 86.305759][ T5837] ? __fget_files+0x215/0x3d0 [ 86.305789][ T5837] ? hook_file_ioctl_common+0x149/0x410 [ 86.305819][ T5837] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 86.305863][ T5837] ? __fget_files+0x21f/0x3d0 [ 86.305908][ T5837] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 86.305953][ T5837] __x64_sys_ioctl+0x18e/0x210 [ 86.305985][ T5837] do_syscall_64+0x10b/0xf80 [ 86.306018][ T5837] ? clear_bhb_loop+0x40/0x90 [ 86.306053][ T5837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.306081][ T5837] RIP: 0033:0x7fcd14d9cdd9 [ 86.306104][ T5837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.306131][ T5837] RSP: 002b:00007fcd15cdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.306155][ T5837] RAX: ffffffffffffffda RBX: 00007fcd15015fa0 RCX: 00007fcd14d9cdd9 [ 86.306172][ T5837] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000003 [ 86.306188][ T5837] RBP: 00007fcd14e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 86.306204][ T5837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.306219][ T5837] R13: 00007fcd15016038 R14: 00007fcd15015fa0 R15: 00007fffae967468 [ 86.306256][ T5837] [ 86.845148][ T5854] netlink: 25 bytes leftover after parsing attributes in process `syz.1.23'. [ 86.866449][ T10] cfg80211: failed to load regulatory.db [ 87.234392][ T5859] netlink: 28 bytes leftover after parsing attributes in process `syz.1.26'. [ 87.266207][ T5859] bridge_slave_1: left allmulticast mode [ 87.279762][ T5859] bridge_slave_1: left promiscuous mode [ 87.291024][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.328136][ T5859] bridge_slave_0: left allmulticast mode [ 87.334995][ T5859] bridge_slave_0: left promiscuous mode [ 87.347797][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.415656][ T5839] kexec: Could not allocate control_code_buffer [ 87.519590][ T5859] Zero length message leads to an empty skb [ 88.377782][ T5874] netlink: 138 bytes leftover after parsing attributes in process `syz.1.30'. [ 89.295211][ T30] audit: type=1800 audit(1777932486.664:2): pid=5890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.34" name="dummy_udc" dev="gadgetfs" ino=7588 res=0 errno=0 [ 89.945535][ T5897] input: jJǸ-9%vJ86 as /devices/virtual/input/input5 [ 92.367681][ T5910] FAULT_INJECTION: forcing a failure. [ 92.367681][ T5910] name failslab, interval 1, probability 0, space 0, times 0 [ 92.414808][ T5910] CPU: 1 UID: 0 PID: 5910 Comm: syz.2.40 Not tainted syzkaller #0 PREEMPT(full) [ 92.414845][ T5910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 92.414861][ T5910] Call Trace: [ 92.414870][ T5910] [ 92.414880][ T5910] dump_stack_lvl+0x100/0x190 [ 92.414921][ T5910] should_fail_ex.cold+0x5/0xa [ 92.414959][ T5910] should_failslab+0xc2/0x120 [ 92.414990][ T5910] __kmalloc_cache_noprof+0x7a/0x6f0 [ 92.415026][ T5910] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 92.415070][ T5910] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 92.415107][ T5910] ? trace_contention_end+0xc5/0x170 [ 92.415141][ T5910] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 92.415188][ T5910] ? kasan_quarantine_put+0x104/0x240 [ 92.415236][ T5910] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 92.415326][ T5910] ? __pfx___mutex_lock+0x10/0x10 [ 92.415364][ T5910] ? find_held_lock+0x2b/0x80 [ 92.415399][ T5910] ? tomoyo_path_number_perm+0x28f/0x580 [ 92.415429][ T5910] ? tomoyo_path_number_perm+0x28f/0x580 [ 92.415469][ T5910] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 92.415494][ T5910] ? trace_sched_exit_tp+0x11c/0x160 [ 92.415542][ T5910] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 92.415593][ T5910] snd_pcm_oss_get_formats+0x7d/0x350 [ 92.415633][ T5910] ? do_vfs_ioctl+0x226/0x13e0 [ 92.415660][ T5910] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 92.415713][ T5910] snd_pcm_oss_ioctl+0x1795/0x37c0 [ 92.415756][ T5910] ? find_held_lock+0x2b/0x80 [ 92.415791][ T5910] ? __fget_files+0x215/0x3d0 [ 92.415819][ T5910] ? hook_file_ioctl_common+0x149/0x410 [ 92.415850][ T5910] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 92.415895][ T5910] ? __fget_files+0x21f/0x3d0 [ 92.415932][ T5910] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 92.415975][ T5910] __x64_sys_ioctl+0x18e/0x210 [ 92.416006][ T5910] do_syscall_64+0x10b/0xf80 [ 92.416038][ T5910] ? clear_bhb_loop+0x40/0x90 [ 92.416071][ T5910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.416097][ T5910] RIP: 0033:0x7f2d40f9cdd9 [ 92.416121][ T5910] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.416147][ T5910] RSP: 002b:00007f2d41e1a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 92.416173][ T5910] RAX: ffffffffffffffda RBX: 00007f2d41215fa0 RCX: 00007f2d40f9cdd9 [ 92.416191][ T5910] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000003 [ 92.416208][ T5910] RBP: 00007f2d41032d69 R08: 0000000000000000 R09: 0000000000000000 [ 92.416224][ T5910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.416240][ T5910] R13: 00007f2d41216038 R14: 00007f2d41215fa0 R15: 00007ffdc69d3608 [ 92.416289][ T5910] [ 93.382520][ T30] audit: type=1800 audit(1777932490.754:3): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.47" name="dummy_udc" dev="gadgetfs" ino=7588 res=0 errno=0 [ 93.568351][ T5938] netlink: 138 bytes leftover after parsing attributes in process `syz.2.45'. [ 95.299598][ T5963] netlink: 28 bytes leftover after parsing attributes in process `syz.3.52'. [ 95.315552][ T5963] bridge_slave_1: left allmulticast mode [ 95.327680][ T5963] bridge_slave_1: left promiscuous mode [ 95.338009][ T5963] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.376954][ T5963] bridge_slave_0: left allmulticast mode [ 95.383581][ T5963] bridge_slave_0: left promiscuous mode [ 95.395967][ T5963] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.447567][ T5973] FAULT_INJECTION: forcing a failure. [ 97.447567][ T5973] name failslab, interval 1, probability 0, space 0, times 0 [ 97.485648][ T5973] CPU: 0 UID: 0 PID: 5973 Comm: syz.1.56 Not tainted syzkaller #0 PREEMPT(full) [ 97.485689][ T5973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 97.485707][ T5973] Call Trace: [ 97.485716][ T5973] [ 97.485727][ T5973] dump_stack_lvl+0x100/0x190 [ 97.485772][ T5973] should_fail_ex.cold+0x5/0xa [ 97.485809][ T5973] should_failslab+0xc2/0x120 [ 97.485843][ T5973] __kmalloc_cache_noprof+0x7a/0x6f0 [ 97.485883][ T5973] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 97.485935][ T5973] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 97.485977][ T5973] ? trace_contention_end+0xc5/0x170 [ 97.486013][ T5973] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 97.486058][ T5973] ? kasan_quarantine_put+0x104/0x240 [ 97.486107][ T5973] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 97.486152][ T5973] ? __pfx___mutex_lock+0x10/0x10 [ 97.486190][ T5973] ? find_held_lock+0x2b/0x80 [ 97.486225][ T5973] ? tomoyo_path_number_perm+0x28f/0x580 [ 97.486254][ T5973] ? tomoyo_path_number_perm+0x28f/0x580 [ 97.486297][ T5973] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 97.486324][ T5973] ? futex_wait+0x11e/0x370 [ 97.486369][ T5973] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 97.486417][ T5973] snd_pcm_oss_get_formats+0x7d/0x350 [ 97.486457][ T5973] ? do_vfs_ioctl+0x226/0x13e0 [ 97.486484][ T5973] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 97.486537][ T5973] snd_pcm_oss_ioctl+0x1795/0x37c0 [ 97.486578][ T5973] ? find_held_lock+0x2b/0x80 [ 97.486614][ T5973] ? __fget_files+0x215/0x3d0 [ 97.486644][ T5973] ? hook_file_ioctl_common+0x149/0x410 [ 97.486675][ T5973] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 97.486720][ T5973] ? __fget_files+0x21f/0x3d0 [ 97.486764][ T5973] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 97.486808][ T5973] __x64_sys_ioctl+0x18e/0x210 [ 97.486838][ T5973] do_syscall_64+0x10b/0xf80 [ 97.486874][ T5973] ? clear_bhb_loop+0x40/0x90 [ 97.486909][ T5973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.486938][ T5973] RIP: 0033:0x7f61b739cdd9 [ 97.486962][ T5973] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.486989][ T5973] RSP: 002b:00007f61b82f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 97.487017][ T5973] RAX: ffffffffffffffda RBX: 00007f61b7615fa0 RCX: 00007f61b739cdd9 [ 97.487038][ T5973] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000003 [ 97.487055][ T5973] RBP: 00007f61b7432d69 R08: 0000000000000000 R09: 0000000000000000 [ 97.487072][ T5973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.487089][ T5973] R13: 00007f61b7616038 R14: 00007f61b7615fa0 R15: 00007ffd06c27b78 [ 97.487128][ T5973] [ 98.561550][ T5995] FAULT_INJECTION: forcing a failure. [ 98.561550][ T5995] name failslab, interval 1, probability 0, space 0, times 0 [ 98.603264][ T5995] CPU: 1 UID: 0 PID: 5995 Comm: syz.0.70 Not tainted syzkaller #0 PREEMPT(full) [ 98.603303][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 98.603319][ T5995] Call Trace: [ 98.603325][ T5995] [ 98.603332][ T5995] dump_stack_lvl+0x100/0x190 [ 98.603354][ T5995] should_fail_ex.cold+0x5/0xa [ 98.603375][ T5995] should_failslab+0xc2/0x120 [ 98.603394][ T5995] __kmalloc_cache_noprof+0x7a/0x6f0 [ 98.603415][ T5995] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 98.603441][ T5995] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 98.603463][ T5995] ? trace_contention_end+0xc5/0x170 [ 98.603482][ T5995] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 98.603505][ T5995] ? kasan_quarantine_put+0x104/0x240 [ 98.603530][ T5995] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 98.603552][ T5995] ? __pfx___mutex_lock+0x10/0x10 [ 98.603571][ T5995] ? find_held_lock+0x2b/0x80 [ 98.603589][ T5995] ? tomoyo_path_number_perm+0x28f/0x580 [ 98.603624][ T5995] ? tomoyo_path_number_perm+0x28f/0x580 [ 98.603647][ T5995] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 98.603663][ T5995] ? futex_wait+0x11e/0x370 [ 98.603686][ T5995] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 98.603716][ T5995] snd_pcm_oss_get_formats+0x7d/0x350 [ 98.603736][ T5995] ? do_vfs_ioctl+0x226/0x13e0 [ 98.603750][ T5995] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 98.603777][ T5995] snd_pcm_oss_ioctl+0x1795/0x37c0 [ 98.603798][ T5995] ? find_held_lock+0x2b/0x80 [ 98.603817][ T5995] ? __fget_files+0x215/0x3d0 [ 98.603833][ T5995] ? hook_file_ioctl_common+0x149/0x410 [ 98.603850][ T5995] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 98.603872][ T5995] ? __fget_files+0x21f/0x3d0 [ 98.603897][ T5995] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 98.603920][ T5995] __x64_sys_ioctl+0x18e/0x210 [ 98.603936][ T5995] do_syscall_64+0x10b/0xf80 [ 98.603956][ T5995] ? clear_bhb_loop+0x40/0x90 [ 98.603974][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.603990][ T5995] RIP: 0033:0x7fcd14d9cdd9 [ 98.604004][ T5995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.604018][ T5995] RSP: 002b:00007fcd15cbc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.604033][ T5995] RAX: ffffffffffffffda RBX: 00007fcd15016090 RCX: 00007fcd14d9cdd9 [ 98.604043][ T5995] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000003 [ 98.604052][ T5995] RBP: 00007fcd14e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 98.604061][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.604070][ T5995] R13: 00007fcd15016128 R14: 00007fcd15016090 R15: 00007fffae967468 [ 98.604098][ T5995] [ 99.435592][ T6014] netlink: 28 bytes leftover after parsing attributes in process `syz.2.65'. [ 99.489970][ T6014] bridge_slave_1: left allmulticast mode [ 99.502065][ T6014] bridge_slave_1: left promiscuous mode [ 99.525806][ T6014] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.583113][ T6014] bridge_slave_0: left allmulticast mode [ 99.589120][ T6014] bridge_slave_0: left promiscuous mode [ 99.599174][ T6014] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.080015][ T6022] FAULT_INJECTION: forcing a failure. [ 100.080015][ T6022] name failslab, interval 1, probability 0, space 0, times 0 [ 100.129937][ T6022] CPU: 0 UID: 0 PID: 6022 Comm: syz.1.67 Not tainted syzkaller #0 PREEMPT(full) [ 100.129976][ T6022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 100.129992][ T6022] Call Trace: [ 100.130002][ T6022] [ 100.130013][ T6022] dump_stack_lvl+0x100/0x190 [ 100.130058][ T6022] should_fail_ex.cold+0x5/0xa [ 100.130096][ T6022] should_failslab+0xc2/0x120 [ 100.130139][ T6022] __kvmalloc_node_noprof+0xfa/0xa00 [ 100.130168][ T6022] ? io_uring_setup.cold+0x171/0x1c6e [ 100.130213][ T6022] ? lockdep_init_map_type+0x5c/0x250 [ 100.130251][ T6022] io_uring_setup.cold+0x171/0x1c6e [ 100.130300][ T6022] ? __pfx_io_uring_setup+0x10/0x10 [ 100.130334][ T6022] ? do_futex+0x192/0x350 [ 100.130364][ T6022] ? __pfx_do_futex+0x10/0x10 [ 100.130410][ T6022] ? xfd_validate_state+0x129/0x190 [ 100.130437][ T6022] ? ksys_write+0x1ac/0x250 [ 100.130487][ T6022] __x64_sys_io_uring_setup+0xc2/0x170 [ 100.130522][ T6022] do_syscall_64+0x10b/0xf80 [ 100.130558][ T6022] ? clear_bhb_loop+0x40/0x90 [ 100.130592][ T6022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.130622][ T6022] RIP: 0033:0x7f61b739cdd9 [ 100.130645][ T6022] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 100.130671][ T6022] RSP: 002b:00007f61b82f9028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 100.130701][ T6022] RAX: ffffffffffffffda RBX: 00007f61b7615fa0 RCX: 00007f61b739cdd9 [ 100.130719][ T6022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 100.130734][ T6022] RBP: 00007f61b7432d69 R08: 0000000000000000 R09: 0000000000000000 [ 100.130753][ T6022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.130766][ T6022] R13: 00007f61b7616038 R14: 00007f61b7615fa0 R15: 00007ffd06c27b78 [ 100.130785][ T6022] [ 101.009649][ T6034] input: jJǸ-9%vJ86 as /devices/virtual/input/input6 [ 103.689748][ T6067] Console: switching to colour VGA+ 80x25 [ 103.873505][ T6067] Console: switching to colour frame buffer device 128x48 [ 104.199541][ T6077] random: crng reseeded on system resumption [ 104.636163][ T6084] netlink: 28 bytes leftover after parsing attributes in process `syz.2.84'. [ 105.494390][ T6086] FAULT_INJECTION: forcing a failure. [ 105.494390][ T6086] name failslab, interval 1, probability 0, space 0, times 0 [ 105.507211][ T6086] CPU: 0 UID: 0 PID: 6086 Comm: syz.2.85 Not tainted syzkaller #0 PREEMPT(full) [ 105.507233][ T6086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 105.507242][ T6086] Call Trace: [ 105.507248][ T6086] [ 105.507253][ T6086] dump_stack_lvl+0x100/0x190 [ 105.507276][ T6086] should_fail_ex.cold+0x5/0xa [ 105.507296][ T6086] should_failslab+0xc2/0x120 [ 105.507321][ T6086] __kmalloc_cache_noprof+0x7a/0x6f0 [ 105.507358][ T6086] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 105.507401][ T6086] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 105.507424][ T6086] ? trace_contention_end+0xc5/0x170 [ 105.507443][ T6086] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 105.507467][ T6086] ? kasan_quarantine_put+0x104/0x240 [ 105.507490][ T6086] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 105.507511][ T6086] ? __pfx___mutex_lock+0x10/0x10 [ 105.507530][ T6086] ? find_held_lock+0x2b/0x80 [ 105.507548][ T6086] ? tomoyo_path_number_perm+0x28f/0x580 [ 105.507563][ T6086] ? tomoyo_path_number_perm+0x28f/0x580 [ 105.507584][ T6086] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 105.507598][ T6086] ? futex_wait+0x11e/0x370 [ 105.507619][ T6086] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 105.507643][ T6086] snd_pcm_oss_get_formats+0x7d/0x350 [ 105.507664][ T6086] ? do_vfs_ioctl+0x226/0x13e0 [ 105.507678][ T6086] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 105.507705][ T6086] snd_pcm_oss_ioctl+0x1795/0x37c0 [ 105.507725][ T6086] ? find_held_lock+0x2b/0x80 [ 105.507744][ T6086] ? __fget_files+0x215/0x3d0 [ 105.507759][ T6086] ? hook_file_ioctl_common+0x149/0x410 [ 105.507775][ T6086] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 105.507798][ T6086] ? __fget_files+0x21f/0x3d0 [ 105.507817][ T6086] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 105.507839][ T6086] __x64_sys_ioctl+0x18e/0x210 [ 105.507854][ T6086] do_syscall_64+0x10b/0xf80 [ 105.507872][ T6086] ? clear_bhb_loop+0x40/0x90 [ 105.507890][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.507905][ T6086] RIP: 0033:0x7f2d40f9cdd9 [ 105.507920][ T6086] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.507933][ T6086] RSP: 002b:00007f2d41e1a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.507956][ T6086] RAX: ffffffffffffffda RBX: 00007f2d41215fa0 RCX: 00007f2d40f9cdd9 [ 105.507966][ T6086] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000003 [ 105.507976][ T6086] RBP: 00007f2d41032d69 R08: 0000000000000000 R09: 0000000000000000 [ 105.507985][ T6086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.507993][ T6086] R13: 00007f2d41216038 R14: 00007f2d41215fa0 R15: 00007ffdc69d3608 [ 105.508012][ T6086] [ 108.162078][ T6128] netlink: 28 bytes leftover after parsing attributes in process `syz.0.96'. [ 108.171728][ T6128] bridge_slave_1: left allmulticast mode [ 108.178276][ T6128] bridge_slave_1: left promiscuous mode [ 108.184308][ T6128] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.195699][ T6128] bridge_slave_0: left allmulticast mode [ 108.207489][ T6128] bridge_slave_0: left promiscuous mode [ 108.225768][ T6128] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.507884][ T6141] FAULT_INJECTION: forcing a failure. [ 109.507884][ T6141] name failslab, interval 1, probability 0, space 0, times 0 [ 109.579170][ T6141] CPU: 1 UID: 0 PID: 6141 Comm: syz.2.100 Not tainted syzkaller #0 PREEMPT(full) [ 109.579205][ T6141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 109.579214][ T6141] Call Trace: [ 109.579220][ T6141] [ 109.579226][ T6141] dump_stack_lvl+0x100/0x190 [ 109.579247][ T6141] should_fail_ex.cold+0x5/0xa [ 109.579267][ T6141] should_failslab+0xc2/0x120 [ 109.579285][ T6141] __kmalloc_cache_noprof+0x7a/0x6f0 [ 109.579306][ T6141] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 109.579333][ T6141] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 109.579354][ T6141] ? trace_contention_end+0xc5/0x170 [ 109.579373][ T6141] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 109.579396][ T6141] ? kasan_quarantine_put+0x104/0x240 [ 109.579420][ T6141] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 109.579441][ T6141] ? __pfx___mutex_lock+0x10/0x10 [ 109.579460][ T6141] ? find_held_lock+0x2b/0x80 [ 109.579478][ T6141] ? tomoyo_path_number_perm+0x28f/0x580 [ 109.579493][ T6141] ? tomoyo_path_number_perm+0x28f/0x580 [ 109.579521][ T6141] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 109.579536][ T6141] ? futex_wait+0x11e/0x370 [ 109.579559][ T6141] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 109.579584][ T6141] snd_pcm_oss_get_formats+0x7d/0x350 [ 109.579604][ T6141] ? do_vfs_ioctl+0x226/0x13e0 [ 109.579618][ T6141] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 109.579644][ T6141] snd_pcm_oss_ioctl+0x1795/0x37c0 [ 109.579665][ T6141] ? find_held_lock+0x2b/0x80 [ 109.579683][ T6141] ? __fget_files+0x215/0x3d0 [ 109.579699][ T6141] ? hook_file_ioctl_common+0x149/0x410 [ 109.579715][ T6141] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 109.579738][ T6141] ? __fget_files+0x21f/0x3d0 [ 109.579760][ T6141] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 109.579782][ T6141] __x64_sys_ioctl+0x18e/0x210 [ 109.579798][ T6141] do_syscall_64+0x10b/0xf80 [ 109.579815][ T6141] ? clear_bhb_loop+0x40/0x90 [ 109.579833][ T6141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.579848][ T6141] RIP: 0033:0x7f2d40f9cdd9 [ 109.579861][ T6141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.579876][ T6141] RSP: 002b:00007f2d41e1a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 109.579890][ T6141] RAX: ffffffffffffffda RBX: 00007f2d41215fa0 RCX: 00007f2d40f9cdd9 [ 109.579900][ T6141] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000003 [ 109.579908][ T6141] RBP: 00007f2d41032d69 R08: 0000000000000000 R09: 0000000000000000 [ 109.579918][ T6141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.579926][ T6141] R13: 00007f2d41216038 R14: 00007f2d41215fa0 R15: 00007ffdc69d3608 [ 109.579945][ T6141] [ 110.286406][ T6160] input: jJǸ-9%vJ86 as /devices/virtual/input/input7 [ 112.752259][ T6196] netlink: 138 bytes leftover after parsing attributes in process `syz.3.111'. [ 115.786564][ T6266] warning: `syz.1.132' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 115.935569][ T6272] input: jJǸ-9%vJ86 as /devices/virtual/input/input8 [ 116.511779][ T6282] syz.1.135 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 116.636100][ T6283] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 118.073661][ T6309] netlink: 138 bytes leftover after parsing attributes in process `syz.2.142'. [ 118.586394][ T6325] input: jJǸ-9%vJ86 as /devices/virtual/input/input9 [ 120.983664][ T6348] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 121.049131][ T6350] syz.0.152 uses obsolete (PF_INET,SOCK_PACKET) [ 121.067736][ T6350] FAULT_INJECTION: forcing a failure. [ 121.067736][ T6350] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 121.091655][ T6350] CPU: 0 UID: 0 PID: 6350 Comm: syz.0.152 Not tainted syzkaller #0 PREEMPT(full) [ 121.091696][ T6350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 121.091714][ T6350] Call Trace: [ 121.091723][ T6350] [ 121.091737][ T6350] dump_stack_lvl+0x100/0x190 [ 121.091789][ T6350] should_fail_ex.cold+0x5/0xa [ 121.091820][ T6350] ? prepare_alloc_pages+0x16d/0x5f0 [ 121.091863][ T6350] should_fail_alloc_page+0xeb/0x140 [ 121.091899][ T6350] prepare_alloc_pages+0x1f0/0x5f0 [ 121.091937][ T6350] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 121.091980][ T6350] ? rcu_is_watching+0x12/0xc0 [ 121.092013][ T6350] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 121.092047][ T6350] ? lockdep_hardirqs_on+0x78/0x100 [ 121.092082][ T6350] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 121.092117][ T6350] ? stack_depot_save_flags+0x479/0x9d0 [ 121.092155][ T6350] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 121.092199][ T6350] ? kasan_save_stack+0x3f/0x50 [ 121.092226][ T6350] ? kasan_save_stack+0x30/0x50 [ 121.092252][ T6350] ? kasan_save_track+0x14/0x30 [ 121.092278][ T6350] ? kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 121.092322][ T6350] ? __get_vm_area_node+0x1ca/0x330 [ 121.092354][ T6350] ? get_vm_area_caller+0x71/0xa0 [ 121.092385][ T6350] ? vmap+0x131/0x2f0 [ 121.092422][ T6350] ? ringbuf_map_alloc+0x3a1/0x8b0 [ 121.092449][ T6350] ? map_create+0x84e/0x2bc0 [ 121.092486][ T6350] ? __sys_bpf+0x2091/0x4b90 [ 121.092512][ T6350] ? __x64_sys_bpf+0x7b/0xc0 [ 121.092538][ T6350] ? do_syscall_64+0x10b/0xf80 [ 121.092572][ T6350] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.092615][ T6350] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 121.092658][ T6350] ? policy_nodemask+0xed/0x4f0 [ 121.092692][ T6350] alloc_pages_mpol+0x1fb/0x540 [ 121.092727][ T6350] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 121.092768][ T6350] alloc_pages_noprof+0x1a/0x160 [ 121.092805][ T6350] get_free_pages_noprof+0x10/0xb0 [ 121.092836][ T6350] __kasan_populate_vmalloc+0xa0/0x210 [ 121.092887][ T6350] alloc_vmap_area+0x95d/0x2b70 [ 121.092934][ T6350] ? __pfx_alloc_vmap_area+0x10/0x10 [ 121.092975][ T6350] __get_vm_area_node+0x1ca/0x330 [ 121.093013][ T6350] ? ringbuf_map_alloc+0x3a1/0x8b0 [ 121.093040][ T6350] get_vm_area_caller+0x71/0xa0 [ 121.093076][ T6350] ? ringbuf_map_alloc+0x3a1/0x8b0 [ 121.093105][ T6350] vmap+0x131/0x2f0 [ 121.093137][ T6350] ? __pfx_vmap+0x10/0x10 [ 121.093179][ T6350] ringbuf_map_alloc+0x3a1/0x8b0 [ 121.093213][ T6350] ? __pfx_ringbuf_map_mem_usage+0x10/0x10 [ 121.093257][ T6350] map_create+0x84e/0x2bc0 [ 121.093298][ T6350] ? preempt_schedule_thunk+0x16/0x30 [ 121.093352][ T6350] ? __pfx_map_create+0x10/0x10 [ 121.093389][ T6350] ? __might_fault+0xc5/0x140 [ 121.093436][ T6350] ? __might_fault+0xc5/0x140 [ 121.093492][ T6350] __sys_bpf+0x2091/0x4b90 [ 121.093519][ T6350] ? futex_private_hash_put+0x107/0x1c0 [ 121.093567][ T6350] ? __pfx___sys_bpf+0x10/0x10 [ 121.093598][ T6350] ? __pfx_futex_wake+0x10/0x10 [ 121.093640][ T6350] ? errseq_sample+0x51/0x70 [ 121.093683][ T6350] ? file_init_path+0x48e/0x670 [ 121.093727][ T6350] ? do_futex+0x192/0x350 [ 121.093778][ T6350] ? xfd_validate_state+0x129/0x190 [ 121.093816][ T6350] __x64_sys_bpf+0x7b/0xc0 [ 121.093844][ T6350] ? lockdep_hardirqs_on+0x78/0x100 [ 121.093878][ T6350] do_syscall_64+0x10b/0xf80 [ 121.093912][ T6350] ? clear_bhb_loop+0x40/0x90 [ 121.093946][ T6350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.093974][ T6350] RIP: 0033:0x7fcd14d9cdd9 [ 121.094009][ T6350] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 121.094043][ T6350] RSP: 002b:00007fcd15cdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 121.094072][ T6350] RAX: ffffffffffffffda RBX: 00007fcd15015fa0 RCX: 00007fcd14d9cdd9 [ 121.094090][ T6350] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000000 [ 121.094107][ T6350] RBP: 00007fcd14e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 121.094124][ T6350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.094140][ T6350] R13: 00007fcd15016038 R14: 00007fcd15015fa0 R15: 00007fffae967468 [ 121.094176][ T6350] [ 122.608904][ T6374] input: jJǸ-9%vJ86 as /devices/virtual/input/input10 [ 124.217927][ T6412] Console: switching to colour VGA+ 80x25 [ 124.321315][ T6415] ================================================================== [ 124.321336][ T6415] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 124.321377][ T6415] Read of size 26 at addr ffff888021ec2aea by task syz.1.165/6415 [ 124.321402][ T6415] [ 124.321415][ T6415] CPU: 0 UID: 0 PID: 6415 Comm: syz.1.165 Not tainted syzkaller #0 PREEMPT(full) [ 124.321446][ T6415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 124.321466][ T6415] Call Trace: [ 124.321475][ T6415] [ 124.321485][ T6415] dump_stack_lvl+0x100/0x190 [ 124.321515][ T6415] print_report+0x13d/0x4b0 [ 124.321556][ T6415] ? __virt_addr_valid+0x239/0x430 [ 124.321601][ T6415] ? fbcon_prepare_logo+0x94e/0xc60 [ 124.321628][ T6415] kasan_report+0xdf/0x1d0 [ 124.321660][ T6415] ? fbcon_prepare_logo+0x94e/0xc60 [ 124.321695][ T6415] kasan_check_range+0x10f/0x1e0 [ 124.321731][ T6415] __asan_memcpy+0x23/0x60 [ 124.321771][ T6415] fbcon_prepare_logo+0x94e/0xc60 [ 124.321807][ T6415] fbcon_init+0x1065/0x1830 [ 124.321840][ T6415] visual_init+0x320/0x620 [ 124.321872][ T6415] do_bind_con_driver.isra.0+0x636/0x9c0 [ 124.321915][ T6415] store_bind+0x609/0x730 [ 124.321954][ T6415] ? __pfx_store_bind+0x10/0x10 [ 124.321990][ T6415] dev_attr_store+0x58/0x80 [ 124.322028][ T6415] ? __pfx_dev_attr_store+0x10/0x10 [ 124.322059][ T6415] sysfs_kf_write+0xf2/0x150 [ 124.322098][ T6415] kernfs_fop_write_iter+0x3e0/0x5f0 [ 124.322131][ T6415] ? __pfx_sysfs_kf_write+0x10/0x10 [ 124.322171][ T6415] vfs_write+0x6ac/0x1070 [ 124.322197][ T6415] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 124.322232][ T6415] ? __pfx_vfs_write+0x10/0x10 [ 124.322267][ T6415] ksys_write+0x12a/0x250 [ 124.322292][ T6415] ? __pfx_ksys_write+0x10/0x10 [ 124.322317][ T6415] ? kcov_ioctl+0x16a/0x720 [ 124.322350][ T6415] ? rcu_is_watching+0x12/0xc0 [ 124.322380][ T6415] do_syscall_64+0x10b/0xf80 [ 124.322409][ T6415] ? clear_bhb_loop+0x40/0x90 [ 124.322436][ T6415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.322461][ T6415] RIP: 0033:0x7f61b739cdd9 [ 124.322480][ T6415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 124.322504][ T6415] RSP: 002b:00007f61b82b7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 124.322528][ T6415] RAX: ffffffffffffffda RBX: 00007f61b7616180 RCX: 00007f61b739cdd9 [ 124.322544][ T6415] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002 [ 124.322559][ T6415] RBP: 00007f61b7432d69 R08: 0000000000000000 R09: 0000000000000000 [ 124.322574][ T6415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.322589][ T6415] R13: 00007f61b7616218 R14: 00007f61b7616180 R15: 00007ffd06c27b78 [ 124.322612][ T6415] [ 124.322621][ T6415] [ 124.322627][ T6415] Allocated by task 6415: [ 124.322646][ T6415] kasan_save_stack+0x30/0x50 [ 124.322669][ T6415] kasan_save_track+0x14/0x30 [ 124.322691][ T6415] __kasan_kmalloc+0xaa/0xb0 [ 124.322711][ T6415] drm_atomic_state_alloc+0xb8/0x120 [ 124.322743][ T6415] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 124.322783][ T6415] drm_client_modeset_commit_locked+0x14d/0x580 [ 124.322821][ T6415] drm_client_modeset_commit+0x4f/0x80 [ 124.322858][ T6415] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 124.322895][ T6415] drm_fb_helper_set_par+0x15a/0x1b0 [ 124.322925][ T6415] fbcon_init+0x1470/0x1830 [ 124.322948][ T6415] visual_init+0x320/0x620 [ 124.322971][ T6415] do_bind_con_driver.isra.0+0x636/0x9c0 [ 124.323001][ T6415] store_bind+0x609/0x730 [ 124.323035][ T6415] dev_attr_store+0x58/0x80 [ 124.323061][ T6415] sysfs_kf_write+0xf2/0x150 [ 124.323096][ T6415] kernfs_fop_write_iter+0x3e0/0x5f0 [ 124.323128][ T6415] vfs_write+0x6ac/0x1070 [ 124.323152][ T6415] ksys_write+0x12a/0x250 [ 124.323176][ T6415] do_syscall_64+0x10b/0xf80 [ 124.323204][ T6415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.323227][ T6415] [ 124.323232][ T6415] Freed by task 6415: [ 124.323242][ T6415] kasan_save_stack+0x30/0x50 [ 124.323263][ T6415] kasan_save_track+0x14/0x30 [ 124.323285][ T6415] kasan_save_free_info+0x3b/0x70 [ 124.323317][ T6415] __kasan_slab_free+0x5f/0x80 [ 124.323340][ T6415] kfree+0x223/0x6c0 [ 124.323372][ T6415] __drm_atomic_state_free+0x25b/0x2f0 [ 124.323405][ T6415] drm_client_modeset_commit_atomic+0x5f3/0x7e0 [ 124.323443][ T6415] drm_client_modeset_commit_locked+0x14d/0x580 [ 124.323481][ T6415] drm_client_modeset_commit+0x4f/0x80 [ 124.323517][ T6415] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 124.323554][ T6415] drm_fb_helper_set_par+0x15a/0x1b0 [ 124.323585][ T6415] fbcon_init+0x1470/0x1830 [ 124.323608][ T6415] visual_init+0x320/0x620 [ 124.323631][ T6415] do_bind_con_driver.isra.0+0x636/0x9c0 [ 124.323663][ T6415] store_bind+0x609/0x730 [ 124.323691][ T6415] dev_attr_store+0x58/0x80 [ 124.323717][ T6415] sysfs_kf_write+0xf2/0x150 [ 124.323751][ T6415] kernfs_fop_write_iter+0x3e0/0x5f0 [ 124.323782][ T6415] vfs_write+0x6ac/0x1070 [ 124.323806][ T6415] ksys_write+0x12a/0x250 [ 124.323829][ T6415] do_syscall_64+0x10b/0xf80 [ 124.323857][ T6415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.323880][ T6415] [ 124.323886][ T6415] The buggy address belongs to the object at ffff888021ec2a00 [ 124.323886][ T6415] which belongs to the cache kmalloc-192 of size 192 [ 124.323905][ T6415] The buggy address is located 42 bytes to the right of [ 124.323905][ T6415] allocated 192-byte region [ffff888021ec2a00, ffff888021ec2ac0) [ 124.323930][ T6415] [ 124.323941][ T6415] The buggy address belongs to the physical page: [ 124.323951][ T6415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888021ec2c00 pfn:0x21ec2 [ 124.323977][ T6415] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff) [ 124.324006][ T6415] page_type: f5(slab) [ 124.324032][ T6415] raw: 00fff00000000200 ffff88813fe2e3c0 ffffea0000ae2c10 ffffea0000a0df50 [ 124.324059][ T6415] raw: ffff888021ec2c00 0000000800100009 00000000f5000000 0000000000000000 [ 124.324072][ T6415] page dumped because: kasan: bad access detected [ 124.324087][ T6415] page_owner tracks the page as allocated [ 124.324095][ T6415] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5884, tgid 5882 (syz.1.33), ts 89237703520, free_ts 87208481926 [ 124.324137][ T6415] post_alloc_hook+0x153/0x170 [ 124.324170][ T6415] get_page_from_freelist+0x11a6/0x33b0 [ 124.324205][ T6415] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 124.324241][ T6415] new_slab+0xa6/0x6c0 [ 124.324270][ T6415] refill_objects+0x277/0x420 [ 124.324303][ T6415] __pcs_replace_empty_main+0x375/0x650 [ 124.324339][ T6415] __kmalloc_noprof+0x688/0x850 [ 124.324374][ T6415] __register_sysctl_table+0xbe4/0x1650 [ 124.324403][ T6415] neigh_sysctl_register+0x326/0x660 [ 124.324426][ T6415] addrconf_sysctl_register+0xb9/0x200 [ 124.324452][ T6415] ipv6_add_dev+0xaf2/0x1520 [ 124.324476][ T6415] addrconf_notify+0x5db/0x1ba0 [ 124.324506][ T6415] notifier_call_chain+0x99/0x400 [ 124.324541][ T6415] call_netdevice_notifiers_info+0xbe/0x110 [ 124.324569][ T6415] register_netdevice+0x18fe/0x24b0 [ 124.324593][ T6415] register_netdev+0x34/0x50 [ 124.324616][ T6415] page last free pid 13 tgid 13 stack trace: [ 124.324627][ T6415] __free_frozen_pages+0x747/0x1040 [ 124.324657][ T6415] tlb_remove_table_rcu+0x2cf/0x380 [ 124.324687][ T6415] rcu_core+0x5a2/0x10d0 [ 124.324709][ T6415] handle_softirqs+0x1ea/0xa00 [ 124.324735][ T6415] __irq_exit_rcu+0x162/0x210 [ 124.324762][ T6415] irq_exit_rcu+0x9/0x30 [ 124.324788][ T6415] sysvec_irq_work+0xa3/0xc0 [ 124.324809][ T6415] asm_sysvec_irq_work+0x1a/0x20 [ 124.324832][ T6415] [ 124.324837][ T6415] Memory state around the buggy address: [ 124.324849][ T6415] ffff888021ec2980: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 124.324865][ T6415] ffff888021ec2a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.324882][ T6415] >ffff888021ec2a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 124.324895][ T6415] ^ [ 124.324908][ T6415] ffff888021ec2b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.324925][ T6415] ffff888021ec2b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 124.324938][ T6415] ================================================================== [ 124.335373][ T6415] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 124.335395][ T6415] CPU: 0 UID: 0 PID: 6415 Comm: syz.1.165 Not tainted syzkaller #0 PREEMPT(full) [ 124.335429][ T6415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 124.335446][ T6415] Call Trace: [ 124.335456][ T6415] [ 124.335467][ T6415] dump_stack_lvl+0x100/0x190 [ 124.335501][ T6415] vpanic+0x552/0x970 [ 124.335528][ T6415] ? __pfx_vpanic+0x10/0x10 [ 124.335559][ T6415] ? fbcon_prepare_logo+0x94e/0xc60 [ 124.335587][ T6415] panic+0xd1/0xe0 [ 124.335612][ T6415] ? __pfx_panic+0x10/0x10 [ 124.335637][ T6415] ? fbcon_prepare_logo+0x94e/0xc60 [ 124.335665][ T6415] ? preempt_schedule_common+0x42/0xc0 [ 124.335704][ T6415] check_panic_on_warn.cold+0x19/0x34 [ 124.335734][ T6415] end_report.part.0+0x3a/0x90 [ 124.335773][ T6415] kasan_report.cold+0xe/0x18 [ 124.335812][ T6415] ? fbcon_prepare_logo+0x94e/0xc60 [ 124.335846][ T6415] kasan_check_range+0x10f/0x1e0 [ 124.335883][ T6415] __asan_memcpy+0x23/0x60 [ 124.335924][ T6415] fbcon_prepare_logo+0x94e/0xc60 [ 124.335963][ T6415] fbcon_init+0x1065/0x1830 [ 124.335997][ T6415] visual_init+0x320/0x620 [ 124.336044][ T6415] do_bind_con_driver.isra.0+0x636/0x9c0 [ 124.336091][ T6415] store_bind+0x609/0x730 [ 124.336131][ T6415] ? __pfx_store_bind+0x10/0x10 [ 124.336166][ T6415] dev_attr_store+0x58/0x80 [ 124.336199][ T6415] ? __pfx_dev_attr_store+0x10/0x10 [ 124.336229][ T6415] sysfs_kf_write+0xf2/0x150 [ 124.336271][ T6415] kernfs_fop_write_iter+0x3e0/0x5f0 [ 124.336307][ T6415] ? __pfx_sysfs_kf_write+0x10/0x10 [ 124.336350][ T6415] vfs_write+0x6ac/0x1070 [ 124.336384][ T6415] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 124.336425][ T6415] ? __pfx_vfs_write+0x10/0x10 [ 124.336467][ T6415] ksys_write+0x12a/0x250 [ 124.336496][ T6415] ? __pfx_ksys_write+0x10/0x10 [ 124.336526][ T6415] ? kcov_ioctl+0x16a/0x720 [ 124.336563][ T6415] ? rcu_is_watching+0x12/0xc0 [ 124.336597][ T6415] do_syscall_64+0x10b/0xf80 [ 124.336631][ T6415] ? clear_bhb_loop+0x40/0x90 [ 124.336662][ T6415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.336689][ T6415] RIP: 0033:0x7f61b739cdd9 [ 124.336711][ T6415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 124.336737][ T6415] RSP: 002b:00007f61b82b7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 124.336765][ T6415] RAX: ffffffffffffffda RBX: 00007f61b7616180 RCX: 00007f61b739cdd9 [ 124.336784][ T6415] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002 [ 124.336802][ T6415] RBP: 00007f61b7432d69 R08: 0000000000000000 R09: 0000000000000000 [ 124.336820][ T6415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.336837][ T6415] R13: 00007f61b7616218 R14: 00007f61b7616180 R15: 00007ffd06c27b78 [ 124.336864][ T6415] [ 124.337277][ T6415] Kernel Offset: disabled