last executing test programs: 10.277408816s ago: executing program 2 (id=1138): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) clone$auto(0x2, 0x9c, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xa) exit$auto(0x6) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/net/lapb3/testing\x00', 0xa880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000300)=""/102, 0x66) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x4070aea0, 0x10000000000402) socket(0x1d, 0x2, 0x7) r2 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/fail_usercopy/verbose_ratelimit_interval_ms\x00', 0x0, 0x0) getsockopt$auto(r2, 0x6a, 0x6da0f15, 0xfffffffffffffffe, 0x0) 9.001603161s ago: executing program 2 (id=1141): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xc0) r1 = prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x400000000009, 0x3fffffffff) setreuid$auto(0x0, 0x5) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0\x00', 0x48002, 0x0) ioctl$auto_OTPLOCK(r2, 0x800c4d10, 0x0) fcntl$auto(r0, 0x400, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x163) r3 = socket(0x2, 0x1, 0x106) ioctl$auto_MEMWRITEOOB(0xffffffffffffffff, 0xc0104d03, &(0x7f0000000380)={0x745c, 0xdec9, &(0x7f0000000140)='nl802154\x00'}) connect$auto(r3, &(0x7f00000001c0)=@in={0x2, 0x3}, 0x55) setsockopt$auto(r3, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) pkey_free$auto(0x1) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf257e000000"], 0x14}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x54, r4, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_PREV_BSSID={0x3e, 0x4f, "55f4628466dbdabd9f03eb95f11b375cdd9138596d7450bf0649fcc7a0fe99fc1c2ca048ec8b9cc4fbcc45a32ab344c551aa8ca40675d88ef51f"}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000081}, 0x20040040) r6 = socket(0xf, 0x3, 0x2) syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000040), r6) close_range$auto(0x2, 0xa, 0x0) r7 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000005c0), r3) sendmsg$auto_NFC_CMD_ACTIVATE_TARGET(0xffffffffffffffff, &(0x7f0000001a00)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000019c0)={&(0x7f0000000600)={0x35c, r7, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@NFC_ATTR_SE_APDU={0x81, 0x19, "21e2afc46de0a2e9aabce9bf9796d440cd1c30c0607be94f95033a7073d7abee93efccea11df552ec953c153c2ca8c861ffb52fec753f26081a7e49ba07ddaab9cecf112c22bc82f7aece0709c5257439a6ea9a18832ca10350f5cd72e1737ba3fc41f0ebf568f5d8f72d6ccdd867a130c69a7a389c6a6f12b632b2aec"}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x5}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x40}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x6}, @NFC_ATTR_LLC_SDP={0x2ab, 0x13, 0x0, 0x1, [@typed={0x8, 0x5b, 0x0, 0x0, @fd=r1}, @generic="8993696418d42910c60f0c0a4c4b00e8af93caf6dbb418633297e7bf2b6b43f1e60c0a826c46512af085f7091c91a7c405f7aede5eea87db5e700f06f94dee0a469e9a2769a573dd82d16c2f3c39759a3fd540f3abfd711946072083d766666ead31ef5a28057aadfbe867bdea2e2b9eff5ae92f3f393c838852b5002a5eb6beb93453b1e005c324fd8fbd2961e2458e744ae2f8ec0505ccffff8dafe90dc36de0d6b098bd29", @typed={0x8, 0xb7, 0x0, 0x0, @u32=0xfffff001}, @generic="8c39f5d274f4ef96bebf3f5b17cdf5f1c113d3c4750b51dac5bbfe612c0066eed64bfba7d0421996543974b43a05dc2a367772ec6e25ecaeff45a13617eecb2711fd255065c6be389c25f9cc754c77e3de56640c3a68809d80160cc6238c4d13d93011f3f4121554312c76ee84707d27cd6e858e13d7c278356af2bd7a28732118e4e9787eff9f4b8f6ed29cb8c62845", @typed={0xce, 0xe2, 0x0, 0x0, @binary="21b7f0e1e4e7932fb3fe4bd90bad08a20574d8c3cd48f25e4170f8eafc4d21ef6c40c9107e4c5af217cb9496ffb958aac1c1404ddd89211f43e47317401c43fee5fe96121292e739fc3e31b133886058cd52382213684a66ada41d47e00454208e51223f323d2d72fc8a548649f82c1592acb7057f933f273f6492b87208faf2b05ca0aef6687a81783582bcc21713d3785fe612ddb0b8ef8c5235d2dfc6a7258528d7f35825e1d279812b36546e66fbd25a9ee7dfff3b03b332e67564d145b9dd74e26ab332331fbaa5"}, @nested={0x54, 0xb7, 0x0, 0x1, [@typed={0xc, 0xb5, 0x0, 0x0, @u64=0x1000}, @typed={0x38, 0xf, 0x0, 0x0, @binary="087aba5fdc04f17739769b8c27c3ce2bf81bfe0ef4ea7bf2c0426b497124d6df696a381a85004ec08ac635c9889ce39710682213"}, @nested={0x4, 0x2e}, @nested={0x4, 0x36}, @nested={0x4, 0x3f}]}, @generic="0f5e67c932e6fafc4d88d6d325fbaca1c8a0b250a2358ab32b0a54b78b142e357dde3d443ca48fe85e47fc826121619640e35579d78200cbcb3500c9d0"]}]}, 0x35c}, 0x1, 0x0, 0x0, 0x4000}, 0x804) 6.688701365s ago: executing program 2 (id=1150): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$auto_VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) openat$auto_dfs_cpu_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/x86/topo/cpus/0\x00', 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) preadv$auto(0x40000000000003, 0x0, 0x3, 0xe27c, 0x8) listen$auto(0x3, 0x181) ioctl$auto(0x3, 0x894b, 0x38) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) r1 = socket(0x29, 0x2, 0x0) open_tree_attr$auto(0xffffffffffffff9c, 0x0, 0x100, &(0x7f00000000c0)={0x3, 0x0, 0x7fff, @raw=0x2}, 0x8) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec20\x00', 0x101000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x800000000, 0x2020004, 0x1, 0x15, r1, 0x1ce4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) write$auto(0x3, 0x0, 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) munmap$auto(0x1, 0xffffffff) r2 = socket(0xa, 0x801, 0x106) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x9) close_range$auto(0xffffffffffffffff, r2, 0x2) syslog$auto_SYSLOG_ACTION_READ(0x2, &(0x7f0000000000)='\x00', 0x1) syslog$auto_SYSLOG_ACTION_READ(0x2, &(0x7f0000000040)='\x00', 0x8) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x169780, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r4, 0x4c00, 0x0) 6.458574006s ago: executing program 3 (id=1151): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) sysfs$auto(0x2, 0xe, 0x0) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x40146f2c, 0x0) prctl$auto(0x23, 0xa, 0x2008, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f2b, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram1/queue/add_random\x00', 0x1a1842, 0x0) write$auto(r2, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r3 = socket(0x2, 0x6, 0xffffffff) socket(0x2, 0x1, 0x106) bind$auto(0x3, 0x0, 0x6a) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x100000000400008, 0xdf, 0x9b72, 0x2, 0x3) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r4, 0x5404, &(0x7f0000000180)="697d37cbf26e92f6363ee4bf45") syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) sigaltstack$auto(&(0x7f00000000c0)={&(0x7f00000001c0)="d5d03e15fe947470356f4ef5096f86937ad80b360ee48fd2d7e1ad0c42b7fe845ad47bbeb9985bdc4d3db595a85b2a9ce4c8850bcd7b63afbe7601e93d9a6200990f74201362742baa3bb29007e8eaa3f9655b708208692b682a4d5557112585e2791ec800b18be0cb9841e91f27db1ec6440ee948394bbc93d661b66ca4a99365af797b07bfd2b47d0192924a1ae8e7d303ed5a7713228414024be0d5ceaf93e080c9e567f885e091831755ff990355608fb73df51d", 0x2}, 0x0) sendmmsg$auto(r3, 0x0, 0x5, 0x20000000) 5.924444844s ago: executing program 1 (id=1154): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x1, 0xc, 0x0, 0x7fffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x16240, 0x0) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r1, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x6, 0x1, '.\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x300, 0x0, 0x801}, 0x0) r2 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000080), r0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f00000012c0), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x18, r4, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_CLEAR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) sendmsg$auto_IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0x58, r2, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_STATUS={0x5, 0x3, 0x7}, @IEEE802154_ATTR_LLSEC_KEY_BYTES={0x14, 0x30, "58f8d33b38fcf22e7fbe0e53bb1863d4"}, @IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0x7}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0x1}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5, 0x29, 0x1}, @IEEE802154_ATTR_COORD_REALIGN={0x5, 0x1b, 0xe}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0xc0}, 0x4c0c0) 5.70465398s ago: executing program 1 (id=1155): mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xca600, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fsconfig$auto_JFFS2_COMPR_MODE_NONE(r0, 0x9, 0x0, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x3, 0x10001, 0x3, 0x5e, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x4e, 0x2, 0x0, 0x100, 0x2) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) 4.708882216s ago: executing program 1 (id=1157): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/mounts\x00', 0x105442, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/statistics/rx_crc_errors\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/4096, 0x1000) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) syz_clone3(0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r1 = socket(0x1e, 0x1, 0x0) socketpair$auto(0x8, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001200)='/dev/video10\x00', 0x123302, 0x0) ioctl$auto(r2, 0xc0045627, r1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x20502, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_READ(r3, 0xc0085504, &(0x7f0000001100)={0x0, 0x1, 0x0, "1dd856a19ef964bc601a2f7134246fa5c038b621d8d73387f8159f52d0f8f88b6125271c9995b5637e095302bfca39993337a32745379d723e1d830e5a7eddbd01d57bc1aa0c2789572357355d2dd18fd3177e748589cf5f8111c282a5532931a72cb855e0417deceaaf6f0d09fa0b876fe0ae05975d5235c2034449c9afc18ac5bf1e831b39d8c5f160e28a59ae8532e6e8b9e4bc3ddefbfddb3c451db11b5c4b88a02815c3d5e401000c7c1cc69d3677a92a6fff0a9857e2042e492d2d4289935145b01f49c3d30fba3e6273b76c0c6af84f6e474152"}) 4.681667759s ago: executing program 3 (id=1158): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xc0) r1 = prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x400000000009, 0x3fffffffff) setreuid$auto(0x0, 0x5) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0\x00', 0x48002, 0x0) ioctl$auto_OTPLOCK(r2, 0x800c4d10, 0x0) fcntl$auto(r0, 0x400, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x163) r3 = socket(0x2, 0x1, 0x106) ioctl$auto_MEMWRITEOOB(0xffffffffffffffff, 0xc0104d03, &(0x7f0000000380)={0x745c, 0xdec9, &(0x7f0000000140)='nl802154\x00'}) connect$auto(r3, &(0x7f00000001c0)=@in={0x2, 0x3}, 0x55) setsockopt$auto(r3, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) pkey_free$auto(0x1) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf257e000000"], 0x14}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x54, r4, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_PREV_BSSID={0x3e, 0x4f, "55f4628466dbdabd9f03eb95f11b375cdd9138596d7450bf0649fcc7a0fe99fc1c2ca048ec8b9cc4fbcc45a32ab344c551aa8ca40675d88ef51f"}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000081}, 0x20040040) r6 = socket(0xf, 0x3, 0x2) syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000040), r6) close_range$auto(0x2, 0xa, 0x0) r7 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000005c0), r3) sendmsg$auto_NFC_CMD_ACTIVATE_TARGET(0xffffffffffffffff, &(0x7f0000001a00)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000019c0)={&(0x7f0000000600)={0x35c, r7, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@NFC_ATTR_SE_APDU={0x81, 0x19, "21e2afc46de0a2e9aabce9bf9796d440cd1c30c0607be94f95033a7073d7abee93efccea11df552ec953c153c2ca8c861ffb52fec753f26081a7e49ba07ddaab9cecf112c22bc82f7aece0709c5257439a6ea9a18832ca10350f5cd72e1737ba3fc41f0ebf568f5d8f72d6ccdd867a130c69a7a389c6a6f12b632b2aec"}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x5}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x40}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x6}, @NFC_ATTR_LLC_SDP={0x2ab, 0x13, 0x0, 0x1, [@typed={0x8, 0x5b, 0x0, 0x0, @fd=r1}, @generic="8993696418d42910c60f0c0a4c4b00e8af93caf6dbb418633297e7bf2b6b43f1e60c0a826c46512af085f7091c91a7c405f7aede5eea87db5e700f06f94dee0a469e9a2769a573dd82d16c2f3c39759a3fd540f3abfd711946072083d766666ead31ef5a28057aadfbe867bdea2e2b9eff5ae92f3f393c838852b5002a5eb6beb93453b1e005c324fd8fbd2961e2458e744ae2f8ec0505ccffff8dafe90dc36de0d6b098bd29", @typed={0x8, 0xb7, 0x0, 0x0, @u32=0xfffff001}, @generic="8c39f5d274f4ef96bebf3f5b17cdf5f1c113d3c4750b51dac5bbfe612c0066eed64bfba7d0421996543974b43a05dc2a367772ec6e25ecaeff45a13617eecb2711fd255065c6be389c25f9cc754c77e3de56640c3a68809d80160cc6238c4d13d93011f3f4121554312c76ee84707d27cd6e858e13d7c278356af2bd7a28732118e4e9787eff9f4b8f6ed29cb8c62845", @typed={0xce, 0xe2, 0x0, 0x0, @binary="21b7f0e1e4e7932fb3fe4bd90bad08a20574d8c3cd48f25e4170f8eafc4d21ef6c40c9107e4c5af217cb9496ffb958aac1c1404ddd89211f43e47317401c43fee5fe96121292e739fc3e31b133886058cd52382213684a66ada41d47e00454208e51223f323d2d72fc8a548649f82c1592acb7057f933f273f6492b87208faf2b05ca0aef6687a81783582bcc21713d3785fe612ddb0b8ef8c5235d2dfc6a7258528d7f35825e1d279812b36546e66fbd25a9ee7dfff3b03b332e67564d145b9dd74e26ab332331fbaa5"}, @nested={0x54, 0xb7, 0x0, 0x1, [@typed={0xc, 0xb5, 0x0, 0x0, @u64=0x1000}, @typed={0x38, 0xf, 0x0, 0x0, @binary="087aba5fdc04f17739769b8c27c3ce2bf81bfe0ef4ea7bf2c0426b497124d6df696a381a85004ec08ac635c9889ce39710682213"}, @nested={0x4, 0x2e}, @nested={0x4, 0x36}, @nested={0x4, 0x3f}]}, @generic="0f5e67c932e6fafc4d88d6d325fbaca1c8a0b250a2358ab32b0a54b78b142e357dde3d443ca48fe85e47fc826121619640e35579d78200cbcb3500c9d0"]}]}, 0x35c}, 0x1, 0x0, 0x0, 0x4000}, 0x804) 3.684447081s ago: executing program 0 (id=1161): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/040/001\x00', 0x20882, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x8, 0x5, 0x7ff, 0x7fb}) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x10b000, 0x0) ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0x1c, 0x92f1, 0x4, 0xffffffffffffffff}, 0xa) getsockopt$auto_SO_TIMESTAMPNS_NEW(r2, 0x0, 0x40, &(0x7f0000000000)='$\x00', &(0x7f0000000040)=0x102) write$auto_ftrace_set_event_pid_fops_trace_events(r2, &(0x7f00000001c0)="c409bdfbaa0050b1cbd6565e5c948652acfd3e13acd5804449e82c07730865", 0x1f) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) 3.568731253s ago: executing program 1 (id=1162): mmap$auto(0x0, 0x93, 0x2, 0x40eb2, 0x401, 0x300000000000) (async) r0 = socket(0x2, 0x5, 0x0) (async) getcwd$auto(0x0, 0xffffffffffffffff) (async) setsockopt$auto(0x3, 0x10000000084, 0x7, 0x0, 0x4) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) r2 = socket(0xa, 0x3, 0x3a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0) (async) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) (async) acct$auto(&(0x7f0000000000)='/sys/devices/platform/i8042/serio1/resync_time\x00') (async) setsockopt$auto(r2, 0x8, 0xfffffffc, &(0x7f0000000040)=',%\x00', 0xfffffffc) (async) add_key$auto(&(0x7f0000000740)='#)-\\&[}\x00', &(0x7f0000000780)='.\\@&\x00', 0x0, 0x5, 0x9) acct$auto(0x0) (async) getsockopt$auto(r2, 0x29, 0xcf, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) (async) r3 = socket(0x29, 0x2, 0x0) getsockopt$auto(r3, 0x119, 0x1, 0x0, 0x0) epoll_create1$auto(0x4) (async) sendmsg$auto_NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0xb4, r1, 0xc00, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_SAR_SPEC={0x98, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS={0x74, 0x2, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xadc5}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xaa3e}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xf22b}, @NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8a9a}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x987}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}]}]}, @NL80211_SAR_ATTR_SPECS={0x20, 0x2, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xde9b}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}]}]}]}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0xc1}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) (async) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 3.4261098s ago: executing program 2 (id=1163): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="ffa2"], 0x44}, 0x1, 0x0, 0x0, 0x10000000}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0xa}, 0x7}, 0x3, 0x2) r0 = socket(0x2, 0x3, 0x100) pipe$auto(&(0x7f0000000000)=0xffffffffffffffff) splice$auto(r1, 0x0, r0, 0x0, 0x7fffffffffffffff, 0x8) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) poll$auto(&(0x7f0000000480)={r2, 0xffff, 0x29}, 0x3, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) r3 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$auto(r2, 0x400454d6, r3) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_u32_array_fops_file(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim3/ports/0/udp_ports_table1\x00', 0x200300, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3a, 0x4, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r5, 0xc4c85512, &(0x7f00000004c0)={{@raw=0x1, 0x5, 0x3, 0xffffffff, "76f006e37ceb76bfbde3245bee4c6625cb0662ccc64e124db4fedbdd228b9ced12ac206f688d4858a0b558db"}, 0x1, @integer=@value=[0x2, 0x7, 0x9, 0x4, 0xffffffff, 0x2, 0x7, 0xf52d, 0x8, 0x77, 0x4, 0x1c2, 0x1, 0x1, 0x9, 0x3, 0x8, 0x9, 0x6, 0x1, 0x1840, 0x1, 0x40, 0x5, 0x9, 0x3ff, 0x4, 0x2, 0x3ff, 0x9, 0x101, 0x6, 0x3, 0x0, 0x1, 0x5, 0x800000000002, 0x7, 0xe, 0xffffffffffffffff, 0x1000, 0x81, 0x80000000, 0x0, 0x81, 0xfe, 0x100, 0x4000, 0x10000, 0x1, 0x100, 0xec00000, 0x185d, 0xe, 0x10000, 0x7, 0x1, 0x6, 0x0, 0x8a, 0xfffffffffffffffa, 0x6, 0x7, 0x7ff, 0x5, 0x7, 0x7, 0x5, 0x27d64140, 0x1ff, 0xffffffffffffffff, 0x4, 0x7, 0x3, 0x1ff, 0x81, 0x5, 0x2, 0xfffffffffffff800, 0x9, 0x2, 0x208, 0x547, 0x5, 0x100000000, 0x2, 0x6, 0x7fffffff, 0x5, 0x400, 0x1fd, 0x8008, 0x80, 0x0, 0xf46, 0x2, 0xfffffffffffffff9, 0x8000000000000000, 0x35, 0x5, 0x8, 0x8, 0x2, 0x9, 0xfffffffffffffff9, 0x0, 0x0, 0x7, 0xe4, 0x8000000000000, 0x5, 0x9, 0x7ffffffffffffffc, 0x4, 0x0, 0xfffffdffffffffff, 0x7, 0xfffffffffffffffd, 0x6, 0x0, 0x5, 0x4, 0x40000000000000c0, 0x1400, 0x2000800, 0x6, 0x571a, 0x3], "6b54dd2e739e95a6f217b84988b4581576aaed11b340e4707992930f9a930325903b0e132daa477100a1107a85f3303896b5ec1e61dfb9c0e2698c93ebcd3e1508428d544319376037341d65bb6fb47a002356928a53d1534d8b947cbfcbfba7c7c74e86dc40dc6bca83c523e1e38c31cabf433dd0e3bc1b1b3128e5cf49b23f"}) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x7, 0xfffffffb, 0x2) madvise$auto(0x0, 0x2003f0, 0x15) io_uring_setup$auto(0x1, 0x0) close_range$auto(r2, r2, 0x0) socketcall$auto_SYS_SOCKETPAIR(0x8, &(0x7f0000000040)=0xfffffffffffff001) 3.317605951s ago: executing program 1 (id=1164): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0xa0042, 0x0) write$auto(r1, &(0x7f00000001c0)='-\x001c\xc2.b\x97\x1a\xf4\xd8\x1a\x1c\xb2\x9db\xb1\xec\xdeGDr=\xc2\xdc\xdf\x8cg\xa10Fzk\x86bd\xfc\x19\x96y\x9cYy\xc1\xc4\xf1\x0fH\x0f2\xa6\xbd\x9b\xe8\x97\xb0>,\xbf\xb8Kje\x05\xc4\xf8\x01\xd3]\x7f\xb8\x83S\xaf\xc5\xceZZlTO\xf5\x81`$\xec=|1\x05\xa9\x95Q\xf6\a\x81)\x94\xdaJ.\x04\xf2\xd7O\xa7=u1\xcd$\x17(t\xa4.\x1d\xfd\xf1\xc8e\x9c\xb4k\xfd\x94+B\x17o\\>4\xb7d5\a\xef\xb6\xe5F\xba\xf9Q\xdb\xd0\xb5\xa6\x1b\\\x0e\xb7\xab\xc3\x7fO`\x0e\x15\xca\x01z\xc23\xa1\x03\xdd@\xf3', 0xfdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r2, 0xc040564a, r2) setsockopt$auto(0xffffffffffffffff, 0x1, 0xc, 0x0, 0x7fffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x16240, 0x0) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x6, 0x1, '.\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x300, 0x0, 0x801}, 0x0) r4 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000080), r0) setreuid$auto(0x0, 0x0) rseq$auto(&(0x7f0000000200)={0xe, 0x402, 0xfb82, 0x3, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x6) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) write$auto(r5, &(0x7f0000000340)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x0e\xfa{\x15\x1d\x11\x85o\xf1g\xb7\xb3\xdd\\\xfdG\xa9\x16R\xa4\xe9\xd1\xf4S\x94\xe1\x9c\x88\x1b\xe6.\x11\xa3\xe1\xddi\xb66\xaa\xa3\xc7iB\xc84\x11\xac\xfd\x1a*\xd4a\xfe\x05\x96\x0ec\x12\xea\xd5K\xea\xda\xa3\xfa\xc3\xedr\x17\xa5\x1c\x88{v\xb8\bj\x84\xd8g\x05r\xe7n\x7f^\x9d\xc7V\x92\xb9Z.Uc*K', 0x81) mq_timedreceive$auto(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x2}) setresgid$auto(0x81, 0x800000a0, 0x8) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f00000012c0), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x18, r7, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_CLEAR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) sendmsg$auto_IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x50, r4, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_STATUS={0x5, 0x3, 0x6}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0xb6}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5, 0x29, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, 0x3}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5, 0x29, 0x1}, @IEEE802154_ATTR_COORD_REALIGN={0x5, 0x1b, 0xe}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0xc0}, 0x40040) 3.270974706s ago: executing program 3 (id=1165): keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x9, 0xfc, 0x1000000eb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x20942, 0x0) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x83, 0x0) ioctl$auto(r1, 0x40044620, 0xffffffffffffffff) time$auto(0x0) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) listen$auto(0x3, 0x400000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000000c0)='5', 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim2/new_port\x00', 0x183a41, 0x0) writev$auto(r3, &(0x7f00000002c0)={&(0x7f0000000480)="3472517ba6", 0x5}, 0x1) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) quotactl$auto(0x9, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0xee01, &(0x7f0000000300)="5f865082dea48a5120697f1dfdfa25db5140bcc1c80a4f634aef6ed739ad5affcd6f11ed4a2e1dee4629f12a309107c8b5e85c181b27ff528bafd3812dd61942749b4248a7036e5274710b58c36fe105369e60270fd2f140dbfe94955295d1e21c7769b2b0b95f2f1be3a3b7ea4b3be9d5956d567fb43d3d00d42dd5bec3a6ac6415813c95e04dc443356fda27596f3f4d6f8341ed7db017854aca8dcc9de3ccdaed1427c6d2ed8649ed3aed4e4396f34302073707b5fb9575491eb59771f1a66bb0cdfa0807ab") execveat$auto(r0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x10000) 2.673342857s ago: executing program 0 (id=1166): mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xca600, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fsconfig$auto_JFFS2_COMPR_MODE_NONE(r0, 0x9, 0x0, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x3, 0x10001, 0x3, 0x5e, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x4e, 0x2, 0x0, 0x100, 0x2) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) 2.311795808s ago: executing program 2 (id=1167): mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xca600, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fsconfig$auto_JFFS2_COMPR_MODE_NONE(r0, 0x9, &(0x7f0000000040)='{6y\xfa\xd6\bk\xf0\xe3\n', 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x3, 0x10001, 0x3, 0x5e, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x4e, 0x2, 0x0, 0x100, 0x2) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nullb0/queue/scheduler\x00', 0xca002, 0x0) sendfile$auto(r2, r2, 0x0, 0x7ffff000) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/6/smp_affinity_list\x00', 0xe0182, 0x0) readv$auto(r3, &(0x7f0000000140)={0x0, 0x8}, 0x200000000080003) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/dev_snmp6/vlan1\x00', 0x109040, 0x0) ioctl$auto_FS_IOC_RESVSP(r4, 0x40305828, 0x4) 1.994669771s ago: executing program 3 (id=1168): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, 0x0, 0x4000040) close_range$auto(0x2, 0x8, 0x0) ustat$auto(0x801, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r1 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0x0, 0x29f, 0x100, 0x7f, 0xffffffff, 0x6, 0x2}, {0x8000100, 0x1, 0x8000052, 0x5, 0x1, 0x40, 0x76c5, 0x9a, 0x100000000}}) socket(0x2b, 0x1, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, 0x8000, 0x0) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r2, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) 1.475706021s ago: executing program 3 (id=1169): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x0, 0x21, 0x0, 0x28) mmap$auto(0x0, 0x2020009, 0x0, 0x8011, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) sendmsg$auto_OVS_DP_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4880}, 0x4000) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r2, 0x100, 0x70bd26, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0xd6b}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x6}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x78}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4090) socket(0xa, 0x1, 0x4) setsockopt$auto(r1, 0x0, 0x20040, 0x0, 0xfffff0df) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) unshare$auto(0x40000080) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) ioctl$auto(r3, 0x921064a5, r3) r4 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) ioctl$auto(r4, 0x800064ba, 0x1e6) ioctl$auto_RTC_AIE_OFF(r0, 0x7002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) 1.474918004s ago: executing program 0 (id=1177): mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xca600, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fsconfig$auto_JFFS2_COMPR_MODE_NONE(r0, 0x9, 0x0, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x3, 0x10001, 0x3, 0x5e, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x4e, 0x2, 0x0, 0x100, 0x2) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) 540.614325ms ago: executing program 0 (id=1170): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram0\x00', 0x15be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x6, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x20000001, 0x2, 0x23, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) 303.519195ms ago: executing program 2 (id=1171): openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd8/queue/nr_requests\x00', 0x6800, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (rerun: 32) write$auto(0xffffffffffffffff, 0x0, 0x8000000000000001) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/auth.unix.ip/flush\x00', 0x40d81, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 32) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000140), 0xcb00, 0x0) (async, rerun: 32) getpid() (async) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2100, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r1) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, 0x0, 0x40800) (async) unshare$auto(0x40000080) (async, rerun: 64) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async, rerun: 64) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) (async) r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') ioctl$auto(r3, 0x8004b708, 0x1) (async, rerun: 64) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, 0x0) (rerun: 64) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) (async) pread64$auto(r2, 0x0, 0x7ff, 0xd) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlockall$auto(0x7) (async) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mprotect$auto(0x0, 0x806121, 0x6) (async) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 200.65957ms ago: executing program 0 (id=1172): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop12\x00', 0x8001, 0x0) ioctl$auto_IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x2, 0x10000003, 0x5}) 190.847867ms ago: executing program 3 (id=1173): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card1/cable#1\x00', 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x3, 0x2020009, 0xffffffffffffffff, 0xeb5, 0xfffffffffffffffa, 0x8002) madvise$auto(0x0, 0xffffffffffff0005, 0x9) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) rseq$auto(&(0x7f00000002c0)={0xe, 0xb, 0x0, 0x4e, 0x6, 0x2, "b133fe2c0b2724d4ac6401000000ed0958362d1b65be0f17e614aac3d82f3a89d801000000000000007e67000d767bd8593da95518ad54518fd01ef315c906330843c6069aaf95e1ce41e2727d43e02de8ed930d40ab7eb1b86d02056a1e6e041a70279fe6a346291adfc7794f9dd7b890e4b435c3"}, 0x8000, 0x0, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munlock$auto(0xf, 0x6) (async) socket(0x21, 0x1, 0x20002) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty17\x00', 0x301981, 0x0) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0) write$auto(0x3, 0x0, 0xfffffdef) (async) ioctl$auto(r1, 0x4b71, 0x1) (async) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x200842, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) mmap$auto(0x200, 0x810004, 0xff9, 0x800000000801f, 0x3, 0xfffffffffffffffe) (async) preadv2$auto(r0, &(0x7f00000000c0)={0x0, 0x80000000}, 0xde03, 0x6, 0x2, 0xfffffffc) (async) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x7c3142, 0x0) (async) fsconfig$auto_HIDEPID_OFF(0xffffffffffffffff, 0xff, &(0x7f0000000040)='+*\x00', &(0x7f00000001c0)="a84f0388ab81664d20532bbab7a95e6373347b6ccf6f792a8331754e583c8d1e5d1f074ddcf5ac6fca05b428d38fdfef367be854a4349983353241a2171b1d164201e5f703cc7eb9f14e454ede", 0x0) socketpair$auto(0x1a, 0x1, 0x8000000000000000, 0x0) 154.607964ms ago: executing program 1 (id=1174): mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x1, 0x84) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xca600, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fsconfig$auto_JFFS2_COMPR_MODE_NONE(r0, 0x9, &(0x7f0000000040)='{6y\xfa\xd6\bk\xf0\xe3\n', 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x3, 0x10001, 0x3, 0x5e, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x4e, 0x2, 0x0, 0x100, 0x2) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) 0s ago: executing program 0 (id=1175): open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) r0 = socket(0xa, 0x2, 0x73) mmap$auto(0xfffffffffffffff9, 0x400008, 0xe1, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x103642, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000f9dbdf250100000008000a0008000000050007003b000000080009009c781e01060002000100000008001700", @ANYRES32=r0], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) close_range$auto(0x2, 0x8, 0x0) mount$auto(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='afs\x00', 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) open(0x0, 0x22240, 0x155) mmap$auto(0x0, 0x3, 0xe1, 0x9b72, 0xfffffffffffffffe, 0x8000) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x403c6f2b, 0x0) setsockopt$auto_SO_TIMESTAMPING_NEW(r1, 0x8, 0x41, &(0x7f0000000000)='[\x00', 0x101) kernel console output (not intermixed with test programs): T5833] chnl_net:caif_netlink_parms(): no params data found [ 84.703986][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.763755][ T5826] team0: Port device team_slave_0 added [ 84.804199][ T5826] team0: Port device team_slave_1 added [ 84.884861][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.891938][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.920655][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.946718][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.953832][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.980212][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.015677][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.022937][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.030288][ T5833] bridge_slave_0: entered allmulticast mode [ 85.037558][ T5833] bridge_slave_0: entered promiscuous mode [ 85.050366][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 85.063947][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 85.074998][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.082386][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.089713][ T5833] bridge_slave_1: entered allmulticast mode [ 85.096677][ T5833] bridge_slave_1: entered promiscuous mode [ 85.191044][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.222674][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.238423][ T5826] hsr_slave_0: entered promiscuous mode [ 85.244756][ T5826] hsr_slave_1: entered promiscuous mode [ 85.297953][ T5833] team0: Port device team_slave_0 added [ 85.345058][ T5833] team0: Port device team_slave_1 added [ 85.357870][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.365465][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.372774][ T5839] bridge_slave_0: entered allmulticast mode [ 85.379920][ T5839] bridge_slave_0: entered promiscuous mode [ 85.395344][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.402727][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.409953][ T5827] bridge_slave_0: entered allmulticast mode [ 85.416985][ T5827] bridge_slave_0: entered promiscuous mode [ 85.433845][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.441064][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.448307][ T5839] bridge_slave_1: entered allmulticast mode [ 85.455245][ T5839] bridge_slave_1: entered promiscuous mode [ 85.471435][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.478668][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.485853][ T5827] bridge_slave_1: entered allmulticast mode [ 85.493474][ T5827] bridge_slave_1: entered promiscuous mode [ 85.550469][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.557765][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.584001][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.612495][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.624912][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.634785][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.642045][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.668038][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.682087][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.717304][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.777881][ T5827] team0: Port device team_slave_0 added [ 85.813353][ T5827] team0: Port device team_slave_1 added [ 85.821642][ T5839] team0: Port device team_slave_0 added [ 85.840450][ T5833] hsr_slave_0: entered promiscuous mode [ 85.846670][ T5833] hsr_slave_1: entered promiscuous mode [ 85.853007][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 85.858893][ T5833] Cannot create hsr debugfs directory [ 85.875615][ T5839] team0: Port device team_slave_1 added [ 85.947009][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.954021][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.980441][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.013449][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.020956][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.047050][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.069221][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.076198][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.098429][ T5835] Bluetooth: hci2: command tx timeout [ 86.102563][ T5843] Bluetooth: hci0: command tx timeout [ 86.108372][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.152150][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.159493][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.185614][ T5843] Bluetooth: hci1: command tx timeout [ 86.187876][ T5843] Bluetooth: hci3: command tx timeout [ 86.196960][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.292365][ T5839] hsr_slave_0: entered promiscuous mode [ 86.299050][ T5839] hsr_slave_1: entered promiscuous mode [ 86.305075][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 86.310988][ T5839] Cannot create hsr debugfs directory [ 86.335021][ T5827] hsr_slave_0: entered promiscuous mode [ 86.341521][ T5827] hsr_slave_1: entered promiscuous mode [ 86.348000][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 86.353734][ T5827] Cannot create hsr debugfs directory [ 86.469174][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.482354][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.516018][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.526417][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.739978][ T5833] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.753890][ T5833] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.764315][ T5833] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.775822][ T5833] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 86.844351][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.865194][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.905493][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.951127][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.040349][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.066665][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.094790][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.124144][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.153076][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.208152][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.251970][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.263768][ T1004] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.271078][ T1004] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.302815][ T1004] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.310013][ T1004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.331700][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.348121][ T1004] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.355275][ T1004] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.382288][ T3564] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.389976][ T3564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.461499][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.572837][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.593782][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.644120][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.651391][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.685143][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.692355][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.740220][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.775503][ T3491] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.782722][ T3491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.828036][ T3491] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.835214][ T3491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.936748][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.966923][ T5827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.996856][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.141925][ T5826] veth0_vlan: entered promiscuous mode [ 88.155897][ T5833] veth0_vlan: entered promiscuous mode [ 88.177599][ T5843] Bluetooth: hci0: command tx timeout [ 88.178412][ T5835] Bluetooth: hci2: command tx timeout [ 88.198563][ T5826] veth1_vlan: entered promiscuous mode [ 88.216411][ T5833] veth1_vlan: entered promiscuous mode [ 88.258994][ T5835] Bluetooth: hci3: command tx timeout [ 88.259350][ T5843] Bluetooth: hci1: command tx timeout [ 88.290366][ T5826] veth0_macvtap: entered promiscuous mode [ 88.322081][ T5826] veth1_macvtap: entered promiscuous mode [ 88.361241][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.372786][ T5833] veth0_macvtap: entered promiscuous mode [ 88.384829][ T5833] veth1_macvtap: entered promiscuous mode [ 88.422970][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.436256][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.456914][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.469051][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.510334][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.535908][ T5839] veth0_vlan: entered promiscuous mode [ 88.544895][ T3564] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.554777][ T3564] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.595368][ T3564] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.604840][ T3564] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.616121][ T5839] veth1_vlan: entered promiscuous mode [ 88.628341][ T3564] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.641561][ T3564] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.675475][ T3564] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.688997][ T3564] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.721763][ T5827] veth0_vlan: entered promiscuous mode [ 88.785438][ T5827] veth1_vlan: entered promiscuous mode [ 88.797025][ T5839] veth0_macvtap: entered promiscuous mode [ 88.824786][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.834318][ T5839] veth1_macvtap: entered promiscuous mode [ 88.845086][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.868904][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.879722][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.903407][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.925139][ T1004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.931736][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.940632][ T1004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.980059][ T1004] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.990108][ T1004] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.002167][ T3491] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.017077][ T3491] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.036174][ T5827] veth0_macvtap: entered promiscuous mode [ 89.045117][ T1004] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.046228][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 89.055535][ T1004] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.093325][ T5827] veth1_macvtap: entered promiscuous mode [ 89.181749][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.226340][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.266718][ T1004] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.306115][ T1004] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.324279][ T1004] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.367452][ T1004] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.400480][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.416064][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.471729][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.485973][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.502665][ T5924] mmap: syz.3.4 (5924) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 89.625720][ T1004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.650384][ T1004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.798220][ T3564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.812069][ T3564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.169336][ T5939] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 90.253116][ T5939] process 'syz.1.2' launched ':,' with NULL argv: empty string added [ 90.262799][ T5843] Bluetooth: hci2: command tx timeout [ 90.262883][ T5835] Bluetooth: hci0: command tx timeout [ 90.337611][ T5835] Bluetooth: hci3: command tx timeout [ 90.339046][ T5843] Bluetooth: hci1: command tx timeout [ 90.476265][ T63] netdevsim netdevsim511 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.927836][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.944871][ T10] cfg80211: failed to load regulatory.db [ 92.337537][ T5843] Bluetooth: hci2: command tx timeout [ 92.343000][ T5843] Bluetooth: hci0: command tx timeout [ 92.417877][ T5843] Bluetooth: hci1: command tx timeout [ 92.423363][ T5843] Bluetooth: hci3: command tx timeout [ 93.157457][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.166281][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.453588][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.667630][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.813681][ T5998] random: crng reseeded on system resumption [ 93.878363][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.997634][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.078080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.338230][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 94.537895][ T6012] netlink: 4 bytes leftover after parsing attributes in process `syz.0.16'. [ 94.559955][ T6012] ovs_ÿþ: entered promiscuous mode [ 94.668615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.687441][ T6022] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.202515][ T6061] Zero length message leads to an empty skb [ 100.896409][ T6103] bridge0: port 3(team0) entered blocking state [ 100.949844][ T6103] bridge0: port 3(team0) entered disabled state [ 100.950035][ T6103] team0: entered allmulticast mode [ 100.950057][ T6103] team_slave_0: entered allmulticast mode [ 100.950078][ T6103] team_slave_1: entered allmulticast mode [ 100.952553][ T6103] team0: entered promiscuous mode [ 100.952581][ T6103] team_slave_0: entered promiscuous mode [ 100.952773][ T6103] team_slave_1: entered promiscuous mode [ 100.953826][ T6103] bridge0: port 3(team0) entered blocking state [ 100.953977][ T6103] bridge0: port 3(team0) entered forwarding state [ 103.001346][ T5843] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 103.099984][ T6140] netlink: 40 bytes leftover after parsing attributes in process `syz.1.41'. [ 103.348568][ T6148] random: crng reseeded on system resumption [ 103.419270][ T6150] vivid-007: ================= START STATUS ================= [ 103.439429][ T6150] vivid-007: Generate PTS: true [ 103.446213][ T6150] vivid-007: Generate SCR: true [ 103.446272][ T6150] tpg source WxH: 320x240 (Y'CbCr) [ 103.446294][ T6150] tpg field: 1 [ 103.446304][ T6150] tpg crop: (0,0)/320x240 [ 103.446322][ T6150] tpg compose: (0,0)/320x240 [ 103.446343][ T6150] tpg colorspace: 8 [ 103.446353][ T6150] tpg transfer function: 0/0 [ 103.446365][ T6150] tpg Y'CbCr encoding: 0/0 [ 103.446378][ T6150] tpg quantization: 0/0 [ 103.446390][ T6150] tpg RGB range: 0/2 [ 103.446403][ T6150] vivid-007: ================== END STATUS ================== [ 104.753655][ T6164] netlink: 342 bytes leftover after parsing attributes in process `syz.3.45'. [ 105.057932][ T5843] Bluetooth: hci1: command tx timeout [ 105.148387][ T6171] vivid-007: ================= START STATUS ================= [ 105.156085][ T6171] vivid-007: Generate PTS: true [ 105.189035][ T6171] vivid-007: Generate SCR: true [ 105.195408][ T6171] tpg source WxH: 320x240 (Y'CbCr) [ 105.201055][ T6171] tpg field: 1 [ 105.204448][ T6171] tpg crop: (0,0)/320x240 [ 105.208911][ T6171] tpg compose: (0,0)/320x240 [ 105.213691][ T6171] tpg colorspace: 8 [ 105.217558][ T6171] tpg transfer function: 0/0 [ 105.222180][ T6171] tpg Y'CbCr encoding: 0/0 [ 105.226800][ T6171] tpg quantization: 0/0 [ 105.231057][ T6171] tpg RGB range: 0/2 [ 105.234962][ T6171] vivid-007: ================== END STATUS ================== [ 106.277365][ T6183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 106.298417][ T6183] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 106.321912][ T6183] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 106.329995][ T6183] page_type: f5(slab) [ 106.336180][ T6183] raw: 00fff00000000040 ffff88813ffa7140 dead000000000122 0000000000000000 [ 106.345605][ T6183] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 106.354861][ T6183] head: 00fff00000000040 ffff88813ffa7140 dead000000000122 0000000000000000 [ 106.396735][ T6183] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 106.416415][ T6183] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 106.420080][ T30] audit: type=1800 audit(1764276109.707:2): pid=6188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.52" name="features" dev="configfs" ino=8924 res=0 errno=0 [ 106.446868][ T6183] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 106.476184][ T6183] page dumped because: unmovable page [ 106.486027][ T6183] page_owner tracks the page as allocated [ 106.512823][ T6183] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5199, tgid 5199 (udevd), ts 98532422729, free_ts 98518621994 [ 106.536741][ T6183] post_alloc_hook+0x1af/0x220 [ 106.562195][ T6183] get_page_from_freelist+0x10a3/0x3a30 [ 106.568208][ T6183] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 106.574145][ T6183] alloc_pages_mpol+0x1fb/0x550 [ 106.627341][ T6183] new_slab+0x24a/0x360 [ 106.632559][ T6183] ___slab_alloc+0xd79/0x1a50 [ 106.637945][ T6183] __slab_alloc.constprop.0+0x63/0x110 [ 106.643485][ T6183] __kmalloc_noprof+0x501/0x880 [ 106.648541][ T6183] tomoyo_realpath_from_path+0xc2/0x6e0 [ 106.654148][ T6183] tomoyo_path_perm+0x274/0x460 [ 106.677345][ T6183] security_inode_getattr+0x116/0x290 [ 106.682982][ T6183] vfs_fstat+0x4b/0xe0 [ 106.693069][ T6183] __do_sys_newfstat+0x87/0x100 [ 106.703234][ T6183] do_syscall_64+0xcd/0xfa0 [ 106.707958][ T6183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.714057][ T6183] page last free pid 6073 tgid 6066 stack trace: [ 106.721156][ T6183] __free_frozen_pages+0x7df/0x1160 [ 106.726508][ T6183] __put_partials+0x130/0x170 [ 106.731405][ T6183] qlist_free_all+0x4d/0x120 [ 106.736040][ T6183] kasan_quarantine_reduce+0x195/0x1e0 [ 106.741717][ T6183] __kasan_slab_alloc+0x69/0x90 [ 106.746707][ T6183] kmem_cache_alloc_noprof+0x250/0x6e0 [ 106.752454][ T6183] getname_flags.part.0+0x4c/0x550 [ 106.757682][ T6183] getname_flags+0x93/0xf0 [ 106.762120][ T6183] do_sys_openat2+0xb8/0x1d0 [ 106.766177][ T6187] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.766872][ T6183] __x64_sys_openat+0x174/0x210 [ 106.842461][ T6183] do_syscall_64+0xcd/0xfa0 [ 106.860992][ T6183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.462588][ T6200] input: f¬ as /devices/virtual/input/input6 [ 107.499888][ T6201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.55'. [ 107.595465][ T6203] netlink: 4652 bytes leftover after parsing attributes in process `syz.1.55'. [ 107.715715][ T6198] hub 8-0:1.0: USB hub found [ 107.730907][ T6198] hub 8-0:1.0: 1 port detected [ 108.209347][ T6214] vivid-007: ================= START STATUS ================= [ 108.226116][ T6214] vivid-007: Generate PTS: true [ 108.236249][ T6214] vivid-007: Generate SCR: true [ 108.243881][ T6214] tpg source WxH: 320x240 (Y'CbCr) [ 108.249169][ T6214] tpg field: 1 [ 108.252719][ T6214] tpg crop: (0,0)/320x240 [ 108.308591][ T6214] tpg compose: (0,0)/320x240 [ 108.313226][ T6214] tpg colorspace: 8 [ 108.339455][ T6214] tpg transfer function: 0/0 [ 108.344123][ T6214] tpg Y'CbCr encoding: 0/0 [ 108.425702][ T6214] tpg quantization: 0/0 [ 108.438268][ T6214] tpg RGB range: 0/2 [ 108.447460][ T6214] vivid-007: ================== END STATUS ================== [ 110.183130][ T30] audit: type=1800 audit(1764276113.477:3): pid=6261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.63" name="features" dev="configfs" ino=9563 res=0 errno=0 [ 110.296154][ T5843] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 110.328919][ T6265] netlink: 40 bytes leftover after parsing attributes in process `syz.2.64'. [ 110.747954][ T6269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.65'. [ 110.812560][ T6272] netlink: 4652 bytes leftover after parsing attributes in process `syz.2.65'. [ 110.905993][ T6271] hub 8-0:1.0: USB hub found [ 110.919038][ T6271] hub 8-0:1.0: 1 port detected [ 111.293514][ T30] audit: type=1800 audit(1764276114.587:4): pid=6283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.77" name="features" dev="configfs" ino=9769 res=0 errno=0 [ 112.191715][ T6288] vivid-007: ================= START STATUS ================= [ 112.205262][ T6288] vivid-007: Generate PTS: true [ 112.211231][ T6288] vivid-007: Generate SCR: true [ 112.216128][ T6288] tpg source WxH: 320x240 (Y'CbCr) [ 112.221389][ T6288] tpg field: 1 [ 112.224771][ T6288] tpg crop: (0,0)/320x240 [ 112.237762][ T6288] tpg compose: (0,0)/320x240 [ 112.247012][ T6288] tpg colorspace: 8 [ 112.277045][ T6288] tpg transfer function: 0/0 [ 112.293322][ T6288] tpg Y'CbCr encoding: 0/0 [ 112.298110][ T6288] tpg quantization: 0/0 [ 112.302293][ T6288] tpg RGB range: 0/2 [ 112.337348][ T5843] Bluetooth: hci0: command tx timeout [ 112.367201][ T6288] vivid-007: ================== END STATUS ================== [ 113.233070][ T6303] vivid-007: ================= START STATUS ================= [ 113.273669][ T6303] vivid-007: Generate PTS: true [ 113.303129][ T6303] vivid-007: Generate SCR: true [ 113.337531][ T6303] tpg source WxH: 320x240 (Y'CbCr) [ 113.342682][ T6303] tpg field: 1 [ 113.346382][ T6303] tpg crop: (0,0)/320x240 [ 113.351427][ T6303] tpg compose: (0,0)/320x240 [ 113.356832][ T6303] tpg colorspace: 8 [ 113.361073][ T6303] tpg transfer function: 0/0 [ 113.365871][ T6303] tpg Y'CbCr encoding: 0/0 [ 113.370807][ T6303] tpg quantization: 0/0 [ 113.375350][ T6303] tpg RGB range: 0/2 [ 113.380356][ T6303] vivid-007: ================== END STATUS ================== [ 114.783074][ T6323] netlink: 8 bytes leftover after parsing attributes in process `syz.0.76'. [ 114.878760][ T6326] netlink: 4652 bytes leftover after parsing attributes in process `syz.0.76'. [ 115.409094][ T6331] random: crng reseeded on system resumption [ 118.352012][ T6376] input: f¬ as /devices/virtual/input/input7 [ 120.848237][ T6427] hub 8-0:1.0: USB hub found [ 120.877717][ T6427] hub 8-0:1.0: 1 port detected [ 123.850181][ T6479] blktrace: Concurrent blktraces are not allowed on loop5 [ 125.752984][ T6505] blktrace: Concurrent blktraces are not allowed on loop5 [ 126.965714][ T6527] random: crng reseeded on system resumption [ 131.929545][ T6601] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 131.935838][ T6601] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 132.031810][ T6601] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 132.089946][ T6601] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 132.175036][ T6601] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 132.190640][ T6601] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 132.288401][ T6601] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 132.326213][ T6601] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 132.355706][ T6601] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 132.373110][ T6601] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 132.661913][ T6601] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 132.682278][ T6601] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 132.714645][ T6601] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 132.743245][ T6601] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 132.805383][ T6618] FAULT_INJECTION: forcing a failure. [ 132.805383][ T6618] name failslab, interval 1, probability 0, space 0, times 1 [ 132.895209][ T6618] CPU: 1 UID: 0 PID: 6618 Comm: syz.0.135 Not tainted syzkaller #0 PREEMPT(full) [ 132.895244][ T6618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 132.895268][ T6618] Call Trace: [ 132.895276][ T6618] [ 132.895286][ T6618] dump_stack_lvl+0x16c/0x1f0 [ 132.895325][ T6618] should_fail_ex+0x512/0x640 [ 132.895360][ T6618] ? __kmalloc_cache_noprof+0x5f/0x780 [ 132.895388][ T6618] should_failslab+0xc2/0x120 [ 132.895421][ T6618] __kmalloc_cache_noprof+0x72/0x780 [ 132.895446][ T6618] ? do_epoll_create+0x62/0x480 [ 132.895472][ T6618] ? __pfx_ksys_write+0x10/0x10 [ 132.895503][ T6618] ? do_epoll_create+0x62/0x480 [ 132.895527][ T6618] do_epoll_create+0x62/0x480 [ 132.895554][ T6618] __x64_sys_epoll_create+0x45/0x70 [ 132.895580][ T6618] do_syscall_64+0xcd/0xfa0 [ 132.895612][ T6618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.895637][ T6618] RIP: 0033:0x7f01dd18f7c9 [ 132.895661][ T6618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.895690][ T6618] RSP: 002b:00007f01de01d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 132.895714][ T6618] RAX: ffffffffffffffda RBX: 00007f01dd3e6090 RCX: 00007f01dd18f7c9 [ 132.895731][ T6618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 132.895746][ T6618] RBP: 00007f01de01d090 R08: 0000000000000000 R09: 0000000000000000 [ 132.895761][ T6618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 132.895775][ T6618] R13: 00007f01dd3e6128 R14: 00007f01dd3e6090 R15: 00007ffc39573f18 [ 132.895811][ T6618] [ 132.902894][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.065733][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.149376][ T6621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.136'. [ 133.289480][ T6626] FAULT_INJECTION: forcing a failure. [ 133.289480][ T6626] name failslab, interval 1, probability 0, space 0, times 0 [ 133.319103][ T6626] CPU: 1 UID: 0 PID: 6626 Comm: syz.1.138 Not tainted syzkaller #0 PREEMPT(full) [ 133.319138][ T6626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 133.319153][ T6626] Call Trace: [ 133.319161][ T6626] [ 133.319170][ T6626] dump_stack_lvl+0x16c/0x1f0 [ 133.319205][ T6626] should_fail_ex+0x512/0x640 [ 133.319241][ T6626] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 133.319272][ T6626] should_failslab+0xc2/0x120 [ 133.319305][ T6626] kmem_cache_alloc_noprof+0x75/0x6e0 [ 133.319331][ T6626] ? security_file_alloc+0x34/0x2b0 [ 133.319365][ T6626] ? security_file_alloc+0x34/0x2b0 [ 133.319390][ T6626] security_file_alloc+0x34/0x2b0 [ 133.319418][ T6626] init_file+0x93/0x4c0 [ 133.319452][ T6626] alloc_empty_file+0x73/0x1e0 [ 133.319487][ T6626] path_openat+0xda/0x2cb0 [ 133.319526][ T6626] ? __pfx_path_openat+0x10/0x10 [ 133.319556][ T6626] ? __lock_acquire+0xb8a/0x1c90 [ 133.319593][ T6626] do_filp_open+0x20b/0x470 [ 133.319640][ T6626] ? __pfx_do_filp_open+0x10/0x10 [ 133.319692][ T6626] ? alloc_fd+0x471/0x7d0 [ 133.319727][ T6626] do_sys_openat2+0x11b/0x1d0 [ 133.319764][ T6626] ? __pfx_do_sys_openat2+0x10/0x10 [ 133.319803][ T6626] ? __fget_files+0x20e/0x3c0 [ 133.319834][ T6626] __x64_sys_openat+0x174/0x210 [ 133.319870][ T6626] ? __pfx___x64_sys_openat+0x10/0x10 [ 133.319912][ T6626] ? ksys_write+0x1ac/0x250 [ 133.319951][ T6626] do_syscall_64+0xcd/0xfa0 [ 133.319984][ T6626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.320011][ T6626] RIP: 0033:0x7ffab658f7c9 [ 133.320031][ T6626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.320054][ T6626] RSP: 002b:00007ffab7347038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 133.320077][ T6626] RAX: ffffffffffffffda RBX: 00007ffab67e5fa0 RCX: 00007ffab658f7c9 [ 133.320098][ T6626] RDX: 00000000001e3800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 133.320114][ T6626] RBP: 00007ffab7347090 R08: 0000000000000000 R09: 0000000000000000 [ 133.320129][ T6626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.320144][ T6626] R13: 00007ffab67e6038 R14: 00007ffab67e5fa0 R15: 00007ffc0c864e48 [ 133.320179][ T6626] [ 133.937673][ T5843] Bluetooth: hci0: command 0x0c1a tx timeout [ 134.150894][ T6643] netlink: 8 bytes leftover after parsing attributes in process `syz.3.142'. [ 134.186965][ T5843] Bluetooth: hci1: command 0x0c1a tx timeout [ 134.239023][ T6644] netlink: 8 bytes leftover after parsing attributes in process `syz.3.142'. [ 134.427168][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout [ 134.747200][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 135.029627][ T6656] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 135.038114][ T6656] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 135.068363][ T6656] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 135.085613][ T6656] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 135.270164][ T6668] FAULT_INJECTION: forcing a failure. [ 135.270164][ T6668] name failslab, interval 1, probability 0, space 0, times 0 [ 135.270213][ T6668] CPU: 0 UID: 0 PID: 6668 Comm: syz.3.148 Not tainted syzkaller #0 PREEMPT(full) [ 135.270243][ T6668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 135.270257][ T6668] Call Trace: [ 135.270265][ T6668] [ 135.270275][ T6668] dump_stack_lvl+0x16c/0x1f0 [ 135.270309][ T6668] should_fail_ex+0x512/0x640 [ 135.270345][ T6668] ? fs_reclaim_acquire+0xae/0x150 [ 135.270381][ T6668] should_failslab+0xc2/0x120 [ 135.270414][ T6668] __kmalloc_noprof+0xdd/0x880 [ 135.270437][ T6668] ? kfree+0x252/0x6d0 [ 135.270457][ T6668] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 135.270493][ T6668] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 135.270522][ T6668] tomoyo_realpath_from_path+0xc2/0x6e0 [ 135.270560][ T6668] tomoyo_check_open_permission+0x2ab/0x3c0 [ 135.270586][ T6668] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 135.270647][ T6668] ? do_raw_spin_lock+0x12c/0x2b0 [ 135.270696][ T6668] tomoyo_file_open+0x6b/0x90 [ 135.270730][ T6668] security_file_open+0x84/0x1e0 [ 135.270758][ T6668] do_dentry_open+0x596/0x1530 [ 135.270807][ T6668] vfs_open+0x82/0x3f0 [ 135.270846][ T6668] path_openat+0x1de4/0x2cb0 [ 135.270887][ T6668] ? __pfx_path_openat+0x10/0x10 [ 135.270917][ T6668] ? __lock_acquire+0xb8a/0x1c90 [ 135.270951][ T6668] do_filp_open+0x20b/0x470 [ 135.270980][ T6668] ? __pfx_do_filp_open+0x10/0x10 [ 135.271034][ T6668] ? alloc_fd+0x471/0x7d0 [ 135.271070][ T6668] do_sys_openat2+0x11b/0x1d0 [ 135.271105][ T6668] ? __pfx_do_sys_openat2+0x10/0x10 [ 135.271144][ T6668] ? __fget_files+0x20e/0x3c0 [ 135.271176][ T6668] __x64_sys_openat+0x174/0x210 [ 135.271213][ T6668] ? __pfx___x64_sys_openat+0x10/0x10 [ 135.271247][ T6668] ? ksys_write+0x1ac/0x250 [ 135.271287][ T6668] do_syscall_64+0xcd/0xfa0 [ 135.271321][ T6668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.271347][ T6668] RIP: 0033:0x7f7239b8f7c9 [ 135.271366][ T6668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.271389][ T6668] RSP: 002b:00007f723a969038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 135.271413][ T6668] RAX: ffffffffffffffda RBX: 00007f7239de5fa0 RCX: 00007f7239b8f7c9 [ 135.271430][ T6668] RDX: 00000000001e3800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 135.271445][ T6668] RBP: 00007f723a969090 R08: 0000000000000000 R09: 0000000000000000 [ 135.271461][ T6668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.271475][ T6668] R13: 00007f7239de6038 R14: 00007f7239de5fa0 R15: 00007ffeba5e8a98 [ 135.271511][ T6668] [ 135.271521][ T6668] ERROR: Out of memory at tomoyo_realpath_from_path. [ 135.280368][ T6664] FAULT_INJECTION: forcing a failure. [ 135.280368][ T6664] name failslab, interval 1, probability 0, space 0, times 0 [ 135.280406][ T6664] CPU: 1 UID: 0 PID: 6664 Comm: syz.1.146 Not tainted syzkaller #0 PREEMPT(full) [ 135.280436][ T6664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 135.280451][ T6664] Call Trace: [ 135.280459][ T6664] [ 135.280468][ T6664] dump_stack_lvl+0x16c/0x1f0 [ 135.280502][ T6664] should_fail_ex+0x512/0x640 [ 135.280545][ T6664] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 135.280577][ T6664] should_failslab+0xc2/0x120 [ 135.280611][ T6664] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 135.280636][ T6664] ? __lock_acquire+0xb8a/0x1c90 [ 135.280670][ T6664] ? __d_alloc+0x32/0xae0 [ 135.280704][ T6664] ? __d_alloc+0x32/0xae0 [ 135.280729][ T6664] __d_alloc+0x32/0xae0 [ 135.280761][ T6664] d_alloc_pseudo+0x1c/0xc0 [ 135.280795][ T6664] alloc_file_pseudo+0xcf/0x230 [ 135.280832][ T6664] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 135.280868][ T6664] ? _raw_spin_unlock+0x28/0x50 [ 135.280894][ T6664] ? alloc_fd+0x471/0x7d0 [ 135.280922][ T6664] __anon_inode_getfile+0xe8/0x280 [ 135.280952][ T6664] ? __init_waitqueue_head+0xca/0x150 [ 135.280980][ T6664] do_epoll_create+0x329/0x480 [ 135.281008][ T6664] __x64_sys_epoll_create+0x45/0x70 [ 135.281035][ T6664] do_syscall_64+0xcd/0xfa0 [ 135.281067][ T6664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.281093][ T6664] RIP: 0033:0x7ffab658f7c9 [ 135.281113][ T6664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.281135][ T6664] RSP: 002b:00007ffab47f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 135.281158][ T6664] RAX: ffffffffffffffda RBX: 00007ffab67e6090 RCX: 00007ffab658f7c9 [ 135.281175][ T6664] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 135.281190][ T6664] RBP: 00007ffab47f6090 R08: 0000000000000000 R09: 0000000000000000 [ 135.281204][ T6664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.281219][ T6664] R13: 00007ffab67e6128 R14: 00007ffab67e6090 R15: 00007ffc0c864e48 [ 135.281255][ T6664] [ 135.581769][ T6677] syz.2.158 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 135.591537][ T6677] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 137.059110][ T5843] Bluetooth: hci1: command 0x0c1a tx timeout [ 137.059118][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 137.138035][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 137.138260][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 137.588488][ T6711] FAULT_INJECTION: forcing a failure. [ 137.588488][ T6711] name failslab, interval 1, probability 0, space 0, times 0 [ 137.680294][ T6711] CPU: 0 UID: 0 PID: 6711 Comm: syz.0.160 Not tainted syzkaller #0 PREEMPT(full) [ 137.680332][ T6711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 137.680348][ T6711] Call Trace: [ 137.680356][ T6711] [ 137.680367][ T6711] dump_stack_lvl+0x16c/0x1f0 [ 137.680404][ T6711] should_fail_ex+0x512/0x640 [ 137.680442][ T6711] ? __kmalloc_cache_noprof+0x5f/0x780 [ 137.680472][ T6711] should_failslab+0xc2/0x120 [ 137.680509][ T6711] __kmalloc_cache_noprof+0x72/0x780 [ 137.680536][ T6711] ? fuse_dev_alloc+0x48/0x280 [ 137.680569][ T6711] ? lockdep_init_map_type+0x5c/0x280 [ 137.680609][ T6711] ? fuse_dev_alloc+0x48/0x280 [ 137.680640][ T6711] fuse_dev_alloc+0x48/0x280 [ 137.680676][ T6711] fuse_dev_alloc_install+0x13/0x40 [ 137.680711][ T6711] cuse_channel_open+0x100/0x7f0 [ 137.680742][ T6711] ? __pfx_cuse_channel_open+0x10/0x10 [ 137.680775][ T6711] misc_open+0x26d/0x450 [ 137.680810][ T6711] ? __pfx_misc_open+0x10/0x10 [ 137.680848][ T6711] chrdev_open+0x234/0x6a0 [ 137.680885][ T6711] ? __pfx_apparmor_file_open+0x10/0x10 [ 137.680926][ T6711] ? __pfx_chrdev_open+0x10/0x10 [ 137.680961][ T6711] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 137.680998][ T6711] do_dentry_open+0x982/0x1530 [ 137.681030][ T6711] ? __pfx_chrdev_open+0x10/0x10 [ 137.681067][ T6711] vfs_open+0x82/0x3f0 [ 137.681105][ T6711] path_openat+0x1de4/0x2cb0 [ 137.681159][ T6711] ? __pfx_path_openat+0x10/0x10 [ 137.681191][ T6711] ? __lock_acquire+0xb8a/0x1c90 [ 137.681295][ T6711] do_filp_open+0x20b/0x470 [ 137.681326][ T6711] ? __pfx_do_filp_open+0x10/0x10 [ 137.681383][ T6711] ? alloc_fd+0x471/0x7d0 [ 137.681420][ T6711] do_sys_openat2+0x11b/0x1d0 [ 137.681457][ T6711] ? __pfx_do_sys_openat2+0x10/0x10 [ 137.681507][ T6711] __x64_sys_openat+0x174/0x210 [ 137.681545][ T6711] ? __pfx___x64_sys_openat+0x10/0x10 [ 137.681598][ T6711] do_syscall_64+0xcd/0xfa0 [ 137.681633][ T6711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.681659][ T6711] RIP: 0033:0x7f01dd18f7c9 [ 137.681682][ T6711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.681706][ T6711] RSP: 002b:00007f01ddffc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 137.681731][ T6711] RAX: ffffffffffffffda RBX: 00007f01dd3e6180 RCX: 00007f01dd18f7c9 [ 137.681748][ T6711] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 137.681774][ T6711] RBP: 00007f01dd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 137.681790][ T6711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.681805][ T6711] R13: 00007f01dd3e6218 R14: 00007f01dd3e6180 R15: 00007ffc39573f18 [ 137.681844][ T6711] [ 138.257155][ T6716] netlink: 4 bytes leftover after parsing attributes in process `syz.0.161'. [ 138.422591][ T6721] openvswitch: netlink: IP tunnel dst address not specified [ 139.139042][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 139.145121][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 139.219189][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 139.225322][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 139.959060][ T6749] svc: failed to register nfsdv3 RPC service (errno 111). [ 139.968913][ T6749] svc: failed to register nfsaclv3 RPC service (errno 111). [ 140.005303][ T6752] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 140.020220][ T6735] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 140.026528][ T6735] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 140.027512][ T6735] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 140.040545][ T6735] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 140.191457][ T6755] netlink: 28 bytes leftover after parsing attributes in process `syz.1.172'. [ 140.203175][ T6755] netlink: 28 bytes leftover after parsing attributes in process `syz.1.172'. [ 140.218807][ T6755] netlink: 342 bytes leftover after parsing attributes in process `syz.1.172'. [ 140.580387][ T6768] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 140.726655][ T6765] FAULT_INJECTION: forcing a failure. [ 140.726655][ T6765] name fail_futex, interval 1, probability 0, space 0, times 1 [ 140.741731][ T6765] CPU: 0 UID: 0 PID: 6765 Comm: syz.2.174 Not tainted syzkaller #0 PREEMPT(full) [ 140.741765][ T6765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 140.741779][ T6765] Call Trace: [ 140.741788][ T6765] [ 140.741797][ T6765] dump_stack_lvl+0x16c/0x1f0 [ 140.741832][ T6765] should_fail_ex+0x512/0x640 [ 140.741873][ T6765] get_futex_key+0x1d0/0x1560 [ 140.741909][ T6765] ? __pfx_get_futex_key+0x10/0x10 [ 140.741947][ T6765] ? __mutex_trylock_common+0xe9/0x250 [ 140.741992][ T6765] futex_wake+0xea/0x530 [ 140.742032][ T6765] ? __pfx_futex_wake+0x10/0x10 [ 140.742065][ T6765] ? __lock_acquire+0xb8a/0x1c90 [ 140.742112][ T6765] do_futex+0x1e3/0x350 [ 140.742145][ T6765] ? __pfx_do_futex+0x10/0x10 [ 140.742172][ T6765] ? __might_fault+0xe3/0x190 [ 140.742207][ T6765] mm_release+0x24e/0x300 [ 140.742234][ T6765] do_exit+0x68e/0x2bf0 [ 140.742272][ T6765] ? __pfx_do_exit+0x10/0x10 [ 140.742303][ T6765] ? do_raw_spin_lock+0x12c/0x2b0 [ 140.742338][ T6765] ? find_held_lock+0x2b/0x80 [ 140.742369][ T6765] do_group_exit+0xd3/0x2a0 [ 140.742404][ T6765] get_signal+0x2671/0x26d0 [ 140.742439][ T6765] ? do_vfs_ioctl+0x128/0x14f0 [ 140.742477][ T6765] ? __pfx_get_signal+0x10/0x10 [ 140.742501][ T6765] ? do_futex+0x122/0x350 [ 140.742530][ T6765] ? __pfx_do_futex+0x10/0x10 [ 140.742563][ T6765] arch_do_signal_or_restart+0x8f/0x790 [ 140.742600][ T6765] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 140.742638][ T6765] ? pipe_ioctl+0x7a/0x2b0 [ 140.742672][ T6765] exit_to_user_mode_loop+0x85/0x130 [ 140.742710][ T6765] do_syscall_64+0x426/0xfa0 [ 140.742743][ T6765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.742769][ T6765] RIP: 0033:0x7ff45b38f7c9 [ 140.742789][ T6765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.742812][ T6765] RSP: 002b:00007ff45c1bd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 140.742836][ T6765] RAX: fffffffffffffe00 RBX: 00007ff45b5e5fa8 RCX: 00007ff45b38f7c9 [ 140.742852][ T6765] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff45b5e5fa8 [ 140.742868][ T6765] RBP: 00007ff45b5e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 140.742883][ T6765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 140.742897][ T6765] R13: 00007ff45b5e6038 R14: 00007ffcd8b3c6e0 R15: 00007ffcd8b3c7c8 [ 140.742939][ T6765] [ 140.761584][ T6776] openvswitch: netlink: IP tunnel dst address not specified [ 141.300599][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 141.773603][ T6790] netlink: 346 bytes leftover after parsing attributes in process `syz.2.182'. [ 142.009607][ T6794] svc: failed to register nfsdv3 RPC service (errno 111). [ 142.100798][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 142.100835][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 142.100859][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 142.139922][ T6794] svc: failed to register nfsaclv3 RPC service (errno 111). [ 142.725158][ T6789] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 142.732495][ T6789] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 142.732814][ T6789] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 142.745198][ T6789] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 143.941791][ T5843] Bluetooth: hci0: command 0x0c1a tx timeout [ 144.748360][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout [ 144.751885][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 144.841974][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 145.610196][ T6841] sctp: [Deprecated]: syz.3.191 (pid 6841) Use of struct sctp_assoc_value in delayed_ack socket option. [ 145.610196][ T6841] Use struct sctp_sack_info instead [ 145.627207][ T6826] netlink: 28 bytes leftover after parsing attributes in process `syz.3.191'. [ 145.828058][ T6826] bond0: (slave bond_slave_0): Releasing backup interface [ 146.948347][ T6874] netlink: 8 bytes leftover after parsing attributes in process `syz.1.203'. [ 147.297600][ T6881] vivid-007: ================= START STATUS ================= [ 147.321410][ T6881] vivid-007: Generate PTS: true [ 147.327348][ T6881] vivid-007: Generate SCR: true [ 147.333145][ T6881] tpg source WxH: 320x240 (Y'CbCr) [ 147.341697][ T6881] tpg field: 1 [ 147.351869][ T6881] tpg crop: (0,0)/320x240 [ 147.391494][ T6881] tpg compose: (0,0)/320x240 [ 147.396357][ T6881] tpg colorspace: 8 [ 147.400270][ T6881] tpg transfer function: 0/0 [ 147.404961][ T6881] tpg Y'CbCr encoding: 0/0 [ 147.409376][ T6881] tpg quantization: 0/0 [ 147.424379][ T6881] tpg RGB range: 0/2 [ 147.434239][ T6881] vivid-007: ================== END STATUS ================== [ 148.340261][ T6887] random: crng reseeded on system resumption [ 151.376746][ T6919] vivid-007: ================= START STATUS ================= [ 151.394757][ T6919] vivid-007: Generate PTS: true [ 151.404875][ T6919] vivid-007: Generate SCR: true [ 151.415000][ T6919] tpg source WxH: 320x240 (Y'CbCr) [ 151.425186][ T6919] tpg field: 1 [ 151.437235][ T6919] tpg crop: (0,0)/320x240 [ 151.449540][ T6918] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 151.465197][ T6919] tpg compose: (0,0)/320x240 [ 151.481773][ T6919] tpg colorspace: 8 [ 151.490194][ T6919] tpg transfer function: 0/0 [ 151.496563][ T6918] smc: net device dummy0 erased user defined pnetid DUMMY0 [ 151.517257][ T6919] tpg Y'CbCr encoding: 0/0 [ 151.521724][ T6919] tpg quantization: 0/0 [ 151.576343][ T6919] tpg RGB range: 0/2 [ 151.606546][ T6919] vivid-007: ================== END STATUS ================== [ 152.615584][ T6926] syz.0.217 (6926) used greatest stack depth: 17496 bytes left [ 152.793271][ T6941] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 156.295135][ T7005] cifs: Unknown parameter 'gŠ€|ä­' [ 158.488182][ T7037] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 158.497718][ T7037] smc: net device dummy0 erased user defined pnetid DUMMY0 [ 158.573041][ T7038] netlink: 4 bytes leftover after parsing attributes in process `syz.3.247'. [ 158.591695][ T7038] netlink: 'syz.3.247': attribute type 1 has an invalid length. [ 158.609890][ T7038] netlink: 5 bytes leftover after parsing attributes in process `syz.3.247'. [ 158.952530][ T7046] cifs: Unknown parameter 'gŠ€|ä­' [ 162.243737][ T7086] vivid-003: ================= START STATUS ================= [ 162.255121][ T7088] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 162.259759][ T7086] vivid-003: FM Deviation: 75000 [ 162.271234][ T7086] vivid-003: ================== END STATUS ================== [ 162.398971][ T7083] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 162.438723][ T7083] smc: net device dummy0 erased user defined pnetid DUMMY0 [ 164.218552][ T7112] random: crng reseeded on system resumption [ 165.406197][ T7119] FAULT_INJECTION: forcing a failure. [ 165.406197][ T7119] name fail_futex, interval 1, probability 0, space 0, times 0 [ 165.438922][ T7119] CPU: 1 UID: 0 PID: 7119 Comm: syz.0.266 Not tainted syzkaller #0 PREEMPT(full) [ 165.438955][ T7119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 165.438964][ T7119] Call Trace: [ 165.438969][ T7119] [ 165.438976][ T7119] dump_stack_lvl+0x16c/0x1f0 [ 165.438998][ T7119] should_fail_ex+0x512/0x640 [ 165.439022][ T7119] get_futex_key+0x1d0/0x1560 [ 165.439043][ T7119] ? __pfx_get_futex_key+0x10/0x10 [ 165.439059][ T7119] ? find_held_lock+0x2b/0x80 [ 165.439080][ T7119] futex_wake+0xea/0x530 [ 165.439099][ T7119] ? futex_wait+0x120/0x380 [ 165.439111][ T7119] ? __pfx_futex_wait+0x10/0x10 [ 165.439123][ T7119] ? __pfx_futex_wake+0x10/0x10 [ 165.439145][ T7119] ? __might_fault+0xe3/0x190 [ 165.439158][ T7119] ? __might_fault+0x13b/0x190 [ 165.439174][ T7119] do_futex+0x1e3/0x350 [ 165.439192][ T7119] ? __pfx_do_futex+0x10/0x10 [ 165.439209][ T7119] ? map_id_range_up+0x2ce/0x3b0 [ 165.439226][ T7119] __x64_sys_futex+0x1e0/0x4c0 [ 165.439249][ T7119] ? __pfx___x64_sys_futex+0x10/0x10 [ 165.439266][ T7119] ? from_kuid_munged+0xaa/0x130 [ 165.439278][ T7119] ? __pfx_from_kuid_munged+0x10/0x10 [ 165.439296][ T7119] do_syscall_64+0xcd/0xfa0 [ 165.439314][ T7119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.439335][ T7119] RIP: 0033:0x7f01dd18f7c9 [ 165.439354][ T7119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.439378][ T7119] RSP: 002b:00007f01de03e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 165.439399][ T7119] RAX: ffffffffffffffda RBX: 00007f01dd3e5fa8 RCX: 00007f01dd18f7c9 [ 165.439415][ T7119] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f01dd3e5fac [ 165.439431][ T7119] RBP: 00007f01dd3e5fa0 R08: 00007f01de03f000 R09: 0000000000000000 [ 165.439448][ T7119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 165.439463][ T7119] R13: 00007f01dd3e6038 R14: 00007ffc39573e30 R15: 00007ffc39573f18 [ 165.439501][ T7119] [ 165.973125][ T7135] openvswitch: netlink: IP tunnel dst address not specified [ 165.987514][ T7133] vhci_hcd: default hub control req: a007 v0005 i0002 l5 [ 167.023636][ T7159] vivid-007: ================= START STATUS ================= [ 167.031321][ T7159] vivid-007: Generate PTS: true [ 167.110775][ T7159] vivid-007: Generate SCR: true [ 167.181851][ T7159] tpg source WxH: 320x240 (Y'CbCr) [ 167.187436][ T7159] tpg field: 1 [ 167.190839][ T7159] tpg crop: (0,0)/320x240 [ 167.202752][ T7159] tpg compose: (0,0)/320x240 [ 167.231693][ T7159] tpg colorspace: 8 [ 167.243527][ T7159] tpg transfer function: 0/0 [ 167.269040][ T7159] tpg Y'CbCr encoding: 0/0 [ 167.293193][ T7159] tpg quantization: 0/0 [ 167.341013][ T7159] tpg RGB range: 0/2 [ 167.378950][ T7159] vivid-007: ================== END STATUS ================== [ 168.435290][ T7170] FAULT_INJECTION: forcing a failure. [ 168.435290][ T7170] name fail_futex, interval 1, probability 0, space 0, times 0 [ 168.448274][ T7170] CPU: 0 UID: 0 PID: 7170 Comm: syz.1.282 Not tainted syzkaller #0 PREEMPT(full) [ 168.448305][ T7170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 168.448320][ T7170] Call Trace: [ 168.448329][ T7170] [ 168.448339][ T7170] dump_stack_lvl+0x16c/0x1f0 [ 168.448377][ T7170] should_fail_ex+0x512/0x640 [ 168.448419][ T7170] get_futex_key+0x1d0/0x1560 [ 168.448455][ T7170] ? __pfx_get_futex_key+0x10/0x10 [ 168.448500][ T7170] futex_wake+0xea/0x530 [ 168.448533][ T7170] ? futex_wait+0x120/0x380 [ 168.448556][ T7170] ? __pfx_futex_wait+0x10/0x10 [ 168.448579][ T7170] ? __pfx_futex_wake+0x10/0x10 [ 168.448656][ T7170] ? __might_fault+0xe3/0x190 [ 168.448682][ T7170] ? __might_fault+0x13b/0x190 [ 168.448715][ T7170] do_futex+0x1e3/0x350 [ 168.448751][ T7170] ? __pfx_do_futex+0x10/0x10 [ 168.448784][ T7170] ? map_id_range_up+0x2ce/0x3b0 [ 168.448817][ T7170] __x64_sys_futex+0x1e0/0x4c0 [ 168.448855][ T7170] ? __pfx___x64_sys_futex+0x10/0x10 [ 168.448884][ T7170] ? from_kuid_munged+0xaa/0x130 [ 168.448907][ T7170] ? __pfx_from_kuid_munged+0x10/0x10 [ 168.448943][ T7170] do_syscall_64+0xcd/0xfa0 [ 168.448976][ T7170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.449002][ T7170] RIP: 0033:0x7ffab658f7c9 [ 168.449023][ T7170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.449046][ T7170] RSP: 002b:00007ffab73470e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 168.449070][ T7170] RAX: ffffffffffffffda RBX: 00007ffab67e5fa8 RCX: 00007ffab658f7c9 [ 168.449088][ T7170] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffab67e5fac [ 168.449103][ T7170] RBP: 00007ffab67e5fa0 R08: 00007ffab7348000 R09: 0000000000000000 [ 168.449118][ T7170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.449133][ T7170] R13: 00007ffab67e6038 R14: 00007ffc0c864d60 R15: 00007ffc0c864e48 [ 168.449169][ T7170] [ 172.288075][ T7250] ACPI: Can not change Invalid GPE/Fixed Event status [ 173.683678][ T7287] FAULT_INJECTION: forcing a failure. [ 173.683678][ T7287] name failslab, interval 1, probability 0, space 0, times 0 [ 173.743055][ T7287] CPU: 0 UID: 0 PID: 7287 Comm: syz.1.310 Not tainted syzkaller #0 PREEMPT(full) [ 173.743099][ T7287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 173.743113][ T7287] Call Trace: [ 173.743121][ T7287] [ 173.743130][ T7287] dump_stack_lvl+0x16c/0x1f0 [ 173.743167][ T7287] should_fail_ex+0x512/0x640 [ 173.743206][ T7287] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 173.743236][ T7287] should_failslab+0xc2/0x120 [ 173.743268][ T7287] kmem_cache_alloc_noprof+0x75/0x6e0 [ 173.743295][ T7287] ? seq_open+0x55/0x170 [ 173.743336][ T7287] ? seq_open+0x55/0x170 [ 173.743368][ T7287] seq_open+0x55/0x170 [ 173.743399][ T7287] __seq_open_private+0x3e/0xd0 [ 173.743436][ T7287] seq_open_net+0x15c/0x2a0 [ 173.743472][ T7287] ? __pfx_seq_open_net+0x10/0x10 [ 173.743512][ T7287] proc_reg_open+0x2ab/0x5f0 [ 173.743546][ T7287] do_dentry_open+0x982/0x1530 [ 173.743575][ T7287] ? __pfx_proc_reg_open+0x10/0x10 [ 173.743613][ T7287] vfs_open+0x82/0x3f0 [ 173.743652][ T7287] path_openat+0x1de4/0x2cb0 [ 173.743687][ T7287] ? __pfx_path_openat+0x10/0x10 [ 173.743717][ T7287] ? __lock_acquire+0xb8a/0x1c90 [ 173.743752][ T7287] do_filp_open+0x20b/0x470 [ 173.743778][ T7287] ? __pfx_do_filp_open+0x10/0x10 [ 173.743815][ T7287] ? __pfx_kfree_link+0x10/0x10 [ 173.743853][ T7287] ? alloc_fd+0x471/0x7d0 [ 173.743883][ T7287] do_sys_openat2+0x11b/0x1d0 [ 173.743923][ T7287] ? __pfx_do_sys_openat2+0x10/0x10 [ 173.743961][ T7287] ? find_held_lock+0x2b/0x80 [ 173.743992][ T7287] __x64_sys_openat+0x174/0x210 [ 173.744026][ T7287] ? __pfx___x64_sys_openat+0x10/0x10 [ 173.744080][ T7287] do_syscall_64+0xcd/0xfa0 [ 173.744123][ T7287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.744138][ T7287] RIP: 0033:0x7ffab658f7c9 [ 173.744151][ T7287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.744164][ T7287] RSP: 002b:00007ffab7347038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 173.744178][ T7287] RAX: ffffffffffffffda RBX: 00007ffab67e5fa0 RCX: 00007ffab658f7c9 [ 173.744188][ T7287] RDX: 0000000000040900 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 173.744197][ T7287] RBP: 00007ffab6613f91 R08: 0000000000000000 R09: 0000000000000000 [ 173.744204][ T7287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.744212][ T7287] R13: 00007ffab67e6038 R14: 00007ffab67e5fa0 R15: 00007ffc0c864e48 [ 173.744230][ T7287] [ 174.220459][ T7298] netlink: 342 bytes leftover after parsing attributes in process `syz.2.314'. [ 174.301245][ T7304] ksmbd: Unknown IPC event: 14, ignore. [ 174.867322][ T7329] warning: `syz.1.321' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 177.513051][ T7387] capability: warning: `syz.2.340' uses 32-bit capabilities (legacy support in use) [ 177.611818][ T7376] Invalid ELF header magic: != ELF [ 177.728168][ T7384] zswap: compressor not available [ 178.821087][ T7420] netlink: 342 bytes leftover after parsing attributes in process `syz.0.343'. [ 179.969274][ T7441] syz.0.348 uses obsolete (PF_INET,SOCK_PACKET) [ 181.193270][ T7470] netlink: 9 bytes leftover after parsing attributes in process `syz.2.355'. [ 183.136703][ T7490] netlink: 28 bytes leftover after parsing attributes in process `syz.3.359'. [ 185.914397][ T7532] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 188.648168][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 188.648206][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 188.663440][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 188.663535][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 188.760510][ T7582] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 188.819133][ T7582] Unable to find swap-space signature [ 189.311630][ T7593] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 190.343543][ T7617] netlink: 4 bytes leftover after parsing attributes in process `syz.3.392'. [ 191.412161][ T7642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.396'. [ 191.422499][ T7642] netlink: 354 bytes leftover after parsing attributes in process `syz.3.396'. [ 192.379220][ T7660] nbd: socks must be embedded in a SOCK_ITEM attr [ 193.278457][ T7680] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 193.630994][ T7683] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 194.328439][ T7686] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 194.372773][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.380245][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.369706][ T7714] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 196.506300][ T7737] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 196.541709][ T7737] Unable to find swap-space signature [ 196.959192][ T7746] netlink: 40 bytes leftover after parsing attributes in process `syz.3.421'. [ 197.458188][ T7759] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 197.524787][ T7759] nvme_fcloop: unknown parameter or missing value '7' [ 199.436898][ T7800] FAULT_INJECTION: forcing a failure. [ 199.436898][ T7800] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 199.466323][ T7800] CPU: 0 UID: 0 PID: 7800 Comm: syz.0.430 Not tainted syzkaller #0 PREEMPT(full) [ 199.466362][ T7800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 199.466381][ T7800] Call Trace: [ 199.466390][ T7800] [ 199.466399][ T7800] dump_stack_lvl+0x16c/0x1f0 [ 199.466437][ T7800] should_fail_ex+0x512/0x640 [ 199.466482][ T7800] should_fail_alloc_page+0xe7/0x130 [ 199.466520][ T7800] prepare_alloc_pages+0x3c2/0x610 [ 199.466556][ T7800] ? rcu_is_watching+0x12/0xc0 [ 199.466587][ T7800] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 199.466619][ T7800] ? stack_trace_save+0x8e/0xc0 [ 199.466657][ T7800] ? __pfx_stack_trace_save+0x10/0x10 [ 199.466686][ T7800] ? is_bpf_text_address+0x94/0x1a0 [ 199.466722][ T7800] ? stack_depot_save_flags+0x29/0x9c0 [ 199.466758][ T7800] ? __kernel_text_address+0xd/0x40 [ 199.466786][ T7800] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 199.466814][ T7800] ? __lock_acquire+0x622/0x1c90 [ 199.466854][ T7800] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.466888][ T7800] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 199.466935][ T7800] ? policy_nodemask+0xea/0x4e0 [ 199.466974][ T7800] alloc_pages_mpol+0x1fb/0x550 [ 199.467010][ T7800] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 199.467055][ T7800] alloc_pages_noprof+0x131/0x390 [ 199.467092][ T7800] alloc_pages_exact_noprof+0x37/0xe0 [ 199.467127][ T7800] ? __asan_memset+0x23/0x50 [ 199.467154][ T7800] snd_pcm_attach_substream+0x4bb/0xd60 [ 199.467191][ T7800] snd_pcm_open_substream+0x8d/0x17f0 [ 199.467220][ T7800] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 199.467257][ T7800] snd_pcm_oss_open+0x735/0x1400 [ 199.467306][ T7800] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 199.467342][ T7800] ? __lock_acquire+0xb8a/0x1c90 [ 199.467376][ T7800] ? __pfx_default_wake_function+0x10/0x10 [ 199.467407][ T7800] ? __lock_acquire+0xb8a/0x1c90 [ 199.467447][ T7800] ? do_raw_spin_lock+0x12c/0x2b0 [ 199.467489][ T7800] ? soundcore_open+0x35a/0x580 [ 199.467521][ T7800] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 199.467554][ T7800] soundcore_open+0x40c/0x580 [ 199.467584][ T7800] ? __pfx_soundcore_open+0x10/0x10 [ 199.467615][ T7800] chrdev_open+0x234/0x6a0 [ 199.467644][ T7800] ? __pfx_apparmor_file_open+0x10/0x10 [ 199.467694][ T7800] ? __pfx_chrdev_open+0x10/0x10 [ 199.467728][ T7800] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 199.467765][ T7800] do_dentry_open+0x982/0x1530 [ 199.467796][ T7800] ? __pfx_chrdev_open+0x10/0x10 [ 199.467833][ T7800] vfs_open+0x82/0x3f0 [ 199.467872][ T7800] path_openat+0x1de4/0x2cb0 [ 199.467913][ T7800] ? __pfx_path_openat+0x10/0x10 [ 199.467943][ T7800] ? __lock_acquire+0xb8a/0x1c90 [ 199.467978][ T7800] do_filp_open+0x20b/0x470 [ 199.468007][ T7800] ? __pfx_do_filp_open+0x10/0x10 [ 199.468059][ T7800] ? alloc_fd+0x471/0x7d0 [ 199.468093][ T7800] do_sys_openat2+0x11b/0x1d0 [ 199.468129][ T7800] ? __pfx_do_sys_openat2+0x10/0x10 [ 199.468181][ T7800] __x64_sys_openat+0x174/0x210 [ 199.468215][ T7800] ? __pfx___x64_sys_openat+0x10/0x10 [ 199.468266][ T7800] do_syscall_64+0xcd/0xfa0 [ 199.468300][ T7800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.468325][ T7800] RIP: 0033:0x7f01dd18f7c9 [ 199.468356][ T7800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.468380][ T7800] RSP: 002b:00007f01de03e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 199.468408][ T7800] RAX: ffffffffffffffda RBX: 00007f01dd3e5fa0 RCX: 00007f01dd18f7c9 [ 199.468425][ T7800] RDX: 0000000000020342 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 199.468442][ T7800] RBP: 00007f01dd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 199.468457][ T7800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.468472][ T7800] R13: 00007f01dd3e6038 R14: 00007f01dd3e5fa0 R15: 00007ffc39573f18 [ 199.468508][ T7800] [ 203.186464][ T7865] netlink: 12 bytes leftover after parsing attributes in process `syz.2.448'. [ 204.872259][ T7910] netlink: 12 bytes leftover after parsing attributes in process `syz.2.459'. [ 205.679626][ T5835] Bluetooth: hci1: Malformed Event: 0x02 [ 205.691719][ T7928] FAULT_INJECTION: forcing a failure. [ 205.691719][ T7928] name failslab, interval 1, probability 0, space 0, times 0 [ 205.724749][ T7928] CPU: 1 UID: 0 PID: 7928 Comm: syz.3.464 Not tainted syzkaller #0 PREEMPT(full) [ 205.724787][ T7928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 205.724816][ T7928] Call Trace: [ 205.724824][ T7928] [ 205.724835][ T7928] dump_stack_lvl+0x16c/0x1f0 [ 205.724873][ T7928] should_fail_ex+0x512/0x640 [ 205.724911][ T7928] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 205.724943][ T7928] should_failslab+0xc2/0x120 [ 205.724978][ T7928] kmem_cache_alloc_noprof+0x75/0x6e0 [ 205.725005][ T7928] ? security_file_alloc+0x34/0x2b0 [ 205.725040][ T7928] ? security_file_alloc+0x34/0x2b0 [ 205.725065][ T7928] security_file_alloc+0x34/0x2b0 [ 205.725094][ T7928] init_file+0x93/0x4c0 [ 205.725129][ T7928] alloc_empty_file+0x73/0x1e0 [ 205.725167][ T7928] alloc_file_pseudo+0x13a/0x230 [ 205.725206][ T7928] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 205.725243][ T7928] ? tipc_sk_finish_conn+0x580/0x790 [ 205.725286][ T7928] sock_alloc_file+0x50/0x210 [ 205.725317][ T7928] __sys_socketpair+0x34e/0x5a0 [ 205.725355][ T7928] ? __pfx___sys_socketpair+0x10/0x10 [ 205.725389][ T7928] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 205.725425][ T7928] ? xfd_validate_state+0x61/0x180 [ 205.725460][ T7928] ? __pfx___do_sys_close_range+0x10/0x10 [ 205.725497][ T7928] __x64_sys_socketpair+0x96/0x100 [ 205.725532][ T7928] ? lockdep_hardirqs_on+0x7c/0x110 [ 205.725563][ T7928] do_syscall_64+0xcd/0xfa0 [ 205.725597][ T7928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.725625][ T7928] RIP: 0033:0x7f7239b8f7c9 [ 205.725646][ T7928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.725672][ T7928] RSP: 002b:00007f723a969038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 205.725697][ T7928] RAX: ffffffffffffffda RBX: 00007f7239de5fa0 RCX: 00007f7239b8f7c9 [ 205.725715][ T7928] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 205.725731][ T7928] RBP: 00007f7239c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 205.725747][ T7928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.725763][ T7928] R13: 00007f7239de6038 R14: 00007f7239de5fa0 R15: 00007ffeba5e8a98 [ 205.725807][ T7928] [ 205.950699][ C1] vkms_vblank_simulate: vblank timer overrun [ 206.020869][ T5835] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 206.340314][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 206.347254][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.528169][ T7948] ======================================================= [ 206.528169][ T7948] WARNING: The mand mount option has been deprecated and [ 206.528169][ T7948] and is ignored by this kernel. Remove the mand [ 206.528169][ T7948] option from the mount to silence this warning. [ 206.528169][ T7948] ======================================================= [ 206.563029][ C1] vkms_vblank_simulate: vblank timer overrun [ 206.577182][ T7926] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 206.957735][ T7957] netlink: 12 bytes leftover after parsing attributes in process `syz.2.470'. [ 207.425067][ T7966] netlink: 40 bytes leftover after parsing attributes in process `syz.2.472'. [ 207.440626][ T7953] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 207.462856][ T7966] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy$t£¾£±Â–ú„LÍ' already exists in 'ieee80211' [ 208.065423][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 208.456244][ T7978] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 211.056929][ T7999] zswap: compressor not available [ 211.548601][ T7978] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 215.288557][ T8069] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 217.190477][ T8069] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 218.788444][ T8109] random: crng reseeded on system resumption [ 220.235043][ T8148] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 220.246730][ T8148] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 220.253055][ T8148] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 220.259562][ T8148] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 220.265641][ T8148] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 222.087675][ T8195] zswap: compressor not available [ 222.095007][ T8197] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 222.322248][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 222.322284][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 222.334671][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 222.334674][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 222.866642][ T8223] FAULT_INJECTION: forcing a failure. [ 222.866642][ T8223] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 222.896857][ T8223] CPU: 0 UID: 0 PID: 8223 Comm: syz.2.528 Not tainted syzkaller #0 PREEMPT(full) [ 222.896890][ T8223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 222.896905][ T8223] Call Trace: [ 222.896913][ T8223] [ 222.896923][ T8223] dump_stack_lvl+0x16c/0x1f0 [ 222.896958][ T8223] should_fail_ex+0x512/0x640 [ 222.897000][ T8223] _copy_from_user+0x2e/0xd0 [ 222.897024][ T8223] get_timespec64+0x8b/0x1b0 [ 222.897055][ T8223] ? __pfx_get_timespec64+0x10/0x10 [ 222.897081][ T8223] ? ktime_get+0x200/0x310 [ 222.897119][ T8223] __x64_sys_futex+0x288/0x4c0 [ 222.897158][ T8223] ? __pfx___x64_sys_futex+0x10/0x10 [ 222.897191][ T8223] ? xfd_validate_state+0x61/0x180 [ 222.897244][ T8223] do_syscall_64+0xcd/0xfa0 [ 222.897277][ T8223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.897303][ T8223] RIP: 0033:0x7ff45b38f7c9 [ 222.897323][ T8223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.897345][ T8223] RSP: 002b:00007ffcd8b3c928 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 222.897367][ T8223] RAX: ffffffffffffffda RBX: 000000000003664b RCX: 00007ff45b38f7c9 [ 222.897382][ T8223] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff45b5e5fac [ 222.897397][ T8223] RBP: 0000000000000032 R08: 00007ff45c1be000 R09: 00000018d8b3cc1f [ 222.897412][ T8223] R10: 00007ffcd8b3ca20 R11: 0000000000000246 R12: 00007ff45b5e5fac [ 222.897427][ T8223] R13: 00007ffcd8b3ca20 R14: 000000000003667d R15: 00007ffcd8b3ca40 [ 222.897462][ T8223] [ 224.384376][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 227.253445][ T8291] FAULT_INJECTION: forcing a failure. [ 227.253445][ T8291] name failslab, interval 1, probability 393216, space 0, times 0 [ 227.300933][ T8291] CPU: 1 UID: 0 PID: 8291 Comm: syz.3.540 Not tainted syzkaller #0 PREEMPT(full) [ 227.300971][ T8291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 227.300988][ T8291] Call Trace: [ 227.300996][ T8291] [ 227.301007][ T8291] dump_stack_lvl+0x16c/0x1f0 [ 227.301054][ T8291] should_fail_ex+0x512/0x640 [ 227.301094][ T8291] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 227.301128][ T8291] should_failslab+0xc2/0x120 [ 227.301163][ T8291] kmem_cache_alloc_noprof+0x75/0x6e0 [ 227.301192][ T8291] ? alloc_empty_file+0x55/0x1e0 [ 227.301232][ T8291] ? alloc_empty_file+0x55/0x1e0 [ 227.301266][ T8291] ? _raw_spin_unlock+0x28/0x50 [ 227.301292][ T8291] alloc_empty_file+0x55/0x1e0 [ 227.301330][ T8291] alloc_file_pseudo+0x13a/0x230 [ 227.301368][ T8291] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 227.301409][ T8291] ? do_raw_spin_unlock+0x172/0x230 [ 227.301438][ T8291] __anon_inode_getfile+0xe8/0x280 [ 227.301475][ T8291] anon_inode_getfile_fmode+0x37/0xa0 [ 227.301510][ T8291] __do_sys_fanotify_init+0x9da/0xc80 [ 227.301556][ T8291] do_syscall_64+0xcd/0xfa0 [ 227.301590][ T8291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.301617][ T8291] RIP: 0033:0x7f7239b8f7c9 [ 227.301638][ T8291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.301662][ T8291] RSP: 002b:00007f7237df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 227.301687][ T8291] RAX: ffffffffffffffda RBX: 00007f7239de6180 RCX: 00007f7239b8f7c9 [ 227.301704][ T8291] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000c00 [ 227.301721][ T8291] RBP: 00007f7239c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 227.301737][ T8291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 227.301752][ T8291] R13: 00007f7239de6218 R14: 00007f7239de6180 R15: 00007ffeba5e8a98 [ 227.301787][ T8291] [ 229.765611][ T8352] FAULT_INJECTION: forcing a failure. [ 229.765611][ T8352] name failslab, interval 1, probability 393216, space 0, times 0 [ 230.084886][ T8352] CPU: 1 UID: 0 PID: 8352 Comm: syz.1.557 Not tainted syzkaller #0 PREEMPT(full) [ 230.084922][ T8352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 230.084941][ T8352] Call Trace: [ 230.084951][ T8352] [ 230.084962][ T8352] dump_stack_lvl+0x16c/0x1f0 [ 230.084987][ T8352] should_fail_ex+0x512/0x640 [ 230.085008][ T8352] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 230.085025][ T8352] should_failslab+0xc2/0x120 [ 230.085044][ T8352] kmem_cache_alloc_noprof+0x75/0x6e0 [ 230.085057][ T8352] ? rcu_is_watching+0x12/0xc0 [ 230.085071][ T8352] ? create_new_namespaces+0x30/0xa90 [ 230.085090][ T8352] ? create_new_namespaces+0x30/0xa90 [ 230.085103][ T8352] create_new_namespaces+0x30/0xa90 [ 230.085117][ T8352] ? bpf_lsm_capable+0x9/0x10 [ 230.085134][ T8352] ? security_capable+0x7e/0x260 [ 230.085155][ T8352] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 230.085172][ T8352] ksys_unshare+0x45b/0xa40 [ 230.085190][ T8352] ? __pfx_ksys_unshare+0x10/0x10 [ 230.085208][ T8352] ? xfd_validate_state+0x61/0x180 [ 230.085231][ T8352] __x64_sys_unshare+0x31/0x40 [ 230.085248][ T8352] do_syscall_64+0xcd/0xfa0 [ 230.085265][ T8352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.085279][ T8352] RIP: 0033:0x7ffab658f7c9 [ 230.085290][ T8352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.085303][ T8352] RSP: 002b:00007ffab47f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 230.085316][ T8352] RAX: ffffffffffffffda RBX: 00007ffab67e6090 RCX: 00007ffab658f7c9 [ 230.085325][ T8352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 230.085332][ T8352] RBP: 00007ffab6613f91 R08: 0000000000000000 R09: 0000000000000000 [ 230.085340][ T8352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.085348][ T8352] R13: 00007ffab67e6128 R14: 00007ffab67e6090 R15: 00007ffc0c864e48 [ 230.085366][ T8352] [ 237.024337][ T8515] random: crng reseeded on system resumption [ 237.136112][ T5835] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 237.136400][ T5835] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 244.610081][ T8647] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 245.001337][ T8651] netlink: 28 bytes leftover after parsing attributes in process `syz.1.622'. [ 246.346944][ T8676] zswap: compressor not available [ 248.418922][ T8726] block nbd1: Unsupported socket: should be TCP or UNIX. [ 252.131078][ T8820] FAULT_INJECTION: forcing a failure. [ 252.131078][ T8820] name fail_futex, interval 1, probability 0, space 0, times 0 [ 252.147651][ T8820] CPU: 0 UID: 0 PID: 8820 Comm: syz.0.658 Not tainted syzkaller #0 PREEMPT(full) [ 252.147686][ T8820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 252.147700][ T8820] Call Trace: [ 252.147708][ T8820] [ 252.147717][ T8820] dump_stack_lvl+0x16c/0x1f0 [ 252.147753][ T8820] should_fail_ex+0x512/0x640 [ 252.147794][ T8820] get_futex_key+0x1d0/0x1560 [ 252.147832][ T8820] ? __pfx_get_futex_key+0x10/0x10 [ 252.147861][ T8820] ? find_held_lock+0x2b/0x80 [ 252.147886][ T8820] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 252.147922][ T8820] futex_wake+0xea/0x530 [ 252.147953][ T8820] ? do_splice_direct+0x1b4/0x240 [ 252.147977][ T8820] ? __pfx_futex_wake+0x10/0x10 [ 252.148027][ T8820] do_futex+0x1e3/0x350 [ 252.148059][ T8820] ? __pfx_do_futex+0x10/0x10 [ 252.148085][ T8820] ? __pfx_do_sendfile+0x10/0x10 [ 252.148111][ T8820] __x64_sys_futex+0x1e0/0x4c0 [ 252.148141][ T8820] ? __pfx___x64_sys_futex+0x10/0x10 [ 252.148168][ T8820] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 252.148203][ T8820] do_syscall_64+0xcd/0xfa0 [ 252.148229][ T8820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.148249][ T8820] RIP: 0033:0x7f01dd18f7c9 [ 252.148266][ T8820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.148284][ T8820] RSP: 002b:00007f01de03e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 252.148304][ T8820] RAX: ffffffffffffffda RBX: 00007f01dd3e5fa8 RCX: 00007f01dd18f7c9 [ 252.148318][ T8820] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f01dd3e5fac [ 252.148330][ T8820] RBP: 00007f01dd3e5fa0 R08: 00007f01de03f000 R09: 0000000000000000 [ 252.148343][ T8820] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 252.148374][ T8820] R13: 00007f01dd3e6038 R14: 00007ffc39573e30 R15: 00007ffc39573f18 [ 252.148402][ T8820] [ 252.702676][ T30] audit: type=1107 audit(4294967407.699:5): pid=8831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 252.785981][ T30] audit: type=1107 audit(4294967407.739:6): pid=8831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 252.845699][ T30] audit: type=1107 audit(4294967407.749:7): pid=8831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 253.639432][ T8845] random: crng reseeded on system resumption [ 255.601938][ T8869] netlink: 28 bytes leftover after parsing attributes in process `syz.2.667'. [ 255.863922][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.873360][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.770097][ T30] audit: type=1804 audit(4294967414.756:8): pid=8916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.678" name="/newroot/sys/kernel/tracing/dynamic_events" dev="tracefs" ino=15 res=1 errno=0 [ 260.665189][ T8944] netlink: 28 bytes leftover after parsing attributes in process `syz.3.685'. [ 268.875784][ T9064] bond0: option all_slaves_active: invalid value () [ 273.904521][ T9117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 273.914420][ T9117] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 273.923479][ T9117] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 273.937152][ T9117] page_type: f5(slab) [ 273.943247][ T30] audit: type=1804 audit(4294967428.919:9): pid=9143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.724" name="/newroot/sys/kernel/tracing/dynamic_events" dev="tracefs" ino=15 res=1 errno=0 [ 273.966474][ T9117] raw: 00fff00000000040 ffff88813ffa7140 dead000000000100 dead000000000122 [ 273.975456][ T9117] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 274.017120][ T9117] head: 00fff00000000040 ffff88813ffa7140 dead000000000100 dead000000000122 [ 274.057149][ T9117] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 274.081481][ T9117] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 274.143690][ T9117] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 274.176656][ T9117] page dumped because: unmovable page [ 274.182260][ T9117] page_owner tracks the page as allocated [ 274.216551][ T9117] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5831, tgid 5831 (udevd), ts 192926335441, free_ts 187296556165 [ 274.239849][ T9117] post_alloc_hook+0x1af/0x220 [ 274.295028][ T9117] get_page_from_freelist+0x10a3/0x3a30 [ 274.301748][ T9117] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 274.323637][ T9117] alloc_pages_mpol+0x1fb/0x550 [ 274.333851][ T9117] new_slab+0x24a/0x360 [ 274.339598][ T9117] ___slab_alloc+0xd79/0x1a50 [ 274.344733][ T9117] __slab_alloc.constprop.0+0x63/0x110 [ 274.351471][ T9117] __kmalloc_noprof+0x501/0x880 [ 274.356382][ T9117] tomoyo_realpath_from_path+0xc2/0x6e0 [ 274.363829][ T9117] tomoyo_path_perm+0x274/0x460 [ 274.369043][ T9117] tomoyo_path_unlink+0x91/0xe0 [ 274.375232][ T9117] security_path_unlink+0x145/0x2b0 [ 274.380650][ T9117] do_unlinkat+0x463/0x6a0 [ 274.385210][ T9117] __x64_sys_unlink+0xc5/0x110 [ 274.390217][ T9117] do_syscall_64+0xcd/0xfa0 [ 274.394784][ T9117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.400873][ T9117] page last free pid 7543 tgid 7542 stack trace: [ 274.407301][ T9117] __free_frozen_pages+0x7df/0x1160 [ 274.412633][ T9117] __put_partials+0x130/0x170 [ 274.417563][ T9117] qlist_free_all+0x4d/0x120 [ 274.422248][ T9117] kasan_quarantine_reduce+0x195/0x1e0 [ 274.428068][ T9117] __kasan_slab_alloc+0x69/0x90 [ 274.433661][ T9117] kmem_cache_alloc_noprof+0x250/0x6e0 [ 274.442223][ T9117] getname_flags.part.0+0x4c/0x550 [ 274.447738][ T9117] getname_flags+0x93/0xf0 [ 274.452285][ T9117] do_sys_openat2+0xb8/0x1d0 [ 274.461725][ T9117] __x64_sys_openat+0x174/0x210 [ 274.468916][ T9117] do_syscall_64+0xcd/0xfa0 [ 274.473663][ T9117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.157922][ T9167] netlink: 'syz.2.734': attribute type 1 has an invalid length. [ 275.185254][ T9167] FAULT_INJECTION: forcing a failure. [ 275.185254][ T9167] name failslab, interval 1, probability 393216, space 0, times 0 [ 275.201312][ T9167] CPU: 1 UID: 60928 PID: 9167 Comm: syz.2.734 Not tainted syzkaller #0 PREEMPT(full) [ 275.201336][ T9167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 275.201345][ T9167] Call Trace: [ 275.201350][ T9167] [ 275.201357][ T9167] dump_stack_lvl+0x16c/0x1f0 [ 275.201379][ T9167] should_fail_ex+0x512/0x640 [ 275.201400][ T9167] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 275.201417][ T9167] should_failslab+0xc2/0x120 [ 275.201437][ T9167] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 275.201452][ T9167] ? alloc_inode+0xc3/0x240 [ 275.201473][ T9167] ? alloc_inode+0xc3/0x240 [ 275.201489][ T9167] ? do_raw_spin_unlock+0x172/0x230 [ 275.201501][ T9167] alloc_inode+0xc3/0x240 [ 275.201521][ T9167] alloc_anon_inode+0x28/0x3e0 [ 275.201535][ T9167] ? alloc_fd+0x471/0x7d0 [ 275.201548][ T9167] anon_inode_make_secure_inode+0x31/0x140 [ 275.201567][ T9167] secretmem_file_create.constprop.0+0x43/0x290 [ 275.201585][ T9167] __x64_sys_memfd_secret+0xc1/0x150 [ 275.201601][ T9167] do_syscall_64+0xcd/0xfa0 [ 275.201618][ T9167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.201632][ T9167] RIP: 0033:0x7ff45b38f7c9 [ 275.201643][ T9167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 275.201656][ T9167] RSP: 002b:00007ff45c1bd038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 275.201669][ T9167] RAX: ffffffffffffffda RBX: 00007ff45b5e5fa0 RCX: 00007ff45b38f7c9 [ 275.201678][ T9167] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 275.201685][ T9167] RBP: 00007ff45b413f91 R08: 0000000000000000 R09: 0000000000000000 [ 275.201693][ T9167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.201701][ T9167] R13: 00007ff45b5e6038 R14: 00007ff45b5e5fa0 R15: 00007ffcd8b3c7c8 [ 275.201719][ T9167] [ 276.045654][ T9183] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 276.790118][ T9196] netlink: 'syz.2.741': attribute type 22 has an invalid length. [ 280.180910][ T9278] bridge0: port 4(batadv0) entered blocking state [ 280.192001][ T9278] bridge0: port 4(batadv0) entered disabled state [ 280.224772][ T9278] batadv0: entered allmulticast mode [ 280.255355][ T9278] batadv0: entered promiscuous mode [ 280.294213][ T9278] bridge0: port 4(batadv0) entered blocking state [ 280.300894][ T9278] bridge0: port 4(batadv0) entered forwarding state [ 280.309158][ T3491] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 280.318620][ T3491] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 284.009899][ T5835] Bluetooth: hci3: unexpected event 0x31 length: 19 > 6 [ 284.114535][ T9341] FAULT_INJECTION: forcing a failure. [ 284.114535][ T9341] name failslab, interval 1, probability 393216, space 0, times 0 [ 284.542138][ T9341] CPU: 0 UID: 0 PID: 9341 Comm: syz.3.772 Not tainted syzkaller #0 PREEMPT(full) [ 284.542160][ T9341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 284.542169][ T9341] Call Trace: [ 284.542174][ T9341] [ 284.542179][ T9341] dump_stack_lvl+0x16c/0x1f0 [ 284.542201][ T9341] should_fail_ex+0x512/0x640 [ 284.542222][ T9341] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 284.542240][ T9341] should_failslab+0xc2/0x120 [ 284.542258][ T9341] kmem_cache_alloc_noprof+0x75/0x6e0 [ 284.542272][ T9341] ? __kernfs_new_node+0xd2/0x8e0 [ 284.542295][ T9341] ? __kernfs_new_node+0xd2/0x8e0 [ 284.542311][ T9341] __kernfs_new_node+0xd2/0x8e0 [ 284.542330][ T9341] ? __pfx___kernfs_new_node+0x10/0x10 [ 284.542352][ T9341] ? find_held_lock+0x2b/0x80 [ 284.542375][ T9341] ? kernfs_root+0xee/0x2a0 [ 284.542396][ T9341] kernfs_new_node+0x13c/0x1e0 [ 284.542420][ T9341] __kernfs_create_file+0x53/0x350 [ 284.542438][ T9341] sysfs_add_file_mode_ns+0x207/0x3c0 [ 284.542459][ T9341] internal_create_group+0x578/0xf30 [ 284.542482][ T9341] ? __pfx_internal_create_group+0x10/0x10 [ 284.542502][ T9341] ? kernfs_create_link+0x1bd/0x240 [ 284.542522][ T9341] internal_create_groups+0x9d/0x150 [ 284.542541][ T9341] device_add+0x6d1/0x1aa0 [ 284.542557][ T9341] ? __pfx_device_add+0x10/0x10 [ 284.542569][ T9341] ? lockdep_init_map_type+0x5c/0x280 [ 284.542587][ T9341] ? __init_waitqueue_head+0xca/0x150 [ 284.542604][ T9341] netdev_register_kobject+0x1a9/0x3d0 [ 284.542627][ T9341] register_netdevice+0x13dc/0x2270 [ 284.542647][ T9341] ? __pfx_register_netdevice+0x10/0x10 [ 284.542666][ T9341] ? __pfx_loopback_net_init+0x10/0x10 [ 284.542682][ T9341] register_netdev+0x34/0x50 [ 284.542697][ T9341] loopback_net_init+0x7a/0x170 [ 284.542712][ T9341] ? __pfx_loopback_net_init+0x10/0x10 [ 284.542726][ T9341] ops_init+0x1e2/0x5f0 [ 284.542743][ T9341] setup_net+0x100/0x390 [ 284.542759][ T9341] ? __pfx_setup_net+0x10/0x10 [ 284.542774][ T9341] ? debug_mutex_init+0x37/0x70 [ 284.542790][ T9341] copy_net_ns+0x2f8/0x690 [ 284.542807][ T9341] create_new_namespaces+0x3ea/0xa90 [ 284.542827][ T9341] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 284.542844][ T9341] ksys_unshare+0x45b/0xa40 [ 284.542862][ T9341] ? __pfx_ksys_unshare+0x10/0x10 [ 284.542881][ T9341] ? xfd_validate_state+0x61/0x180 [ 284.542904][ T9341] __x64_sys_unshare+0x31/0x40 [ 284.542921][ T9341] do_syscall_64+0xcd/0xfa0 [ 284.542939][ T9341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.542953][ T9341] RIP: 0033:0x7f7239b8f7c9 [ 284.542965][ T9341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.542979][ T9341] RSP: 002b:00007f723a969038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 284.542993][ T9341] RAX: ffffffffffffffda RBX: 00007f7239de5fa0 RCX: 00007f7239b8f7c9 [ 284.543002][ T9341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 284.543010][ T9341] RBP: 00007f7239c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 284.543017][ T9341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.543025][ T9341] R13: 00007f7239de6038 R14: 00007f7239de5fa0 R15: 00007ffeba5e8a98 [ 284.543044][ T9341] [ 286.962786][ T9378] netlink: 'syz.0.781': attribute type 33 has an invalid length. [ 288.564613][ T9392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 288.583153][ T9392] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 288.601654][ T9392] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 288.613899][ T9392] page_type: f5(slab) [ 288.618486][ T9392] raw: 00fff00000000040 ffff88813ffa7140 dead000000000100 dead000000000122 [ 288.656984][ T9392] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 288.713965][ T9392] head: 00fff00000000040 ffff88813ffa7140 dead000000000100 dead000000000122 [ 288.762996][ T9392] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 288.824363][ T9392] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 288.876518][ T9392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 289.044494][ T9392] page dumped because: unmovable page [ 289.050033][ T9392] page_owner tracks the page as allocated [ 289.232354][ T9392] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5831, tgid 5831 (udevd), ts 192926335441, free_ts 187296556165 [ 289.334189][ T9392] post_alloc_hook+0x1af/0x220 [ 289.339029][ T9392] get_page_from_freelist+0x10a3/0x3a30 [ 289.389206][ T9392] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 289.413361][ T9392] alloc_pages_mpol+0x1fb/0x550 [ 289.437338][ T9435] program syz.3.792 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 289.446717][ T9392] new_slab+0x24a/0x360 [ 289.450967][ T9392] ___slab_alloc+0xd79/0x1a50 [ 289.455894][ T9392] __slab_alloc.constprop.0+0x63/0x110 [ 289.472279][ T9392] __kmalloc_noprof+0x501/0x880 [ 289.486569][ T9392] tomoyo_realpath_from_path+0xc2/0x6e0 [ 289.492203][ T9392] tomoyo_path_perm+0x274/0x460 [ 289.523307][ T9392] tomoyo_path_unlink+0x91/0xe0 [ 289.534419][ T9392] security_path_unlink+0x145/0x2b0 [ 289.539695][ T9392] do_unlinkat+0x463/0x6a0 [ 289.552163][ T9392] __x64_sys_unlink+0xc5/0x110 [ 289.557491][ T9392] do_syscall_64+0xcd/0xfa0 [ 289.562155][ T9392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.569199][ T9392] page last free pid 7543 tgid 7542 stack trace: [ 289.576290][ T9392] __free_frozen_pages+0x7df/0x1160 [ 289.583749][ T9392] __put_partials+0x130/0x170 [ 289.596276][ T9392] qlist_free_all+0x4d/0x120 [ 289.600942][ T9392] kasan_quarantine_reduce+0x195/0x1e0 [ 289.615913][ T9392] __kasan_slab_alloc+0x69/0x90 [ 289.620932][ T9392] kmem_cache_alloc_noprof+0x250/0x6e0 [ 289.627018][ T9392] getname_flags.part.0+0x4c/0x550 [ 289.634495][ T9392] getname_flags+0x93/0xf0 [ 289.639298][ T9392] do_sys_openat2+0xb8/0x1d0 [ 289.643937][ T9392] __x64_sys_openat+0x174/0x210 [ 289.649966][ T9392] do_syscall_64+0xcd/0xfa0 [ 289.655041][ T9392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.067531][ T9567] queue_state_write: operation too long [ 297.074210][ T9567] queue_state_write: use 'run', 'start' or 'kick' [ 300.170164][ T5835] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 302.150635][ T5835] Bluetooth: hci1: unexpected event 0x31 length: 19 > 6 [ 302.633441][ T9674] netlink: 326 bytes leftover after parsing attributes in process `syz.3.842'. [ 302.693444][ T9674] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.701732][ T9674] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.320212][ T9698] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 306.266034][ T9733] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 308.050449][ T9767] program syz.1.859 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 308.194618][ T9771] bond0: option all_slaves_active: invalid value () [ 309.923166][ T9791] netlink: 326 bytes leftover after parsing attributes in process `syz.0.864'. [ 309.965052][ T9791] bridge0: port 4(batadv0) entered disabled state [ 309.971703][ T9791] bridge0: port 3(team0) entered disabled state [ 309.978518][ T9791] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.986187][ T9791] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.313062][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.319548][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.129916][ T9982] netlink: 64 bytes leftover after parsing attributes in process `syz.1.906'. [ 324.749069][T10036] FAULT_INJECTION: forcing a failure. [ 324.749069][T10036] name failslab, interval 1, probability 393216, space 0, times 0 [ 324.762745][T10036] CPU: 1 UID: 0 PID: 10036 Comm: syz.0.921 Not tainted syzkaller #0 PREEMPT(full) [ 324.762777][T10036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 324.762803][T10036] Call Trace: [ 324.762812][T10036] [ 324.762822][T10036] dump_stack_lvl+0x16c/0x1f0 [ 324.762858][T10036] should_fail_ex+0x512/0x640 [ 324.762890][T10036] ? __kmalloc_cache_noprof+0x5f/0x780 [ 324.762918][T10036] should_failslab+0xc2/0x120 [ 324.762952][T10036] __kmalloc_cache_noprof+0x72/0x780 [ 324.762976][T10036] ? do_raw_spin_unlock+0x172/0x230 [ 324.762999][T10036] ? snd_rawmidi_open+0x3c3/0xbf0 [ 324.763042][T10036] ? snd_rawmidi_open+0x3c3/0xbf0 [ 324.763080][T10036] snd_rawmidi_open+0x3c3/0xbf0 [ 324.763126][T10036] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 324.763167][T10036] ? kobject_get_unless_zero+0x156/0x1e0 [ 324.763200][T10036] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 324.763236][T10036] snd_open+0x22d/0x4c0 [ 324.763266][T10036] ? __pfx_snd_open+0x10/0x10 [ 324.763294][T10036] chrdev_open+0x234/0x6a0 [ 324.763323][T10036] ? __pfx_apparmor_file_open+0x10/0x10 [ 324.763359][T10036] ? __pfx_chrdev_open+0x10/0x10 [ 324.763391][T10036] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 324.763427][T10036] do_dentry_open+0x982/0x1530 [ 324.763455][T10036] ? __pfx_chrdev_open+0x10/0x10 [ 324.763490][T10036] vfs_open+0x82/0x3f0 [ 324.763526][T10036] path_openat+0x1de4/0x2cb0 [ 324.763577][T10036] ? __pfx_path_openat+0x10/0x10 [ 324.763609][T10036] ? __lock_acquire+0xb8a/0x1c90 [ 324.763648][T10036] do_filp_open+0x20b/0x470 [ 324.763677][T10036] ? __pfx_do_filp_open+0x10/0x10 [ 324.763725][T10036] ? alloc_fd+0x471/0x7d0 [ 324.763755][T10036] do_sys_openat2+0x11b/0x1d0 [ 324.763784][T10036] ? __pfx_do_sys_openat2+0x10/0x10 [ 324.763829][T10036] __x64_sys_openat+0x174/0x210 [ 324.763860][T10036] ? __pfx___x64_sys_openat+0x10/0x10 [ 324.763905][T10036] do_syscall_64+0xcd/0xfa0 [ 324.763935][T10036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.763961][T10036] RIP: 0033:0x7f01dd18f7c9 [ 324.763982][T10036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.764006][T10036] RSP: 002b:00007f01de03e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 324.764031][T10036] RAX: ffffffffffffffda RBX: 00007f01dd3e5fa0 RCX: 00007f01dd18f7c9 [ 324.764048][T10036] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 324.764064][T10036] RBP: 00007f01dd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 324.764080][T10036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.764094][T10036] R13: 00007f01dd3e6038 R14: 00007f01dd3e5fa0 R15: 00007ffc39573f18 [ 324.764131][T10036] [ 327.281686][T10108] vivid-003: ================= START STATUS ================= [ 327.290472][T10108] vivid-003: Radio HW Seek Mode: Bounded [ 327.297774][T10108] vivid-003: Radio Programmable HW Seek: false [ 327.305631][T10108] vivid-003: RDS Rx I/O Mode: Block I/O [ 327.311218][T10108] vivid-003: Generate RBDS Instead of RDS: false [ 327.318424][T10108] vivid-003: RDS Reception: true [ 327.323457][T10108] vivid-003: RDS Program Type: 0 inactive [ 327.330252][T10108] vivid-003: RDS PS Name: inactive [ 327.336387][T10108] vivid-003: RDS Radio Text: inactive [ 327.352596][T10108] vivid-003: RDS Traffic Announcement: false inactive [ 327.360194][T10108] vivid-003: RDS Traffic Program: false inactive [ 327.368210][T10108] vivid-003: RDS Music: false inactive [ 327.439848][T10108] vivid-003: ================== END STATUS ================== [ 329.262055][T10138] FAULT_INJECTION: forcing a failure. [ 329.262055][T10138] name failslab, interval 1, probability 393216, space 0, times 0 [ 329.395982][T10138] CPU: 1 UID: 0 PID: 10138 Comm: syz.3.944 Not tainted syzkaller #0 PREEMPT(full) [ 329.396018][T10138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 329.396032][T10138] Call Trace: [ 329.396040][T10138] [ 329.396049][T10138] dump_stack_lvl+0x16c/0x1f0 [ 329.396085][T10138] should_fail_ex+0x512/0x640 [ 329.396121][T10138] ? __kmalloc_cache_noprof+0x5f/0x780 [ 329.396149][T10138] should_failslab+0xc2/0x120 [ 329.396191][T10138] __kmalloc_cache_noprof+0x72/0x780 [ 329.396216][T10138] ? find_held_lock+0x2b/0x80 [ 329.396239][T10138] ? snd_seq_port_connect+0x61/0x580 [ 329.396276][T10138] ? snd_seq_port_connect+0x61/0x580 [ 329.396304][T10138] snd_seq_port_connect+0x61/0x580 [ 329.396332][T10138] ? _raw_read_unlock+0x28/0x50 [ 329.396360][T10138] ? check_subscription_permission.isra.0+0xf5/0x240 [ 329.396394][T10138] snd_seq_ioctl_subscribe_port+0x209/0x4b0 [ 329.396428][T10138] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 329.396473][T10138] call_seq_client_ctl+0x9f/0x110 [ 329.396503][T10138] snd_seq_kernel_client_ctl+0x77/0xd0 [ 329.396534][T10138] snd_seq_oss_midi_open+0x507/0x720 [ 329.396573][T10138] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 329.396632][T10138] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 329.396678][T10138] snd_seq_oss_open+0x893/0xa20 [ 329.396716][T10138] odev_open+0x79/0xc0 [ 329.396743][T10138] ? __pfx_odev_open+0x10/0x10 [ 329.396770][T10138] soundcore_open+0x40c/0x580 [ 329.396803][T10138] ? __pfx_soundcore_open+0x10/0x10 [ 329.396832][T10138] chrdev_open+0x234/0x6a0 [ 329.396861][T10138] ? __pfx_apparmor_file_open+0x10/0x10 [ 329.396901][T10138] ? __pfx_chrdev_open+0x10/0x10 [ 329.396932][T10138] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 329.396968][T10138] do_dentry_open+0x982/0x1530 [ 329.396998][T10138] ? __pfx_chrdev_open+0x10/0x10 [ 329.397035][T10138] vfs_open+0x82/0x3f0 [ 329.397073][T10138] path_openat+0x1de4/0x2cb0 [ 329.397113][T10138] ? __pfx_path_openat+0x10/0x10 [ 329.397143][T10138] ? __lock_acquire+0xb8a/0x1c90 [ 329.397187][T10138] do_filp_open+0x20b/0x470 [ 329.397215][T10138] ? __pfx_do_filp_open+0x10/0x10 [ 329.397269][T10138] ? alloc_fd+0x471/0x7d0 [ 329.397305][T10138] do_sys_openat2+0x11b/0x1d0 [ 329.397341][T10138] ? __pfx_do_sys_openat2+0x10/0x10 [ 329.397378][T10138] ? __pfx___might_resched+0x10/0x10 [ 329.397412][T10138] __x64_sys_openat+0x174/0x210 [ 329.397448][T10138] ? __pfx___x64_sys_openat+0x10/0x10 [ 329.397511][T10138] do_syscall_64+0xcd/0xfa0 [ 329.397543][T10138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.397569][T10138] RIP: 0033:0x7f7239b8f7c9 [ 329.397589][T10138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.397612][T10138] RSP: 002b:00007f723a947038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 329.397635][T10138] RAX: ffffffffffffffda RBX: 00007f7239de6090 RCX: 00007f7239b8f7c9 [ 329.397651][T10138] RDX: 0000000000020100 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 329.397667][T10138] RBP: 00007f7239c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 329.397682][T10138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.397695][T10138] R13: 00007f7239de6128 R14: 00007f7239de6090 R15: 00007ffeba5e8a98 [ 329.397731][T10138] [ 331.135316][T10165] futex_wake_op: syz.3.949 tries to shift op by -2048; fix this program [ 331.243187][T10165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.949'. [ 338.282254][T10281] netlink: 25 bytes leftover after parsing attributes in process `syz.2.970'. [ 343.728749][T10373] netlink: 4 bytes leftover after parsing attributes in process `syz.0.999'. [ 343.757974][T10373] netlink: 25 bytes leftover after parsing attributes in process `syz.0.999'. [ 347.786278][T10461] random: crng reseeded on system resumption [ 349.131327][ T5835] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 352.898257][T10523] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1021'. [ 357.959018][T10630] FAULT_INJECTION: forcing a failure. [ 357.959018][T10630] name failslab, interval 1, probability 393216, space 0, times 0 [ 358.041485][T10630] CPU: 0 UID: 0 PID: 10630 Comm: syz.0.1044 Not tainted syzkaller #0 PREEMPT(full) [ 358.041521][T10630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 358.041535][T10630] Call Trace: [ 358.041545][T10630] [ 358.041556][T10630] dump_stack_lvl+0x16c/0x1f0 [ 358.041595][T10630] should_fail_ex+0x512/0x640 [ 358.041643][T10630] ? __kmalloc_noprof+0xca/0x880 [ 358.041672][T10630] should_failslab+0xc2/0x120 [ 358.041705][T10630] __kmalloc_noprof+0xdd/0x880 [ 358.041725][T10630] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 358.041756][T10630] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 358.041780][T10630] usb_hcd_submit_urb+0x5cf/0x1c60 [ 358.041813][T10630] usb_submit_urb+0x89f/0x1990 [ 358.041846][T10630] ? __init_swait_queue_head+0xca/0x150 [ 358.041882][T10630] usb_start_wait_urb+0x104/0x4b0 [ 358.041913][T10630] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 358.041951][T10630] ? __asan_memset+0x23/0x50 [ 358.041978][T10630] usb_control_msg+0x326/0x4a0 [ 358.042008][T10630] ? __pfx_usb_control_msg+0x10/0x10 [ 358.042047][T10630] hub_ext_port_status+0x14e/0x670 [ 358.042087][T10630] hub_activate+0x6e5/0x1d60 [ 358.042124][T10630] ? __pfx_hub_activate+0x10/0x10 [ 358.042151][T10630] ? find_held_lock+0x2b/0x80 [ 358.042173][T10630] ? do_proc_control+0xcc0/0x10a0 [ 358.042208][T10630] hub_resume+0xa8/0x3f0 [ 358.042236][T10630] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 358.042266][T10630] ? __pfx_hub_resume+0x10/0x10 [ 358.042369][T10630] ? __pfx_hcd_bus_resume+0x10/0x10 [ 358.042404][T10630] usb_resume_interface.constprop.0.isra.0+0x2c5/0x3e0 [ 358.042436][T10630] usb_resume_both+0x237/0x960 [ 358.042461][T10630] ? __pfx_usb_resume_both+0x10/0x10 [ 358.042486][T10630] ? __pfx_usb_runtime_resume+0x10/0x10 [ 358.042519][T10630] ? __pfx_usb_runtime_resume+0x10/0x10 [ 358.042546][T10630] __rpm_callback+0xc8/0x610 [ 358.042587][T10630] ? __pfx_usb_runtime_resume+0x10/0x10 [ 358.042615][T10630] rpm_callback+0x1b7/0x200 [ 358.042644][T10630] ? __pfx_usb_runtime_resume+0x10/0x10 [ 358.042671][T10630] rpm_resume+0xd16/0x1320 [ 358.042719][T10630] ? __pfx_rpm_resume+0x10/0x10 [ 358.042747][T10630] ? do_raw_spin_lock+0x12c/0x2b0 [ 358.042782][T10630] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 358.042824][T10630] __pm_runtime_resume+0xb6/0x170 [ 358.042854][T10630] usb_autoresume_device+0x23/0xe0 [ 358.042881][T10630] usbdev_open+0x228/0x8b0 [ 358.042907][T10630] ? kobject_get_unless_zero+0x156/0x1e0 [ 358.042936][T10630] ? __pfx_usbdev_open+0x10/0x10 [ 358.042961][T10630] ? chrdev_open+0x10b/0x6a0 [ 358.042991][T10630] ? __pfx_usbdev_open+0x10/0x10 [ 358.043017][T10630] chrdev_open+0x234/0x6a0 [ 358.043041][T10630] ? __pfx_apparmor_file_open+0x10/0x10 [ 358.043072][T10630] ? __pfx_chrdev_open+0x10/0x10 [ 358.043100][T10630] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 358.043131][T10630] do_dentry_open+0x982/0x1530 [ 358.043158][T10630] ? __pfx_chrdev_open+0x10/0x10 [ 358.043189][T10630] vfs_open+0x82/0x3f0 [ 358.043222][T10630] path_openat+0x1de4/0x2cb0 [ 358.043257][T10630] ? __pfx_path_openat+0x10/0x10 [ 358.043284][T10630] ? __lock_acquire+0xb8a/0x1c90 [ 358.043316][T10630] do_filp_open+0x20b/0x470 [ 358.043342][T10630] ? __pfx_do_filp_open+0x10/0x10 [ 358.043388][T10630] ? alloc_fd+0x471/0x7d0 [ 358.043418][T10630] do_sys_openat2+0x11b/0x1d0 [ 358.043448][T10630] ? __pfx_do_sys_openat2+0x10/0x10 [ 358.043503][T10630] __x64_sys_openat+0x174/0x210 [ 358.043538][T10630] ? __pfx___x64_sys_openat+0x10/0x10 [ 358.043583][T10630] do_syscall_64+0xcd/0xfa0 [ 358.043611][T10630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.043633][T10630] RIP: 0033:0x7f01dd18f7c9 [ 358.043653][T10630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.043700][T10630] RSP: 002b:00007f01de01d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 358.043722][T10630] RAX: ffffffffffffffda RBX: 00007f01dd3e6090 RCX: 00007f01dd18f7c9 [ 358.043737][T10630] RDX: 000000000002ab01 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 358.043751][T10630] RBP: 00007f01dd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 358.043765][T10630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.043779][T10630] R13: 00007f01dd3e6128 R14: 00007f01dd3e6090 R15: 00007ffc39573f18 [ 358.043810][T10630] [ 358.464576][T10630] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 358.558886][T10633] random: crng reseeded on system resumption [ 358.634592][T10635] usb usb36: usbfs: interface 0 claimed by hub while 'syz.0.1044' sets config #6 [ 359.661804][ T5835] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 361.215749][T10670] __vm_enough_memory: pid: 10670, comm: syz.2.1053, bytes: 4398046511104 not enough memory for the allocation [ 362.660860][T10697] sd 0:0:1:0: PR command failed: 1026 [ 362.666376][T10697] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 362.673187][T10697] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 362.698730][T10697] delete_channel: no stack [ 363.996403][T10715] FAULT_INJECTION: forcing a failure. [ 363.996403][T10715] name failslab, interval 1, probability 393216, space 0, times 0 [ 364.061917][T10715] CPU: 1 UID: 0 PID: 10715 Comm: syz.0.1063 Not tainted syzkaller #0 PREEMPT(full) [ 364.061954][T10715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 364.061968][T10715] Call Trace: [ 364.061976][T10715] [ 364.061986][T10715] dump_stack_lvl+0x16c/0x1f0 [ 364.062022][T10715] should_fail_ex+0x512/0x640 [ 364.062060][T10715] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 364.062092][T10715] should_failslab+0xc2/0x120 [ 364.062126][T10715] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 364.062154][T10715] ? __d_alloc+0x32/0xae0 [ 364.062205][T10715] ? __d_alloc+0x32/0xae0 [ 364.062231][T10715] __d_alloc+0x32/0xae0 [ 364.062263][T10715] d_alloc_parallel+0x111/0x1510 [ 364.062314][T10715] ? __pfx_d_alloc_parallel+0x10/0x10 [ 364.062353][T10715] ? lockdep_init_map_type+0x5c/0x280 [ 364.062389][T10715] ? lockdep_init_map_type+0x5c/0x280 [ 364.062429][T10715] __lookup_slow+0x193/0x460 [ 364.062465][T10715] ? __pfx___lookup_slow+0x10/0x10 [ 364.062504][T10715] ? __mod_node_page_state+0xd0/0x1d0 [ 364.062548][T10715] ? __mod_node_page_state+0xd0/0x1d0 [ 364.062583][T10715] ? d_lookup+0xe7/0x190 [ 364.062624][T10715] lookup_noperm+0xe1/0x110 [ 364.062659][T10715] simple_start_creating+0xd1/0x1b0 [ 364.062688][T10715] debugfs_start_creating.part.0+0x82/0x190 [ 364.062716][T10715] __debugfs_create_file+0xa7/0x6b0 [ 364.062746][T10715] debugfs_create_file_full+0x41/0x60 [ 364.062776][T10715] ref_tracker_dir_debugfs+0x19d/0x290 [ 364.062801][T10715] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 364.062864][T10715] ? lockdep_init_map_type+0x5c/0x280 [ 364.062903][T10715] preinit_net.part.0+0x24e/0x8a0 [ 364.062933][T10715] copy_net_ns+0x3ba/0x690 [ 364.062965][T10715] create_new_namespaces+0x3ea/0xa90 [ 364.063002][T10715] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 364.063034][T10715] ksys_unshare+0x45b/0xa40 [ 364.063066][T10715] ? __pfx_ksys_unshare+0x10/0x10 [ 364.063099][T10715] ? xfd_validate_state+0x61/0x180 [ 364.063144][T10715] __x64_sys_unshare+0x31/0x40 [ 364.063175][T10715] do_syscall_64+0xcd/0xfa0 [ 364.063208][T10715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.063233][T10715] RIP: 0033:0x7f01dd18f7c9 [ 364.063253][T10715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.063276][T10715] RSP: 002b:00007f01de03e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 364.063300][T10715] RAX: ffffffffffffffda RBX: 00007f01dd3e5fa0 RCX: 00007f01dd18f7c9 [ 364.063316][T10715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 364.063331][T10715] RBP: 00007f01dd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 364.063345][T10715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 364.063360][T10715] R13: 00007f01dd3e6038 R14: 00007f01dd3e5fa0 R15: 00007ffc39573f18 [ 364.063396][T10715] [ 364.350494][ C1] vkms_vblank_simulate: vblank timer overrun [ 366.157216][T10728] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1065'. [ 372.511501][T10807] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1081'. [ 373.151527][T10827] sd 0:0:1:0: PR command failed: 1026 [ 373.158199][T10827] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 373.269182][T10827] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 373.348609][T10826] delete_channel: no stack [ 375.915712][T10875] *]'\: entered promiscuous mode [ 378.782712][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.789282][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.140773][T10950] FAULT_INJECTION: forcing a failure. [ 380.140773][T10950] name failslab, interval 1, probability 393216, space 0, times 0 [ 380.187729][T10950] CPU: 1 UID: 0 PID: 10950 Comm: syz.0.1117 Not tainted syzkaller #0 PREEMPT(full) [ 380.187766][T10950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 380.187782][T10950] Call Trace: [ 380.187790][T10950] [ 380.187800][T10950] dump_stack_lvl+0x16c/0x1f0 [ 380.187837][T10950] should_fail_ex+0x512/0x640 [ 380.187873][T10950] ? __kmalloc_noprof+0xca/0x880 [ 380.187901][T10950] should_failslab+0xc2/0x120 [ 380.187935][T10950] __kmalloc_noprof+0xdd/0x880 [ 380.187958][T10950] ? ptp_open+0x104/0x550 [ 380.187987][T10950] ? ptp_open+0x104/0x550 [ 380.188008][T10950] ptp_open+0x104/0x550 [ 380.188036][T10950] ? __pfx_ptp_open+0x10/0x10 [ 380.188069][T10950] ? __pfx_ptp_open+0x10/0x10 [ 380.188092][T10950] posix_clock_open+0x17b/0x290 [ 380.188122][T10950] ? __pfx_posix_clock_open+0x10/0x10 [ 380.188151][T10950] chrdev_open+0x234/0x6a0 [ 380.188179][T10950] ? __pfx_apparmor_file_open+0x10/0x10 [ 380.188214][T10950] ? __pfx_chrdev_open+0x10/0x10 [ 380.188246][T10950] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 380.188298][T10950] do_dentry_open+0x982/0x1530 [ 380.188330][T10950] ? __pfx_chrdev_open+0x10/0x10 [ 380.188367][T10950] vfs_open+0x82/0x3f0 [ 380.188407][T10950] path_openat+0x1de4/0x2cb0 [ 380.188447][T10950] ? __pfx_path_openat+0x10/0x10 [ 380.188476][T10950] ? __lock_acquire+0xb8a/0x1c90 [ 380.188514][T10950] do_filp_open+0x20b/0x470 [ 380.188542][T10950] ? __pfx_do_filp_open+0x10/0x10 [ 380.188596][T10950] ? alloc_fd+0x471/0x7d0 [ 380.188631][T10950] do_sys_openat2+0x11b/0x1d0 [ 380.188667][T10950] ? __pfx_do_sys_openat2+0x10/0x10 [ 380.188705][T10950] ? putname+0x154/0x1a0 [ 380.188745][T10950] __x64_sys_openat+0x174/0x210 [ 380.188782][T10950] ? __pfx___x64_sys_openat+0x10/0x10 [ 380.188833][T10950] do_syscall_64+0xcd/0xfa0 [ 380.188866][T10950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.188891][T10950] RIP: 0033:0x7f01dd18f7c9 [ 380.188912][T10950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.188936][T10950] RSP: 002b:00007f01de03e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 380.188961][T10950] RAX: ffffffffffffffda RBX: 00007f01dd3e5fa0 RCX: 00007f01dd18f7c9 [ 380.188980][T10950] RDX: 0000000000008000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 380.188996][T10950] RBP: 00007f01dd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 380.189012][T10950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.189027][T10950] R13: 00007f01dd3e6038 R14: 00007f01dd3e5fa0 R15: 00007ffc39573f18 [ 380.189063][T10950] [ 380.672249][T10963] FAULT_INJECTION: forcing a failure. [ 380.672249][T10963] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 380.703898][T10963] CPU: 0 UID: 0 PID: 10963 Comm: syz.2.1118 Not tainted syzkaller #0 PREEMPT(full) [ 380.703935][T10963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 380.703948][T10963] Call Trace: [ 380.703956][T10963] [ 380.703965][T10963] dump_stack_lvl+0x16c/0x1f0 [ 380.703998][T10963] should_fail_ex+0x512/0x640 [ 380.704037][T10963] _copy_from_user+0x2e/0xd0 [ 380.704062][T10963] __sys_bpf+0x248/0x4980 [ 380.704092][T10963] ? __pfx___sys_bpf+0x10/0x10 [ 380.704116][T10963] ? find_held_lock+0x2b/0x80 [ 380.704147][T10963] ? find_held_lock+0x2b/0x80 [ 380.704179][T10963] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 380.704228][T10963] ? fput+0x9b/0xd0 [ 380.704260][T10963] ? ksys_write+0x1ac/0x250 [ 380.704286][T10963] ? __pfx_ksys_write+0x10/0x10 [ 380.704318][T10963] __x64_sys_bpf+0x78/0xc0 [ 380.704344][T10963] ? lockdep_hardirqs_on+0x7c/0x110 [ 380.704374][T10963] do_syscall_64+0xcd/0xfa0 [ 380.704406][T10963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.704432][T10963] RIP: 0033:0x7ff45b38f7c9 [ 380.704452][T10963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.704475][T10963] RSP: 002b:00007ff45c19c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 380.704499][T10963] RAX: ffffffffffffffda RBX: 00007ff45b5e6090 RCX: 00007ff45b38f7c9 [ 380.704515][T10963] RDX: 000000000000000a RSI: 0000200000000080 RDI: 0000000000000005 [ 380.704531][T10963] RBP: 00007ff45c19c090 R08: 0000000000000000 R09: 0000000000000000 [ 380.704551][T10963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 380.704566][T10963] R13: 00007ff45b5e6128 R14: 00007ff45b5e6090 R15: 00007ffcd8b3c7c8 [ 380.704614][T10963] [ 384.001165][T11015] FAULT_INJECTION: forcing a failure. [ 384.001165][T11015] name failslab, interval 1, probability 393216, space 0, times 0 [ 384.014460][T11015] CPU: 1 UID: 0 PID: 11015 Comm: syz.0.1131 Not tainted syzkaller #0 PREEMPT(full) [ 384.014496][T11015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 384.014511][T11015] Call Trace: [ 384.014520][T11015] [ 384.014529][T11015] dump_stack_lvl+0x16c/0x1f0 [ 384.014566][T11015] should_fail_ex+0x512/0x640 [ 384.014602][T11015] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 384.014635][T11015] should_failslab+0xc2/0x120 [ 384.014668][T11015] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 384.014697][T11015] ? __d_alloc+0x32/0xae0 [ 384.014732][T11015] ? __d_alloc+0x32/0xae0 [ 384.014758][T11015] __d_alloc+0x32/0xae0 [ 384.014790][T11015] d_alloc_pseudo+0x1c/0xc0 [ 384.014825][T11015] alloc_file_pseudo+0xcf/0x230 [ 384.014862][T11015] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 384.014897][T11015] ? alloc_fd+0x471/0x7d0 [ 384.014937][T11015] sock_alloc_file+0x50/0x210 [ 384.014968][T11015] __sys_socket+0x1c0/0x260 [ 384.015002][T11015] ? __pfx___sys_socket+0x10/0x10 [ 384.015034][T11015] ? xfd_validate_state+0x61/0x180 [ 384.015067][T11015] ? __pfx_ksys_write+0x10/0x10 [ 384.015102][T11015] __x64_sys_socket+0x72/0xb0 [ 384.015133][T11015] ? lockdep_hardirqs_on+0x7c/0x110 [ 384.015163][T11015] do_syscall_64+0xcd/0xfa0 [ 384.015195][T11015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.015220][T11015] RIP: 0033:0x7f01dd18f7c9 [ 384.015241][T11015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.015264][T11015] RSP: 002b:00007f01de03e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 384.015289][T11015] RAX: ffffffffffffffda RBX: 00007f01dd3e5fa0 RCX: 00007f01dd18f7c9 [ 384.015307][T11015] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 384.015323][T11015] RBP: 00007f01dd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 384.015339][T11015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 384.015354][T11015] R13: 00007f01dd3e6038 R14: 00007f01dd3e5fa0 R15: 00007ffc39573f18 [ 384.015389][T11015] [ 387.573373][T11070] vivid-003: ================= START STATUS ================= [ 387.581263][T11070] vivid-003: Radio HW Seek Mode: Bounded [ 387.588034][T11070] vivid-003: Radio Programmable HW Seek: false [ 387.595069][T11070] vivid-003: RDS Rx I/O Mode: Block I/O [ 387.600663][T11070] vivid-003: Generate RBDS Instead of RDS: false [ 387.607833][T11070] vivid-003: RDS Reception: true [ 387.612814][T11070] vivid-003: RDS Program Type: 0 inactive [ 387.619750][T11070] vivid-003: RDS PS Name: inactive [ 387.687674][T11070] vivid-003: RDS Radio Text: inactive [ 387.693314][T11070] vivid-003: RDS Traffic Announcement: false inactive [ 387.700278][T11070] vivid-003: RDS Traffic Program: false inactive [ 387.706761][T11070] vivid-003: RDS Music: false inactive [ 387.727450][T11070] vivid-003: ================== END STATUS ================== [ 388.228506][T11079] FAULT_INJECTION: forcing a failure. [ 388.228506][T11079] name fail_futex, interval 1, probability 0, space 0, times 0 [ 388.317627][T11079] CPU: 1 UID: 0 PID: 11079 Comm: syz.3.1146 Not tainted syzkaller #0 PREEMPT(full) [ 388.317662][T11079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 388.317677][T11079] Call Trace: [ 388.317686][T11079] [ 388.317696][T11079] dump_stack_lvl+0x16c/0x1f0 [ 388.317735][T11079] should_fail_ex+0x512/0x640 [ 388.317781][T11079] get_futex_key+0x1d0/0x1560 [ 388.317821][T11079] ? __pfx_get_futex_key+0x10/0x10 [ 388.317868][T11079] futex_wait_setup+0x9d/0x550 [ 388.317904][T11079] __futex_wait+0x193/0x2f0 [ 388.317929][T11079] ? __pfx___futex_wait+0x10/0x10 [ 388.317959][T11079] ? __pfx_futex_wake_mark+0x10/0x10 [ 388.318001][T11079] ? futex_hash+0x2c5/0x380 [ 388.318036][T11079] ? futex_private_hash_put+0xd5/0x190 [ 388.318070][T11079] futex_wait+0xe8/0x380 [ 388.318094][T11079] ? __pfx_futex_wait+0x10/0x10 [ 388.318127][T11079] ? __might_fault+0xe3/0x190 [ 388.318152][T11079] ? __might_fault+0x13b/0x190 [ 388.318185][T11079] do_futex+0x229/0x350 [ 388.318218][T11079] ? __pfx_do_futex+0x10/0x10 [ 388.318252][T11079] ? __sys_connect+0xe0/0x160 [ 388.318290][T11079] __x64_sys_futex+0x1e0/0x4c0 [ 388.318329][T11079] ? __pfx___x64_sys_futex+0x10/0x10 [ 388.318361][T11079] ? xfd_validate_state+0x61/0x180 [ 388.318393][T11079] ? __pfx_ksys_write+0x10/0x10 [ 388.318433][T11079] do_syscall_64+0xcd/0xfa0 [ 388.318466][T11079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.318504][T11079] RIP: 0033:0x7f7239b8f7c9 [ 388.318525][T11079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.318550][T11079] RSP: 002b:00007f723a9690e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 388.318575][T11079] RAX: ffffffffffffffda RBX: 00007f7239de5fa8 RCX: 00007f7239b8f7c9 [ 388.318594][T11079] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7239de5fa8 [ 388.318610][T11079] RBP: 00007f7239de5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 388.318625][T11079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.318640][T11079] R13: 00007f7239de6038 R14: 00007ffeba5e89b0 R15: 00007ffeba5e8a98 [ 388.318675][T11079] [ 388.384029][T11076] zswap: compressor not available [ 388.652770][T11079] svc: failed to register nfsdv3 RPC service (errno 111). [ 388.696886][T11079] svc: failed to register nfsaclv3 RPC service (errno 111). [ 389.809751][T11110] FAULT_INJECTION: forcing a failure. [ 389.809751][T11110] name failslab, interval 1, probability 393216, space 0, times 0 [ 389.833543][T11110] CPU: 0 UID: 0 PID: 11110 Comm: syz.1.1152 Not tainted syzkaller #0 PREEMPT(full) [ 389.833583][T11110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 389.833600][T11110] Call Trace: [ 389.833610][T11110] [ 389.833621][T11110] dump_stack_lvl+0x16c/0x1f0 [ 389.833668][T11110] should_fail_ex+0x512/0x640 [ 389.833709][T11110] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 389.833741][T11110] should_failslab+0xc2/0x120 [ 389.833776][T11110] kmem_cache_alloc_noprof+0x75/0x6e0 [ 389.833805][T11110] ? key_alloc+0x3e0/0x1330 [ 389.833838][T11110] ? key_alloc+0x3e0/0x1330 [ 389.833863][T11110] key_alloc+0x3e0/0x1330 [ 389.833903][T11110] ? __pfx_key_alloc+0x10/0x10 [ 389.833932][T11110] ? aa_get_newest_label+0xd2/0x250 [ 389.833986][T11110] keyring_alloc+0x44/0xc0 [ 389.834023][T11110] lookup_user_key+0xc51/0x1300 [ 389.834056][T11110] ? __pfx_lookup_user_key+0x10/0x10 [ 389.834086][T11110] ? ksys_shmctl.constprop.0+0x1d4/0x380 [ 389.834124][T11110] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 389.834183][T11110] keyctl_setperm_key+0x9d/0x3a0 [ 389.834223][T11110] ? __pfx_keyctl_setperm_key+0x10/0x10 [ 389.834263][T11110] ? xfd_validate_state+0x61/0x180 [ 389.834306][T11110] __do_sys_keyctl+0x29a/0x590 [ 389.834342][T11110] do_syscall_64+0xcd/0xfa0 [ 389.834374][T11110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.834398][T11110] RIP: 0033:0x7ffab658f7c9 [ 389.834419][T11110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 389.834442][T11110] RSP: 002b:00007ffab7347038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 389.834465][T11110] RAX: ffffffffffffffda RBX: 00007ffab67e5fa0 RCX: 00007ffab658f7c9 [ 389.834482][T11110] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000005 [ 389.834496][T11110] RBP: 00007ffab6613f91 R08: 0000000000000005 R09: 0000000000000000 [ 389.834510][T11110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 389.834526][T11110] R13: 00007ffab67e6038 R14: 00007ffab67e5fa0 R15: 00007ffc0c864e48 [ 389.834563][T11110] [ 390.138114][T11117] kAFS: No cell specified [ 393.066288][T11167] FAULT_INJECTION: forcing a failure. [ 393.066288][T11167] name failslab, interval 1, probability 393216, space 0, times 0 [ 393.081203][T11167] CPU: 0 UID: 0 PID: 11167 Comm: syz.1.1164 Not tainted syzkaller #0 PREEMPT(full) [ 393.081235][T11167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 393.081244][T11167] Call Trace: [ 393.081249][T11167] [ 393.081256][T11167] dump_stack_lvl+0x16c/0x1f0 [ 393.081277][T11167] should_fail_ex+0x512/0x640 [ 393.081304][T11167] ? __kmalloc_noprof+0xca/0x880 [ 393.081320][T11167] should_failslab+0xc2/0x120 [ 393.081340][T11167] __kmalloc_noprof+0xdd/0x880 [ 393.081352][T11167] ? lsm_blob_alloc+0x68/0x90 [ 393.081373][T11167] ? lsm_blob_alloc+0x68/0x90 [ 393.081389][T11167] lsm_blob_alloc+0x68/0x90 [ 393.081405][T11167] security_prepare_creds+0x30/0x270 [ 393.081423][T11167] prepare_creds+0x56f/0x7d0 [ 393.081445][T11167] __sys_setresgid+0x4af/0x1150 [ 393.081463][T11167] do_syscall_64+0xcd/0xfa0 [ 393.081480][T11167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.081494][T11167] RIP: 0033:0x7ffab658f7c9 [ 393.081506][T11167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.081519][T11167] RSP: 002b:00007ffab7347038 EFLAGS: 00000246 ORIG_RAX: 0000000000000077 [ 393.081532][T11167] RAX: ffffffffffffffda RBX: 00007ffab67e5fa0 RCX: 00007ffab658f7c9 [ 393.081542][T11167] RDX: 0000000000000008 RSI: 00000000800000a0 RDI: 0000000000000081 [ 393.081550][T11167] RBP: 00007ffab6613f91 R08: 0000000000000000 R09: 0000000000000000 [ 393.081558][T11167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.081566][T11167] R13: 00007ffab67e6038 R14: 00007ffab67e5fa0 R15: 00007ffc0c864e48 [ 393.081588][T11167] [ 393.114494][ T44] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.200192][ C1] vkms_vblank_simulate: vblank timer overrun [ 396.254735][T11214] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000024: 0000 [#1] SMP KASAN PTI [ 396.266668][T11214] KASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127] [ 396.275088][T11214] CPU: 0 UID: 0 PID: 11214 Comm: syz.0.1175 Not tainted syzkaller #0 PREEMPT(full) [ 396.284463][T11214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 396.294515][T11214] RIP: 0010:afs_request_key+0xba/0x190 [ 396.299986][T11214] Code: 48 c1 e9 03 80 3c 01 00 0f 85 ae 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 30 48 8d bd 20 01 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 75 7a 48 8b b5 20 01 00 00 31 c9 48 c7 c7 80 58 41 90 [ 396.319600][T11214] RSP: 0018:ffffc90003807c88 EFLAGS: 00010206 [ 396.325672][T11214] RAX: dffffc0000000000 RBX: ffff88802234c000 RCX: 0000000000000024 [ 396.333639][T11214] RDX: ffff88802be10880 RSI: ffffffff83963714 RDI: 0000000000000120 [ 396.341613][T11214] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 396.349622][T11214] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802234c030 [ 396.357591][T11214] R13: ffff888031465fa0 R14: ffffed100628cbf6 R15: ffffc90003807ea0 [ 396.365572][T11214] FS: 00007f01de03e6c0(0000) GS:ffff888124a0d000(0000) knlGS:0000000000000000 [ 396.374504][T11214] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 396.381089][T11214] CR2: 0000001b30ffeff8 CR3: 00000000763ec000 CR4: 00000000003526f0 [ 396.389059][T11214] Call Trace: [ 396.392330][T11214] [ 396.395255][T11214] afs_get_tree+0x303/0x1380 [ 396.399853][T11214] ? bpf_lsm_capable+0x9/0x10 [ 396.404541][T11214] vfs_get_tree+0x8e/0x340 [ 396.408968][T11214] path_mount+0x7b9/0x23a0 [ 396.413387][T11214] ? __pfx_path_mount+0x10/0x10 [ 396.418235][T11214] ? kmem_cache_free+0x2d4/0x6c0 [ 396.423172][T11214] ? putname+0x154/0x1a0 [ 396.427416][T11214] ? putname+0x154/0x1a0 [ 396.431658][T11214] ? putname+0x154/0x1a0 [ 396.436005][T11214] ? __x64_sys_mount+0x293/0x310 [ 396.440946][T11214] __x64_sys_mount+0x293/0x310 [ 396.445721][T11214] ? __pfx___x64_sys_mount+0x10/0x10 [ 396.451184][T11214] do_syscall_64+0xcd/0xfa0 [ 396.455702][T11214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.461595][T11214] RIP: 0033:0x7f01dd18f7c9 [ 396.466007][T11214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 396.485716][T11214] RSP: 002b:00007f01de03e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 396.494138][T11214] RAX: ffffffffffffffda RBX: 00007f01dd3e5fa0 RCX: 00007f01dd18f7c9 [ 396.502112][T11214] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 0000000000000000 [ 396.510078][T11214] RBP: 00007f01dd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 396.518046][T11214] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 396.526038][T11214] R13: 00007f01dd3e6038 R14: 00007f01dd3e5fa0 R15: 00007ffc39573f18 [ 396.534031][T11214] [ 396.537062][T11214] Modules linked in: [ 396.541307][T11214] ---[ end trace 0000000000000000 ]--- [ 396.551848][T11214] RIP: 0010:afs_request_key+0xba/0x190 [ 396.557355][T11214] Code: 48 c1 e9 03 80 3c 01 00 0f 85 ae 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 30 48 8d bd 20 01 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 75 7a 48 8b b5 20 01 00 00 31 c9 48 c7 c7 80 58 41 90 [ 396.577246][T11214] RSP: 0018:ffffc90003807c88 EFLAGS: 00010206 [ 396.684107][T11214] RAX: dffffc0000000000 RBX: ffff88802234c000 RCX: 0000000000000024 [ 396.705628][T11214] RDX: ffff88802be10880 RSI: ffffffff83963714 RDI: 0000000000000120 [ 396.720867][T11214] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 396.776497][T11214] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802234c030 [ 396.800251][T11214] R13: ffff888031465fa0 R14: ffffed100628cbf6 R15: ffffc90003807ea0 [ 396.834750][T11214] FS: 00007f01de03e6c0(0000) GS:ffff888124a0d000(0000) knlGS:0000000000000000 [ 396.843887][T11214] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 396.851410][T11214] CR2: 0000200000426000 CR3: 00000000763ec000 CR4: 00000000003526f0 [ 396.859484][T11214] Kernel panic - not syncing: Fatal exception [ 396.866050][T11214] Kernel Offset: disabled [ 396.870457][T11214] Rebooting in 86400 seconds..