last executing test programs: 11.219540699s ago: executing program 0 (id=773): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x1100, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dmmidi2\x00', 0x410040, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xed\xf8\xe1\xbc\x1d\x91D\xe7R\x12\xc4\xcd\xc6\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY2@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(', 0x100000a3dd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x2, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x9, 0x15f4da07, 0x6, 0x10001, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(r3, &(0x7f0000002280)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000000400)=ANY=[@ANYBLOB="14ce57d2449e8ebb39a84ba6dca8000000ed14e99cbd3a85d82589a3b52db1acdc99a3bd254777fb3ffeaf4fbf5bc95ea7ee594356a58009a211295bdc1f9480c5a645cb2b32d15afe8250d9d5394b2230ec341f93a19fd87a05148d6a73d105fed92680290bc42a0b0228233efbfd5366122cb54bcb677e07283b50ee2d81ce0a47bb7dee5e12cb05e20df84b6f4389c832ffd3675fa98b59da099729c1ec4e436d2001b0ed78f1fc24677c2151936a251b69eaba83741305361f6bfe97e445f18dd6ddb91be51c79c2206d4ceb425d879a7b87216f8d4efea5d5c028902b14a0b40d0d6f727264f5d29494d7b5ad33eb351811a1643f8b99a7228e02a0e13caeddff97562a95c21f9f47c90d9cf732603830cb481f848de0cd95ce7d5c732d221904e8b5955dd02cbb18792629f7515a7ab1a27ecd1b91", @ANYRES16=r2, @ANYBLOB="01002cbd7000fddbdf255f000000"], 0x14}, 0x1, 0x0, 0x0, 0x48800}, 0x4) sendmsg$auto_NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0xb0, r2, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY_SELF_MANAGED_REG={0x4}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x5}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0xfe}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "aba644f6b3f9b0d337e1f3b18bc893f6910dc27772901b63c784"}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}, @NL80211_ATTR_MAC_MASK={0x58, 0xd7, "41d930f3acd5f6175aba08f027b977696439bad882147cc7cc83a0b76eb6fe7e7f292b960a7a965f0f8b412cb91b14ed19ff5d81371d87a6a8f466298fbc3c903477c5379db86775f8ff10df8f798e26321a33b3"}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x10000}]}, 0xb0}}, 0x20000824) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="01002abd7010fddbdf250400000004001f00"], 0x18}, 0x1, 0x0, 0x0, 0x4000084}, 0x10) close_range$auto(0x2, 0x8, 0x0) r5 = socket(0x2a, 0x2, 0x1) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/runtime_suspended_time\x00', 0x40e00, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/dri/vkms/name\x00', 0x40000, 0x0) fcntl$auto_F_DUPFD_CLOEXEC(r5, 0x406, r7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 10.56750646s ago: executing program 1 (id=776): mmap$auto(0x0, 0x400004, 0xdb, 0x9b72, 0x7, 0x800008000) r0 = socket(0xa, 0x1, 0x84) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x4, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, &(0x7f00000001c0)=0x9, 0x0, 0x10, 0x7, 0x3, 0x46, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0xffff7fff, @raw=0x64}) setresuid$auto(0x0, 0x0, r2) ioctl$auto_BLKALIGNOFF(r1, 0x127a, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto(r7, &(0x7f0000000240)=',-\t', 0x2000008008) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="01002dbd7000fedbdf250a0000000480068072a5f3d35c1df0791b0d44583ce3124a41eb082919d46db7c477ba6a630dab91a6c3aa8dec19de0abeff35293a9cae3068ee60e9f7da8195248c27d1a4aef5f2b8f188b74be7e604bd5f86d21320356a2db8f021bfc8f7e9321ed9d4c4d324585d35bde57e371f52e3ed6796"], 0x18}, 0x1, 0x0, 0x0, 0x40014}, 0x0) getpgid$auto(0x0) r8 = socket(0x2, 0x801, 0x106) setsockopt$auto(r8, 0x6, 0x12, 0x0, 0xa1) sendmsg$auto_IPVS_CMD_SET_SERVICE(r4, &(0x7f0000000ac0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x28014044}, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x8203, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000000100), 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) syslog$auto(0x3, &(0x7f0000000180)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9bd\b\xff.\x1a\xbe6+\xd6Vy\x99', 0x5) io_uring_setup$auto(0x401, 0x0) syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) getsockopt$auto(r0, 0x84, 0x8, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x200, 0x0) 9.258502332s ago: executing program 3 (id=777): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) acct$auto(&(0x7f00000000c0)='/dev/input/event1\x00') sendmsg$auto_IPVS_CMD_GET_INFO(r0, &(0x7f0000002a00)={0x0, 0x0, &(0x7f00000029c0)={&(0x7f00000028c0)={0x14, 0x0, 0x1, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20000010) 8.824707471s ago: executing program 3 (id=778): mmap$auto(0x0, 0x4020007, 0xdf, 0xebf, 0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mmap$auto(0x5, 0x1bbf, 0x1ff, 0x19, r0, 0x8020000007ffd) close_range$auto(0x2, r0, 0x0) socket(0x2b, 0x4, 0x10000033) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/fail-nth\x00', 0x1c9c82, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r2, &(0x7f0000000100)={0x0, 0x9}, 0x2) mmap$auto(0x0, 0x400008, 0x8000000000000df, 0x9b72, r1, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r3, 0xc004510e, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x88c2, 0x0) write$auto(r2, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x00\x00\x00', 0x8083a) getrandom$auto(&(0x7f0000000200)='+\x00^rp\xcb\" \x81u5z\b\x06m7\x84\xc8\xd8\\\x12GM\x02G\xda(\x7f\xe0\x8b\n\n\a\x9f\xcd\xa9\x97i\xe2\xa0\xdd4/^\x13\xde5\x96j\xf4\xcc\xc6g8\xe5\xf6k\xe4\xa0\xc5XF\xd9R5\x81\xa8\xc5\x11\x1a\x8b\xb3Y\xa4\xa1d\xe0\xbe.&\x7f\xd9o*\"\x1c\xe3\xe9%y\xf7\x8ffm\f\xe5\xb0\x13\x16\xa0\x8b>\x7f\xcea\x9b\xe4\x8e\xd4\xf2\xeb\xa5\xb7\xf4\xef\x90\xea\xd4\xa5$\\\x03\a\xf76\xa6z~,7\xccH\xac,\xb4\x8b\xa5\x8b\xcc\xedRFp[h\x14\rn\x1c\x17\x03\x80:\xcaDS\x8b\x01ssn\xc3a\xa8\xfb\x97\xf4\xb0\f\x99\xe2\x16m\v\x9aa\xb8R', 0x6, 0x3c5f) mmap$auto(0x9000, 0x3fffff, 0x7, 0x11, r1, 0x20000040) 8.00334205s ago: executing program 0 (id=779): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto(0xffffffffffffffff, 0x455, r0) rseq$auto(0x0, 0x9, 0xdf2, 0x7) shmget$auto(0x8, 0x10566, 0x52fe) openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000003540)='/proc/thread-self/setgroups\x00', 0x2, 0x0) 6.969154049s ago: executing program 0 (id=780): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) pwrite64$auto(0xc8, 0x0, 0x3, 0x3a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x8000400) sysfs$auto(0x2, 0xd, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) r2 = fsopen$auto(0x0, 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.4/usb5/power/level\x00', 0x129882, 0x0) sendfile$auto(r3, r3, 0x0, 0x7) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) lstat$auto(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r4) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) inotify_init1$auto(0x80000001) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)='1', 0x1) sendmsg$auto_NL80211_CMD_VENDOR(r4, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r0, @ANYRES16=r5, @ANYBLOB="050727567000fbdbdf256700010005002a014000ff078ae62ecb4771db88b32ff0afd393b6f788fba299284df6b4bfa8b4e5b31013bf3380a9ca26913a7726ba730fda008d06777fe5095e111979f721e8d689153464c384d9be7ed8969b4e536cee3ebfd0d004945f07000000109ac05d62ab75c0b07e283983b53071f68d3f990d9005fb7363f7c0e973b989"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x19) r7 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000140)='/dev/binderfs/binder0\x00', 0x20100, 0x0) ioctl$auto_BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000000)="fc06c1f730b9d2867a8ba29f242cf38f59f712") 6.627141252s ago: executing program 3 (id=781): unshare$auto(0x20000) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000140)=@sco, 0x3) r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) ioctl$auto_USB_RAW_IOCTL_VBUS_DRAW(r2, 0x4004550a, 0x0) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/034/001\x00', 0x20882, 0x0) ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x18, 0x2006, 0x7fa, 0x7fb, &(0x7f0000000280)}) writev$auto(r0, &(0x7f00000003c0)={&(0x7f0000000240)="d4b5bb306511155bfb41ecd8ebb5e4b961745c2534544b85fe0e8813a22720f31c7aa7acb40128235f25c75e840ab8efc67789f002505b23edc2b8e5c7c816d0a8a3459f24b3f786d34d965a33c52f78ff956ef1", 0xf9}, 0x3) r4 = clone$auto(0x1800000000000, 0x6, 0x0, &(0x7f0000000080)=0xf39d, 0xfffffffffffffffe) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x34, r6, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_UPCALL_PID={0x8}, @OVS_DP_ATTR_NAME={0xd, 0x1, '&#$@\\]\\-\x00'}]}, 0x34}, 0x1, 0x300, 0x0, 0x801}, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x7ff, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) write$auto(0x0, 0x0, 0x0) sendmsg$auto_OVS_METER_CMD_SET(r7, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x20004080}, 0x24008040) r8 = pidfd_open$auto(r4, 0x8000000) landlock_add_rule$auto(r1, 0x1, &(0x7f00000002c0)="8f90ecaa05d283d0c22a627797b4d7350fd55df30485767f893f0205eb4afb4ca6a4742cabf62ecf8439891cab681de221e38c0ce344b96198ee16b47b45a2c4487f3d7c4c0d058a66cfeba97f68a63e93af6724b3bff9b9b1eacfd71e47dc8ce52459a865aad46619d1c49a23c9fc696f2657ebf9f06383ab9ab026621e68fe01c1bd6755444dc0534072e4d6be963da4f96ee4e4801699931509dd96a9e86bf64319dba7e11d6e1c3b9598d9fe48ead97fdfcfaae6d775beef3f9cb792071505ddb763c8c4ac62f4a08361e2024fbd8c7e5c1f3e38227379037c19c58043", 0xffff) unshare$auto(0x6e2f) setns(r8, 0x8000000) 6.619578525s ago: executing program 1 (id=782): mmap$auto(0x0, 0x4020007, 0xdf, 0xebf, 0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mmap$auto(0x5, 0x1bbf, 0x1ff, 0x19, r0, 0x8020000007ffd) close_range$auto(0x2, r0, 0x0) socket(0x2b, 0x4, 0x10000033) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/fail-nth\x00', 0x1c9c82, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r2, &(0x7f0000000100)={0x0, 0x9}, 0x2) mmap$auto(0x0, 0x400008, 0x8000000000000df, 0x9b72, r1, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r3, 0xc004510e, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x88c2, 0x0) write$auto(r2, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x10\x00\x00', 0x8083a) getrandom$auto(&(0x7f0000000200)='+\x00^rp\xcb\" \x81u5z\b\x06m7\x84\xc8\xd8\\\x12GM\x02G\xda(\x7f\xe0\x8b\n\n\a\x9f\xcd\xa9\x97i\xe2\xa0\xdd4/^\x13\xde5\x96j\xf4\xcc\xc6g8\xe5\xf6k\xe4\xa0\xc5XF\xd9R5\x81\xa8\xc5\x11\x1a\x8b\xb3Y\xa4\xa1d\xe0\xbe.&\x7f\xd9o*\"\x1c\xe3\xe9%y\xf7\x8ffm\f\xe5\xb0\x13\x16\xa0\x8b>\x7f\xcea\x9b\xe4\x8e\xd4\xf2\xeb\xa5\xb7\xf4\xef\x90\xea\xd4\xa5$\\\x03\a\xf76\xa6z~,7\xccH\xac,\xb4\x8b\xa5\x8b\xcc\xedRFp[h\x14\rn\x1c\x17\x03\x80:\xcaDS\x8b\x01ssn\xc3a\xa8\xfb\x97\xf4\xb0\f\x99\xe2\x16m\v\x9aa\xb8R', 0x6, 0x3c5f) mmap$auto(0x9000, 0x3fffff, 0x7, 0x11, r1, 0x20000040) 5.783931468s ago: executing program 3 (id=783): mmap$auto(0x0, 0x4020007, 0xdf, 0xebf, 0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mmap$auto(0x5, 0x1bbf, 0x1ff, 0x19, r0, 0x8020000007ffd) close_range$auto(0x2, r0, 0x0) socket(0x2b, 0x4, 0x10000033) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/fail-nth\x00', 0x1c9c82, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r2, &(0x7f0000000100)={0x0, 0x9}, 0x2) mmap$auto(0x0, 0x400008, 0x8000000000000df, 0x9b72, r1, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r3, 0xc004510e, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x88c2, 0x0) write$auto(r2, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x00\x00\x00', 0x8083a) getrandom$auto(&(0x7f0000000200)='+\x00^rp\xcb\" \x81u5z\b\x06m7\x84\xc8\xd8\\\x12GM\x02G\xda(\x7f\xe0\x8b\n\n\a\x9f\xcd\xa9\x97i\xe2\xa0\xdd4/^\x13\xde5\x96j\xf4\xcc\xc6g8\xe5\xf6k\xe4\xa0\xc5XF\xd9R5\x81\xa8\xc5\x11\x1a\x8b\xb3Y\xa4\xa1d\xe0\xbe.&\x7f\xd9o*\"\x1c\xe3\xe9%y\xf7\x8ffm\f\xe5\xb0\x13\x16\xa0\x8b>\x7f\xcea\x9b\xe4\x8e\xd4\xf2\xeb\xa5\xb7\xf4\xef\x90\xea\xd4\xa5$\\\x03\a\xf76\xa6z~,7\xccH\xac,\xb4\x8b\xa5\x8b\xcc\xedRFp[h\x14\rn\x1c\x17\x03\x80:\xcaDS\x8b\x01ssn\xc3a\xa8\xfb\x97\xf4\xb0\f\x99\xe2\x16m\v\x9aa\xb8R', 0x6, 0x3c5f) mmap$auto(0x9000, 0x3fffff, 0x7, 0x11, r1, 0x20000040) 5.608879702s ago: executing program 2 (id=784): socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x5, 0x10000000000df, 0x400000000ebe, 0x401, 0x8) ioctl$auto_SG_EMULATED_HOST2(0xffffffffffffffff, 0x2203, &(0x7f0000000180)="8dcdd6117ce4b5fef670f2e0876fd3072d980e271a2facee0f385da9c6a63ed0c647b83ff549f3a85e81c040cf36ada33ce6b1442fc9e7889796b3a7398988e2cbed241eebfb8b6db449f1d6c8f84d0d93801cdcbc2110434b86585eaf1ded5ba72bf7c1c5de65b308267aec9c0048c005830ab1c055952d6098331fe8ef14c159b245eb9ce40ab5327da9") socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xc0400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8000ffff}, 0x3) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.7/usb8/power/level\x00', 0x2881, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) madvise$auto(0x0, 0x20000a, 0x4) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000001600)='/sys/kernel/debug/ieee80211/phy7/hw_conf\x00', 0x0, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r1, 0x0, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x100000000000000, 0x80000001, 0x0, 0x2, 0xe2, 0x7a}) set_mempolicy$auto(0x3, &(0x7f0000000040)=0x7, 0x3) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x1, 0x0) ioctl$auto_FBIOPUT_CON2FBMAP(r2, 0x4610, &(0x7f0000000040)) 4.9951129s ago: executing program 2 (id=785): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x67e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 4.033609217s ago: executing program 2 (id=786): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454d1, 0x6) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) r0 = open(&(0x7f0000000100)='.\x00', 0x595082, 0x0) write$auto(r0, 0x0, 0xfffffdf1) fcntl$auto_F_ADD_SEALS(r0, 0x409, 0x9) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@tipc=@name={0x1e, 0x2, 0x3, {{0x1, 0x1}}}, 0x20) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) mprotect$auto(0x0, 0x8000000000000001, 0x8) 3.960394395s ago: executing program 0 (id=787): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES32=r0, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), r0) socket$nl_generic(0x10, 0x3, 0x10) sendto$auto(0xffffffffffffffff, 0x0, 0x6fffff9, 0xfffffff8, 0x0, 0x36) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) setresuid$auto(0x0, 0x0, 0x0) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) getpid() 3.936486894s ago: executing program 3 (id=788): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r0) setresuid$auto(0x0, 0x0, 0x0) setfsuid$auto(0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x41, 0x0) r3 = prctl$auto(0x3e, 0x7bff, 0x0, 0x41, 0x3) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), r3) close_range$auto(r3, r1, 0x9) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYRESOCT=r4], 0x30}}, 0x20008801) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace\x00', 0x80001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f2, 0xc) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000b80)='/sys/kernel/debug/dri/vkms/Writeback-1/force\x00', 0x202, 0x0) syslog$auto(0x3, &(0x7f0000000400)='..\x00\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SaL\x85\xea\xb2\x93\xac\xf1\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b=f\xab\t\xad2$K\x92SLP*d3?s\x9fK\xb3\x1d\x1c\xbc/\x87\x94xkB9\xbbFGH5\x18\x0f\xb5\xcd', 0x10) fchdir$auto(0xffffffffffffffff) r6 = syz_clone(0x20011, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) r7 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/controlC1\x00', 0x7c1c80, 0x0) madvise$auto(0x9, 0x9, 0x100010) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r7, 0xc1105511, &(0x7f00000002c0)={{@inferred=r6, 0x7ff, 0xa, 0x7, "0e4ede7079dcb0c24c8aa1e3c7ee2e00308b8a7d74b0a70700005e6d035b196ca83379bb00", @raw=0x4}, 0x7, 0x3, 0x2, @raw=0x31c7bc81, @enumerated={0x0, 0x6, "ad75b255b5cdd64a6b7a755de55f8e3b81e6c4e6fbf4f15a5ca5dc29f056113e9b60cd7bd82081ec90b01a6c1ae79b9fd0930da366e011ae30c0a636577776a6", 0x3, 0xcac}, "18a801006a0900000000000000c4bd5359eeadc8357752b72fa176254d8797cdffd02555ac83a07983eeddcd24b626f54ad9d763dcdc9120af8b7c848ceb55a7"}) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x6, 0xfffffffffffff557, 0x2b, 0x10, 0xffffffffffffffff, 0x3dd) 3.812507943s ago: executing program 1 (id=789): r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r0, 0x40046f41, 0x0) ioctl$auto_UBI_IOCDET(r0, 0x40046f41, 0x0) 3.320689688s ago: executing program 1 (id=790): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000036, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x7, 0x2020009, 0x4, 0xeb1, 0xfffffffffffffffa, 0x8003) prctl$auto(0x5, 0x5, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC0\x00', 0x80, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim0/del_port\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x9, 0x10001, 0x4, 0x8, 0xffffffffffffffff, [0x0, 0x0, 0x400], {0xfa4, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x80, 0x4000006, 0x2000}, {0x100, 0x1, 0x50, 0x5, 0x1, 0x7, 0x8, 0x8, 0x100000002}}) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyc3\x00', 0x40001, 0x0) ioctl$auto(r1, 0x80045438, 0xffffffffffffffff) syslog$auto(0x3, &(0x7f00000001c0)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) sched_getattr$auto(0x0, &(0x7f0000000000)={0xcf86, 0x106, 0x6, 0x200, 0x8c90552e, 0xb, 0x6, 0x5, 0x8, 0x90}, 0x68, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) brk$auto(0x40008000) brk$auto(0x8) socketcall$auto_SYS_GETSOCKOPT(0xf, &(0x7f0000000100)=0x3) prctl$auto_PR_SCHED_CORE_SHARE_TO(0x7f, 0x2, 0x0, 0x4, 0x8) fsopen$auto(0x0, 0x1) 2.831774931s ago: executing program 0 (id=791): unshare$auto(0x20000) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000140)=@sco, 0x3) r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) ioctl$auto_USB_RAW_IOCTL_VBUS_DRAW(r2, 0x4004550a, 0x0) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/034/001\x00', 0x20882, 0x0) ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x18, 0x2006, 0x7fa, 0x7fb, &(0x7f0000000280)}) writev$auto(r0, &(0x7f00000003c0)={&(0x7f0000000240)="d4b5bb306511155bfb41ecd8ebb5e4b961745c2534544b85fe0e8813a22720f31c7aa7acb40128235f25c75e840ab8efc67789f002505b23edc2b8e5c7c816d0a8a3459f24b3f786d34d965a33c52f78ff956ef1", 0xf9}, 0x3) r4 = clone$auto(0x1800000000000, 0x6, &(0x7f0000000000)=0x4, &(0x7f0000000080)=0xf39d, 0xfffffffffffffffe) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x34, r6, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_UPCALL_PID={0x8}, @OVS_DP_ATTR_NAME={0xd, 0x1, '&#$@\\]\\-\x00'}]}, 0x34}, 0x1, 0x300, 0x0, 0x801}, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x7ff, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) write$auto(0x0, 0x0, 0x0) sendmsg$auto_OVS_METER_CMD_SET(r7, 0x0, 0x24008040) r8 = pidfd_open$auto(r4, 0x8000000) landlock_add_rule$auto(r1, 0x1, &(0x7f00000002c0)="8f90ecaa05d283d0c22a627797b4d7350fd55df30485767f893f0205eb4afb4ca6a4742cabf62ecf8439891cab681de221e38c0ce344b96198ee16b47b45a2c4487f3d7c4c0d058a66cfeba97f68a63e93af6724b3bff9b9b1eacfd71e47dc8ce52459a865aad46619d1c49a23c9fc696f2657ebf9f06383ab9ab026621e68fe01c1bd6755444dc0534072e4d6be963da4f96ee4e4801699931509dd96a9e86bf64319dba7e11d6e1c3b9598d9fe48ead97fdfcfaae6d775beef3f9cb792071505ddb763c8c4ac62f4a08361e2024fbd8c7e5c1f3e38227379037c19c58043", 0xffff) unshare$auto(0x6e2f) setns(r8, 0x8000000) 2.51877809s ago: executing program 2 (id=792): mmap$auto(0x9, 0x8205, 0xfffffffffffffffd, 0x40eb2, 0xd, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/i8042/serio0/drvctl\x00', 0xc8100, 0x0) (async) r1 = ioctl$auto_NS_GET_TGID_FROM_PIDNS(0xffffffffffffffff, 0x8004b707, &(0x7f0000000040)=0x3) write$auto_fops_u64_(r1, &(0x7f0000000340)="faf2dbf427fe2e6a1e4e082777fa553970a110531bf01114662b994a738a3ee3fffc5d8b00032fdaf037bae609142120906024a2b751c644b9a1fa999304e27330c6bed0bccf8f84573c876936d7aa9d94a034c10900000049fc5cdc28d91cdf54ce3b07a76e4470d807c96c0fa9c48c47cfc4babca2d84d04340f8cffdfd276438630f92d5e90ebb7fcf55eca378ba09e9dfcfa68e6b709947560b37fb00093cc3e17384b4ad1aa038cdb7c5ae18f39355e612e886ed411ca3603f60d2fdab6aa3dc9f0c7854eecc6916771fc2960e4fb2fa5d915d0e3e729b834f77da4291f194a0f9ad6a46a427c3e3999cc780a1a88c5c814ff0379e15d49b2e02977df4307a1d2a010b93f3a6426a2e9194c1fa7ee137113e480c5b7e5bf42366e58ec43cdb7bdfde9e0", 0x126) (async) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)='n', 0x1) (async) mremap$auto(0x0, 0x7, 0x7ff, 0x3, 0x200000) (async) r2 = prctl$auto(0x23, 0xe, 0x0, 0x67, 0x0) (async, rerun: 32) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x22080, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) socket(0x6, 0x2, 0x3a) (async, rerun: 32) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (rerun: 32) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x8000, 0x0) read$auto(r3, &(0x7f0000000000)='veth1\x00', 0x10) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) unshare$auto(0x40000080) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_GET_RADIO(0xffffffffffffffff, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1a000000de470ca86c0f0cd7aed8a592d5a7ecd9a56bf0b02b1f8e65fa456d675dccbfcbc74fe16935c60cc1a4577cf38040e75d324643d9f0ae37bbd2adca1e86f0ea7d07bb5a8dcb45d074bce7e2e82cd3d3b7d1682d807fb8b09f18f2a5d090e790d7171f4f", @ANYRES16=r4, @ANYBLOB="cf5728bd7000fedbdf2506000000"], 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x8020) (async, rerun: 64) read$auto(0xffffffffffffffff, 0x0, 0x7f) (async, rerun: 64) mprotect$auto(0x6, 0x8, 0x8) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$auto_TUNSETCARRIER(r2, 0x400454e2, 0x0) (async) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) (async, rerun: 32) read$auto(0xffffffffffffffff, 0x0, 0x3) (rerun: 32) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) 2.060640633s ago: executing program 2 (id=793): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x6a) (async) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(r0, 0x4604, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/irq/13/node\x00', 0x202080, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000140)=""/144, 0x90) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x40000006, 0x21) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) kexec_load$auto(0x0, 0x2, 0x0, 0x2) (async) mmap$auto(0x6, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.603757864s ago: executing program 0 (id=794): openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000008c0)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x2, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) sysfs$auto(0x2, 0x3c, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x3, &(0x7f0000000000)='Q**\x00', &(0x7f0000000040), 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCR(0xffffffffffffffff, 0x0, 0x40) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x43102, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/security/tomoyo/query\x00', 0x42e01, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x29, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop6/integrity/read_verify\x00', 0x2262, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0700000000000000df"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/phram/parameters/phram\x00', 0x4a481, 0x0) write$auto(r1, &(0x7f0000000040)='7\x02\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) io_setup$auto(0x7ffe, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 971.060422ms ago: executing program 2 (id=795): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x11, 0x2, 0x300) r1 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r1, 0x0, 0x2, 0x100) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000000240)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) preadv$auto(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f00000001c0), 0xff}, 0x5, 0x0, 0x4) r2 = socket(0x2, 0x1, 0x106) setsockopt$auto(r2, 0x6, 0x6, &(0x7f0000000700)='\b\x00\x00\x00\xe4\x15\rq\tW\x9d=\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe7\x9b\xdd\x1cp\x19\xa0\x9dHN\xb4\x7f\x7f\xa0\xeaI\xa1\x0f/\xfc\x8e\xf9\xa6x\xa0\xdeo\t\x826Xe(\x0e\xffr\r\x8d\xefh\xdbG\x8b\xde\xfd$\'\a ]\x91YP\x94\xd0\xd0\x02\x10\xb1_z\xa2Ql\x8c\x91\xca4\x118\xcd\xc3\x97\x03J:\x1e\xe5f\xcaq\xdf`\x01;\xf9{D2\xc9WV)\xa3JH\xf5\xf9\x16\xac\xa4\x155\x80\x01I\xd9\xa5\xd0\xf1\xbd\xa0\xa4\xa5q\xc6F\x940\x00\xf8\xef\xa4\xfd\xd2z\xf5\x91z<\x9f\xf0\x8f.\x81\x84\xed J&\x8f\xd9\xab-\xf8\xd0\xd3\xcea\x91pM0\xcd\x18\xb4\xe0u\x99\b\x19I\x87\xbb/1\xf9\x84\xbf\xcc\x0e5\xba\x9a\xba\xfb\xde\x16kU\x97\xec\xc6\xe15u\xd5\x94D\xab\xec.K\xfbD\x0f\xc16g\xf3`\x03O\xae]B@\x0e!n\x8dy\x97\xaa\xa7\x12\xbbyD\xd3\x82\xb3\x9a\x88L\x1b\x8b\xfb\xe7\xc8\xa8\xf66\x16\xe1\x04T\'/8a\xeb\xe6\xe6+!\x97\b\xc8;P\f~\x88\x02\x91 \xd3\x93\xa7.xCNA\xcax)\xb4\xdf\xfe/\xe40\xc6y\x13\x8d\bfJ\x85\x05\xf5\x9f\xea\x15\xe9{3\xcc\xac\x94w.%\x11_\xd3\xe2\xe9\x8c\x9c\xb1\xfb\xf9o\xf4\xc9\x88\xbd\x90p\xae\x8ap\xb9\xa4\xb7\xadv&\x999\xdf\x83\xae\xff\xa5\xfc\xd3\xc0!\xdc\xc4\xa0\xce8:\xeb~\x9b_F\x8f\xcaY\xa9\x89@\x99)\x1c\x8b\xc5\xb7\x10\xd1\xc8`\xb6\x8f\x136\xc3\x1e\xbd\x8e$\"\xbfJ\n\xd6\x0f\x9d\xcbr\xb7\xa8\xed\r+$\x94\x9b\xfe8\x8ao\xf8\xba\'i\xf1\xd3\x9c7P\xe3\x14\xa2\x1b-\xbb\xae\xe3P#:$\xaf\aB\xd2\x95\x18\\r\xd1\x80\x9fD\xd5\xaba\xc8\xd4\xd1\xb6\xf5\xb9\x16\xbb\xbc\xd6\xb3+\xdf\xfc\x89\x1f\xe9M|\x0e?g\x18\v\"', 0x4000007) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xffffffffffffffff, 0x4008550d, 0xffffffffffffffff) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/graphics/fbcon/rotate_all\x00', 0xa001, 0x0) r4 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000bc0)='/sys/kernel/tracing/dynamic_events\x00', 0x1, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r4, &(0x7f0000000000)=' ', 0x1) settimeofday$auto(&(0x7f0000000180)={0x6ddb8b07, 0x9}, 0x0) write$auto(r3, &(0x7f0000000000)='3\xc7\xff\xff\xff\xdd\x00\b(Ks\x0f\x87|P\x11\xd1li0\x89\x85\x90QM\xd6wfF\xf1x\xb3;c\tP\x03\x84\x97\x99\x83\x97\x81:\xf3\xa3o5\xc5\x86\xed\xa4\x18]\xa3\xc9\x0f\xff\xdak\xb0m\xe1U\xb3\xa2\xee\xdcTJQO\x98\xc8w\x8c\xe7\x00\x00\x00\x1dj\x1e\xebQT\xdd\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x00\x00\x00', 0x9) writev$auto(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x10001}, 0xc) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/arp\x00', 0x101000, 0x0) 781.438504ms ago: executing program 3 (id=796): mmap$auto(0x0, 0x4020007, 0xdf, 0xebf, 0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mmap$auto(0x5, 0x1bbf, 0x1ff, 0x19, r0, 0x8020000007ffd) close_range$auto(0x2, r0, 0x0) socket(0x2b, 0x4, 0x10000033) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/fail-nth\x00', 0x1c9c82, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r2, &(0x7f0000000100)={0x0, 0x9}, 0x2) mmap$auto(0x0, 0x400008, 0x8000000000000df, 0x9b72, r1, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r3, 0xc004510e, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x88c2, 0x0) write$auto(r2, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x10\x00\x00', 0x8083a) getrandom$auto(&(0x7f0000000200)='+\x00^rp\xcb\" \x81u5z\b\x06m7\x84\xc8\xd8\\\x12GM\x02G\xda(\x7f\xe0\x8b\n\n\a\x9f\xcd\xa9\x97i\xe2\xa0\xdd4/^\x13\xde5\x96j\xf4\xcc\xc6g8\xe5\xf6k\xe4\xa0\xc5XF\xd9R5\x81\xa8\xc5\x11\x1a\x8b\xb3Y\xa4\xa1d\xe0\xbe.&\x7f\xd9o*\"\x1c\xe3\xe9%y\xf7\x8ffm\f\xe5\xb0\x13\x16\xa0\x8b>\x7f\xcea\x9b\xe4\x8e\xd4\xf2\xeb\xa5\xb7\xf4\xef\x90\xea\xd4\xa5$\\\x03\a\xf76\xa6z~,7\xccH\xac,\xb4\x8b\xa5\x8b\xcc\xedRFp[h\x14\rn\x1c\x17\x03\x80:\xcaDS\x8b\x01ssn\xc3a\xa8\xfb\x97\xf4\xb0\f\x99\xe2\x16m\v\x9aa\xb8R', 0x6, 0x3c5f) mmap$auto(0x9000, 0x3fffff, 0x7, 0x11, r1, 0x20000040) 570.255341ms ago: executing program 1 (id=797): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf250100000031208be8a5b4f52d83483e5c2d79da46e337d98473588f99774c7eb4868b973c1cef8187525db7b5b4e78678eb59512dbc7b11f4e29c29e3273c870a9555cf469e67e8886341e84d38edd658cf267f92e1e785a50fe500fbc125a65f8a4e5aa458a90f3d87fc71eca6309fc0ee1724cea121a7c96dbba43270448ec20cd22915c1cfa658b316e773d1eff747e371aace10d66450a3666b7be9754bde44d1"], 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x0) sendmsg$auto_ILA_CMD_FLUSH(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x40008c4) 0s ago: executing program 1 (id=798): shmctl$auto_IPC_RMID(0x10000, 0x0, &(0x7f0000001100)={{0x8, 0xffffffffffffffff, 0xee01, 0x767a, 0x4, 0x1, 0x7ff}, 0x0, 0x7fffffff, 0x2000000000003, 0x6, @inferred, @raw=0x3, 0x5, 0x0, 0x0, &(0x7f0000000100)="4b89bcabd7ab74161841c369b80d72d8e51b97f9964bccbdc0b0469a504d3973cd73f8e30ba6da8f55cd30e6600779254092c70f47dfd8febb823fa6f3efaaaa621ab01ed69007e950db5682c50dc3f65a0b2e6bf0bb8dc7c7604610d5a45f12fc629d6302274abad46bf05a94485635ab8150053f41cf3175c563e76b44a9c68164dd070500000084245a447d4085cff96c75eb68b716250787eac638d894752ca04f"}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, 0x0, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_EEPROM_BANK={0x5, 0x5, 0xfc}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5, 0x4, 0x13}, @ETHTOOL_A_MODULE_EEPROM_LENGTH={0x8, 0x3, 0x7}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0x400}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}]}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0x8}, @ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0x7}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003b40)={'veth0_to_hsr\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r2], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x50}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa506}, 0x800}, 0x7, 0x4008) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x800, 0x0) kernel console output (not intermixed with test programs): [ 94.242303][ T5627] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.256970][ T5627] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 94.266961][ T5627] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.987502][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.995434][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.002873][ T5625] bridge_slave_0: entered allmulticast mode [ 96.010439][ T5625] bridge_slave_0: entered promiscuous mode [ 96.042158][ T5624] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.049393][ T5624] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.057096][ T5624] bridge_slave_0: entered allmulticast mode [ 96.065162][ T5624] bridge_slave_0: entered promiscuous mode [ 96.115717][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.124041][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.131835][ T5625] bridge_slave_1: entered allmulticast mode [ 96.140448][ T5625] bridge_slave_1: entered promiscuous mode [ 96.159251][ T5624] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.166789][ T5624] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.174062][ T5624] bridge_slave_1: entered allmulticast mode [ 96.182024][ T5624] bridge_slave_1: entered promiscuous mode [ 96.189504][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.196809][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.204003][ T5626] bridge_slave_0: entered allmulticast mode [ 96.211747][ T5626] bridge_slave_0: entered promiscuous mode [ 96.246813][ T5635] Bluetooth: hci1: command tx timeout [ 96.264323][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.271580][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.278900][ T5626] bridge_slave_1: entered allmulticast mode [ 96.286948][ T5626] bridge_slave_1: entered promiscuous mode [ 96.331236][ T5624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.338488][ T5627] Bluetooth: hci2: command tx timeout [ 96.347079][ T50] Bluetooth: hci0: command tx timeout [ 96.348585][ T5624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.353957][ T5635] Bluetooth: hci3: command tx timeout [ 96.392633][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.422825][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.434649][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.456816][ T5624] team0: Port device team_slave_0 added [ 96.464836][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.500981][ T5624] team0: Port device team_slave_1 added [ 96.542165][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.549481][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.556750][ T5636] bridge_slave_0: entered allmulticast mode [ 96.564099][ T5636] bridge_slave_0: entered promiscuous mode [ 96.597030][ T5625] team0: Port device team_slave_0 added [ 96.609378][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.616632][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.623795][ T5636] bridge_slave_1: entered allmulticast mode [ 96.631660][ T5636] bridge_slave_1: entered promiscuous mode [ 96.640074][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.647261][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.673535][ T5624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.687444][ T5626] team0: Port device team_slave_0 added [ 96.694955][ T5625] team0: Port device team_slave_1 added [ 96.711505][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.718567][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.744652][ T5624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.765930][ T5626] team0: Port device team_slave_1 added [ 96.798442][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.832757][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.839826][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.866243][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.879906][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.915787][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.923093][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.949225][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.971925][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.979004][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.005028][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.047749][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.054824][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.081223][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.099414][ T5624] hsr_slave_0: entered promiscuous mode [ 97.105926][ T5624] hsr_slave_1: entered promiscuous mode [ 97.117613][ T5636] team0: Port device team_slave_0 added [ 97.134897][ T1126] cfg80211: failed to load regulatory.db [ 97.159382][ T5636] team0: Port device team_slave_1 added [ 97.222228][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.229460][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.255503][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.302630][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.309749][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.335780][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.352461][ T5626] hsr_slave_0: entered promiscuous mode [ 97.359238][ T5626] hsr_slave_1: entered promiscuous mode [ 97.365510][ T5626] debugfs: 'hsr0' already exists in 'hsr' [ 97.371648][ T5626] Cannot create hsr debugfs directory [ 97.390209][ T5625] hsr_slave_0: entered promiscuous mode [ 97.396827][ T5625] hsr_slave_1: entered promiscuous mode [ 97.403476][ T5625] debugfs: 'hsr0' already exists in 'hsr' [ 97.409409][ T5625] Cannot create hsr debugfs directory [ 97.558970][ T5636] hsr_slave_0: entered promiscuous mode [ 97.565863][ T5636] hsr_slave_1: entered promiscuous mode [ 97.572287][ T5636] debugfs: 'hsr0' already exists in 'hsr' [ 97.578214][ T5636] Cannot create hsr debugfs directory [ 97.921630][ T5624] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.935891][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 97.944065][ T5624] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.955080][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 97.987981][ T5624] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.998539][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.007023][ T5624] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.017873][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.066849][ T5625] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.080116][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.088851][ T5625] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.099210][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.115511][ T5625] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.129236][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.141447][ T5625] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.153811][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.259695][ T5626] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.273389][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.288942][ T5626] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.302011][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.317061][ T5626] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.328426][ T5635] Bluetooth: hci1: command tx timeout [ 98.335184][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.344459][ T5626] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.355271][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.407878][ T5627] Bluetooth: hci2: command tx timeout [ 98.413355][ T50] Bluetooth: hci0: command tx timeout [ 98.419303][ T5635] Bluetooth: hci3: command tx timeout [ 98.482917][ T5636] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.494334][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.510928][ T5636] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.520762][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.529811][ T5636] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.540904][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.549823][ T5636] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.559956][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.584352][ T5624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.651874][ T5624] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.667486][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.690261][ T141] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.697705][ T141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.737156][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.744342][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.762523][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.792860][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.800053][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.829746][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.836985][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.893711][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.935123][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.974055][ T5626] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.024517][ T141] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.031731][ T141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.051092][ T5636] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.075535][ T856] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.082753][ T856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.102012][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.109199][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.180574][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.188031][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.061628][ T5624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.133026][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.234170][ T5624] veth0_vlan: entered promiscuous mode [ 100.296055][ T5624] veth1_vlan: entered promiscuous mode [ 100.361547][ T5625] veth0_vlan: entered promiscuous mode [ 100.407182][ T5635] Bluetooth: hci1: command tx timeout [ 100.417877][ T5625] veth1_vlan: entered promiscuous mode [ 100.443748][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.477520][ T5624] veth0_macvtap: entered promiscuous mode [ 100.486544][ T50] Bluetooth: hci0: command tx timeout [ 100.492283][ T5627] Bluetooth: hci2: command tx timeout [ 100.497890][ T5635] Bluetooth: hci3: command tx timeout [ 100.516791][ T5624] veth1_macvtap: entered promiscuous mode [ 100.544534][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.582658][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.615348][ T5625] veth0_macvtap: entered promiscuous mode [ 100.629721][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.647189][ T5625] veth1_macvtap: entered promiscuous mode [ 100.680308][ T5626] veth0_vlan: entered promiscuous mode [ 100.687830][ T856] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.698314][ T856] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.713446][ T856] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.723714][ T856] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.763211][ T5626] veth1_vlan: entered promiscuous mode [ 100.786629][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.830405][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.860740][ T5636] veth0_vlan: entered promiscuous mode [ 100.884216][ T856] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.913965][ T856] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.923512][ T856] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.940324][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.952021][ T856] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.961168][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.983166][ T5636] veth1_vlan: entered promiscuous mode [ 101.050949][ T5626] veth0_macvtap: entered promiscuous mode [ 101.079069][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.098596][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.114823][ T5626] veth1_macvtap: entered promiscuous mode [ 101.175628][ T5636] veth0_macvtap: entered promiscuous mode [ 101.196838][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.211170][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.226485][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.242482][ T5636] veth1_macvtap: entered promiscuous mode [ 101.253617][ T5624] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 101.304321][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.322905][ T141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.333780][ T141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.346632][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.359533][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.391745][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.434160][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.464186][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.484170][ T5781] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.506741][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.589761][ T141] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.619168][ T141] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.644061][ T141] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.665604][ T141] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.840808][ T856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.857874][ T856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.998916][ T856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.015580][ T856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.049248][ T856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.078041][ T856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.146857][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.175980][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.435939][ T5789] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 102.489276][ T5635] Bluetooth: hci1: command tx timeout [ 102.571176][ T5635] Bluetooth: hci3: command tx timeout [ 102.576797][ T50] Bluetooth: hci0: command tx timeout [ 102.582260][ T5627] Bluetooth: hci2: command tx timeout [ 102.918103][ T5799] Zero length message leads to an empty skb [ 103.400479][ T5808] misc userio: Invalid payload size [ 103.944173][ T5814] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 104.205810][ T5821] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 syzkaller syzkaller login: [ 105.032713][ T5827] &#$@\]\-: entered promiscuous mode [ 109.088999][ T5880] FAULT_INJECTION: forcing a failure. [ 109.088999][ T5880] name failslab, interval 1, probability 0, space 0, times 1 [ 109.136862][ T5880] CPU: 0 UID: 0 PID: 5880 Comm: syz.1.19 Not tainted syzkaller #0 PREEMPT(full) [ 109.136905][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 109.136933][ T5880] Call Trace: [ 109.136945][ T5880] [ 109.136962][ T5880] dump_stack_lvl+0x100/0x190 [ 109.137014][ T5880] should_fail_ex.cold+0x5/0xa [ 109.137058][ T5880] should_failslab+0xc2/0x120 [ 109.137097][ T5880] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 109.137155][ T5880] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 109.137211][ T5880] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 109.137256][ T5880] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 109.137305][ T5880] alloc_inode+0x68/0x250 [ 109.137359][ T5880] new_inode+0x22/0x1c0 [ 109.137416][ T5880] hugetlbfs_get_inode+0x39a/0x700 [ 109.137461][ T5880] ? security_capable+0x80/0x260 [ 109.137518][ T5880] hugetlb_file_setup+0x3cc/0x5b0 [ 109.137571][ T5880] newseg+0xaf0/0xed0 [ 109.137618][ T5880] ? __pfx_newseg+0x10/0x10 [ 109.137653][ T5880] ? down_write+0x146/0x1f0 [ 109.137715][ T5880] ipcget+0xee/0xf50 [ 109.137753][ T5880] ? do_futex+0x192/0x350 [ 109.137791][ T5880] ? __pfx_do_futex+0x10/0x10 [ 109.137835][ T5880] ? __pfx_ipcget+0x10/0x10 [ 109.137877][ T5880] ? __x64_sys_futex+0x34f/0x4d0 [ 109.137914][ T5880] ? __x64_sys_futex+0x358/0x4d0 [ 109.137958][ T5880] __x64_sys_shmget+0x13b/0x1b0 [ 109.138008][ T5880] ? __pfx___x64_sys_shmget+0x10/0x10 [ 109.138053][ T5880] ? rcu_is_watching+0x12/0xc0 [ 109.138099][ T5880] do_syscall_64+0x10b/0xf80 [ 109.138142][ T5880] ? clear_bhb_loop+0x40/0x90 [ 109.138183][ T5880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.138217][ T5880] RIP: 0033:0x7f442639cdd9 [ 109.138246][ T5880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.138278][ T5880] RSP: 002b:00007f44272a8028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 109.138312][ T5880] RAX: ffffffffffffffda RBX: 00007f4426615fa0 RCX: 00007f442639cdd9 [ 109.138334][ T5880] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 109.138354][ T5880] RBP: 00007f4426432d69 R08: 0000000000000000 R09: 0000000000000000 [ 109.138374][ T5880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.138393][ T5880] R13: 00007f4426616038 R14: 00007f4426615fa0 R15: 00007ffe260527a8 [ 109.138436][ T5880] [ 109.647648][ T5884] WARNING! power/level is deprecated; use power/control instead [ 110.405966][ T5883] smpboot: CPU 1 is now offline [ 110.711620][ T5627] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 110.711653][ T5627] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 110.726940][ T5627] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 110.727012][ T5627] Bluetooth: hci2: Malformed LE Event: 0x0d [ 111.544719][ T5894] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 111.638867][ T5894] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 111.910274][ T5894] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 112.067082][ T5894] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 112.123156][ T5894] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 112.197326][ T5894] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 112.269491][ T5894] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 112.316407][ T5894] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 112.397672][ T5894] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 112.481934][ T5894] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 112.572945][ T5894] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 112.643606][ T5894] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 113.083302][ T5627] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 113.206644][ T5627] Bluetooth: hci0: command 0x0c1a tx timeout [ 113.586640][ T5935] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 114.088601][ T5627] Bluetooth: hci1: command 0x0c1a tx timeout [ 114.107025][ T5917] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 114.154739][ T5917] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 114.185908][ T5917] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 114.244288][ T5917] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 115.506111][ T5930] phram: not enough arguments [ 115.770272][ T5627] Bluetooth: hci0: command 0x0c1a tx timeout [ 116.166447][ T5627] Bluetooth: hci1: command 0x0c1a tx timeout [ 116.246600][ T5627] Bluetooth: hci3: command 0x0c1a tx timeout [ 116.252870][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 116.606568][ T5951] &#$@\]\-: entered promiscuous mode [ 117.849783][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 118.246543][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 118.326455][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 118.334132][ T5627] Bluetooth: hci3: command 0x0c1a tx timeout [ 119.518600][ T5985] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5625] was attempted by ""[5985] [ 119.581277][ T5635] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 120.408258][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 122.070834][ T6014] netlink: 'syz.1.40': attribute type 7 has an invalid length. [ 122.125206][ T6014] netlink: 28 bytes leftover after parsing attributes in process `syz.1.40'. [ 122.743600][ T5989] phram: not enough arguments [ 122.943735][ T6016] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5625] was attempted by ""[6016] [ 123.081395][ T6020] &#$@\]\-: entered promiscuous mode [ 125.574459][ T5635] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 129.740664][ T6071] binder: 6057:6071 ioctl c0306201 200000000000 returned -14 [ 130.385187][ T6059] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 130.503809][ T6059] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 130.590295][ T6059] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 130.649977][ T6059] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 132.246479][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 132.568774][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 132.646765][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 132.652925][ T5627] Bluetooth: hci2: command 0x0c1a tx timeout [ 132.982194][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.992363][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.046573][ T6111] FAULT_INJECTION: forcing a failure. [ 134.046573][ T6111] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 134.175364][ T6111] CPU: 0 UID: 0 PID: 6111 Comm: syz.3.55 Not tainted syzkaller #0 PREEMPT(full) [ 134.175396][ T6111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 134.175421][ T6111] Call Trace: [ 134.175430][ T6111] [ 134.175439][ T6111] dump_stack_lvl+0x100/0x190 [ 134.175471][ T6111] should_fail_ex.cold+0x5/0xa [ 134.175497][ T6111] ? prepare_alloc_pages+0x16d/0x5f0 [ 134.175531][ T6111] should_fail_alloc_page+0xeb/0x140 [ 134.175561][ T6111] prepare_alloc_pages+0x1f0/0x5f0 [ 134.175601][ T6111] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 134.175643][ T6111] ? enqueue_task+0x1d6/0x4f0 [ 134.175685][ T6111] ? __lock_acquire+0x4a5/0x2630 [ 134.175712][ T6111] ? __lock_acquire+0x4a5/0x2630 [ 134.175733][ T6111] ? css_rstat_updated+0x1ce/0x5a0 [ 134.175772][ T6111] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 134.175816][ T6111] ? do_raw_spin_lock+0x128/0x260 [ 134.175844][ T6111] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.175872][ T6111] ? find_held_lock+0x2b/0x80 [ 134.175912][ T6111] ? __lock_acquire+0x4a5/0x2630 [ 134.175934][ T6111] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 134.175972][ T6111] ? policy_nodemask+0xed/0x4f0 [ 134.176002][ T6111] alloc_pages_mpol+0x1fb/0x540 [ 134.176031][ T6111] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 134.176059][ T6111] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 134.176083][ T6111] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 134.176112][ T6111] folio_alloc_mpol_noprof+0x36/0x260 [ 134.176147][ T6111] shmem_alloc_folio+0x135/0x160 [ 134.176182][ T6111] shmem_alloc_and_add_folio+0x371/0xd40 [ 134.176229][ T6111] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 134.176272][ T6111] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 134.176320][ T6111] shmem_get_folio_gfp+0x6ab/0x1900 [ 134.176349][ T6111] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 134.176390][ T6111] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 134.176417][ T6111] ? lockdep_hardirqs_on+0x78/0x100 [ 134.176453][ T6111] shmem_fault+0x1f9/0xa20 [ 134.176474][ T6111] ? __lock_acquire+0x4a5/0x2630 [ 134.176498][ T6111] ? __pfx_shmem_fault+0x10/0x10 [ 134.176521][ T6111] ? __up_read+0x2c1/0x6e0 [ 134.176559][ T6111] ? __pfx_filemap_map_pages+0x10/0x10 [ 134.176603][ T6111] __do_fault+0x10b/0x440 [ 134.176626][ T6111] ? find_held_lock+0x2b/0x80 [ 134.176659][ T6111] do_fault+0x2db/0x1750 [ 134.176694][ T6111] __handle_mm_fault+0x187d/0x2a00 [ 134.176734][ T6111] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.176765][ T6111] ? __pfx___handle_mm_fault+0x10/0x10 [ 134.176804][ T6111] ? pte_offset_map_lock+0x174/0x320 [ 134.176831][ T6111] ? find_held_lock+0x2b/0x80 [ 134.176872][ T6111] ? follow_page_pte+0x4d0/0x13f0 [ 134.176906][ T6111] handle_mm_fault+0x36d/0xa20 [ 134.176948][ T6111] __get_user_pages+0x1178/0x32a0 [ 134.176985][ T6111] ? down_read_killable+0x307/0x4b0 [ 134.177023][ T6111] ? __pfx___get_user_pages+0x10/0x10 [ 134.177061][ T6111] faultin_page_range+0x1f1/0x9e0 [ 134.177099][ T6111] madvise_do_behavior+0x354/0x510 [ 134.177134][ T6111] ? __pfx_madvise_do_behavior+0x10/0x10 [ 134.177183][ T6111] do_madvise+0x195/0x240 [ 134.177214][ T6111] ? __pfx_do_madvise+0x10/0x10 [ 134.177246][ T6111] ? do_futex+0x192/0x350 [ 134.177276][ T6111] ? blkcg_maybe_throttle_current+0x5e7/0xeb0 [ 134.177325][ T6111] __x64_sys_madvise+0xa9/0x110 [ 134.177357][ T6111] ? lockdep_hardirqs_on+0x78/0x100 [ 134.177387][ T6111] do_syscall_64+0x10b/0xf80 [ 134.177418][ T6111] ? clear_bhb_loop+0x40/0x90 [ 134.177447][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.177472][ T6111] RIP: 0033:0x7f1604f9cdd9 [ 134.177492][ T6111] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 134.177521][ T6111] RSP: 002b:00007f1605d73028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 134.177544][ T6111] RAX: ffffffffffffffda RBX: 00007f1605215fa0 RCX: 00007f1604f9cdd9 [ 134.177560][ T6111] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 134.177582][ T6111] RBP: 00007f1605032d69 R08: 0000000000000000 R09: 0000000000000000 [ 134.177596][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.177610][ T6111] R13: 00007f1605216038 R14: 00007f1605215fa0 R15: 00007ffe7acd3998 [ 134.177641][ T6111] [ 136.831008][ T6126] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 139.094953][ T6140] openvswitch: &#$@\]\-: Dropping previously announced user features [ 139.687525][ T5635] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 141.541501][ T6171] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5625] was attempted by ""[6171] [ 141.808759][ T6188] misc userio: Invalid payload size [ 141.972401][ T5635] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 142.001840][ T30] audit: type=1804 audit(1843104519.310:2): pid=6187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.68" name="/newroot/12/file0" dev="tmpfs" ino=80 res=1 errno=0 [ 142.386620][ T5635] Bluetooth: hci3: unexpected subevent 0x03 length: 123 > 9 [ 143.680185][ T6203] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 143.722726][ T6203] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 143.756192][ T6203] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 143.788084][ T6203] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 144.526038][ T6193] phram: not enough arguments [ 145.686632][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 145.766542][ T5627] Bluetooth: hci1: command 0x0c1a tx timeout [ 145.772673][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 145.846579][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 146.348507][ T5635] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 147.304978][ T6250] openvswitch: &#$@\]\-: Dropping previously announced user features [ 147.954937][ T6264] Invalid input. Must be >= 4608 [ 148.316011][ T6266] netlink: 8 bytes leftover after parsing attributes in process `syz.3.81'. [ 148.549547][ T6246] phram: not enough arguments [ 149.723488][ T6277] netlink: 330 bytes leftover after parsing attributes in process `syz.2.83'. [ 150.755426][ T6291] Console: switching to colour VGA+ 80x25 [ 150.994352][ T6291] Console: switching to colour frame buffer device 128x48 [ 151.827743][ T5635] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 154.063691][ T6305] phram: not enough arguments [ 159.192877][ T6361] Console: switching to colour VGA+ 80x25 [ 159.531600][ T6374] Console: switching to colour frame buffer device 128x48 [ 161.245556][ T6387] netlink: 334 bytes leftover after parsing attributes in process `syz.0.103'. [ 161.272041][ T6385] netlink: 12 bytes leftover after parsing attributes in process `syz.2.102'. [ 161.729167][ T6385] i: entered promiscuous mode [ 167.021049][ T6438] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5636] was attempted by ""[6438] [ 167.881174][ T6467] netlink: 8 bytes leftover after parsing attributes in process `syz.2.115'. [ 169.101892][ T5635] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 169.129249][ T6461] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 169.178543][ T6461] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 169.213377][ T6461] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 169.246838][ T6461] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 170.076599][ T6496] &#$@\]\-: entered promiscuous mode [ 171.207381][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 171.286487][ T5627] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.292734][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 171.304152][ T6509] openvswitch: &#$@\]\-: Dropping previously announced user features [ 171.391662][ T6493] phram: not enough arguments [ 172.766356][ T30] audit: type=1804 audit(1843104550.050:3): pid=6514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.125" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable" dev="tracefs" ino=19680823 res=1 errno=0 [ 173.582757][ T5635] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 174.283786][ T6554] netlink: 60 bytes leftover after parsing attributes in process `syz.2.130'. [ 174.868189][ T6559] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5626] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[6559] [ 175.478253][ T6564] netlink: 342 bytes leftover after parsing attributes in process `syz.2.132'. [ 176.473513][ T6544] phram: not enough arguments [ 178.474432][ T6593] openvswitch: &#$@\]\-: Dropping previously announced user features [ 182.837872][ T6646] Console: switching to colour VGA+ 80x25 [ 183.220841][ T6649] Console: switching to colour frame buffer device 128x48 [ 183.343557][ T6652] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5636] was attempted by ""[6652] [ 184.021494][ T6656] ======================================================= [ 184.021494][ T6656] WARNING: The mand mount option has been deprecated and [ 184.021494][ T6656] and is ignored by this kernel. Remove the mand [ 184.021494][ T6656] option from the mount to silence this warning. [ 184.021494][ T6656] ======================================================= [ 187.092585][ T5635] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 187.219777][ T6665] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5625] was attempted by ""[6665] [ 187.827231][ T6687] openvswitch: &#$@\]\-: Dropping previously announced user features [ 188.715890][ T6714] ubi0: attaching mtd0 [ 188.971427][ T6714] ubi0: scanning is finished [ 189.066761][ T6714] ubi0: empty MTD device detected [ 190.154572][ T6736] misc userio: Invalid payload size [ 190.278664][ T6714] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 191.522750][ T6751] misc userio: Invalid payload size [ 191.696106][ T6702] phram: not enough arguments [ 192.061121][ T6755] Console: switching to colour VGA+ 80x25 [ 192.192883][ T6760] netlink: 28 bytes leftover after parsing attributes in process `syz.1.160'. [ 192.238647][ T6755] Console: switching to colour frame buffer device 128x48 [ 193.970568][ T5635] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 194.175413][ T6781] netlink: 16 bytes leftover after parsing attributes in process `syz.3.165'. [ 194.410336][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.422748][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.062850][ T5635] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 198.629492][ T6822] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 198.665687][ T6822] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 198.693083][ T6822] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 198.713637][ T6822] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 199.207305][ T6838] phram: not enough arguments [ 199.710923][ T6847] netlink: 130 bytes leftover after parsing attributes in process `syz.3.175'. [ 200.486420][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 200.726644][ T5627] Bluetooth: hci2: command 0x0c1a tx timeout [ 200.732926][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 200.739397][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 202.416350][ T6883] FAULT_INJECTION: forcing a failure. [ 202.416350][ T6883] name failslab, interval 1, probability 0, space 0, times 0 [ 202.473560][ T6883] CPU: 0 UID: 0 PID: 6883 Comm: syz.2.182 Not tainted syzkaller #0 PREEMPT(full) [ 202.473591][ T6883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 202.473605][ T6883] Call Trace: [ 202.473613][ T6883] [ 202.473622][ T6883] dump_stack_lvl+0x100/0x190 [ 202.473656][ T6883] should_fail_ex.cold+0x5/0xa [ 202.473685][ T6883] should_failslab+0xc2/0x120 [ 202.473712][ T6883] __kmalloc_cache_noprof+0x7a/0x6f0 [ 202.473746][ T6883] ? alloc_fdtable+0xbd/0x2d0 [ 202.473770][ T6883] ? find_held_lock+0x2b/0x80 [ 202.473799][ T6883] ? dup_fd+0x924/0xd10 [ 202.473829][ T6883] alloc_fdtable+0xbd/0x2d0 [ 202.473856][ T6883] dup_fd+0x995/0xd10 [ 202.473887][ T6883] ? __fget_files+0x21f/0x3d0 [ 202.473916][ T6883] ksys_unshare+0x802/0xab0 [ 202.473953][ T6883] ? __pfx_ksys_unshare+0x10/0x10 [ 202.473987][ T6883] ? ksys_write+0x1ac/0x250 [ 202.474021][ T6883] __x64_sys_unshare+0x31/0x40 [ 202.474055][ T6883] do_syscall_64+0x10b/0xf80 [ 202.474084][ T6883] ? clear_bhb_loop+0x40/0x90 [ 202.474112][ T6883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.474136][ T6883] RIP: 0033:0x7f3c86d9cdd9 [ 202.474159][ T6883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 202.474180][ T6883] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 202.474202][ T6883] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 202.474217][ T6883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 202.474235][ T6883] RBP: 00007f3c87cdc090 R08: 0000000000000000 R09: 0000000000000000 [ 202.474249][ T6883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.474262][ T6883] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 202.474291][ T6883] [ 203.346832][ T6888] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 203.391327][ T6888] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 203.429106][ T6888] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 203.476914][ T6888] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 204.870237][ T6906] Console: switching to colour VGA+ 80x25 [ 205.141014][ T6908] Console: switching to colour frame buffer device 128x48 [ 205.366458][ T5627] Bluetooth: hci0: command 0x0c1a tx timeout [ 205.446655][ T5627] Bluetooth: hci2: command 0x0c1a tx timeout [ 205.452743][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 205.526704][ T5627] Bluetooth: hci3: command 0x0c1a tx timeout [ 206.732433][ T6922] process 'syz.3.189' launched ':,' with NULL argv: empty string added [ 207.038477][ T5627] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 208.501173][ T6940] zswap: compressor not available [ 208.599291][ T6934] phram: not enough arguments [ 208.673401][ T6944] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 209.090590][ T6959] FAULT_INJECTION: forcing a failure. [ 209.090590][ T6959] name failslab, interval 1, probability 0, space 0, times 0 [ 209.163012][ T6959] CPU: 0 UID: 0 PID: 6959 Comm: syz.1.193 Not tainted syzkaller #0 PREEMPT(full) [ 209.163044][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 209.163057][ T6959] Call Trace: [ 209.163065][ T6959] [ 209.163073][ T6959] dump_stack_lvl+0x100/0x190 [ 209.163101][ T6959] should_fail_ex.cold+0x5/0xa [ 209.163131][ T6959] should_failslab+0xc2/0x120 [ 209.163158][ T6959] __kvmalloc_node_noprof+0xfa/0xa00 [ 209.163180][ T6959] ? alloc_fdtable+0x110/0x2d0 [ 209.163213][ T6959] alloc_fdtable+0x110/0x2d0 [ 209.163239][ T6959] dup_fd+0x995/0xd10 [ 209.163271][ T6959] ? __fget_files+0x21f/0x3d0 [ 209.163300][ T6959] ksys_unshare+0x802/0xab0 [ 209.163336][ T6959] ? __pfx_ksys_unshare+0x10/0x10 [ 209.163370][ T6959] ? ksys_write+0x1ac/0x250 [ 209.163404][ T6959] __x64_sys_unshare+0x31/0x40 [ 209.163438][ T6959] do_syscall_64+0x10b/0xf80 [ 209.163475][ T6959] ? clear_bhb_loop+0x40/0x90 [ 209.163507][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.163531][ T6959] RIP: 0033:0x7f442639cdd9 [ 209.163550][ T6959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 209.163571][ T6959] RSP: 002b:00007f44272a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 209.163593][ T6959] RAX: ffffffffffffffda RBX: 00007f4426615fa0 RCX: 00007f442639cdd9 [ 209.163608][ T6959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 209.163621][ T6959] RBP: 00007f44272a8090 R08: 0000000000000000 R09: 0000000000000000 [ 209.163635][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 209.163648][ T6959] R13: 00007f4426616038 R14: 00007f4426615fa0 R15: 00007ffe260527a8 [ 209.163677][ T6959] [ 209.454782][ T6964] misc userio: Invalid payload size [ 209.947336][ T6959] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 209.947513][ T6959] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 209.947632][ T6959] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 209.947749][ T6959] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 211.853719][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 212.007564][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 212.007600][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 212.007626][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 212.475053][ T6991] netlink: 28 bytes leftover after parsing attributes in process `syz.3.198'. [ 212.728837][ T6991] hsr_slave_0 (unregistering): left promiscuous mode [ 216.426892][ T7027] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.761567][ T7032] netlink: 16 bytes leftover after parsing attributes in process `syz.1.206'. [ 216.771591][ T7027] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.916009][ T7027] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.099617][ T7027] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.235648][ T7036] vivid-007: ================= START STATUS ================= [ 217.312351][ T7036] vivid-007: Generate PTS: true [ 217.388887][ T7036] vivid-007: Generate SCR: true [ 217.463976][ T7036] tpg source WxH: 320x240 (Y'CbCr) [ 217.516361][ T7036] tpg field: 1 [ 217.550792][ T7036] tpg crop: (0,0)/320x240 [ 217.599836][ T7036] tpg compose: (0,0)/320x240 [ 217.654498][ T7036] tpg colorspace: 8 [ 217.713659][ T7036] tpg transfer function: 0/0 [ 217.771478][ T7036] tpg Y'CbCr encoding: 0/0 [ 217.816714][ T7036] tpg quantization: 0/0 [ 217.857735][ T7036] tpg RGB range: 0/2 [ 217.901614][ T7036] vivid-007: ================== END STATUS ================== [ 218.352189][ T7051] Console: switching to colour VGA+ 80x25 [ 218.648777][ T7062] Console: switching to colour frame buffer device 128x48 [ 219.307700][ T7075] FAULT_INJECTION: forcing a failure. [ 219.307700][ T7075] name failslab, interval 1, probability 0, space 0, times 0 [ 219.307735][ T7075] CPU: 0 UID: 0 PID: 7075 Comm: syz.3.216 Not tainted syzkaller #0 PREEMPT(full) [ 219.307761][ T7075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 219.307775][ T7075] Call Trace: [ 219.307782][ T7075] [ 219.307790][ T7075] dump_stack_lvl+0x100/0x190 [ 219.307819][ T7075] should_fail_ex.cold+0x5/0xa [ 219.307848][ T7075] should_failslab+0xc2/0x120 [ 219.307875][ T7075] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 219.307912][ T7075] ? create_new_namespaces+0x30/0xac0 [ 219.307942][ T7075] ? rcu_is_watching+0x12/0xc0 [ 219.307974][ T7075] create_new_namespaces+0x30/0xac0 [ 219.308003][ T7075] ? bpf_lsm_capable+0x9/0x10 [ 219.308029][ T7075] ? security_capable+0x80/0x260 [ 219.308070][ T7075] unshare_nsproxy_namespaces+0xf2/0x220 [ 219.308103][ T7075] ksys_unshare+0x438/0xab0 [ 219.308140][ T7075] ? __pfx_ksys_unshare+0x10/0x10 [ 219.308174][ T7075] ? ksys_write+0x1ac/0x250 [ 219.308209][ T7075] __x64_sys_unshare+0x31/0x40 [ 219.308243][ T7075] do_syscall_64+0x10b/0xf80 [ 219.308272][ T7075] ? clear_bhb_loop+0x40/0x90 [ 219.308300][ T7075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.308324][ T7075] RIP: 0033:0x7f1604f9cdd9 [ 219.308342][ T7075] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.308364][ T7075] RSP: 002b:00007f1605d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 219.308385][ T7075] RAX: ffffffffffffffda RBX: 00007f1605215fa0 RCX: 00007f1604f9cdd9 [ 219.308400][ T7075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 219.308413][ T7075] RBP: 00007f1605d73090 R08: 0000000000000000 R09: 0000000000000000 [ 219.308432][ T7075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.308445][ T7075] R13: 00007f1605216038 R14: 00007f1605215fa0 R15: 00007ffe7acd3998 [ 219.308474][ T7075] [ 219.350283][ T7074] netlink: 17 bytes leftover after parsing attributes in process `syz.0.215'. [ 220.070958][ T7075] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 220.076717][ T7075] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 220.077160][ T7075] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 220.077541][ T7075] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 220.878194][ T5627] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 221.821960][ T7104] phram: not enough arguments [ 221.932565][ T7100] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 221.965741][ T7100] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 221.994054][ T7100] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 222.022809][ T7100] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 222.824063][ T7122] netlink: 56 bytes leftover after parsing attributes in process `syz.3.224'. [ 223.505716][ T7120] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5636] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[7120] [ 223.686590][ T5627] Bluetooth: hci0: command 0x0c1a tx timeout [ 224.006430][ T5627] Bluetooth: hci2: command 0x0c1a tx timeout [ 224.013127][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 224.086785][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 225.611782][ T7153] loop6: detected capacity change from 0 to 8 [ 226.570696][ T7171] misc userio: Invalid payload size [ 226.709299][ T7165] Console: switching to colour VGA+ 80x25 [ 227.043316][ T7177] Console: switching to colour frame buffer device 128x48 [ 228.358365][ T7182] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 228.401610][ T7182] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 228.455891][ T7182] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 228.501975][ T7182] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 229.174351][ T7205] FAULT_INJECTION: forcing a failure. [ 229.174351][ T7205] name failslab, interval 1, probability 0, space 0, times 0 [ 229.246083][ T7205] CPU: 0 UID: 0 PID: 7205 Comm: syz.2.239 Not tainted syzkaller #0 PREEMPT(full) [ 229.246115][ T7205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 229.246130][ T7205] Call Trace: [ 229.246137][ T7205] [ 229.246146][ T7205] dump_stack_lvl+0x100/0x190 [ 229.246177][ T7205] should_fail_ex.cold+0x5/0xa [ 229.246211][ T7205] should_failslab+0xc2/0x120 [ 229.246240][ T7205] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 229.246279][ T7205] ? anon_vma_fork+0x8d/0x6b0 [ 229.246319][ T7205] anon_vma_fork+0x8d/0x6b0 [ 229.246355][ T7205] ? vm_area_dup+0x59d/0x8e0 [ 229.246393][ T7205] dup_mmap+0x141f/0x2180 [ 229.246436][ T7205] ? __pfx_dup_mmap+0x10/0x10 [ 229.246466][ T7205] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 229.246501][ T7205] ? __lock_acquire+0x4a5/0x2630 [ 229.246525][ T7205] ? find_held_lock+0x2b/0x80 [ 229.246555][ T7205] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 229.246603][ T7205] copy_process+0x7b37/0x7fa0 [ 229.246659][ T7205] ? __pfx_copy_process+0x10/0x10 [ 229.246693][ T7205] ? find_held_lock+0x2b/0x80 [ 229.246729][ T7205] ? futex_private_hash_put+0x107/0x1c0 [ 229.246759][ T7205] kernel_clone+0x12e/0x9c0 [ 229.246795][ T7205] ? __pfx_kernel_clone+0x10/0x10 [ 229.246845][ T7205] __do_sys_clone+0xd9/0x120 [ 229.246879][ T7205] ? __pfx___do_sys_clone+0x10/0x10 [ 229.246914][ T7205] ? __fget_files+0x21f/0x3d0 [ 229.246958][ T7205] ? rcu_is_watching+0x12/0xc0 [ 229.246991][ T7205] do_syscall_64+0x10b/0xf80 [ 229.247021][ T7205] ? clear_bhb_loop+0x40/0x90 [ 229.247051][ T7205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.247075][ T7205] RIP: 0033:0x7f3c86d9cdd9 [ 229.247095][ T7205] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 229.247117][ T7205] RSP: 002b:00007f3c87cbafd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 229.247140][ T7205] RAX: ffffffffffffffda RBX: 00007f3c87016090 RCX: 00007f3c86d9cdd9 [ 229.247155][ T7205] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 229.247170][ T7205] RBP: 00007f3c86e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 229.247184][ T7205] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 229.247197][ T7205] R13: 00007f3c87016128 R14: 00007f3c87016090 R15: 00007ffc33aef228 [ 229.247227][ T7205] [ 229.822449][ T7209] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5636] was attempted by ""[7209] [ 230.333713][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 230.413647][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 230.490510][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 230.567694][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 230.691464][ T7219] FAULT_INJECTION: forcing a failure. [ 230.691464][ T7219] name failslab, interval 1, probability 0, space 0, times 0 [ 230.790380][ T7220] netlink: 25 bytes leftover after parsing attributes in process `syz.1.241'. [ 230.877465][ T7219] CPU: 0 UID: 0 PID: 7219 Comm: syz.1.241 Not tainted syzkaller #0 PREEMPT(full) [ 230.877499][ T7219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 230.877514][ T7219] Call Trace: [ 230.877521][ T7219] [ 230.877530][ T7219] dump_stack_lvl+0x100/0x190 [ 230.877560][ T7219] should_fail_ex.cold+0x5/0xa [ 230.877591][ T7219] should_failslab+0xc2/0x120 [ 230.877622][ T7219] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 230.877660][ T7219] ? key_alloc+0xc0f/0x1310 [ 230.877684][ T7219] ? __lock_acquire+0x4a5/0x2630 [ 230.877711][ T7219] key_alloc+0xc0f/0x1310 [ 230.877747][ T7219] ? __pfx_key_alloc+0x10/0x10 [ 230.877771][ T7219] ? __asan_memcpy+0x3c/0x60 [ 230.877814][ T7219] keyring_alloc+0x44/0xc0 [ 230.877846][ T7219] keyctl_get_persistent+0x779/0x8b0 [ 230.877880][ T7219] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 230.877914][ T7219] ? __x64_sys_futex+0x34f/0x4d0 [ 230.877939][ T7219] ? __x64_sys_futex+0x358/0x4d0 [ 230.877969][ T7219] ? ksys_write+0x1ac/0x250 [ 230.878003][ T7219] __do_sys_keyctl+0x3b2/0x5a0 [ 230.878044][ T7219] do_syscall_64+0x10b/0xf80 [ 230.878075][ T7219] ? clear_bhb_loop+0x40/0x90 [ 230.878104][ T7219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.878129][ T7219] RIP: 0033:0x7f442639cdd9 [ 230.878148][ T7219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 230.878170][ T7219] RSP: 002b:00007f4427287028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 230.878193][ T7219] RAX: ffffffffffffffda RBX: 00007f4426616090 RCX: 00007f442639cdd9 [ 230.878208][ T7219] RDX: 00000000fffffffe RSI: ffffffffffffffff RDI: 2000000000000016 [ 230.878223][ T7219] RBP: 00007f4426432d69 R08: 000000000000404e R09: 0000000000000000 [ 230.878238][ T7219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.878252][ T7219] R13: 00007f4426616128 R14: 00007f4426616090 R15: 00007ffe260527a8 [ 230.878288][ T7219] [ 231.616004][ T7237] misc userio: Invalid payload size [ 233.468478][ T7276] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5636] was attempted by ""[7276] [ 233.608392][ T5635] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 233.664967][ T7265] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 233.672721][ T7265] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 233.688290][ T7265] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 233.701665][ T7265] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 234.459888][ T7294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.256'. [ 234.505607][ T7294] netlink: 25 bytes leftover after parsing attributes in process `syz.3.256'. [ 234.623775][ T7303] misc userio: Invalid payload size [ 235.379549][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 235.686778][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 235.766735][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 235.773968][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 237.427385][ T7329] random: crng reseeded on system resumption [ 238.649398][ T7339] syz.3.264 (7339) used greatest stack depth: 19928 bytes left [ 238.808391][ T7334] syz.3.264 (7334) used greatest stack depth: 19720 bytes left [ 238.923230][ T7344] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5626] was attempted by ""[7344] [ 239.021473][ T7354] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 239.703491][ T7369] misc userio: Invalid payload size [ 242.572734][ T7391] Console: switching to colour VGA+ 80x25 [ 242.966158][ T7399] Console: switching to colour frame buffer device 128x48 [ 243.167049][ T7403] __vm_enough_memory: pid: 7403, comm: syz.2.277, bytes: 4398046457856 not enough memory for the allocation [ 243.422926][ T7405] zram0: detected capacity change from 0 to 16 [ 245.043550][ T5635] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 246.587769][ T7448] phram: not enough arguments [ 248.004687][ T5635] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 248.533148][ T7468] FAULT_INJECTION: forcing a failure. [ 248.533148][ T7468] name failslab, interval 1, probability 0, space 0, times 0 [ 248.610199][ T7468] CPU: 0 UID: 0 PID: 7468 Comm: syz.2.289 Not tainted syzkaller #0 PREEMPT(full) [ 248.610230][ T7468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 248.610244][ T7468] Call Trace: [ 248.610253][ T7468] [ 248.610261][ T7468] dump_stack_lvl+0x100/0x190 [ 248.610291][ T7468] should_fail_ex.cold+0x5/0xa [ 248.610320][ T7468] should_failslab+0xc2/0x120 [ 248.610347][ T7468] __kmalloc_cache_noprof+0x7a/0x6f0 [ 248.610380][ T7468] ? alloc_super+0x52/0xd20 [ 248.610418][ T7468] alloc_super+0x52/0xd20 [ 248.610445][ T7468] ? __pfx_mqueue_fill_super+0x10/0x10 [ 248.610477][ T7468] sget_fc+0x117/0xc70 [ 248.610501][ T7468] ? __pfx_set_anon_super_fc+0x10/0x10 [ 248.610525][ T7468] ? __pfx_mqueue_fill_super+0x10/0x10 [ 248.610556][ T7468] get_tree_nodev+0x28/0x190 [ 248.610583][ T7468] mqueue_get_tree+0xf1/0x130 [ 248.610615][ T7468] vfs_get_tree+0x92/0x320 [ 248.610636][ T7468] fc_mount_longterm+0x1a/0x270 [ 248.610661][ T7468] mq_init_ns+0x482/0x820 [ 248.610699][ T7468] copy_ipcs+0x3dd/0x7e0 [ 248.610721][ T7468] create_new_namespaces+0x20a/0xac0 [ 248.610752][ T7468] ? security_capable+0x80/0x260 [ 248.610789][ T7468] unshare_nsproxy_namespaces+0xf2/0x220 [ 248.610823][ T7468] ksys_unshare+0x438/0xab0 [ 248.610859][ T7468] ? __pfx_ksys_unshare+0x10/0x10 [ 248.610894][ T7468] ? ksys_write+0x1ac/0x250 [ 248.610927][ T7468] __x64_sys_unshare+0x31/0x40 [ 248.610961][ T7468] do_syscall_64+0x10b/0xf80 [ 248.610991][ T7468] ? clear_bhb_loop+0x40/0x90 [ 248.611019][ T7468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.611043][ T7468] RIP: 0033:0x7f3c86d9cdd9 [ 248.611061][ T7468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 248.611082][ T7468] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 248.611104][ T7468] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 248.611119][ T7468] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 248.611132][ T7468] RBP: 00007f3c87cdc090 R08: 0000000000000000 R09: 0000000000000000 [ 248.611146][ T7468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 248.611159][ T7468] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 248.611187][ T7468] [ 249.840471][ T7469] phram: not enough arguments [ 249.928592][ T7470] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 249.956288][ T7470] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 249.975592][ T7470] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 249.996029][ T7470] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 251.285397][ T7488] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 251.346781][ T7488] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 251.407799][ T7488] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 251.465772][ T7488] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 251.672184][ T7498] mmap: syz.2.293 (7498) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 252.608533][ T7511] netlink: 16 bytes leftover after parsing attributes in process `syz.1.295'. [ 252.730032][ T7511] &#$@\]\-: entered allmulticast mode [ 253.126349][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 253.370576][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 253.448549][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 253.526563][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 255.852542][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.865539][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.344102][ T7559] FAULT_INJECTION: forcing a failure. [ 256.344102][ T7559] name failslab, interval 1, probability 0, space 0, times 0 [ 256.659935][ T7559] CPU: 0 UID: 0 PID: 7559 Comm: syz.2.305 Tainted: G L syzkaller #0 PREEMPT(full) [ 256.659973][ T7559] Tainted: [L]=SOFTLOCKUP [ 256.659982][ T7559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 256.659996][ T7559] Call Trace: [ 256.660003][ T7559] [ 256.660012][ T7559] dump_stack_lvl+0x100/0x190 [ 256.660042][ T7559] should_fail_ex.cold+0x5/0xa [ 256.660073][ T7559] should_failslab+0xc2/0x120 [ 256.660102][ T7559] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 256.660142][ T7559] ? alloc_inode+0x183/0x250 [ 256.660178][ T7559] ? do_futex+0x192/0x350 [ 256.660209][ T7559] alloc_inode+0x183/0x250 [ 256.660246][ T7559] create_pipe_files+0x4c/0x970 [ 256.660281][ T7559] do_pipe2+0xbd/0x1e0 [ 256.660311][ T7559] ? __pfx_do_pipe2+0x10/0x10 [ 256.660340][ T7559] ? xfd_validate_state+0x129/0x190 [ 256.660374][ T7559] __x64_sys_pipe+0x33/0x50 [ 256.660405][ T7559] do_syscall_64+0x10b/0xf80 [ 256.660436][ T7559] ? clear_bhb_loop+0x40/0x90 [ 256.660465][ T7559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.660490][ T7559] RIP: 0033:0x7f3c86d9cdd9 [ 256.660509][ T7559] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 256.660532][ T7559] RSP: 002b:00007f3c87c9a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 256.660555][ T7559] RAX: ffffffffffffffda RBX: 00007f3c87016180 RCX: 00007f3c86d9cdd9 [ 256.660577][ T7559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 256.660591][ T7559] RBP: 00007f3c86e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 256.660605][ T7559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.660619][ T7559] R13: 00007f3c87016218 R14: 00007f3c87016180 R15: 00007ffc33aef228 [ 256.660649][ T7559] [ 259.206326][ T5635] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 260.504222][ T7589] Console: switching to colour VGA+ 80x25 [ 261.296787][ T7601] Console: switching to colour frame buffer device 128x48 [ 265.885898][ T7647] random: crng reseeded on system resumption [ 268.064530][ T5635] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 268.701820][ T7675] phram: not enough arguments [ 268.890977][ T7679] FAULT_INJECTION: forcing a failure. [ 268.890977][ T7679] name failslab, interval 1, probability 0, space 0, times 0 [ 269.182671][ T7679] CPU: 0 UID: 0 PID: 7679 Comm: syz.2.329 Tainted: G L syzkaller #0 PREEMPT(full) [ 269.182709][ T7679] Tainted: [L]=SOFTLOCKUP [ 269.182717][ T7679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 269.182731][ T7679] Call Trace: [ 269.182738][ T7679] [ 269.182747][ T7679] dump_stack_lvl+0x100/0x190 [ 269.182779][ T7679] should_fail_ex.cold+0x5/0xa [ 269.182809][ T7679] ? __list_lru_init+0xd9/0x4b0 [ 269.182846][ T7679] should_failslab+0xc2/0x120 [ 269.182873][ T7679] __kmalloc_noprof+0xe0/0x850 [ 269.182918][ T7679] __list_lru_init+0xd9/0x4b0 [ 269.182957][ T7679] alloc_super+0x926/0xd20 [ 269.182985][ T7679] ? __pfx_mqueue_fill_super+0x10/0x10 [ 269.183019][ T7679] sget_fc+0x117/0xc70 [ 269.183043][ T7679] ? __pfx_set_anon_super_fc+0x10/0x10 [ 269.183068][ T7679] ? __pfx_mqueue_fill_super+0x10/0x10 [ 269.183100][ T7679] get_tree_nodev+0x28/0x190 [ 269.183127][ T7679] mqueue_get_tree+0xf1/0x130 [ 269.183160][ T7679] vfs_get_tree+0x92/0x320 [ 269.183182][ T7679] fc_mount_longterm+0x1a/0x270 [ 269.183208][ T7679] mq_init_ns+0x482/0x820 [ 269.183247][ T7679] copy_ipcs+0x3dd/0x7e0 [ 269.183270][ T7679] create_new_namespaces+0x20a/0xac0 [ 269.183302][ T7679] ? security_capable+0x80/0x260 [ 269.183340][ T7679] unshare_nsproxy_namespaces+0xf2/0x220 [ 269.183375][ T7679] ksys_unshare+0x438/0xab0 [ 269.183413][ T7679] ? __pfx_ksys_unshare+0x10/0x10 [ 269.183448][ T7679] ? ksys_write+0x1ac/0x250 [ 269.183504][ T7679] __x64_sys_unshare+0x31/0x40 [ 269.183539][ T7679] do_syscall_64+0x10b/0xf80 [ 269.183569][ T7679] ? clear_bhb_loop+0x40/0x90 [ 269.183597][ T7679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.183620][ T7679] RIP: 0033:0x7f3c86d9cdd9 [ 269.183638][ T7679] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 269.183659][ T7679] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 269.183680][ T7679] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 269.183695][ T7679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 269.183708][ T7679] RBP: 00007f3c87cdc090 R08: 0000000000000000 R09: 0000000000000000 [ 269.183725][ T7679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 269.183738][ T7679] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 269.183767][ T7679] [ 270.587854][ T7683] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 270.676478][ T7683] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 270.754834][ T7683] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 270.836627][ T7683] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 272.646672][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 272.726347][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 272.806280][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 272.887884][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 276.450916][ T7738] ubi0: attaching mtd0 [ 276.527534][ T7738] ubi0: scanning is finished [ 276.648645][ T7742] ima: policy update failed [ 276.711457][ T30] audit: type=1802 audit(1843104520.250:4): pid=7742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.340" res=0 errno=0 [ 277.021996][ T7738] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 277.168946][ T7738] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 277.351209][ T7738] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 277.514379][ T7738] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 277.713735][ T7738] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 277.929488][ T7738] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 278.143349][ T7738] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 600874279 [ 278.304737][ T7738] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 278.443505][ T7750] ubi0: background thread "ubi_bgt0d" started, PID 7750 [ 278.460516][ T7740] ubi0: detaching mtd0 [ 278.579322][ T7740] ubi0: mtd0 is detached [ 279.581586][ T7766] FAULT_INJECTION: forcing a failure. [ 279.581586][ T7766] name fail_futex, interval 1, probability 0, space 0, times 1 [ 279.657175][ T7766] CPU: 0 UID: 0 PID: 7766 Comm: syz.0.343 Tainted: G L syzkaller #0 PREEMPT(full) [ 279.657214][ T7766] Tainted: [L]=SOFTLOCKUP [ 279.657222][ T7766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 279.657237][ T7766] Call Trace: [ 279.657244][ T7766] [ 279.657253][ T7766] dump_stack_lvl+0x100/0x190 [ 279.657282][ T7766] should_fail_ex.cold+0x5/0xa [ 279.657313][ T7766] get_futex_key+0x1d2/0x1510 [ 279.657340][ T7766] ? __pfx_get_futex_key+0x10/0x10 [ 279.657362][ T7766] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.657397][ T7766] futex_wake+0xea/0x530 [ 279.657430][ T7766] ? __pfx_futex_wake+0x10/0x10 [ 279.657464][ T7766] ? __lock_acquire+0x4a5/0x2630 [ 279.657494][ T7766] do_futex+0x32b/0x350 [ 279.657520][ T7766] ? __pfx_do_futex+0x10/0x10 [ 279.657547][ T7766] ? find_held_lock+0x2b/0x80 [ 279.657582][ T7766] ? setid_policy_lookup+0x10c/0x350 [ 279.657617][ T7766] __x64_sys_futex+0x34f/0x4d0 [ 279.657647][ T7766] ? __pfx___x64_sys_futex+0x10/0x10 [ 279.657679][ T7766] ? rcu_is_watching+0x12/0xc0 [ 279.657711][ T7766] do_syscall_64+0x10b/0xf80 [ 279.657741][ T7766] ? clear_bhb_loop+0x40/0x90 [ 279.657770][ T7766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.657795][ T7766] RIP: 0033:0x7ff144b9cdd9 [ 279.657814][ T7766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.657836][ T7766] RSP: 002b:00007ff142dee0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 279.657859][ T7766] RAX: ffffffffffffffda RBX: 00007ff144e15fa8 RCX: 00007ff144b9cdd9 [ 279.657874][ T7766] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff144e15fac [ 279.657889][ T7766] RBP: 00007ff144e15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 279.657903][ T7766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 279.657917][ T7766] R13: 00007ff144e16038 R14: 00007ffcbb08fcb0 R15: 00007ffcbb08fd98 [ 279.657947][ T7766] [ 283.334832][ T7816] misc userio: Invalid payload size [ 284.089835][ T7793] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 284.143288][ T7793] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 284.226067][ T7793] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 284.269376][ T7793] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 285.670123][ T7859] program syz.2.360 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.772370][ T7841] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 285.810761][ T7841] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 285.835661][ T7841] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 285.869361][ T7841] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 287.446475][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 287.671392][ T7906] netlink: 28 bytes leftover after parsing attributes in process `syz.2.368'. [ 287.800067][ T7906] geneve0: entered promiscuous mode [ 287.840501][ T7906] geneve0: entered allmulticast mode [ 287.846671][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 287.852744][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 287.926371][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 288.642884][ T7925] syz.0.369 uses obsolete (PF_INET,SOCK_PACKET) [ 288.681130][ T7923] Console: switching to colour VGA+ 80x25 [ 288.944645][ T7904] slcan: can't register candev [ 288.961569][ T7923] Console: switching to colour frame buffer device 128x48 [ 289.198466][ T7929] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 289.239133][ T7929] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 289.274423][ T7929] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 289.302756][ T7929] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 289.610014][ T7934] netlink: 16 bytes leftover after parsing attributes in process `syz.2.373'. [ 289.662076][ T7934] netlink: 8 bytes leftover after parsing attributes in process `syz.2.373'. [ 289.695391][ T7934] binder: 7933:7934 ioctl c018620c 200000000300 returned -22 [ 291.046399][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 291.286424][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 291.286472][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 291.367634][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 295.201944][ T8032] netlink: 20 bytes leftover after parsing attributes in process `syz.1.393'. [ 295.283886][ T8041] misc userio: Invalid payload size [ 295.550409][ T8046] FAULT_INJECTION: forcing a failure. [ 295.550409][ T8046] name failslab, interval 1, probability 0, space 0, times 0 [ 295.550451][ T8046] CPU: 0 UID: 0 PID: 8046 Comm: syz.0.394 Tainted: G L syzkaller #0 PREEMPT(full) [ 295.550485][ T8046] Tainted: [L]=SOFTLOCKUP [ 295.550500][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 295.550514][ T8046] Call Trace: [ 295.550521][ T8046] [ 295.550530][ T8046] dump_stack_lvl+0x100/0x190 [ 295.550559][ T8046] should_fail_ex.cold+0x5/0xa [ 295.550590][ T8046] should_failslab+0xc2/0x120 [ 295.550617][ T8046] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 295.550656][ T8046] ? ptlock_alloc+0x1f/0x70 [ 295.550696][ T8046] ptlock_alloc+0x1f/0x70 [ 295.550730][ T8046] pte_alloc_one+0x82/0x3d0 [ 295.550764][ T8046] __pte_alloc+0x6d/0x3e0 [ 295.550790][ T8046] ? __pfx___pte_alloc+0x10/0x10 [ 295.550818][ T8046] ? __vma_start_exclude_readers+0x238/0x810 [ 295.550852][ T8046] ? walk_to_pmd+0x302/0x4c0 [ 295.550885][ T8046] get_locked_pte+0xa1/0xc0 [ 295.550918][ T8046] insert_page+0xcc/0x220 [ 295.550949][ T8046] ? __pfx_insert_page+0x10/0x10 [ 295.550979][ T8046] ? __pfx_down_read_trylock+0x10/0x10 [ 295.551014][ T8046] vm_insert_page+0x2c0/0x400 [ 295.551049][ T8046] kcov_mmap+0xca/0x130 [ 295.551083][ T8046] __mmap_region+0x13e1/0x2da0 [ 295.551126][ T8046] ? __pfx___mmap_region+0x10/0x10 [ 295.551189][ T8046] ? find_held_lock+0x2b/0x80 [ 295.551219][ T8046] ? ima_match_policy+0x8c4/0x2350 [ 295.551244][ T8046] ? ima_match_policy+0x8c4/0x2350 [ 295.551299][ T8046] ? process_measurement+0x4c8/0x2350 [ 295.551382][ T8046] mmap_region+0x527/0x620 [ 295.551406][ T8046] ? __pfx_mmap_region+0x10/0x10 [ 295.551431][ T8046] ? cap_mmap_addr+0x4b/0x120 [ 295.551466][ T8046] ? bpf_lsm_mmap_addr+0x9/0x30 [ 295.551493][ T8046] ? security_mmap_addr+0x71/0x1e0 [ 295.551520][ T8046] ? __get_unmapped_area+0x255/0x3e0 [ 295.551553][ T8046] do_mmap+0xc63/0x12f0 [ 295.551587][ T8046] ? __pfx_do_mmap+0x10/0x10 [ 295.551617][ T8046] ? __pfx_down_write_killable+0x10/0x10 [ 295.551659][ T8046] vm_mmap_pgoff+0x29e/0x470 [ 295.551694][ T8046] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 295.551722][ T8046] ? __fget_files+0x215/0x3d0 [ 295.551755][ T8046] ? __fget_files+0x21f/0x3d0 [ 295.551788][ T8046] ksys_mmap_pgoff+0x3cb/0x610 [ 295.551817][ T8046] ? __x64_sys_futex+0x358/0x4d0 [ 295.551844][ T8046] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 295.551872][ T8046] ? xfd_validate_state+0x129/0x190 [ 295.551896][ T8046] ? ksys_write+0x1ac/0x250 [ 295.551928][ T8046] __x64_sys_mmap+0x125/0x190 [ 295.551957][ T8046] do_syscall_64+0x10b/0xf80 [ 295.551987][ T8046] ? clear_bhb_loop+0x40/0x90 [ 295.552016][ T8046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.552041][ T8046] RIP: 0033:0x7ff144b9cdd9 [ 295.552060][ T8046] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 295.552083][ T8046] RSP: 002b:00007ff142dcd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 295.552105][ T8046] RAX: ffffffffffffffda RBX: 00007ff144e16090 RCX: 00007ff144b9cdd9 [ 295.552121][ T8046] RDX: 0000000000000007 RSI: 00000000003fffff RDI: 0000000000000000 [ 295.552135][ T8046] RBP: 00007ff144c32d69 R08: 00000000000000dd R09: 0000000000000000 [ 295.552149][ T8046] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 295.552163][ T8046] R13: 00007ff144e16128 R14: 00007ff144e16090 R15: 00007ffcbb08fd98 [ 295.552193][ T8046] [ 295.567566][ T8046] kcov: kcov: vm_insert_page() failed [ 296.432427][ T30] audit: type=1804 audit(1843104519.850:5): pid=8048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.395" name="/newroot/sys/kernel/tracing/error_log" dev="tracefs" ino=628 res=1 errno=0 [ 297.668632][ T8071] netlink: 'syz.1.399': attribute type 5 has an invalid length. [ 297.668654][ T8071] netlink: 'syz.1.399': attribute type 1 has an invalid length. [ 297.668669][ T8071] netlink: 12 bytes leftover after parsing attributes in process `syz.1.399'. [ 298.412716][ T8091] netlink: 20 bytes leftover after parsing attributes in process `syz.0.403'. [ 301.897273][ T8115] syz.1.408 (8115) used greatest stack depth: 18816 bytes left [ 302.697652][ T8136] misc userio: Invalid payload size [ 302.769970][ T8138] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 303.776103][ T8149] random: crng reseeded on system resumption [ 304.412145][ T8154] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 304.548382][ T8154] pci 0000:00:01.3: PCI INT A: no GSI [ 304.782959][ T8153] netlink: 20 bytes leftover after parsing attributes in process `syz.0.415'. [ 310.679266][ T8192] Console: switching to colour VGA+ 80x25 [ 311.108285][ T8223] Console: switching to colour frame buffer device 128x48 [ 317.237004][ T8268] FAULT_INJECTION: forcing a failure. [ 317.237004][ T8268] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 317.291701][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.301924][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.435414][ T8268] CPU: 0 UID: 0 PID: 8268 Comm: syz.1.439 Tainted: G L syzkaller #0 PREEMPT(full) [ 317.435450][ T8268] Tainted: [L]=SOFTLOCKUP [ 317.435457][ T8268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 317.435477][ T8268] Call Trace: [ 317.435484][ T8268] [ 317.435493][ T8268] dump_stack_lvl+0x100/0x190 [ 317.435523][ T8268] should_fail_ex.cold+0x5/0xa [ 317.435548][ T8268] ? prepare_alloc_pages+0x16d/0x5f0 [ 317.435579][ T8268] should_fail_alloc_page+0xeb/0x140 [ 317.435608][ T8268] prepare_alloc_pages+0x1f0/0x5f0 [ 317.435641][ T8268] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 317.435694][ T8268] ? __lock_acquire+0x4a5/0x2630 [ 317.435715][ T8268] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 317.435758][ T8268] ? __lock_acquire+0x4a5/0x2630 [ 317.435779][ T8268] ? __lock_acquire+0x4a5/0x2630 [ 317.435810][ T8268] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 317.435846][ T8268] ? policy_nodemask+0xed/0x4f0 [ 317.435874][ T8268] alloc_pages_mpol+0x1fb/0x540 [ 317.435901][ T8268] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 317.435926][ T8268] ? __pfx__kstrtoull+0x10/0x10 [ 317.435961][ T8268] alloc_pages_noprof+0x1a/0x160 [ 317.435992][ T8268] get_free_pages_noprof+0x10/0xb0 [ 317.436017][ T8268] vcs_read+0xba/0xc00 [ 317.436044][ T8268] ? __pfx___might_resched+0x10/0x10 [ 317.436071][ T8268] ? iovec_from_user+0xda/0x140 [ 317.436100][ T8268] ? __pfx_vcs_read+0x10/0x10 [ 317.436126][ T8268] ? bpf_lsm_file_permission+0x9/0x10 [ 317.436153][ T8268] ? security_file_permission+0x76/0x210 [ 317.436183][ T8268] ? rw_verify_area+0xce/0x6d0 [ 317.436207][ T8268] ? __pfx_vcs_read+0x10/0x10 [ 317.436233][ T8268] vfs_readv+0x5d8/0x8d0 [ 317.436264][ T8268] ? __pfx_vfs_readv+0x10/0x10 [ 317.436288][ T8268] ? find_held_lock+0x2b/0x80 [ 317.436333][ T8268] ? __fget_files+0x21f/0x3d0 [ 317.436366][ T8268] ? do_preadv+0x1ac/0x270 [ 317.436387][ T8268] do_preadv+0x1ac/0x270 [ 317.436412][ T8268] ? __pfx_do_preadv+0x10/0x10 [ 317.436437][ T8268] ? rcu_is_watching+0x12/0xc0 [ 317.436468][ T8268] do_syscall_64+0x10b/0xf80 [ 317.436497][ T8268] ? clear_bhb_loop+0x40/0x90 [ 317.436525][ T8268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.436548][ T8268] RIP: 0033:0x7f442639cdd9 [ 317.436566][ T8268] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 317.436587][ T8268] RSP: 002b:00007f44272a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 317.436612][ T8268] RAX: ffffffffffffffda RBX: 00007f4426615fa0 RCX: 00007f442639cdd9 [ 317.436640][ T8268] RDX: 0000000000000004 RSI: 0000200000000240 RDI: 0000000000000003 [ 317.436653][ T8268] RBP: 00007f44272a8090 R08: 0000000000000006 R09: 0000000000000000 [ 317.436666][ T8268] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001 [ 317.436697][ T8268] R13: 00007f4426616038 R14: 00007f4426615fa0 R15: 00007ffe260527a8 [ 317.436726][ T8268] [ 318.445772][ T8271] Console: switching to colour VGA+ 80x25 [ 318.763909][ T8274] Console: switching to colour frame buffer device 128x48 [ 319.167583][ T8276] FAULT_INJECTION: forcing a failure. [ 319.167583][ T8276] name failslab, interval 1, probability 0, space 0, times 0 [ 319.228299][ T8276] CPU: 0 UID: 0 PID: 8276 Comm: syz.2.441 Tainted: G L syzkaller #0 PREEMPT(full) [ 319.228334][ T8276] Tainted: [L]=SOFTLOCKUP [ 319.228342][ T8276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 319.228354][ T8276] Call Trace: [ 319.228362][ T8276] [ 319.228370][ T8276] dump_stack_lvl+0x100/0x190 [ 319.228398][ T8276] should_fail_ex.cold+0x5/0xa [ 319.228427][ T8276] should_failslab+0xc2/0x120 [ 319.228452][ T8276] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 319.228488][ T8276] ? __d_alloc+0x34/0xa40 [ 319.228522][ T8276] ? __pfx_mqueue_fill_super+0x10/0x10 [ 319.228553][ T8276] __d_alloc+0x34/0xa40 [ 319.228584][ T8276] ? __pfx_mqueue_fill_super+0x10/0x10 [ 319.228614][ T8276] d_make_root+0x3e/0x90 [ 319.228663][ T8276] mqueue_fill_super+0x175/0x260 [ 319.228695][ T8276] get_tree_nodev+0xdd/0x190 [ 319.228722][ T8276] mqueue_get_tree+0xf1/0x130 [ 319.228754][ T8276] vfs_get_tree+0x92/0x320 [ 319.228775][ T8276] fc_mount_longterm+0x1a/0x270 [ 319.228799][ T8276] mq_init_ns+0x482/0x820 [ 319.228837][ T8276] copy_ipcs+0x3dd/0x7e0 [ 319.228859][ T8276] create_new_namespaces+0x20a/0xac0 [ 319.228901][ T8276] ? security_capable+0x80/0x260 [ 319.228939][ T8276] unshare_nsproxy_namespaces+0xf2/0x220 [ 319.228990][ T8276] ksys_unshare+0x438/0xab0 [ 319.229032][ T8276] ? __pfx_ksys_unshare+0x10/0x10 [ 319.229066][ T8276] ? ksys_write+0x1ac/0x250 [ 319.229100][ T8276] __x64_sys_unshare+0x31/0x40 [ 319.229134][ T8276] do_syscall_64+0x10b/0xf80 [ 319.229164][ T8276] ? clear_bhb_loop+0x40/0x90 [ 319.229192][ T8276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.229215][ T8276] RIP: 0033:0x7f3c86d9cdd9 [ 319.229233][ T8276] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 319.229254][ T8276] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 319.229276][ T8276] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 319.229290][ T8276] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 319.229304][ T8276] RBP: 00007f3c87cdc090 R08: 0000000000000000 R09: 0000000000000000 [ 319.229317][ T8276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 319.229330][ T8276] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 319.229359][ T8276] [ 321.556643][ T8277] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 321.589268][ T8277] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 321.615685][ T8277] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 321.642663][ T8277] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 323.549493][ T8310] misc userio: Invalid payload size [ 323.606288][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 323.606323][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 323.687726][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 323.687763][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 323.880109][ T8319] netlink: 28 bytes leftover after parsing attributes in process `syz.1.446'. [ 328.165243][ T8358] FAULT_INJECTION: forcing a failure. [ 328.165243][ T8358] name failslab, interval 1, probability 0, space 0, times 0 [ 328.417042][ T8358] CPU: 0 UID: 0 PID: 8358 Comm: syz.3.452 Tainted: G L syzkaller #0 PREEMPT(full) [ 328.417077][ T8358] Tainted: [L]=SOFTLOCKUP [ 328.417085][ T8358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 328.417097][ T8358] Call Trace: [ 328.417104][ T8358] [ 328.417112][ T8358] dump_stack_lvl+0x100/0x190 [ 328.417139][ T8358] should_fail_ex.cold+0x5/0xa [ 328.417167][ T8358] should_failslab+0xc2/0x120 [ 328.417192][ T8358] __kmalloc_cache_node_noprof+0x7d/0x770 [ 328.417216][ T8358] ? alloc_shrinker_info+0x192/0x470 [ 328.417245][ T8358] alloc_shrinker_info+0x192/0x470 [ 328.417272][ T8358] ? __pfx_mem_cgroup_css_online+0x10/0x10 [ 328.417314][ T8358] mem_cgroup_css_online+0xa4/0xbf0 [ 328.417352][ T8358] ? __pfx_mem_cgroup_css_online+0x10/0x10 [ 328.417388][ T8358] online_css+0xb2/0x350 [ 328.417414][ T8358] cgroup_apply_control_enable+0xa8d/0xdd0 [ 328.417453][ T8358] cgroup_mkdir+0x59c/0x1310 [ 328.417487][ T8358] ? __pfx_cgroup_mkdir+0x10/0x10 [ 328.417519][ T8358] kernfs_iop_mkdir+0x111/0x190 [ 328.417545][ T8358] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 328.417579][ T8358] vfs_mkdir+0x361/0x850 [ 328.417618][ T8358] filename_mkdirat+0x48b/0x5e0 [ 328.417650][ T8358] ? __pfx_filename_mkdirat+0x10/0x10 [ 328.417679][ T8358] ? strncpy_from_user+0x19d/0x2d0 [ 328.417704][ T8358] ? do_getname+0x191/0x390 [ 328.417738][ T8358] __x64_sys_mkdir+0x6b/0x90 [ 328.417767][ T8358] do_syscall_64+0x10b/0xf80 [ 328.417796][ T8358] ? clear_bhb_loop+0x40/0x90 [ 328.417826][ T8358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.417848][ T8358] RIP: 0033:0x7f1604f9cdd9 [ 328.417866][ T8358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.417886][ T8358] RSP: 002b:00007f1602db2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 328.417907][ T8358] RAX: ffffffffffffffda RBX: 00007f1605216270 RCX: 00007f1604f9cdd9 [ 328.417921][ T8358] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 328.417934][ T8358] RBP: 00007f1605032d69 R08: 0000000000000000 R09: 0000000000000000 [ 328.417946][ T8358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.417959][ T8358] R13: 00007f1605216308 R14: 00007f1605216270 R15: 00007ffe7acd3998 [ 328.417987][ T8358] [ 329.293114][ T8371] netlink: 334 bytes leftover after parsing attributes in process `syz.0.455'. [ 330.320481][ T8388] misc userio: Invalid payload size [ 331.006525][ T8393] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 331.034875][ T8393] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 331.062804][ T8393] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 331.092079][ T8393] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 331.240431][ T30] audit: type=1800 audit(1843104520.060:6): pid=8398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.459" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 332.549635][ T8402] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 332.620173][ T8402] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 332.713995][ T8402] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 332.802051][ T8402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 333.119580][ T8414] openvswitch: &#$@\]\-: Dropping previously announced user features [ 334.566420][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 334.646258][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 334.726442][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 334.806535][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 334.859610][ T8442] misc userio: Invalid payload size [ 335.539002][ T8449] FAULT_INJECTION: forcing a failure. [ 335.539002][ T8449] name failslab, interval 1, probability 0, space 0, times 0 [ 335.637677][ T8449] CPU: 0 UID: 0 PID: 8449 Comm: syz.3.469 Tainted: G L syzkaller #0 PREEMPT(full) [ 335.637712][ T8449] Tainted: [L]=SOFTLOCKUP [ 335.637719][ T8449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 335.637731][ T8449] Call Trace: [ 335.637738][ T8449] [ 335.637746][ T8449] dump_stack_lvl+0x100/0x190 [ 335.637774][ T8449] should_fail_ex.cold+0x5/0xa [ 335.637803][ T8449] should_failslab+0xc2/0x120 [ 335.637829][ T8449] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 335.637853][ T8449] ? kvasprintf_const+0x66/0x1a0 [ 335.637875][ T8449] ? do_raw_spin_lock+0x128/0x260 [ 335.637905][ T8449] kvasprintf+0xbc/0x150 [ 335.637926][ T8449] ? __pfx_kvasprintf+0x10/0x10 [ 335.637950][ T8449] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 335.637977][ T8449] ? __debug_object_init+0x2de/0x3d0 [ 335.638016][ T8449] kvasprintf_const+0x66/0x1a0 [ 335.638039][ T8449] kobject_set_name_vargs+0x5a/0x140 [ 335.638076][ T8449] dev_set_name+0xc7/0x100 [ 335.638108][ T8449] ? __pfx_dev_set_name+0x10/0x10 [ 335.638142][ T8449] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 335.638177][ T8449] ? lockdep_init_map_type+0x5c/0x250 [ 335.638201][ T8449] ? __init_waitqueue_head+0xca/0x150 [ 335.638233][ T8449] wakeup_source_device_create+0x204/0x2e0 [ 335.638265][ T8449] wakeup_source_sysfs_add+0x1c/0x90 [ 335.638294][ T8449] wakeup_source_register+0x154/0x3e0 [ 335.638328][ T8449] ep_create_wakeup_source+0x1df/0x2e0 [ 335.638357][ T8449] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 335.638390][ T8449] ? find_held_lock+0x2b/0x80 [ 335.638418][ T8449] ? do_epoll_ctl+0x26dc/0x36a0 [ 335.638447][ T8449] ? do_epoll_ctl+0x26dc/0x36a0 [ 335.638480][ T8449] do_epoll_ctl+0x1eee/0x36a0 [ 335.638521][ T8449] ? __pfx_do_epoll_ctl+0x10/0x10 [ 335.638549][ T8449] ? find_held_lock+0x2b/0x80 [ 335.638576][ T8449] ? __might_fault+0xc5/0x140 [ 335.638629][ T8449] ? __might_fault+0xc5/0x140 [ 335.638674][ T8449] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 335.638704][ T8449] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 335.638749][ T8449] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 335.638783][ T8449] ? rcu_is_watching+0x12/0xc0 [ 335.638813][ T8449] do_syscall_64+0x10b/0xf80 [ 335.638841][ T8449] ? clear_bhb_loop+0x40/0x90 [ 335.638868][ T8449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.638890][ T8449] RIP: 0033:0x7f1604f9cdd9 [ 335.638908][ T8449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 335.638928][ T8449] RSP: 002b:00007f1605d73028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 335.638951][ T8449] RAX: ffffffffffffffda RBX: 00007f1605215fa0 RCX: 00007f1604f9cdd9 [ 335.638965][ T8449] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000008 [ 335.638996][ T8449] RBP: 00007f1605d73090 R08: 0000000000000000 R09: 0000000000000000 [ 335.639010][ T8449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.639023][ T8449] R13: 00007f1605216038 R14: 00007f1605215fa0 R15: 00007ffe7acd3998 [ 335.639052][ T8449] [ 339.527313][ T8496] FAULT_INJECTION: forcing a failure. [ 339.527313][ T8496] name failslab, interval 1, probability 0, space 0, times 0 [ 339.571003][ T8496] CPU: 0 UID: 0 PID: 8496 Comm: syz.1.481 Tainted: G L syzkaller #0 PREEMPT(full) [ 339.571039][ T8496] Tainted: [L]=SOFTLOCKUP [ 339.571047][ T8496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 339.571060][ T8496] Call Trace: [ 339.571067][ T8496] [ 339.571075][ T8496] dump_stack_lvl+0x100/0x190 [ 339.571105][ T8496] should_fail_ex.cold+0x5/0xa [ 339.571134][ T8496] should_failslab+0xc2/0x120 [ 339.571160][ T8496] __kmalloc_cache_noprof+0x7a/0x6f0 [ 339.571197][ T8496] ? device_add+0xd3a/0x1950 [ 339.571231][ T8496] device_add+0xd3a/0x1950 [ 339.571258][ T8496] ? dev_set_name+0xc7/0x100 [ 339.571290][ T8496] ? __pfx_dev_set_name+0x10/0x10 [ 339.571321][ T8496] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 339.571354][ T8496] ? __pfx_device_add+0x10/0x10 [ 339.571383][ T8496] ? lockdep_init_map_type+0x5c/0x250 [ 339.571407][ T8496] ? __init_waitqueue_head+0xca/0x150 [ 339.571440][ T8496] wakeup_source_device_create+0x243/0x2e0 [ 339.571473][ T8496] wakeup_source_sysfs_add+0x1c/0x90 [ 339.571502][ T8496] wakeup_source_register+0x154/0x3e0 [ 339.571528][ T8496] ep_create_wakeup_source+0x1df/0x2e0 [ 339.571558][ T8496] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 339.571592][ T8496] ? find_held_lock+0x2b/0x80 [ 339.571621][ T8496] ? do_epoll_ctl+0x26dc/0x36a0 [ 339.571650][ T8496] ? do_epoll_ctl+0x26dc/0x36a0 [ 339.571685][ T8496] do_epoll_ctl+0x1eee/0x36a0 [ 339.571727][ T8496] ? __pfx_do_epoll_ctl+0x10/0x10 [ 339.571756][ T8496] ? find_held_lock+0x2b/0x80 [ 339.571785][ T8496] ? __might_fault+0xc5/0x140 [ 339.571819][ T8496] ? __might_fault+0xc5/0x140 [ 339.571865][ T8496] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 339.571900][ T8496] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 339.571932][ T8496] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 339.571967][ T8496] ? rcu_is_watching+0x12/0xc0 [ 339.571998][ T8496] do_syscall_64+0x10b/0xf80 [ 339.572027][ T8496] ? clear_bhb_loop+0x40/0x90 [ 339.572055][ T8496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.572078][ T8496] RIP: 0033:0x7f442639cdd9 [ 339.572096][ T8496] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 339.572118][ T8496] RSP: 002b:00007f44272a8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 339.572140][ T8496] RAX: ffffffffffffffda RBX: 00007f4426615fa0 RCX: 00007f442639cdd9 [ 339.572154][ T8496] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000008 [ 339.572167][ T8496] RBP: 00007f44272a8090 R08: 0000000000000000 R09: 0000000000000000 [ 339.572180][ T8496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 339.572193][ T8496] R13: 00007f4426616038 R14: 00007f4426615fa0 R15: 00007ffe260527a8 [ 339.572222][ T8496] [ 339.848591][ T8503] misc userio: Invalid payload size [ 342.021957][ T30] audit: type=1800 audit(1843104521.270:7): pid=8523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.486" name="SYSV00000014" dev="hugetlbfs" ino=0 res=0 errno=0 [ 342.730083][ T8533] openvswitch: &#$@\]\-: Dropping previously announced user features [ 343.542101][ T8536] openvswitch: &#$@\]\-: Dropping previously announced user features [ 345.248109][ T8561] misc userio: Invalid payload size [ 346.839779][ T5635] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 346.878318][ T8574] futex_wake_op: syz.2.496 tries to shift op by -2048; fix this program [ 347.967032][ T8585] netlink: 334 bytes leftover after parsing attributes in process `syz.1.499'. [ 351.454640][ T8622] FAULT_INJECTION: forcing a failure. [ 351.454640][ T8622] name failslab, interval 1, probability 0, space 0, times 0 [ 351.762044][ T8622] CPU: 0 UID: 0 PID: 8622 Comm: syz.2.506 Tainted: G L syzkaller #0 PREEMPT(full) [ 351.762078][ T8622] Tainted: [L]=SOFTLOCKUP [ 351.762085][ T8622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 351.762097][ T8622] Call Trace: [ 351.762122][ T8622] [ 351.762130][ T8622] dump_stack_lvl+0x100/0x190 [ 351.762158][ T8622] should_fail_ex.cold+0x5/0xa [ 351.762186][ T8622] should_failslab+0xc2/0x120 [ 351.762212][ T8622] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 351.762247][ T8622] ? __kernfs_new_node+0xd2/0x9f0 [ 351.762272][ T8622] ? kstrdup+0xb3/0xe0 [ 351.762297][ T8622] __kernfs_new_node+0xd2/0x9f0 [ 351.762319][ T8622] ? __kernel_text_address+0xd/0x30 [ 351.762344][ T8622] ? arch_stack_walk+0xa6/0xf0 [ 351.762372][ T8622] ? __pfx___kernfs_new_node+0x10/0x10 [ 351.762402][ T8622] ? find_held_lock+0x2b/0x80 [ 351.762431][ T8622] ? kernfs_root+0xee/0x2a0 [ 351.762453][ T8622] ? kernfs_root+0xee/0x2a0 [ 351.762482][ T8622] kernfs_new_node+0x11b/0x1a0 [ 351.762514][ T8622] kernfs_create_dir_ns+0x4c/0x1a0 [ 351.762546][ T8622] sysfs_create_dir_ns+0x13a/0x2b0 [ 351.762592][ T8622] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 351.762614][ T8622] ? find_held_lock+0x2b/0x80 [ 351.762642][ T8622] ? kobject_add_internal+0x25f/0x930 [ 351.762677][ T8622] ? kobject_add_internal+0x25f/0x930 [ 351.762713][ T8622] ? class_dir_child_ns_type+0xd/0x60 [ 351.762744][ T8622] kobject_add_internal+0x2c8/0x930 [ 351.762783][ T8622] kobject_add+0x16a/0x1e0 [ 351.762816][ T8622] ? __pfx_kobject_add+0x10/0x10 [ 351.762867][ T8622] ? kobject_put+0xb9/0x640 [ 351.762898][ T8622] ? device_add+0xc48/0x1950 [ 351.762944][ T8622] device_add+0x294/0x1950 [ 351.762972][ T8622] ? __pfx_dev_set_name+0x10/0x10 [ 351.763001][ T8622] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 351.763034][ T8622] ? __pfx_device_add+0x10/0x10 [ 351.763061][ T8622] ? lockdep_init_map_type+0x5c/0x250 [ 351.763084][ T8622] ? __init_waitqueue_head+0xca/0x150 [ 351.763119][ T8622] wakeup_source_device_create+0x243/0x2e0 [ 351.763151][ T8622] wakeup_source_sysfs_add+0x1c/0x90 [ 351.763179][ T8622] wakeup_source_register+0x154/0x3e0 [ 351.763204][ T8622] ep_create_wakeup_source+0x1df/0x2e0 [ 351.763233][ T8622] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 351.763265][ T8622] ? find_held_lock+0x2b/0x80 [ 351.763292][ T8622] ? do_epoll_ctl+0x26dc/0x36a0 [ 351.763321][ T8622] ? do_epoll_ctl+0x26dc/0x36a0 [ 351.763355][ T8622] do_epoll_ctl+0x1eee/0x36a0 [ 351.763395][ T8622] ? __pfx_do_epoll_ctl+0x10/0x10 [ 351.763423][ T8622] ? find_held_lock+0x2b/0x80 [ 351.763451][ T8622] ? __might_fault+0xc5/0x140 [ 351.763484][ T8622] ? __might_fault+0xc5/0x140 [ 351.763528][ T8622] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 351.763575][ T8622] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 351.763606][ T8622] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 351.763640][ T8622] ? rcu_is_watching+0x12/0xc0 [ 351.763670][ T8622] do_syscall_64+0x10b/0xf80 [ 351.763698][ T8622] ? clear_bhb_loop+0x40/0x90 [ 351.763725][ T8622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.763747][ T8622] RIP: 0033:0x7f3c86d9cdd9 [ 351.763765][ T8622] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.763785][ T8622] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 351.763806][ T8622] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 351.763820][ T8622] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000008 [ 351.763832][ T8622] RBP: 00007f3c87cdc090 R08: 0000000000000000 R09: 0000000000000000 [ 351.763845][ T8622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.763857][ T8622] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 351.763885][ T8622] [ 352.546224][ T8622] kobject: kobject_add_internal failed for wakeup16 (error: -12 parent: wakeup) [ 352.806847][ T8632] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.0.510: 7 [ 356.673217][ T8657] openvswitch: &#$@\]\-: Dropping previously announced user features [ 357.532279][ T8665] netlink: 334 bytes leftover after parsing attributes in process `syz.1.527'. [ 358.240620][ T8682] misc userio: Invalid payload size [ 359.002009][ T8674] zswap: compressor not available [ 359.129608][ T8678] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 359.158270][ T8689] Console: switching to colour VGA+ 80x25 [ 359.877819][ T8696] Console: switching to colour frame buffer device 128x48 [ 360.981641][ T30] audit: type=1800 audit(1843104521.860:8): pid=8708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.526" name="members" dev="configfs" ino=25094 res=0 errno=0 [ 361.747280][ T8712] openvswitch: &#$@\]\-: Dropping previously announced user features [ 364.860933][ T8721] hub 1-0:1.0: USB hub found [ 365.016053][ T8721] hub 1-0:1.0: 1 port detected [ 365.662824][ T8760] openvswitch: &#$@\]\-: Dropping previously announced user features [ 366.461764][ T8768] Console: switching to colour VGA+ 80x25 [ 366.828537][ T8771] Console: switching to colour frame buffer device 128x48 [ 367.632445][ T8784] misc userio: Invalid payload size [ 367.695880][ T8788] netlink: 334 bytes leftover after parsing attributes in process `syz.1.543'. [ 368.940576][ T8802] openvswitch: &#$@\]\-: Dropping previously announced user features [ 369.112193][ T8811] Console: switching to colour VGA+ 80x25 [ 369.359492][ T8812] Console: switching to colour frame buffer device 128x48 [ 373.187932][ T8851] openvswitch: &#$@\]\-: Dropping previously announced user features [ 373.679606][ T8858] block2mtd: illegal erase size [ 374.310485][ T8869] Console: switching to colour VGA+ 80x25 [ 374.678404][ T8872] Console: switching to colour frame buffer device 128x48 [ 377.733142][ T8910] netlink: 334 bytes leftover after parsing attributes in process `syz.1.572'. [ 378.677833][ T8922] zram: Cannot change disksize for initialized device [ 378.733196][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.747994][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.804241][ T8931] openvswitch: &#$@\]\-: Dropping previously announced user features [ 382.100200][ T8964] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 382.223196][ T8964] vhci_hcd vhci_hcd.2: invalid port number 0 [ 382.251261][ T8961] i2c i2c-0: delete_device: Can't find device in list [ 382.308949][ T8965] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 382.374610][ T8965] vhci_hcd vhci_hcd.2: invalid port number 0 [ 387.986295][ T9034] netlink: 334 bytes leftover after parsing attributes in process `syz.2.600'. [ 388.432695][ T9031] openvswitch: &#$@\]\-: Dropping previously announced user features [ 389.323401][ T9043] netlink: 60 bytes leftover after parsing attributes in process `syz.0.602'. [ 394.974635][ T9106] FAULT_INJECTION: forcing a failure. [ 394.974635][ T9106] name failslab, interval 1, probability 0, space 0, times 0 [ 395.121104][ T9112] FAULT_INJECTION: forcing a failure. [ 395.121104][ T9112] name failslab, interval 1, probability 0, space 0, times 0 [ 395.139186][ T9106] CPU: 0 UID: 0 PID: 9106 Comm: syz.3.618 Tainted: G L syzkaller #0 PREEMPT(full) [ 395.139223][ T9106] Tainted: [L]=SOFTLOCKUP [ 395.139231][ T9106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 395.139245][ T9106] Call Trace: [ 395.139252][ T9106] [ 395.139261][ T9106] dump_stack_lvl+0x100/0x190 [ 395.139291][ T9106] should_fail_ex.cold+0x5/0xa [ 395.139322][ T9106] should_failslab+0xc2/0x120 [ 395.139350][ T9106] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 395.139389][ T9106] ? fcntl_setlk+0xaa/0xe20 [ 395.139421][ T9106] ? __lock_acquire+0x4a5/0x2630 [ 395.139448][ T9106] fcntl_setlk+0xaa/0xe20 [ 395.139484][ T9106] ? __pfx_fcntl_setlk+0x10/0x10 [ 395.139521][ T9106] ? find_held_lock+0x2b/0x80 [ 395.139551][ T9106] ? __might_fault+0xc5/0x140 [ 395.139587][ T9106] ? __might_fault+0xc5/0x140 [ 395.139635][ T9106] do_fcntl+0xf39/0x1670 [ 395.139672][ T9106] ? __pfx_do_fcntl+0x10/0x10 [ 395.139710][ T9106] ? __x64_sys_futex+0x34f/0x4d0 [ 395.139735][ T9106] ? __x64_sys_futex+0x358/0x4d0 [ 395.139764][ T9106] ? xfd_validate_state+0x129/0x190 [ 395.139789][ T9106] ? tomoyo_file_fcntl+0x6c/0xc0 [ 395.139828][ T9106] __x64_sys_fcntl+0x163/0x200 [ 395.139868][ T9106] do_syscall_64+0x10b/0xf80 [ 395.139899][ T9106] ? clear_bhb_loop+0x40/0x90 [ 395.139928][ T9106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.139953][ T9106] RIP: 0033:0x7f1604f9cdd9 [ 395.139976][ T9106] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 395.139999][ T9106] RSP: 002b:00007f1605d73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 395.140022][ T9106] RAX: ffffffffffffffda RBX: 00007f1605215fa0 RCX: 00007f1604f9cdd9 [ 395.140044][ T9106] RDX: 0000000000000008 RSI: 0000000000000026 RDI: 0000000000000002 [ 395.140058][ T9106] RBP: 00007f1605032d69 R08: 0000000000000000 R09: 0000000000000000 [ 395.140072][ T9106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 395.140086][ T9106] R13: 00007f1605216038 R14: 00007f1605215fa0 R15: 00007ffe7acd3998 [ 395.140116][ T9106] [ 395.600670][ T9112] CPU: 0 UID: 0 PID: 9112 Comm: syz.2.619 Tainted: G L syzkaller #0 PREEMPT(full) [ 395.600703][ T9112] Tainted: [L]=SOFTLOCKUP [ 395.600710][ T9112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 395.600721][ T9112] Call Trace: [ 395.600729][ T9112] [ 395.600737][ T9112] dump_stack_lvl+0x100/0x190 [ 395.600764][ T9112] should_fail_ex.cold+0x5/0xa [ 395.600791][ T9112] should_failslab+0xc2/0x120 [ 395.600816][ T9112] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 395.600849][ T9112] ? acpi_ut_allocate_object_desc_dbg+0x86/0x240 [ 395.600888][ T9112] ? acpi_ut_trace+0x1d7/0x2a0 [ 395.600916][ T9112] acpi_ut_allocate_object_desc_dbg+0x86/0x240 [ 395.600953][ T9112] acpi_ut_create_internal_object_dbg+0x51/0x260 [ 395.600982][ T9112] acpi_ut_create_integer_object+0x46/0xe0 [ 395.601004][ T9112] acpi_ex_read_data_from_field+0x146/0xd40 [ 395.601030][ T9112] ? acpi_ut_ptr_exit+0x10c/0x180 [ 395.601054][ T9112] ? acpi_ut_value_exit+0x10d/0x190 [ 395.601082][ T9112] acpi_ex_resolve_node_to_value+0x6b8/0x9a0 [ 395.601115][ T9112] ? __pfx_acpi_ex_resolve_node_to_value+0x10/0x10 [ 395.601149][ T9112] ? acpi_ds_create_operand+0x267/0xc20 [ 395.601174][ T9112] acpi_ex_resolve_to_value+0x3da/0xcd0 [ 395.601204][ T9112] ? __pfx_acpi_ex_resolve_to_value+0x10/0x10 [ 395.601234][ T9112] ? __pfx_acpi_ns_lookup+0x10/0x10 [ 395.601259][ T9112] ? acpi_ut_track_stack_ptr+0x114/0x180 [ 395.601289][ T9112] acpi_ds_evaluate_name_path+0x30d/0x4a0 [ 395.601312][ T9112] ? __pfx_acpi_ds_evaluate_name_path+0x10/0x10 [ 395.601337][ T9112] ? acpi_ps_get_next_namepath+0x1f6/0xa10 [ 395.601359][ T9112] ? acpi_ut_trace_ptr+0x151/0x2a0 [ 395.601387][ T9112] acpi_ds_exec_end_op+0xb78/0x1e60 [ 395.601412][ T9112] ? __pfx_acpi_ds_exec_end_op+0x10/0x10 [ 395.601434][ T9112] acpi_ps_parse_loop+0x5dd/0x24a0 [ 395.601464][ T9112] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 395.601487][ T9112] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 395.601519][ T9112] ? acpi_ut_create_thread_state+0x6d/0x170 [ 395.601549][ T9112] acpi_ps_parse_aml+0x81e/0x1120 [ 395.601578][ T9112] acpi_ps_execute_method+0x5c4/0xe90 [ 395.601610][ T9112] acpi_ns_evaluate+0x640/0x1670 [ 395.601643][ T9112] acpi_evaluate_object+0x420/0xe00 [ 395.601663][ T9112] ? kasan_save_stack+0x30/0x50 [ 395.601682][ T9112] ? kasan_save_track+0x14/0x30 [ 395.601700][ T9112] ? __kasan_kmalloc+0xaa/0xb0 [ 395.601735][ T9112] ? __kvmalloc_node_noprof+0x360/0xa00 [ 395.601760][ T9112] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 395.601781][ T9112] ? lock_acquire+0x1b1/0x370 [ 395.601808][ T9112] acpi_evaluate_integer+0xdf/0x220 [ 395.601854][ T9112] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 395.601899][ T9112] ? __pfx_status_show+0x10/0x10 [ 395.601938][ T9112] status_show+0xa0/0x120 [ 395.601961][ T9112] ? __pfx_status_show+0x10/0x10 [ 395.601995][ T9112] dev_attr_show+0x52/0xa0 [ 395.602025][ T9112] ? __pfx_dev_attr_show+0x10/0x10 [ 395.602053][ T9112] sysfs_kf_seq_show+0x217/0x3a0 [ 395.602080][ T9112] seq_read_iter+0x32f/0x1270 [ 395.602104][ T9112] ? lock_acquire+0x1b1/0x370 [ 395.602136][ T9112] kernfs_fop_read_iter+0x46c/0x610 [ 395.602171][ T9112] ? rw_verify_area+0xce/0x6d0 [ 395.602194][ T9112] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 395.602230][ T9112] vfs_read+0x825/0xb30 [ 395.602259][ T9112] ? __pfx_vfs_read+0x10/0x10 [ 395.602302][ T9112] ksys_read+0x12a/0x250 [ 395.602328][ T9112] ? __pfx_ksys_read+0x10/0x10 [ 395.602356][ T9112] ? rcu_is_watching+0x12/0xc0 [ 395.602387][ T9112] do_syscall_64+0x10b/0xf80 [ 395.602417][ T9112] ? clear_bhb_loop+0x40/0x90 [ 395.602445][ T9112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.602469][ T9112] RIP: 0033:0x7f3c86d9cdd9 [ 395.602488][ T9112] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 395.602510][ T9112] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 395.602531][ T9112] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 395.602546][ T9112] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 395.602561][ T9112] RBP: 00007f3c86e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 395.602575][ T9112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 395.602588][ T9112] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 395.602618][ T9112] [ 396.442254][ T9112] ACPI Error: Could not allocate an object descriptor (20251212/utobject-180) [ 396.452171][ T9112] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 397.394405][ T9128] Console: switching to colour VGA+ 80x25 [ 397.399134][ T9121] FAULT_INJECTION: forcing a failure. [ 397.399134][ T9121] name failslab, interval 1, probability 0, space 0, times 0 [ 397.399216][ T9121] CPU: 0 UID: 0 PID: 9121 Comm: syz.2.622 Tainted: G L syzkaller #0 PREEMPT(full) [ 397.399247][ T9121] Tainted: [L]=SOFTLOCKUP [ 397.399255][ T9121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 397.399268][ T9121] Call Trace: [ 397.399275][ T9121] [ 397.399283][ T9121] dump_stack_lvl+0x100/0x190 [ 397.399312][ T9121] should_fail_ex.cold+0x5/0xa [ 397.399341][ T9121] should_failslab+0xc2/0x120 [ 397.399368][ T9121] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 397.399404][ T9121] ? __anon_vma_prepare+0x344/0x5e0 [ 397.399448][ T9121] __anon_vma_prepare+0x344/0x5e0 [ 397.399485][ T9121] __vmf_anon_prepare+0x11f/0x250 [ 397.399516][ T9121] do_huge_pmd_anonymous_page+0x160/0x16c0 [ 397.399554][ T9121] ? __pfx_pgd_none+0x10/0x10 [ 397.399593][ T9121] __handle_mm_fault+0x239e/0x2a00 [ 397.399632][ T9121] ? mt_find+0x45e/0x8e0 [ 397.399665][ T9121] ? __pfx___handle_mm_fault+0x10/0x10 [ 397.399698][ T9121] ? __pfx_mt_find+0x10/0x10 [ 397.399751][ T9121] handle_mm_fault+0x36d/0xa20 [ 397.399790][ T9121] __get_user_pages+0x1178/0x32a0 [ 397.399829][ T9121] ? __pfx___get_user_pages+0x10/0x10 [ 397.399866][ T9121] populate_vma_page_range+0x267/0x3f0 [ 397.399897][ T9121] ? __pfx_populate_vma_page_range+0x10/0x10 [ 397.399927][ T9121] ? __pfx_find_vma_intersection+0x10/0x10 [ 397.399956][ T9121] ? do_mmap+0x93f/0x12f0 [ 397.399986][ T9121] __mm_populate+0x107/0x3a0 [ 397.400016][ T9121] ? __pfx___mm_populate+0x10/0x10 [ 397.400048][ T9121] ? up_write+0x28c/0x4f0 [ 397.400083][ T9121] vm_mmap_pgoff+0x37f/0x470 [ 397.400115][ T9121] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 397.400157][ T9121] ? do_futex+0x192/0x350 [ 397.400182][ T9121] ? __pfx_do_futex+0x10/0x10 [ 397.400205][ T9121] ? do_raw_spin_lock+0x128/0x260 [ 397.400234][ T9121] ksys_mmap_pgoff+0xe4/0x610 [ 397.400260][ T9121] ? __x64_sys_futex+0x358/0x4d0 [ 397.400285][ T9121] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 397.400310][ T9121] ? xfd_validate_state+0x129/0x190 [ 397.400339][ T9121] __x64_sys_mmap+0x125/0x190 [ 397.400366][ T9121] do_syscall_64+0x10b/0xf80 [ 397.400394][ T9121] ? clear_bhb_loop+0x40/0x90 [ 397.400420][ T9121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.400442][ T9121] RIP: 0033:0x7f3c86d9cdd9 [ 397.400460][ T9121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 397.400481][ T9121] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 397.400501][ T9121] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 397.400515][ T9121] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 397.400528][ T9121] RBP: 00007f3c86e32d69 R08: 0000000000000002 R09: 0000000000008000 [ 397.400541][ T9121] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 397.400553][ T9121] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 397.400581][ T9121] [ 399.168694][ T9129] Console: switching to colour frame buffer device 128x48 [ 404.218375][ T9204] ubi0: attaching mtd0 [ 404.413138][ T9204] ubi0: scanning is finished [ 404.444518][ T9218] netlink: 16 bytes leftover after parsing attributes in process `syz.2.641'. [ 405.225385][ T9204] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 405.413992][ T9204] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 405.614999][ T9204] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 405.615024][ T9204] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 405.615042][ T9204] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 405.615059][ T9204] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 405.615077][ T9204] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 600874279 [ 405.615098][ T9204] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 405.616451][ T9227] ubi0: background thread "ubi_bgt0d" started, PID 9227 [ 406.904298][ T9245] Console: switching to colour VGA+ 80x25 [ 407.172952][ T9246] Console: switching to colour frame buffer device 128x48 [ 412.714893][ T9288] netlink: set zone limit has 4 unknown bytes [ 414.229897][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.659'. [ 414.632634][ T9310] FAULT_INJECTION: forcing a failure. [ 414.632634][ T9310] name failslab, interval 1, probability 0, space 0, times 0 [ 414.694143][ T9310] CPU: 0 UID: 0 PID: 9310 Comm: syz.2.663 Tainted: G L syzkaller #0 PREEMPT(full) [ 414.694178][ T9310] Tainted: [L]=SOFTLOCKUP [ 414.694185][ T9310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 414.694198][ T9310] Call Trace: [ 414.694205][ T9310] [ 414.694215][ T9310] dump_stack_lvl+0x100/0x190 [ 414.694243][ T9310] should_fail_ex.cold+0x5/0xa [ 414.694271][ T9310] should_failslab+0xc2/0x120 [ 414.694296][ T9310] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 414.694331][ T9310] ? sk_prot_alloc+0x60/0x2a0 [ 414.694363][ T9310] sk_prot_alloc+0x60/0x2a0 [ 414.694395][ T9310] sk_alloc+0x36/0xe80 [ 414.694416][ T9310] smc_create+0x11a/0x290 [ 414.694444][ T9310] __sock_create+0x339/0x860 [ 414.694479][ T9310] __sys_socket+0x14d/0x260 [ 414.694511][ T9310] ? __pfx___sys_socket+0x10/0x10 [ 414.694550][ T9310] __x64_sys_socket+0x72/0xb0 [ 414.694580][ T9310] ? lockdep_hardirqs_on+0x78/0x100 [ 414.694607][ T9310] do_syscall_64+0x10b/0xf80 [ 414.694634][ T9310] ? clear_bhb_loop+0x40/0x90 [ 414.694661][ T9310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.694682][ T9310] RIP: 0033:0x7f3c86d9cdd9 [ 414.694699][ T9310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.694720][ T9310] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 414.694740][ T9310] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 414.694754][ T9310] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b [ 414.694766][ T9310] RBP: 00007f3c86e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 414.694779][ T9310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.694791][ T9310] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 414.694818][ T9310] [ 416.030549][ T9319] Console: switching to colour VGA+ 80x25 [ 416.349524][ T9324] Console: switching to colour frame buffer device 128x48 [ 416.709907][ T9327] openvswitch: &#$@\]\-: Dropping previously announced user features [ 418.078551][ T9350] Console: switching to colour VGA+ 80x25 [ 418.126399][ T9342] openvswitch: &#$@\]\-: Dropping previously announced user features [ 418.347904][ T9353] Console: switching to colour frame buffer device 128x48 [ 419.231761][ T9368] openvswitch: &#$@\]\-: Dropping previously announced user features [ 419.394625][ T9378] netlink: 334 bytes leftover after parsing attributes in process `syz.1.681'. [ 419.892536][ T9384] netlink: 16 bytes leftover after parsing attributes in process `syz.1.684'. [ 420.001059][ T5635] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 422.120163][ T9389] phram: not enough arguments [ 424.740138][ T9466] netlink: 146 bytes leftover after parsing attributes in process `syz.3.699'. [ 425.116377][ T9475] ubi: mtd0 is already attached to ubi0 [ 426.981297][ T9498] kexec: Could not allocate control_code_buffer [ 428.125856][ T9525] futex_wake_op: syz.3.714 tries to shift op by -2048; fix this program [ 428.183562][ T9530] 0x000000000001-0x000000020000 : "" [ 428.280597][ T9532] netlink: 334 bytes leftover after parsing attributes in process `syz.1.715'. [ 428.426683][ T9530] ftl_cs: FTL header corrupt! [ 428.979393][ T9529] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 429.076528][ T9547] block2mtd: illegal erase size [ 429.090432][ T9529] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 429.098597][ T9547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.717'. [ 429.173060][ T9529] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 429.265944][ T9529] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 429.428687][ T9529] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 430.646328][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 430.914021][ T9557] FAULT_INJECTION: forcing a failure. [ 430.914021][ T9557] name failslab, interval 1, probability 0, space 0, times 0 [ 430.976567][ T9557] CPU: 0 UID: 0 PID: 9557 Comm: syz.3.720 Tainted: G L syzkaller #0 PREEMPT(full) [ 430.976602][ T9557] Tainted: [L]=SOFTLOCKUP [ 430.976610][ T9557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 430.976623][ T9557] Call Trace: [ 430.976630][ T9557] [ 430.976639][ T9557] dump_stack_lvl+0x100/0x190 [ 430.976668][ T9557] should_fail_ex.cold+0x5/0xa [ 430.976697][ T9557] ? tomoyo_encode2+0xfb/0x3c0 [ 430.976724][ T9557] should_failslab+0xc2/0x120 [ 430.976751][ T9557] __kmalloc_noprof+0xe0/0x850 [ 430.976793][ T9557] tomoyo_encode2+0xfb/0x3c0 [ 430.976825][ T9557] tomoyo_encode+0x29/0x50 [ 430.976850][ T9557] tomoyo_realpath_from_path+0x18c/0x690 [ 430.976885][ T9557] tomoyo_path_number_perm+0x23c/0x580 [ 430.976907][ T9557] ? tomoyo_path_number_perm+0x22e/0x580 [ 430.976932][ T9557] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 430.976954][ T9557] ? futex_wait+0x11e/0x370 [ 430.977010][ T9557] ? find_held_lock+0x2b/0x80 [ 430.977039][ T9557] ? __fget_files+0x215/0x3d0 [ 430.977064][ T9557] ? hook_file_ioctl_common+0x149/0x410 [ 430.977087][ T9557] ? __fget_files+0x215/0x3d0 [ 430.977117][ T9557] ? __fget_files+0x21f/0x3d0 [ 430.977148][ T9557] security_file_ioctl+0xd3/0x230 [ 430.977172][ T9557] __x64_sys_ioctl+0xb7/0x210 [ 430.977196][ T9557] do_syscall_64+0x10b/0xf80 [ 430.977225][ T9557] ? clear_bhb_loop+0x40/0x90 [ 430.977253][ T9557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.977276][ T9557] RIP: 0033:0x7f1604f9cdd9 [ 430.977294][ T9557] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 430.977321][ T9557] RSP: 002b:00007f16031f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 430.977343][ T9557] RAX: ffffffffffffffda RBX: 00007f1605216090 RCX: 00007f1604f9cdd9 [ 430.977358][ T9557] RDX: 0000200000000000 RSI: 0000000000008933 RDI: 0000000000000008 [ 430.977372][ T9557] RBP: 00007f1605032d69 R08: 0000000000000000 R09: 0000000000000000 [ 430.977385][ T9557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 430.977398][ T9557] R13: 00007f1605216128 R14: 00007f1605216090 R15: 00007ffe7acd3998 [ 430.977427][ T9557] [ 430.977444][ T9557] ERROR: Out of memory at tomoyo_realpath_from_path. [ 431.259317][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 431.265388][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 431.509697][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 431.665087][ T9565] openvswitch: &#$@\]\-: Dropping previously announced user features [ 433.289513][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 434.734344][ T9597] netlink: 28 bytes leftover after parsing attributes in process `syz.0.729'. [ 435.964311][ T9597] bond0: (slave bond_slave_0): Releasing backup interface [ 436.374659][ T9616] openvswitch: &#$@\]\-: Dropping previously announced user features [ 436.791339][ T9620] netlink: 334 bytes leftover after parsing attributes in process `syz.1.733'. [ 437.771777][ T9634] Console: switching to colour VGA+ 80x25 [ 438.034451][ T9638] Console: switching to colour frame buffer device 128x48 [ 440.172883][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.184525][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.964667][ T9658] netlink: 16 bytes leftover after parsing attributes in process `syz.1.741'. [ 442.173376][ T9663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.741'. [ 443.410837][ T9679] syz.1.746(9679): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 444.068984][ T9686] NFSD: Failed to start, no listeners configured. [ 444.543805][ T9694] ubi: mtd0 is already attached to ubi0 [ 444.607323][ T9694] ubi0: detaching mtd0 [ 444.724857][ T9694] ubi0: mtd0 is detached [ 445.120315][ T9698] netlink: 334 bytes leftover after parsing attributes in process `syz.1.751'. [ 445.432237][ T9697] openvswitch: &#$@\]\-: Dropping previously announced user features [ 445.765959][ T30] audit: type=1804 audit(1843104522.330:9): pid=9705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.753" name="file0" dev="tmpfs" ino=1068 res=1 errno=0 [ 446.071463][ T9708] netlink: 24 bytes leftover after parsing attributes in process `syz.2.756'. [ 447.719809][ T9713] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 447.830005][ T9713] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 447.922624][ T9713] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 448.048377][ T9713] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 449.126251][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 449.847110][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 449.926295][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 450.086255][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 450.306949][ T9765] openvswitch: &#$@\]\-: Dropping previously announced user features [ 451.049515][ T9786] netlink: 342 bytes leftover after parsing attributes in process `syz.2.769'. [ 452.072955][ T9798] FAULT_INJECTION: forcing a failure. [ 452.072955][ T9798] name failslab, interval 1, probability 0, space 0, times 0 [ 452.167466][ T9798] CPU: 0 UID: 0 PID: 9798 Comm: syz.2.771 Tainted: G L syzkaller #0 PREEMPT(full) [ 452.167508][ T9798] Tainted: [L]=SOFTLOCKUP [ 452.167515][ T9798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 452.167526][ T9798] Call Trace: [ 452.167532][ T9798] [ 452.167539][ T9798] dump_stack_lvl+0x100/0x190 [ 452.167565][ T9798] should_fail_ex.cold+0x5/0xa [ 452.167590][ T9798] ? tomoyo_encode2+0xfb/0x3c0 [ 452.167615][ T9798] should_failslab+0xc2/0x120 [ 452.167638][ T9798] __kmalloc_noprof+0xe0/0x850 [ 452.167669][ T9798] ? d_absolute_path+0x136/0x1b0 [ 452.167691][ T9798] tomoyo_encode2+0xfb/0x3c0 [ 452.167718][ T9798] tomoyo_encode+0x29/0x50 [ 452.167740][ T9798] tomoyo_realpath_from_path+0x18c/0x690 [ 452.167769][ T9798] tomoyo_path_number_perm+0x23c/0x580 [ 452.167788][ T9798] ? tomoyo_path_number_perm+0x22e/0x580 [ 452.167809][ T9798] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 452.167852][ T9798] ? find_held_lock+0x2b/0x80 [ 452.167877][ T9798] ? __fget_files+0x215/0x3d0 [ 452.167898][ T9798] ? hook_file_ioctl_common+0x149/0x410 [ 452.167917][ T9798] ? __fget_files+0x215/0x3d0 [ 452.167948][ T9798] ? __fget_files+0x21f/0x3d0 [ 452.167974][ T9798] security_file_ioctl+0xd3/0x230 [ 452.167995][ T9798] __x64_sys_ioctl+0xb7/0x210 [ 452.168016][ T9798] do_syscall_64+0x10b/0xf80 [ 452.168042][ T9798] ? clear_bhb_loop+0x40/0x90 [ 452.168066][ T9798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.168091][ T9798] RIP: 0033:0x7f3c86d9cdd9 [ 452.168107][ T9798] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 452.168124][ T9798] RSP: 002b:00007f3c87cdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 452.168142][ T9798] RAX: ffffffffffffffda RBX: 00007f3c87015fa0 RCX: 00007f3c86d9cdd9 [ 452.168155][ T9798] RDX: 0000000000000000 RSI: 000000004004550a RDI: 0000000000000005 [ 452.168166][ T9798] RBP: 00007f3c87cdc090 R08: 0000000000000000 R09: 0000000000000000 [ 452.168177][ T9798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 452.168188][ T9798] R13: 00007f3c87016038 R14: 00007f3c87015fa0 R15: 00007ffc33aef228 [ 452.168213][ T9798] [ 452.168236][ T9798] ERROR: Out of memory at tomoyo_realpath_from_path. [ 453.970668][ T9805] openvswitch: &#$@\]\-: Dropping previously announced user features [ 457.372056][ T9842] Console: switching to colour VGA+ 80x25 [ 457.687220][ T9844] Console: switching to colour frame buffer device 128x48 [ 458.045636][ T9848] FAULT_INJECTION: forcing a failure. [ 458.045636][ T9848] name failslab, interval 1, probability 0, space 0, times 0 [ 458.161950][ T9848] CPU: 0 UID: 0 PID: 9848 Comm: syz.0.779 Tainted: G L syzkaller #0 PREEMPT(full) [ 458.161981][ T9848] Tainted: [L]=SOFTLOCKUP [ 458.161988][ T9848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 458.162000][ T9848] Call Trace: [ 458.162007][ T9848] [ 458.162014][ T9848] dump_stack_lvl+0x100/0x190 [ 458.162041][ T9848] should_fail_ex.cold+0x5/0xa [ 458.162067][ T9848] should_failslab+0xc2/0x120 [ 458.162092][ T9848] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 458.162125][ T9848] ? __d_alloc+0x34/0xa40 [ 458.162158][ T9848] __d_alloc+0x34/0xa40 [ 458.162188][ T9848] d_alloc_pseudo+0x1c/0xc0 [ 458.162207][ T9848] alloc_file_pseudo+0xcf/0x230 [ 458.162240][ T9848] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 458.162278][ T9848] __shmem_file_setup+0x205/0x460 [ 458.162308][ T9848] ? __pfx___shmem_file_setup+0x10/0x10 [ 458.162343][ T9848] newseg+0x3c0/0xed0 [ 458.162371][ T9848] ? __pfx_newseg+0x10/0x10 [ 458.162394][ T9848] ? find_held_lock+0x2b/0x80 [ 458.162422][ T9848] ? ipcget+0x8aa/0xf50 [ 458.162458][ T9848] ipcget+0x909/0xf50 [ 458.162482][ T9848] ? do_futex+0x192/0x350 [ 458.162509][ T9848] ? find_held_lock+0x2b/0x80 [ 458.162536][ T9848] ? __pfx_ipcget+0x10/0x10 [ 458.162560][ T9848] ? __x64_sys_futex+0x34f/0x4d0 [ 458.162582][ T9848] ? __x64_sys_futex+0x358/0x4d0 [ 458.162607][ T9848] __x64_sys_shmget+0x13b/0x1b0 [ 458.162632][ T9848] ? __pfx___x64_sys_shmget+0x10/0x10 [ 458.162660][ T9848] ? rcu_is_watching+0x12/0xc0 [ 458.162688][ T9848] do_syscall_64+0x10b/0xf80 [ 458.162714][ T9848] ? clear_bhb_loop+0x40/0x90 [ 458.162739][ T9848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.162760][ T9848] RIP: 0033:0x7ff144b9cdd9 [ 458.162776][ T9848] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 458.162796][ T9848] RSP: 002b:00007ff142dee028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 458.162816][ T9848] RAX: ffffffffffffffda RBX: 00007ff144e15fa0 RCX: 00007ff144b9cdd9 [ 458.162829][ T9848] RDX: 00000000000052fe RSI: 0000000000010566 RDI: 0000000000000008 [ 458.162841][ T9848] RBP: 00007ff144c32d69 R08: 0000000000000000 R09: 0000000000000000 [ 458.162854][ T9848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 458.162866][ T9848] R13: 00007ff144e16038 R14: 00007ff144e15fa0 R15: 00007ffcbb08fd98 [ 458.162892][ T9848] [ 459.525380][ T9856] openvswitch: &#$@\]\-: Dropping previously announced user features [ 459.943225][ T9852] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 460.085096][ T9852] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 460.229682][ T9852] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 460.318879][ T9852] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 460.581354][ T9869] Console: switching to colour VGA+ 80x25 [ 460.973060][ T9871] Console: switching to colour frame buffer device 128x48 [ 461.607047][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 462.086376][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 462.246253][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 462.326341][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 463.776053][ T9899] openvswitch: &#$@\]\-: Dropping previously announced user features [ 464.374668][ T50] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 465.573743][ T9932] Console: switching to colour VGA+ 80x25 [ 465.679281][ T9935] ================================================================== [ 465.679307][ T9935] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 465.679340][ T9935] Read of size 26 at addr ffff88802972eeea by task syz.3.796/9935 [ 465.679361][ T9935] [ 465.679374][ T9935] CPU: 0 UID: 0 PID: 9935 Comm: syz.3.796 Tainted: G L syzkaller #0 PREEMPT(full) [ 465.679408][ T9935] Tainted: [L]=SOFTLOCKUP [ 465.679416][ T9935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 465.679431][ T9935] Call Trace: [ 465.679438][ T9935] [ 465.679447][ T9935] dump_stack_lvl+0x100/0x190 [ 465.679473][ T9935] print_report+0x13d/0x4b0 [ 465.679508][ T9935] ? __virt_addr_valid+0x239/0x430 [ 465.679549][ T9935] ? fbcon_prepare_logo+0x94e/0xc60 [ 465.679573][ T9935] kasan_report+0xdf/0x1d0 [ 465.679601][ T9935] ? fbcon_prepare_logo+0x94e/0xc60 [ 465.679630][ T9935] kasan_check_range+0x10f/0x1e0 [ 465.679663][ T9935] __asan_memcpy+0x23/0x60 [ 465.679705][ T9935] fbcon_prepare_logo+0x94e/0xc60 [ 465.679738][ T9935] fbcon_init+0x1065/0x1830 [ 465.679767][ T9935] visual_init+0x320/0x620 [ 465.679795][ T9935] do_bind_con_driver.isra.0+0x636/0x9c0 [ 465.679834][ T9935] store_bind+0x609/0x730 [ 465.679869][ T9935] ? __pfx_store_bind+0x10/0x10 [ 465.679904][ T9935] dev_attr_store+0x58/0x80 [ 465.679934][ T9935] ? __pfx_dev_attr_store+0x10/0x10 [ 465.679963][ T9935] sysfs_kf_write+0xf2/0x150 [ 465.680003][ T9935] kernfs_fop_write_iter+0x3e0/0x5f0 [ 465.680037][ T9935] ? __pfx_sysfs_kf_write+0x10/0x10 [ 465.680077][ T9935] vfs_write+0x6ac/0x1070 [ 465.680103][ T9935] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 465.680139][ T9935] ? __pfx_vfs_write+0x10/0x10 [ 465.680175][ T9935] ksys_write+0x12a/0x250 [ 465.680201][ T9935] ? __pfx_ksys_write+0x10/0x10 [ 465.680229][ T9935] ? rcu_is_watching+0x12/0xc0 [ 465.680259][ T9935] do_syscall_64+0x10b/0xf80 [ 465.680290][ T9935] ? clear_bhb_loop+0x40/0x90 [ 465.680317][ T9935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.680342][ T9935] RIP: 0033:0x7f1604f9cdd9 [ 465.680360][ T9935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 465.680385][ T9935] RSP: 002b:00007f16031d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 465.680407][ T9935] RAX: ffffffffffffffda RBX: 00007f1605216180 RCX: 00007f1604f9cdd9 [ 465.680424][ T9935] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002 [ 465.680439][ T9935] RBP: 00007f1605032d69 R08: 0000000000000000 R09: 0000000000000000 [ 465.680454][ T9935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.680468][ T9935] R13: 00007f1605216218 R14: 00007f1605216180 R15: 00007ffe7acd3998 [ 465.680492][ T9935] [ 465.680500][ T9935] [ 465.680505][ T9935] Allocated by task 5636: [ 465.680522][ T9935] kasan_save_stack+0x30/0x50 [ 465.680544][ T9935] kasan_save_track+0x14/0x30 [ 465.680566][ T9935] __kasan_kmalloc+0xaa/0xb0 [ 465.680586][ T9935] __kmalloc_noprof+0x301/0x850 [ 465.680622][ T9935] __register_sysctl_table+0xbe4/0x1650 [ 465.680652][ T9935] neigh_sysctl_register+0x326/0x660 [ 465.680681][ T9935] addrconf_sysctl_register+0xb9/0x200 [ 465.680709][ T9935] ipv6_add_dev+0xaf2/0x1520 [ 465.680734][ T9935] addrconf_notify+0x5db/0x1ba0 [ 465.680767][ T9935] notifier_call_chain+0x99/0x400 [ 465.680803][ T9935] call_netdevice_notifiers_info+0xbe/0x110 [ 465.680833][ T9935] register_netdevice+0x18fe/0x24b0 [ 465.680858][ T9935] batadv_meshif_newlink+0x8f/0xc0 [ 465.680890][ T9935] rtnl_newlink+0x1499/0x2380 [ 465.680914][ T9935] rtnetlink_rcv_msg+0x95e/0xe90 [ 465.680940][ T9935] netlink_rcv_skb+0x159/0x420 [ 465.680971][ T9935] netlink_unicast+0x585/0x850 [ 465.681000][ T9935] netlink_sendmsg+0x8b0/0xda0 [ 465.681029][ T9935] __sys_sendto+0x468/0x4b0 [ 465.681048][ T9935] __x64_sys_sendto+0xe0/0x1c0 [ 465.681068][ T9935] do_syscall_64+0x10b/0xf80 [ 465.681096][ T9935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.681119][ T9935] [ 465.681125][ T9935] The buggy address belongs to the object at ffff88802972ee00 [ 465.681125][ T9935] which belongs to the cache kmalloc-192 of size 192 [ 465.681144][ T9935] The buggy address is located 42 bytes to the right of [ 465.681144][ T9935] allocated 192-byte region [ffff88802972ee00, ffff88802972eec0) [ 465.681169][ T9935] [ 465.681178][ T9935] The buggy address belongs to the physical page: [ 465.681189][ T9935] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2972e [ 465.681213][ T9935] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 465.681238][ T9935] page_type: f5(slab) [ 465.681258][ T9935] raw: 00fff00000000000 ffff88813fe2e3c0 dead000000000100 dead000000000122 [ 465.681284][ T9935] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 465.681298][ T9935] page dumped because: kasan: bad access detected [ 465.681315][ T9935] page_owner tracks the page as allocated [ 465.681323][ T9935] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13424156005, free_ts 7730781684 [ 465.681364][ T9935] post_alloc_hook+0x153/0x170 [ 465.681397][ T9935] get_page_from_freelist+0x11a6/0x33b0 [ 465.681435][ T9935] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 465.681474][ T9935] new_slab+0xa6/0x6c0 [ 465.681504][ T9935] refill_objects+0x277/0x420 [ 465.681538][ T9935] __pcs_replace_empty_main+0x375/0x650 [ 465.681575][ T9935] __kmalloc_noprof+0x688/0x850 [ 465.681611][ T9935] usb_alloc_urb+0x66/0xa0 [ 465.681636][ T9935] usb_control_msg+0x1d3/0x4b0 [ 465.681665][ T9935] hub_power_on+0x193/0x4f0 [ 465.681701][ T9935] hub_activate+0x1537/0x1d50 [ 465.681737][ T9935] hub_probe.cold+0x2eca/0x2ed5 [ 465.681764][ T9935] usb_probe_interface+0x303/0x8f0 [ 465.681788][ T9935] really_probe+0x241/0xa60 [ 465.681810][ T9935] __driver_probe_device+0x22e/0x480 [ 465.681833][ T9935] driver_probe_device+0x4c/0x1b0 [ 465.681856][ T9935] page last free pid 10 tgid 10 stack trace: [ 465.681868][ T9935] __free_frozen_pages+0x747/0x1040 [ 465.681900][ T9935] vfree+0x15f/0x8d0 [ 465.681927][ T9935] delayed_vfree_work+0x56/0x80 [ 465.681956][ T9935] process_one_work+0xa0e/0x1980 [ 465.681978][ T9935] worker_thread+0x5ef/0xe50 [ 465.681999][ T9935] kthread+0x370/0x450 [ 465.682017][ T9935] ret_from_fork+0x72b/0xd50 [ 465.682040][ T9935] ret_from_fork_asm+0x1a/0x30 [ 465.682071][ T9935] [ 465.682076][ T9935] Memory state around the buggy address: [ 465.682088][ T9935] ffff88802972ed80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 465.682105][ T9935] ffff88802972ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 465.682122][ T9935] >ffff88802972ee80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 465.682135][ T9935] ^ [ 465.682148][ T9935] ffff88802972ef00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 465.682165][ T9935] ffff88802972ef80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 465.682178][ T9935] ================================================================== [ 465.730987][ T9935] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 465.731010][ T9935] CPU: 0 UID: 0 PID: 9935 Comm: syz.3.796 Tainted: G L syzkaller #0 PREEMPT(full) [ 465.731045][ T9935] Tainted: [L]=SOFTLOCKUP [ 465.731053][ T9935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 465.731068][ T9935] Call Trace: [ 465.731076][ T9935] [ 465.731085][ T9935] dump_stack_lvl+0x100/0x190 [ 465.731112][ T9935] vpanic+0x552/0x970 [ 465.731135][ T9935] ? __pfx_vpanic+0x10/0x10 [ 465.731161][ T9935] ? fbcon_prepare_logo+0x94e/0xc60 [ 465.731187][ T9935] panic+0xd1/0xe0 [ 465.731209][ T9935] ? __pfx_panic+0x10/0x10 [ 465.731233][ T9935] ? fbcon_prepare_logo+0x94e/0xc60 [ 465.731259][ T9935] ? preempt_schedule_common+0x42/0xc0 [ 465.731293][ T9935] check_panic_on_warn.cold+0x19/0x34 [ 465.731319][ T9935] end_report.part.0+0x3a/0x90 [ 465.731354][ T9935] kasan_report.cold+0xe/0x18 [ 465.731390][ T9935] ? fbcon_prepare_logo+0x94e/0xc60 [ 465.731420][ T9935] kasan_check_range+0x10f/0x1e0 [ 465.731453][ T9935] __asan_memcpy+0x23/0x60 [ 465.731489][ T9935] fbcon_prepare_logo+0x94e/0xc60 [ 465.731522][ T9935] fbcon_init+0x1065/0x1830 [ 465.731551][ T9935] visual_init+0x320/0x620 [ 465.731580][ T9935] do_bind_con_driver.isra.0+0x636/0x9c0 [ 465.731619][ T9935] store_bind+0x609/0x730 [ 465.731655][ T9935] ? __pfx_store_bind+0x10/0x10 [ 465.731694][ T9935] dev_attr_store+0x58/0x80 [ 465.731723][ T9935] ? __pfx_dev_attr_store+0x10/0x10 [ 465.731752][ T9935] sysfs_kf_write+0xf2/0x150 [ 465.731792][ T9935] kernfs_fop_write_iter+0x3e0/0x5f0 [ 465.731826][ T9935] ? __pfx_sysfs_kf_write+0x10/0x10 [ 465.731866][ T9935] vfs_write+0x6ac/0x1070 [ 465.731894][ T9935] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 465.731932][ T9935] ? __pfx_vfs_write+0x10/0x10 [ 465.731967][ T9935] ksys_write+0x12a/0x250 [ 465.731994][ T9935] ? __pfx_ksys_write+0x10/0x10 [ 465.732022][ T9935] ? rcu_is_watching+0x12/0xc0 [ 465.732053][ T9935] do_syscall_64+0x10b/0xf80 [ 465.732083][ T9935] ? clear_bhb_loop+0x40/0x90 [ 465.732110][ T9935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.732135][ T9935] RIP: 0033:0x7f1604f9cdd9 [ 465.732153][ T9935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 465.732177][ T9935] RSP: 002b:00007f16031d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 465.732201][ T9935] RAX: ffffffffffffffda RBX: 00007f1605216180 RCX: 00007f1604f9cdd9 [ 465.732218][ T9935] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002 [ 465.732233][ T9935] RBP: 00007f1605032d69 R08: 0000000000000000 R09: 0000000000000000 [ 465.732248][ T9935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.732263][ T9935] R13: 00007f1605216218 R14: 00007f1605216180 R15: 00007ffe7acd3998 [ 465.732287][ T9935] [ 465.732358][ T9935] Kernel Offset: disabled