last executing test programs: 4.940673141s ago: executing program 1 (id=528): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1000, 0x0) ioctl$auto(0x3, 0x5420, 0x38) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x3, 0x55, 0x29e) shmdt$auto(0x0) readv$auto(0x3, 0x0, 0x3) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5407, 0x0) 4.542100545s ago: executing program 3 (id=530): sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYRES64=0xffffffffffffffff, @ANYRESDEC=0x0], 0x14}, 0x1, 0x0, 0x0, 0xc854}, 0x40080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYRES16=r0, @ANYRES64=r0], 0x1ac}}, 0x40000) r1 = socket(0x10, 0x2, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/034/001\x00', 0xa901, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4241, 0x0) mmap$auto(0x0, 0x2000b, 0x100, 0x13, 0x401, 0x80000001) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x18ab82, 0x0) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) r4 = io_uring_setup$auto(0x7, 0x0) io_uring_register$auto(r4, 0x8, &(0x7f0000001100), 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0) ioctl$auto(0x3, 0x80004508, 0x10000000000402) fcntl$auto_F_SETSIG(0xffffffffffffffff, 0xa, 0x400000000000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x6}, 0x8000000000001b) unshare$auto(0x40000080) mmap$auto(0x1, 0x0, 0x44000000000dd, 0x15, 0x401, 0x7fff) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) msgget$auto(0x0, 0x5) msgsnd$auto(0xfffffffc, &(0x7f0000000000)={0x1, 0x85}, 0x8, 0x7) msgsnd$auto(0x0, &(0x7f0000000040)={0x40000007fc, 0x7}, 0x400, 0xfffffffe) ioctl$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x4, &(0x7f0000000280)="f26891cb2ed18376017ff1ab12c1792935603a41d4aa06cb408af493565f5f681a8ea3c393851f3e9e9ff18e46c874829f4690aa9deb4ce9ff6524a4e182a843681ee75966c8d0e7e77d777a1531cdc6faff458cf96f44dab5415092292166f727df1ee0ae366beace4eb1de82c93a7f5f0a839fe922f2b3393f4df6af12803213f171c129cc17d13400c1da13f077dfa7251c1a477921e24f5cdc93dd2292daaee610ad261965c267f6") read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00<\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t+\xe4\xc2\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) msgrcv$auto(0x0, 0x0, 0x4bd, 0x1, 0xf1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r2, 0x802c550a, &(0x7f0000000380)=ANY=[@ANYRES16=r3]) ioctl$auto(r2, 0x4008550c, r2) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0xffffffffffffffff, 0xfffffff7}, 0x800}, 0x7, 0x4008) 4.43270165s ago: executing program 1 (id=532): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socket(0xa, 0x1, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptyw5\x00', 0x80000, 0x0) getsockopt$auto(r1, 0x0, 0x482, 0x0, &(0x7f0000000040)=0x8) r2 = socket(0x1d, 0x80000, 0x3d) setsockopt$auto(r2, 0x29, 0x19, 0x0, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x54, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6, 0x6, 0x5}, @GTPA_VERSION={0x8, 0x2, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010101}, @GTPA_FLOW={0x6, 0x6, 0xfc00}, @GTPA_LINK={0x8, 0x1, 0x80000007}, @GTPA_LINK={0x8, 0x1, 0x80000001}, @GTPA_I_TEI={0x8, 0x8, 0x5e}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x29}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040080}, 0x20000040) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x14, 0x0, 0x70b, 0x70bd24, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4040041}, 0xc840) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r4, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002cbd7000fbdbdf25960000001a000d01e2d1b2c3e0f4246df8a3901298f8aa701033e4ad88680000e941a3684af502f0981f4c05e966ce32e68266ddf77a26b094f120ae8121079ffd4242f8bbcb45f3a570a686261ffc6e017b109157ffdfc806181b9f5846997ec71b96981a925c7ecceb47f49d4daa11fdb034475ecb33c09e797e96605ce892a6c796d32e794ab2e9e9fa7533d59b8e4840bad5124dc1bc366733f156c2ce4ff3ce61f3a52b2cfc49506ad7d92a863e5d74065ebf6844eed509bb86db6da39fb148ed5d7162f3c72a4d056b996961de3657d4b35f"], 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x40004) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/net_prio.ifpriomap\x00', 0x10b142, 0x0) sendfile$auto(r5, r5, 0x0, 0x5) 3.938282281s ago: executing program 1 (id=535): socket(0xa, 0x2, 0x73) socket(0x2, 0xa, 0x1) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/free_buffer\x00', 0x109100, 0xebff) socket(0x2, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop5\x00', 0x60542, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x700000000000000, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) semctl$auto(0x3, 0x2, 0x13, 0x9) r0 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r0, 0x29, 0x20, 0x0, 0x20) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0xffffffffffffffff, 0x0, 0x3) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) unshare$auto(0x20000) 3.566960726s ago: executing program 2 (id=538): sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x5890) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/034/001\x00', 0xa901, 0x0) io_uring_register$auto(0xffffffffffffffff, 0x8, &(0x7f0000001100), 0x3) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r0, 0x802c550a, &(0x7f0000000300)=ANY=[@ANYBLOB="020000060000e6ff040000000100400008"]) 3.471261773s ago: executing program 3 (id=539): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000ff", @ANYRES16=r1, @ANYBLOB="01009b64c23ef155546b0104000008000900", @ANYBLOB="080005000600000008000200", @ANYRES32=0x0, @ANYBLOB="0c00010069"], 0x8d}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 3.34456418s ago: executing program 3 (id=540): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) writev$auto(r0, &(0x7f0000000140)={0x0, 0x1}, 0x4) 3.284214701s ago: executing program 2 (id=541): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getcpu$auto(0xfffffffffffffffc, 0xffffffffffffffff, 0xfffffffffffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = open(0x0, 0x163340, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2, 0x3, 0xa) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(r2, 0x0, 0x6, 0x0, 0x10021) r3 = socket(0xa, 0x2, 0x88) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) setsockopt$auto_SO_LOCK_FILTER(r3, 0x101, 0x2c, &(0x7f0000000140)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x8) bind$auto(0x3, &(0x7f0000000000)=@generic={0xa, "dfffffffffffffff00"}, 0x6a) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(r0, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x110, r5, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_VENDOR_DATA={0xb1, 0xc5, "49a054a1658246bf9bb806899ee357c8ad63d8d7867b81624ad01e0d59d5e41af377e39065deb8631a5a3f1121717a8a3e696329c8eb7d48822fc7cd95f8b3139d6667122b83e4410a1ad923df42ec476d72d968e54cb37518b71d57f856bd42feafb8b7a8e8c5b8204bce97d2c8dabe7b2b25a64faaa1d40fdcb99079001be6220f2b51306e2a6f5344456626275a3772197e59369ed275f6788788aa5374a87b48101f4c5c68059e78df992e"}, @NL80211_ATTR_FILS_KEK={0x2f, 0xf2, "26ea20f3fc6b2410e7a03afc42f55c928782387f01f57392dff6a19304b61118acf6f403f093bc595f5824"}, @NL80211_ATTR_COLOR_CHANGE_COLOR={0x5, 0x130, 0x8}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0xe2}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x20008000) setsockopt$auto(0x3, 0x10000000084, 0x72, 0x0, 0xc) 3.223919006s ago: executing program 3 (id=542): sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x5890) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, r0, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/034/001\x00', 0xa901, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4241, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x18ab82, 0x0) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) r3 = io_uring_setup$auto(0x7, 0x0) io_uring_register$auto(r3, 0x8, &(0x7f0000001100), 0x3) mmap$auto(0x0, 0x9, 0xffff, 0xeb1, r2, 0x2) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0) ioctl$auto(0x3, 0x80004508, 0x10000000000402) fcntl$auto_F_SETSIG(0xffffffffffffffff, 0xa, 0x400000000000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x6}, 0x8000000000001b) unshare$auto(0x40000080) mmap$auto(0x1, 0x0, 0x44000000000dd, 0x15, 0x401, 0x7fff) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) msgget$auto(0x0, 0x5) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x85}, 0x8, 0x7) msgsnd$auto(0x0, &(0x7f0000000040)={0x40000007fc, 0x7}, 0x400, 0x2) ioctl$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x4, &(0x7f0000000280)="f26891cb2ed18376017ff1ab12c1792935603a41d4aa06cb408af493565f5f681a8ea3c393851f3e9e9ff18e46c874829f4690aa9deb4ce9ff6524a4e182a843681ee75966c8d0e7e77d777a1531cdc6faff458cf96f44dab5415092292166f727df1ee0ae366beace4eb1de82c93a7f5f0a839fe922f2b3393f4df6af12803213f171c129cc17d13400c1da13f077dfa7251c1a477921e24f5cdc93dd2292daaee610ad261965c267f6") read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00<\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t+\xe4\xc2\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) msgrcv$auto(0x0, 0x0, 0x4bd, 0x1, 0xf1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r1, 0x802c550a, &(0x7f0000000300)=ANY=[@ANYBLOB="020000060000e6ff040000000100400008"]) ioctl$auto(r1, 0x4008550c, r1) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0xffffffffffffffff, 0xfffffff7}, 0x800}, 0x7, 0x4008) 2.995636532s ago: executing program 0 (id=543): mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x40401, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x4010ae67, 0x38) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x3000c, 0x4000000000df, 0x4000eb1, 0x401, 0x10000) r1 = openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000100), 0xc000, 0x0) close_range$auto(r1, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}}, 0xf7374674b920089e) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r3, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10000, 0x0) socket(0x29, 0x2, 0x0) ioctl$auto(r2, 0x8993, 0x24) open(&(0x7f0000001bc0)='./file0\x00', 0x4142, 0x1) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty57\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r4) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x541b, 0x74) 2.520481572s ago: executing program 2 (id=544): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77ef907d, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop7\x00', 0x80001, 0x0) socket(0xa, 0x5, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) 2.392730664s ago: executing program 0 (id=545): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x3}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400e, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6) 2.303564139s ago: executing program 1 (id=546): mmap$auto(0x9, 0x20009, 0x4000000000df, 0xeb2, 0x401, 0x8000) socket(0x10, 0x2, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) r0 = socket(0x28, 0x1, 0x0) getsockopt$auto(r0, 0x28, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r1, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) waitid$auto_P_ALL(0x0, 0xffffffff, 0x0, 0x4005, &(0x7f0000000b40)={{0xffffffffffffffff}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x400000000000010, 0x0, 0x4, 0x7, 0x3, 0x100000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r1, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) preadv$auto(0x3, &(0x7f00000000c0)={0x0, 0x3}, 0x3, 0x2, 0xffffffffffffffff) 2.215851324s ago: executing program 2 (id=547): openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) sysfs$auto(0x2, 0x23, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0xfffffffffffffff9, 0x6, 0x8, 0xfffffffffffffffd, r0, 0x8000000000000001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clock_nanosleep$auto(0x7, 0x8, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) 2.1898135s ago: executing program 3 (id=548): sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYRES64=0xffffffffffffffff, @ANYRESDEC=0x0], 0x14}, 0x1, 0x0, 0x0, 0xc854}, 0x40080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYRES16=r0, @ANYRES64=r0], 0x1ac}}, 0x40000) r1 = socket(0x10, 0x2, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/034/001\x00', 0xa901, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4241, 0x0) mmap$auto(0x0, 0x2000b, 0x100, 0x13, 0x401, 0x80000001) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x18ab82, 0x0) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) r4 = io_uring_setup$auto(0x7, 0x0) io_uring_register$auto(r4, 0x8, &(0x7f0000001100), 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0) ioctl$auto(0x3, 0x80004508, 0x10000000000402) fcntl$auto_F_SETSIG(0xffffffffffffffff, 0xa, 0x400000000000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x6}, 0x8000000000001b) unshare$auto(0x40000080) mmap$auto(0x1, 0x0, 0x44000000000dd, 0x15, 0x401, 0x7fff) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) msgget$auto(0x0, 0x5) msgsnd$auto(0xfffffffc, &(0x7f0000000000)={0x1, 0x85}, 0x8, 0x7) msgsnd$auto(0x0, &(0x7f0000000040)={0x40000007fc, 0x7}, 0x400, 0xfffffffe) ioctl$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x4, &(0x7f0000000280)="f26891cb2ed18376017ff1ab12c1792935603a41d4aa06cb408af493565f5f681a8ea3c393851f3e9e9ff18e46c874829f4690aa9deb4ce9ff6524a4e182a843681ee75966c8d0e7e77d777a1531cdc6faff458cf96f44dab5415092292166f727df1ee0ae366beace4eb1de82c93a7f5f0a839fe922f2b3393f4df6af12803213f171c129cc17d13400c1da13f077dfa7251c1a477921e24f5cdc93dd2292daaee610ad261965c267f6") read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00<\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t+\xe4\xc2\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) msgrcv$auto(0x0, 0x0, 0x4bd, 0x1, 0xf1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r2, 0x802c550a, &(0x7f0000000380)=ANY=[@ANYRES16=r3]) ioctl$auto(r2, 0x4008550c, r2) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0xffffffffffffffff, 0xfffffff7}, 0x800}, 0x7, 0x4008) 2.02874144s ago: executing program 2 (id=549): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x161782, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) r1 = prctl$auto_PR_SET_MM_START_BRK(0x4bc8, 0x6, 0x0, 0x0, 0x0) ioctl$auto_TIOCNOTTY(r1, 0x5422, &(0x7f0000000340)="39a88364315066d2ccf36de8f6b8c6b465d6035ff76886a52800d03114dcbedc468484a32dc9a4dbe3e2622618d4f212ba1b0bb15e57a518ae71f5c4ff6ecabda72f905e8a4c53be0a40a2aa63e38b3dbae3a3b149f320c00210405fadefb873d738222748398dc7bd49ea5bdb9a1f9df35bde2bc95527343d27123c9f4b0bdc0348c9ba145524c8728929054533626e3c7be588c67a8d543acd7e88f68203e2fafbb35751251902225ac1951aa1da8f147cf0e8513ace2bf1aaf09ff9caa8c869ad5736") r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0) socket(0x28, 0x5, 0x0) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) 1.409478755s ago: executing program 0 (id=550): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) writev$auto(r0, &(0x7f0000000140)={0x0, 0x1}, 0x4) 1.254537206s ago: executing program 0 (id=551): sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x5890) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/034/001\x00', 0xa901, 0x0) io_uring_register$auto(0xffffffffffffffff, 0x8, &(0x7f0000001100), 0x3) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r0, 0x802c550a, &(0x7f0000000300)=ANY=[@ANYBLOB="020000060000e6ff040000000100400008"]) 1.240803987s ago: executing program 1 (id=552): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x2, 0xd, 0xfffffffffffffffb, 0x100000004, 0x2c2, 0x800002017d, 0x4, 0x40, 0xd, 0xd59, 0xfb, 0xff, 0x21, 0x100000005]}, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000780), r0) sendmsg$auto_NFC_CMD_ENABLE_SE(r1, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x14, r2, 0x800, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8004}, 0x24000080) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000040)=0x5) read$auto(0x3, 0x0, 0x80) 1.158791266s ago: executing program 3 (id=553): write$auto(0xffffffffffffffff, 0x0, 0xa) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) unshare$auto(0x8) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0xb) madvise$auto(0xfffffffffffffffa, 0x7f, 0x10) madvise$auto(0x0, 0x2003f2, 0x15) r4 = socket(0x2, 0x802, 0x1) getsockopt$auto_SO_KEEPALIVE(r4, 0x0, 0x9, 0x0, &(0x7f0000000100)=0x401) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), r5) sendmsg$auto_OVS_DP_CMD_SET(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, r2) socket(0x33, 0x3, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x200000000, 0x5, 0x8, 0x40009b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) (fail_nth: 1) munmap$auto(0x8000, 0xffffffff) 1.050013179s ago: executing program 0 (id=554): socket(0x10, 0x2, 0x1) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffff70, 0x1, 0x0) prctl$auto(0x1, 0xfffffffeffffffff, 0x0, 0xfffffffe, 0xffffffffffffffff) mlock$auto(0xfff, 0xde7f) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD(r0, 0xffe, &(0x7f0000000200)={@siginfo_0_0={0xe4e, 0x8, 0x9, @_sigsys={&(0x7f00000001c0)="4c30d8ac2efa3f9d41ac255c5146d3e38af70673bcd95fb1c5dd2300f9031a", 0x4, 0x4}}}, 0x1) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) connect$auto(0x3, &(0x7f0000000080)=@nl=@proc={0x10, 0x0, 0x25dfdbfe, 0x4}, 0x81) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0) r4 = dup$auto(r3) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/amidi2\x00', 0x80000, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS32(r6, 0xc0245720, &(0x7f0000000080)={0x1eda, 0x4, 0x5, 0x7, 0x6, "0eb4aeb68ec9eeb746db5d1003a4da8e"}) ioctl$auto(r5, 0x81004523, r4) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/driver/rtc\x00', 0x18b202, 0x0) pread64$auto(r7, 0x0, 0x400100000001, 0x1ff) mmap$auto(0x1, 0x20009, 0xdf, 0xebe, 0x40000000000a5, 0x8000) r8 = socket(0xa, 0x3, 0x3b) getsockopt$auto(r8, 0x29, 0x3a, 0x0, 0x0) unshare$auto(0x40000080) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_macvtap\x00'}) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000) 997.036632ms ago: executing program 2 (id=555): write$auto(0xffffffffffffffff, 0x0, 0xa) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) unshare$auto(0x8) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x10, 0x2, 0x0) mmap$auto(0x101, 0x9, 0x9b, 0x9b72, r1, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) prctl$auto(0x1000000003b, 0x3, 0x4, 0x0, 0x8) madvise$auto(0xfffffffffffffffa, 0x7f, 0x10) r4 = socket(0x2, 0x802, 0x1) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) getsockopt$auto_SO_KEEPALIVE(r4, 0x0, 0x9, 0x0, &(0x7f0000000100)=0x401) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_XFS_IOC_SWAPEXT(0xffffffffffffffff, 0xc0c0586d, &(0x7f0000000480)={0x80000000f, @raw=0x8, @raw=0x9, 0x9, 0x7fff, '\x00', {0x1000, 0x3, 0x988f, 0x0, 0x0, 0x0, 0x9, 0x1, {0x9, 0x4b}, {0x51, 0xa}, {0x22, 0xbe}, 0x4b, 0x810, 0x7, 0x7, 0x2, 0x4, 0x6, 0x6, 0x7ff, 0x101, '\x00', 0x4, 0x10000, 0x9, 0x3}}) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), r5) sendmsg$auto_OVS_DP_CMD_SET(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, r2) socket(0x11, 0x3, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x200000000, 0x5, 0x8, 0x40009b72, 0x2, 0x8000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/dummy_hcd.4/usb5/5-0:1.0/usb5-port1/location\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000140)=""/48, 0x30) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) munmap$auto(0x8000, 0xffffffff) 26.182397ms ago: executing program 1 (id=556): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/2-0:1.0/usb2-port1/disable\x00', 0x102, 0x0) sendfile$auto(r0, r0, 0x0, 0x7) 0s ago: executing program 0 (id=557): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00') ioctl$NS_GET_PARENT(r0, 0xb701, 0x0) write$auto_tty_fops_tty_io(0xffffffffffffffff, &(0x7f0000000340)="2a3f9218659200008a677517d554c80b25c30000000000000071dde0152c549d44cf790bd304059e64ec347e9b173c52324e7de19a503727fe47d78e0bc2c5590e61b5d86887240d03bca3460f12f2107274ade4e6e53a728e346cef781b623364989314a43e5fd9e20e24417d6b21117b3308557a7b2aa2cb541dea5cb3b6a521b869ac5ff14cb52c4487dd3a3f4a81ff5957aa1109af5a3a1ce466381cc21fea0c67d8a165f29a6b9537b178bfdd013443481ba707ba4632e0478b951e619775f83f13", 0xc4) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0x4, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d4dcea5cc96", 0x7) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card1/pcm0c/sub3/info\x00', 0xc0201, 0x0) ioctl$auto(r2, 0xfffffff9, 0xffffffffffffffff) r3 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r3, 0x0, 0x1, 0x100) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyue\x00', 0x103f81, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE_EXT(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r5, 0x201, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000810) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r7 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r6, 0x541c, r7) ioctl$auto(0x3, 0x5420, 0x38) ioctl$auto(0x3, 0x5404, 0x38) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.43' (ED25519) to the list of known hosts. [ 80.400257][ T5810] cgroup: Unknown subsys name 'net' [ 80.505389][ T5810] cgroup: Unknown subsys name 'cpuset' [ 80.514700][ T5810] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.262005][ T5810] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.221765][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.241753][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.250217][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.258479][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.267326][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.276456][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.284943][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.286221][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.293421][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.300660][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.308264][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.314012][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.321433][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.328085][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.336517][ T5144] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.344511][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.358222][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.360631][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.377777][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.387017][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.890436][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 84.976341][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 85.120479][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.130194][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.137625][ T5822] bridge_slave_0: entered allmulticast mode [ 85.144947][ T5822] bridge_slave_0: entered promiscuous mode [ 85.159300][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.166816][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.174219][ T5822] bridge_slave_1: entered allmulticast mode [ 85.181562][ T5822] bridge_slave_1: entered promiscuous mode [ 85.194885][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 85.206179][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 85.287754][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.339593][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.379049][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.386362][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.393956][ T5821] bridge_slave_0: entered allmulticast mode [ 85.401172][ T5821] bridge_slave_0: entered promiscuous mode [ 85.432363][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.439660][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.447354][ T5821] bridge_slave_1: entered allmulticast mode [ 85.454778][ T5821] bridge_slave_1: entered promiscuous mode [ 85.480997][ T5822] team0: Port device team_slave_0 added [ 85.488892][ T5822] team0: Port device team_slave_1 added [ 85.572997][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.580251][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.587650][ T5824] bridge_slave_0: entered allmulticast mode [ 85.594811][ T5824] bridge_slave_0: entered promiscuous mode [ 85.605530][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.616094][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.623481][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.649530][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.661760][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.668953][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.677025][ T5823] bridge_slave_0: entered allmulticast mode [ 85.684367][ T5823] bridge_slave_0: entered promiscuous mode [ 85.693138][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.700373][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.707987][ T5823] bridge_slave_1: entered allmulticast mode [ 85.715272][ T5823] bridge_slave_1: entered promiscuous mode [ 85.723568][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.730723][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.738653][ T5824] bridge_slave_1: entered allmulticast mode [ 85.746120][ T5824] bridge_slave_1: entered promiscuous mode [ 85.755391][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.765755][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.773506][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.799909][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.889904][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.902757][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.914323][ T5821] team0: Port device team_slave_0 added [ 85.933765][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.947225][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.958149][ T5821] team0: Port device team_slave_1 added [ 86.023849][ T5824] team0: Port device team_slave_0 added [ 86.030168][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.037265][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.063646][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.098629][ T5824] team0: Port device team_slave_1 added [ 86.105006][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.112095][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.138141][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.154983][ T5822] hsr_slave_0: entered promiscuous mode [ 86.161452][ T5822] hsr_slave_1: entered promiscuous mode [ 86.170369][ T5823] team0: Port device team_slave_0 added [ 86.179145][ T5823] team0: Port device team_slave_1 added [ 86.250068][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.257558][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.284253][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.315533][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.322722][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.348943][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.360898][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.368308][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.394438][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.412319][ T5839] Bluetooth: hci1: command tx timeout [ 86.421499][ T5829] Bluetooth: hci3: command tx timeout [ 86.421507][ T5839] Bluetooth: hci2: command tx timeout [ 86.421661][ T5839] Bluetooth: hci0: command tx timeout [ 86.439581][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.447223][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.474230][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.497672][ T5821] hsr_slave_0: entered promiscuous mode [ 86.504161][ T5821] hsr_slave_1: entered promiscuous mode [ 86.510282][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 86.516985][ T5821] Cannot create hsr debugfs directory [ 86.628741][ T5824] hsr_slave_0: entered promiscuous mode [ 86.635858][ T5824] hsr_slave_1: entered promiscuous mode [ 86.642286][ T5824] debugfs: 'hsr0' already exists in 'hsr' [ 86.648034][ T5824] Cannot create hsr debugfs directory [ 86.665556][ T5823] hsr_slave_0: entered promiscuous mode [ 86.672167][ T5823] hsr_slave_1: entered promiscuous mode [ 86.678227][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 86.684013][ T5823] Cannot create hsr debugfs directory [ 87.114840][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.142397][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.179474][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.192749][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.291481][ T5824] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.309174][ T5824] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.327550][ T5824] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.340444][ T5824] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.535711][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.558976][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.571156][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.588757][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.605259][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.686713][ T5823] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.708396][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.716534][ T5823] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.734417][ T5823] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.750500][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.757808][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.776023][ T5823] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.789513][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.796750][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.899294][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.986563][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.015248][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.058760][ T1163] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.065977][ T1163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.110907][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.118216][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.152449][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.183438][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.208767][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.216039][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.250652][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.257826][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.296775][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.349793][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.356968][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.369991][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.389402][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.396642][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.492641][ T5839] Bluetooth: hci3: command tx timeout [ 88.492685][ T5827] Bluetooth: hci2: command tx timeout [ 88.498223][ T5839] Bluetooth: hci0: command tx timeout [ 88.504145][ T5829] Bluetooth: hci1: command tx timeout [ 88.614548][ T5822] veth0_vlan: entered promiscuous mode [ 88.675498][ T5822] veth1_vlan: entered promiscuous mode [ 88.764953][ T5822] veth0_macvtap: entered promiscuous mode [ 88.780713][ T5822] veth1_macvtap: entered promiscuous mode [ 88.835881][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.869292][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.899129][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.929182][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.944609][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.972086][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.993232][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.073914][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.115233][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.217169][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.225981][ T5824] veth0_vlan: entered promiscuous mode [ 89.240315][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.287885][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.303788][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.315140][ T5821] veth0_vlan: entered promiscuous mode [ 89.325218][ T5824] veth1_vlan: entered promiscuous mode [ 89.332885][ T5823] veth0_vlan: entered promiscuous mode [ 89.382475][ T5821] veth1_vlan: entered promiscuous mode [ 89.405484][ T5823] veth1_vlan: entered promiscuous mode [ 89.417006][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 89.450396][ T5824] veth0_macvtap: entered promiscuous mode [ 89.514883][ T5824] veth1_macvtap: entered promiscuous mode [ 89.576464][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.606664][ T5823] veth0_macvtap: entered promiscuous mode [ 89.629312][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.638972][ T5823] veth1_macvtap: entered promiscuous mode [ 89.664526][ T5821] veth0_macvtap: entered promiscuous mode [ 89.674193][ T60] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.685839][ T60] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.716099][ T60] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.725705][ T60] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.742535][ T5821] veth1_macvtap: entered promiscuous mode [ 89.786217][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.916456][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.046992][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.085338][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.137860][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.190484][ T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.205407][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.205715][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.285348][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.297648][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.364244][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.409065][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.429441][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.475692][ T4897] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.488284][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.510848][ T4897] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.537815][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.577060][ T5839] Bluetooth: hci1: command tx timeout [ 90.582644][ T5829] Bluetooth: hci3: command tx timeout [ 90.582840][ T51] Bluetooth: hci0: command tx timeout [ 90.588061][ T5829] Bluetooth: hci2: command tx timeout [ 90.618158][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.776557][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.825655][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.915581][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.959360][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.093357][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.132293][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.769864][ T5930] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.041918][ T5930] Zero length message leads to an empty skb [ 92.176961][ T1210] cfg80211: failed to load regulatory.db [ 92.654242][ T5829] Bluetooth: hci0: command tx timeout [ 92.654260][ T5839] Bluetooth: hci3: command tx timeout [ 92.654304][ T5839] Bluetooth: hci2: command tx timeout [ 92.659700][ T5829] Bluetooth: hci1: command tx timeout [ 93.548398][ T5954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9'. [ 96.023360][ T5982] NFSD: Failed to start, no listeners configured. [ 96.061164][ T5988] netlink: 342 bytes leftover after parsing attributes in process `syz.1.15'. [ 96.551927][ T5992] netlink: 'syz.0.16': attribute type 11 has an invalid length. [ 96.559898][ T5992] netlink: 'syz.0.16': attribute type 11 has an invalid length. [ 96.623037][ T5992] netlink: 'syz.0.16': attribute type 11 has an invalid length. [ 98.508146][ T6023] syz.0.23 (6023) used greatest stack depth: 19672 bytes left [ 100.123002][ T6045] syz.2.27 uses obsolete (PF_INET,SOCK_PACKET) [ 101.347666][ T6061] netlink: 342 bytes leftover after parsing attributes in process `syz.1.30'. [ 104.503221][ T6089] zswap: compressor û not available [ 106.160020][ T6097] FAULT_INJECTION: forcing a failure. [ 106.160020][ T6097] name fail_futex, interval 1, probability 0, space 0, times 1 [ 106.193609][ T6097] CPU: 0 UID: 0 PID: 6097 Comm: syz.1.37 Not tainted syzkaller #0 PREEMPT(full) [ 106.193648][ T6097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 106.193665][ T6097] Call Trace: [ 106.193676][ T6097] [ 106.193688][ T6097] dump_stack_lvl+0x100/0x190 [ 106.193740][ T6097] should_fail_ex.cold+0x5/0xa [ 106.193775][ T6097] get_futex_key+0x1d2/0x1620 [ 106.193819][ T6097] ? __pfx_get_futex_key+0x10/0x10 [ 106.193852][ T6097] ? futex_hash+0x2c5/0x380 [ 106.193900][ T6097] futex_wake+0xea/0x530 [ 106.193945][ T6097] ? __pfx_futex_wait+0x10/0x10 [ 106.193986][ T6097] ? __pfx_futex_wake+0x10/0x10 [ 106.194044][ T6097] do_futex+0x32b/0x350 [ 106.194086][ T6097] ? __pfx_do_futex+0x10/0x10 [ 106.194126][ T6097] ? fdget+0x18b/0x210 [ 106.194153][ T6097] ? __sys_sendmsg+0x18f/0x220 [ 106.194202][ T6097] __x64_sys_futex+0x34f/0x4d0 [ 106.194256][ T6097] ? __pfx___x64_sys_futex+0x10/0x10 [ 106.194312][ T6097] do_syscall_64+0x106/0xf80 [ 106.194341][ T6097] ? clear_bhb_loop+0x40/0x90 [ 106.194377][ T6097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.194406][ T6097] RIP: 0033:0x7f948a99c819 [ 106.194431][ T6097] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.194455][ T6097] RSP: 002b:00007f9488bee0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.194483][ T6097] RAX: ffffffffffffffda RBX: 00007f948ac15fa8 RCX: 00007f948a99c819 [ 106.194498][ T6097] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f948ac15fac [ 106.194511][ T6097] RBP: 00007f948ac15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 106.194521][ T6097] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 106.194531][ T6097] R13: 00007f948ac16038 R14: 00007fff4b9e0810 R15: 00007fff4b9e08f8 [ 106.194554][ T6097] [ 106.942754][ T6119] futex_wake_op: syz.0.42 tries to shift op by -2048; fix this program [ 107.022267][ T6119] futex_wake_op: syz.0.42 tries to shift op by -2048; fix this program [ 107.872024][ T6126] netlink: 20 bytes leftover after parsing attributes in process `syz.0.43'. [ 110.247395][ T6146] netlink: 342 bytes leftover after parsing attributes in process `syz.1.47'. [ 111.621997][ T6162] NFSD: Failed to start, no listeners configured. [ 112.551574][ T6172] futex_wake_op: syz.2.52 tries to shift op by -2048; fix this program [ 112.604377][ T6172] futex_wake_op: syz.2.52 tries to shift op by -2048; fix this program [ 112.977123][ T6177] futex_wake_op: syz.0.53 tries to shift op by -2048; fix this program [ 112.987130][ T6177] futex_wake_op: syz.0.53 tries to shift op by -2048; fix this program [ 114.941664][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 115.316884][ T6209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.59'. [ 115.633665][ T6215] netlink: 12 bytes leftover after parsing attributes in process `syz.0.60'. [ 115.711787][ T6217] netlink: 'syz.0.60': attribute type 7 has an invalid length. [ 115.750357][ T6217] netlink: 12 bytes leftover after parsing attributes in process `syz.0.60'. [ 115.840872][ T6215] HfR: entered promiscuous mode [ 116.479121][ T6227] futex_wake_op: syz.0.63 tries to shift op by -2048; fix this program [ 116.497266][ T6227] futex_wake_op: syz.0.63 tries to shift op by -2048; fix this program [ 117.455969][ T6240] FAULT_INJECTION: forcing a failure. [ 117.455969][ T6240] name failslab, interval 1, probability 0, space 0, times 1 [ 117.468744][ T6240] CPU: 0 UID: 0 PID: 6240 Comm: syz.2.66 Not tainted syzkaller #0 PREEMPT(full) [ 117.468786][ T6240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 117.468803][ T6240] Call Trace: [ 117.468812][ T6240] [ 117.468824][ T6240] dump_stack_lvl+0x100/0x190 [ 117.468878][ T6240] should_fail_ex.cold+0x5/0xa [ 117.468916][ T6240] should_failslab+0xc2/0x120 [ 117.468960][ T6240] __kmalloc_cache_noprof+0x7a/0x6f0 [ 117.469003][ T6240] ? snd_ctl_notify.part.0+0x337/0x650 [ 117.469043][ T6240] snd_ctl_notify.part.0+0x337/0x650 [ 117.469089][ T6240] snd_ctl_notify_one+0x2a4/0x300 [ 117.469120][ T6240] ? __pfx_snd_ctl_notify_one+0x10/0x10 [ 117.469162][ T6240] ? mark_held_locks+0x40/0x70 [ 117.469207][ T6240] __snd_ctl_add_replace+0x60b/0x840 [ 117.469249][ T6240] ? __pfx___snd_ctl_add_replace+0x10/0x10 [ 117.469293][ T6240] ? __kmalloc_noprof+0x320/0x850 [ 117.469339][ T6240] ? snd_ctl_new+0x13c/0x1a0 [ 117.469375][ T6240] snd_ctl_elem_add+0x832/0x1370 [ 117.469419][ T6240] ? __might_fault+0xc5/0x140 [ 117.469463][ T6240] ? __might_fault+0xc5/0x140 [ 117.469509][ T6240] ? __pfx_snd_ctl_elem_add+0x10/0x10 [ 117.469553][ T6240] snd_ctl_elem_add_user+0xc5/0x170 [ 117.469586][ T6240] ? __pfx_snd_ctl_elem_add_user+0x10/0x10 [ 117.469619][ T6240] ? find_held_lock+0x2b/0x80 [ 117.469685][ T6240] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 117.469721][ T6240] ? do_vfs_ioctl+0x226/0x13e0 [ 117.469772][ T6240] snd_ctl_ioctl+0xbdf/0x1330 [ 117.469809][ T6240] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 117.469849][ T6240] ? find_held_lock+0x2b/0x80 [ 117.469877][ T6240] ? __fget_files+0x215/0x3d0 [ 117.469905][ T6240] ? hook_file_ioctl_common+0x146/0x410 [ 117.469959][ T6240] ? __fget_files+0x21f/0x3d0 [ 117.469995][ T6240] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 117.470031][ T6240] __x64_sys_ioctl+0x18e/0x210 [ 117.470082][ T6240] do_syscall_64+0x106/0xf80 [ 117.470113][ T6240] ? clear_bhb_loop+0x40/0x90 [ 117.470152][ T6240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.470185][ T6240] RIP: 0033:0x7fde80b9c819 [ 117.470212][ T6240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.470242][ T6240] RSP: 002b:00007fde819ea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 117.470271][ T6240] RAX: ffffffffffffffda RBX: 00007fde80e15fa0 RCX: 00007fde80b9c819 [ 117.470291][ T6240] RDX: 0000200000000580 RSI: 00000000c1105517 RDI: 0000000000000006 [ 117.470309][ T6240] RBP: 00007fde80c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 117.470324][ T6240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.470339][ T6240] R13: 00007fde80e16038 R14: 00007fde80e15fa0 R15: 00007ffd60a75d08 [ 117.470379][ T6240] [ 117.470396][ T6240] snd_virmidi snd_virmidi.0: No memory available to allocate event [ 120.540418][ T6267] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 120.622621][ T6269] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 120.908225][ T6269] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.961439][ T6269] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.983734][ T6269] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.001274][ T6269] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.211007][ T6294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.76'. [ 123.279502][ T6294] HfR: entered promiscuous mode [ 123.300518][ T6296] netlink: 12 bytes leftover after parsing attributes in process `syz.3.76'. [ 123.446312][ T6296] i: entered promiscuous mode [ 124.347926][ T6313] netlink: 'syz.3.79': attribute type 9 has an invalid length. [ 124.364670][ T6313] netlink: 'syz.3.79': attribute type 9 has an invalid length. [ 124.828113][ T6322] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.436528][ T6328] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 125.458172][ T6328] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input5 [ 127.340015][ T6351] FAULT_INJECTION: forcing a failure. [ 127.340015][ T6351] name failslab, interval 1, probability 0, space 0, times 0 [ 127.381444][ T6351] CPU: 0 UID: 0 PID: 6351 Comm: syz.3.88 Not tainted syzkaller #0 PREEMPT(full) [ 127.381488][ T6351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 127.381506][ T6351] Call Trace: [ 127.381516][ T6351] [ 127.381527][ T6351] dump_stack_lvl+0x100/0x190 [ 127.381579][ T6351] should_fail_ex.cold+0x5/0xa [ 127.381618][ T6351] should_failslab+0xc2/0x120 [ 127.381651][ T6351] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 127.381699][ T6351] ? __d_alloc+0x34/0xa80 [ 127.381735][ T6351] ? __pfx_stack_trace_save+0x10/0x10 [ 127.381770][ T6351] __d_alloc+0x34/0xa80 [ 127.381801][ T6351] d_alloc_parallel+0x111/0x14e0 [ 127.381845][ T6351] ? find_held_lock+0x2b/0x80 [ 127.381868][ T6351] ? __d_lookup+0x25c/0x4a0 [ 127.381910][ T6351] ? __pfx_d_alloc_parallel+0x10/0x10 [ 127.381949][ T6351] ? __d_lookup+0x266/0x4a0 [ 127.381990][ T6351] lookup_open.isra.0+0x57c/0x11b0 [ 127.382033][ T6351] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 127.382074][ T6351] ? __pfx___might_resched+0x10/0x10 [ 127.382110][ T6351] ? mnt_get_write_access+0x52/0x2f0 [ 127.382151][ T6351] ? __pfx_down_write+0x10/0x10 [ 127.382177][ T6351] ? mnt_get_write_access+0x1e9/0x2f0 [ 127.382215][ T6351] path_openat+0x2291/0x31a0 [ 127.382246][ T6351] ? entry_SYSCALL_64_after_hwframe+0x48/0x7f [ 127.382275][ T6351] ? __pfx_path_openat+0x10/0x10 [ 127.382312][ T6351] do_file_open+0x20e/0x430 [ 127.382340][ T6351] ? __pfx_do_file_open+0x10/0x10 [ 127.382388][ T6351] ? _raw_spin_unlock+0x28/0x50 [ 127.382422][ T6351] ? alloc_fd+0x476/0x790 [ 127.382456][ T6351] do_sys_openat2+0x10d/0x1e0 [ 127.382488][ T6351] ? __pfx_do_sys_openat2+0x10/0x10 [ 127.382533][ T6351] __x64_sys_open+0xfe/0x1d0 [ 127.382564][ T6351] ? __pfx___x64_sys_open+0x10/0x10 [ 127.382608][ T6351] do_syscall_64+0x106/0xf80 [ 127.382629][ T6351] ? clear_bhb_loop+0x40/0x90 [ 127.382658][ T6351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.382681][ T6351] RIP: 0033:0x7f5eee59c819 [ 127.382702][ T6351] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.382724][ T6351] RSP: 002b:00007f5eef397028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 127.382746][ T6351] RAX: ffffffffffffffda RBX: 00007f5eee816180 RCX: 00007f5eee59c819 [ 127.382761][ T6351] RDX: 0000000000000156 RSI: 0000000000062240 RDI: 0000200000000800 [ 127.382775][ T6351] RBP: 00007f5eee632c91 R08: 0000000000000000 R09: 0000000000000000 [ 127.382789][ T6351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.382802][ T6351] R13: 00007f5eee816218 R14: 00007f5eee816180 R15: 00007fff413cc948 [ 127.382834][ T6351] [ 127.979789][ T6359] netlink: 12 bytes leftover after parsing attributes in process `syz.3.90'. [ 128.032756][ T6361] netlink: 12 bytes leftover after parsing attributes in process `syz.3.90'. [ 128.197587][ T6359] openvswitch: HfR: Dropping previously announced user features [ 129.102384][ T6365] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 129.268645][ T6373] sp0: Synchronizing with TNC [ 130.707848][ T6390] netlink: 342 bytes leftover after parsing attributes in process `syz.0.96'. [ 132.358599][ T6409] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 133.148110][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.154802][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.218701][ T6427] futex_wake_op: syz.0.102 tries to shift op by -2048; fix this program [ 133.249188][ T6427] futex_wake_op: syz.0.102 tries to shift op by -2048; fix this program [ 148.761723][ T6602] netlink: 'syz.1.131': attribute type 11 has an invalid length. [ 148.761769][ T6602] netlink: 'syz.1.131': attribute type 11 has an invalid length. [ 148.761801][ T6602] netlink: 'syz.1.131': attribute type 11 has an invalid length. [ 149.707414][ T6611] futex_wake_op: syz.3.134 tries to shift op by -2048; fix this program [ 149.722157][ T6611] futex_wake_op: syz.3.134 tries to shift op by -2048; fix this program [ 152.073508][ T6605] kexec: Could not allocate control_code_buffer [ 152.924595][ T6644] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 153.764722][ T6655] netlink: 28 bytes leftover after parsing attributes in process `syz.0.143'. [ 157.943156][ T5839] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 157.943185][ T5839] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 157.959972][ T5839] Bluetooth: hci1: Dropping invalid advertising data [ 157.967818][ T5839] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 157.967850][ T5839] Bluetooth: hci1: Dropping invalid advertising data [ 157.982470][ T5839] Bluetooth: hci1: Malformed LE Event: 0x02 [ 161.016155][ T6709] mmap: syz.2.151 (6709) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 161.250713][ T6709] FAULT_INJECTION: forcing a failure. [ 161.250713][ T6709] name failslab, interval 1, probability 0, space 0, times 0 [ 161.359991][ T6709] CPU: 0 UID: 0 PID: 6709 Comm: syz.2.151 Not tainted syzkaller #0 PREEMPT(full) [ 161.360034][ T6709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 161.360050][ T6709] Call Trace: [ 161.360061][ T6709] [ 161.360072][ T6709] dump_stack_lvl+0x100/0x190 [ 161.360124][ T6709] should_fail_ex.cold+0x5/0xa [ 161.360163][ T6709] should_failslab+0xc2/0x120 [ 161.360198][ T6709] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 161.360244][ T6709] ? __proc_create+0x2cb/0x8c0 [ 161.360285][ T6709] __proc_create+0x2cb/0x8c0 [ 161.360319][ T6709] ? __pfx___proc_create+0x10/0x10 [ 161.360355][ T6709] ? _raw_write_unlock+0x28/0x50 [ 161.360386][ T6709] ? proc_register+0x559/0x8a0 [ 161.360424][ T6709] proc_create_reg+0x75/0x170 [ 161.360459][ T6709] ? __pfx_can_rcvlist_sff_proc_show+0x10/0x10 [ 161.360512][ T6709] proc_create_net_single+0x86/0x180 [ 161.360547][ T6709] ? __pfx_proc_create_net_single+0x10/0x10 [ 161.360586][ T6709] ? round_jiffies+0x10a/0x160 [ 161.360629][ T6709] can_init_proc+0x37b/0x4b0 [ 161.360680][ T6709] can_pernet_init+0x1e4/0x370 [ 161.360729][ T6709] ? __pfx_can_pernet_init+0x10/0x10 [ 161.360784][ T6709] ops_init+0x1e2/0x5f0 [ 161.360821][ T6709] setup_net+0x118/0x3a0 [ 161.360861][ T6709] ? __pfx_setup_net+0x10/0x10 [ 161.360890][ T6709] ? lockdep_init_map_type+0x5c/0x250 [ 161.360935][ T6709] ? mutex_init_lockep+0x110/0x150 [ 161.360986][ T6709] copy_net_ns+0x46f/0x7c0 [ 161.361025][ T6709] create_new_namespaces+0x3ea/0xac0 [ 161.361069][ T6709] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 161.361109][ T6709] ksys_unshare+0x473/0xad0 [ 161.361152][ T6709] ? __pfx_ksys_unshare+0x10/0x10 [ 161.361200][ T6709] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 161.361239][ T6709] ? syscall_user_dispatch+0x76/0x130 [ 161.361288][ T6709] __x64_sys_unshare+0x31/0x40 [ 161.361328][ T6709] do_syscall_64+0x106/0xf80 [ 161.361359][ T6709] ? clear_bhb_loop+0x40/0x90 [ 161.361398][ T6709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.361431][ T6709] RIP: 0033:0x7fde80b9c819 [ 161.361460][ T6709] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.361488][ T6709] RSP: 002b:00007fde819a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 161.361518][ T6709] RAX: ffffffffffffffda RBX: 00007fde80e16180 RCX: 00007fde80b9c819 [ 161.361538][ T6709] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 161.361556][ T6709] RBP: 00007fde80c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 161.361574][ T6709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.361591][ T6709] R13: 00007fde80e16218 R14: 00007fde80e16180 R15: 00007ffd60a75d08 [ 161.361633][ T6709] [ 163.026275][ T6729] usb usb4: usbfs: process 6729 (syz.3.156) did not claim interface 0 before use [ 168.988973][ T6796] GUP no longer grows the stack in syz.1.170 (6796): 14000-41000 (4000) [ 169.007867][ T6796] CPU: 1 UID: 0 PID: 6796 Comm: syz.1.170 Not tainted syzkaller #0 PREEMPT(full) [ 169.007905][ T6796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 169.007915][ T6796] Call Trace: [ 169.007922][ T6796] [ 169.007929][ T6796] dump_stack_lvl+0x100/0x190 [ 169.007970][ T6796] gup_vma_lookup.cold+0x83/0x96 [ 169.007999][ T6796] __get_user_pages+0x241/0x34d0 [ 169.008028][ T6796] ? down_read_killable+0x30e/0x4c0 [ 169.008050][ T6796] ? __lock_acquire+0x4a5/0x2630 [ 169.008084][ T6796] ? __pfx___get_user_pages+0x10/0x10 [ 169.008125][ T6796] __gup_longterm_locked+0x87d/0x16f0 [ 169.008172][ T6796] ? __pfx___gup_longterm_locked+0x10/0x10 [ 169.008212][ T6796] ? try_get_folio+0x262/0x750 [ 169.008244][ T6796] ? find_held_lock+0x2b/0x80 [ 169.008272][ T6796] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 169.008315][ T6796] gup_fast_fallback+0x18c6/0x2460 [ 169.008382][ T6796] ? __pfx_gup_fast_fallback+0x10/0x10 [ 169.008422][ T6796] ? __lock_acquire+0x4a5/0x2630 [ 169.008461][ T6796] ? bio_associate_blkg_from_css+0xe33/0x13f0 [ 169.008506][ T6796] ? bio_associate_blkg+0x10c/0x2a0 [ 169.008557][ T6796] pin_user_pages_fast+0xa7/0xf0 [ 169.008592][ T6796] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 169.008629][ T6796] ? find_held_lock+0x2b/0x80 [ 169.008657][ T6796] ? __debug_object_init+0x2de/0x3d0 [ 169.008687][ T6796] ? __debug_object_init+0x2de/0x3d0 [ 169.008722][ T6796] iov_iter_extract_pages+0xa0d/0x1ef0 [ 169.008775][ T6796] ? __lock_acquire+0x4a5/0x2630 [ 169.008816][ T6796] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 169.008856][ T6796] ? __lock_acquire+0x4a5/0x2630 [ 169.008885][ T6796] iov_iter_extract_bvecs+0x10e/0xf40 [ 169.008914][ T6796] ? find_held_lock+0x2b/0x80 [ 169.008931][ T6796] ? bio_associate_blkg_from_css+0x394/0x13f0 [ 169.008968][ T6796] ? __pfx_iov_iter_extract_bvecs+0x10/0x10 [ 169.008995][ T6796] ? bio_associate_blkg_from_css+0x550/0x13f0 [ 169.009027][ T6796] bio_iov_iter_get_pages+0x26a/0x970 [ 169.009058][ T6796] __blkdev_direct_IO_simple+0x3a7/0x890 [ 169.009092][ T6796] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 169.009140][ T6796] ? __lock_acquire+0x4a5/0x2630 [ 169.009169][ T6796] blkdev_direct_IO+0xc76/0x1fb0 [ 169.009208][ T6796] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 169.009237][ T6796] ? rcu_is_watching+0x12/0xc0 [ 169.009265][ T6796] ? __mark_inode_dirty+0x55c/0x1790 [ 169.009292][ T6796] ? filemap_check_errors+0xa9/0x150 [ 169.009320][ T6796] blkdev_write_iter+0x703/0xd70 [ 169.009354][ T6796] vfs_write+0x6ac/0x1070 [ 169.009373][ T6796] ? __pfx_blkdev_write_iter+0x10/0x10 [ 169.009404][ T6796] ? __pfx_vfs_write+0x10/0x10 [ 169.009419][ T6796] ? find_held_lock+0x2b/0x80 [ 169.009451][ T6796] ksys_write+0x12a/0x250 [ 169.009469][ T6796] ? __pfx_ksys_write+0x10/0x10 [ 169.009493][ T6796] do_syscall_64+0x106/0xf80 [ 169.009511][ T6796] ? clear_bhb_loop+0x40/0x90 [ 169.009533][ T6796] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.009552][ T6796] RIP: 0033:0x7f948a99c819 [ 169.009570][ T6796] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 169.009587][ T6796] RSP: 002b:00007f9488bee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 169.009609][ T6796] RAX: ffffffffffffffda RBX: 00007f948ac15fa0 RCX: 00007f948a99c819 [ 169.009620][ T6796] RDX: 000000000010007c RSI: 0000000000000000 RDI: 0000000000000003 [ 169.009630][ T6796] RBP: 00007f948aa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 169.009640][ T6796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.009650][ T6796] R13: 00007f948ac16038 R14: 00007f948ac15fa0 R15: 00007fff4b9e08f8 [ 169.009673][ T6796] [ 169.514908][ T6800] FAULT_INJECTION: forcing a failure. [ 169.514908][ T6800] name failslab, interval 1, probability 0, space 0, times 0 [ 169.527946][ T6800] CPU: 0 UID: 0 PID: 6800 Comm: syz.1.170 Not tainted syzkaller #0 PREEMPT(full) [ 169.527971][ T6800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 169.527982][ T6800] Call Trace: [ 169.527989][ T6800] [ 169.527997][ T6800] dump_stack_lvl+0x100/0x190 [ 169.528030][ T6800] should_fail_ex.cold+0x5/0xa [ 169.528053][ T6800] should_failslab+0xc2/0x120 [ 169.528075][ T6800] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 169.528104][ T6800] ? __send_signal_locked+0x155/0x12d0 [ 169.528137][ T6800] __send_signal_locked+0x155/0x12d0 [ 169.528170][ T6800] group_send_sig_info+0x2a4/0x300 [ 169.528193][ T6800] ? __pfx_group_send_sig_info+0x10/0x10 [ 169.528220][ T6800] ? kill_pid_info_type+0x1a/0x290 [ 169.528240][ T6800] kill_pid_info_type+0x92/0x290 [ 169.528263][ T6800] kill_proc_info+0x6f/0x1b0 [ 169.528285][ T6800] kill_something_info+0x2a0/0x310 [ 169.528310][ T6800] __x64_sys_kill+0x1c4/0x250 [ 169.528333][ T6800] ? __pfx___x64_sys_kill+0x10/0x10 [ 169.528367][ T6800] do_syscall_64+0x106/0xf80 [ 169.528385][ T6800] ? clear_bhb_loop+0x40/0x90 [ 169.528407][ T6800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.528425][ T6800] RIP: 0033:0x7f948a99c819 [ 169.528443][ T6800] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 169.528460][ T6800] RSP: 002b:00007f9488bcd028 EFLAGS: 00000246 ORIG_RAX: 000000000000003e [ 169.528478][ T6800] RAX: ffffffffffffffda RBX: 00007f948ac16090 RCX: 00007f948a99c819 [ 169.528490][ T6800] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00000000000000dd [ 169.528501][ T6800] RBP: 00007f948aa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 169.528511][ T6800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.528521][ T6800] R13: 00007f948ac16128 R14: 00007f948ac16090 R15: 00007fff4b9e08f8 [ 169.528543][ T6800] [ 171.352481][ T6810] futex_wake_op: syz.2.174 tries to shift op by -2048; fix this program [ 171.361070][ T6810] futex_wake_op: syz.2.174 tries to shift op by -2048; fix this program [ 172.734712][ T6836] netlink: 12 bytes leftover after parsing attributes in process `syz.2.179'. [ 172.879449][ T6836] i: entered promiscuous mode [ 172.922824][ T6840] HfR: entered promiscuous mode [ 174.147521][ T6851] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 182.924072][ T6957] netlink: 342 bytes leftover after parsing attributes in process `syz.1.197'. [ 187.535255][ T7021] FAULT_INJECTION: forcing a failure. [ 187.535255][ T7021] name failslab, interval 1, probability 0, space 0, times 0 [ 187.570103][ T7021] CPU: 0 UID: 0 PID: 7021 Comm: syz.0.208 Not tainted syzkaller #0 PREEMPT(full) [ 187.570145][ T7021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 187.570162][ T7021] Call Trace: [ 187.570172][ T7021] [ 187.570184][ T7021] dump_stack_lvl+0x100/0x190 [ 187.570234][ T7021] should_fail_ex.cold+0x5/0xa [ 187.570270][ T7021] should_failslab+0xc2/0x120 [ 187.570305][ T7021] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 187.570352][ T7021] ? alloc_inode+0x183/0x250 [ 187.570403][ T7021] alloc_inode+0x183/0x250 [ 187.570446][ T7021] new_inode+0x22/0x1c0 [ 187.570493][ T7021] nfsd_mkdir+0x78/0x460 [ 187.570527][ T7021] ? dput.part.0+0xdd/0x570 [ 187.570571][ T7021] nfsd_fill_super+0x3f9/0x560 [ 187.570609][ T7021] ? __pfx_nfsd_fill_super+0x10/0x10 [ 187.570645][ T7021] get_tree_keyed+0x10e/0x1d0 [ 187.570706][ T7021] vfs_get_tree+0x92/0x320 [ 187.570750][ T7021] path_mount+0x7d0/0x23d0 [ 187.570795][ T7021] ? __pfx_path_mount+0x10/0x10 [ 187.570829][ T7021] ? lockdep_hardirqs_on+0x78/0x100 [ 187.570871][ T7021] ? putname+0xb1/0x110 [ 187.570901][ T7021] ? kmem_cache_free+0x124/0x6a0 [ 187.570959][ T7021] ? __x64_sys_mount+0x293/0x310 [ 187.570995][ T7021] __x64_sys_mount+0x293/0x310 [ 187.571032][ T7021] ? __pfx___x64_sys_mount+0x10/0x10 [ 187.571083][ T7021] do_syscall_64+0x106/0xf80 [ 187.571113][ T7021] ? clear_bhb_loop+0x40/0x90 [ 187.571152][ T7021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.571187][ T7021] RIP: 0033:0x7f2c3df9c819 [ 187.571211][ T7021] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 187.571237][ T7021] RSP: 002b:00007f2c3ee52028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 187.571265][ T7021] RAX: ffffffffffffffda RBX: 00007f2c3e216090 RCX: 00007f2c3df9c819 [ 187.571283][ T7021] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 187.571302][ T7021] RBP: 00007f2c3e032c91 R08: 0000000000000000 R09: 0000000000000000 [ 187.571318][ T7021] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 187.571335][ T7021] R13: 00007f2c3e216128 R14: 00007f2c3e216090 R15: 00007fffaae17ae8 [ 187.571377][ T7021] [ 189.854715][ T5839] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 191.857156][ T7081] netlink: 28 bytes leftover after parsing attributes in process `syz.2.222'. [ 197.179211][ T7151] netlink: 186 bytes leftover after parsing attributes in process `syz.1.235'. [ 197.656181][ T7163] usb usb4: usbfs: process 7163 (syz.1.239) did not claim interface 0 before use [ 198.848027][ T7173] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 201.968203][ T7221] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 202.470330][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.255'. [ 202.489403][ T7231] netlink: 'syz.1.255': attribute type 4 has an invalid length. [ 202.516134][ T7231] netlink: 314 bytes leftover after parsing attributes in process `syz.1.255'. [ 204.629487][ T7254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.260'. [ 205.098204][ T7253] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 205.358566][ T7256] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 205.889432][ T7274] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 206.462710][ T7283] netlink: 12 bytes leftover after parsing attributes in process `syz.2.266'. [ 206.628719][ T7283] openvswitch: HfR: Dropping previously announced user features [ 206.894714][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 206.901513][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 206.908851][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 206.909579][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 212.583982][ T7377] input: f¬ as /devices/virtual/input/input8 [ 212.809707][ T7377] zram: Removed device: zram0 [ 217.149726][ T7457] aoe: copy from user failed [ 217.149743][ T7457] aoe: could not set interface list: too many interfaces [ 217.327404][ T7460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.308'. [ 217.339335][ T7460] openvswitch: HfR: Dropping previously announced user features [ 217.363984][ T7460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.308'. [ 218.559279][ T7478] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 219.686342][ T7493] futex_wake_op: syz.2.316 tries to shift op by -2048; fix this program [ 219.741062][ T7493] futex_wake_op: syz.2.316 tries to shift op by -2048; fix this program [ 220.471455][ T7505] aoe: copy from user failed [ 220.504721][ T7505] aoe: could not set interface list: too many interfaces [ 221.002316][ T7515] input: f¬ as /devices/virtual/input/input9 [ 221.220254][ T7522] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 222.503469][ T5839] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 223.074770][ T7542] aoe: copy from user failed [ 223.088252][ T7542] aoe: could not set interface list: too many interfaces [ 225.516915][ T7581] FAULT_INJECTION: forcing a failure. [ 225.516915][ T7581] name fail_futex, interval 1, probability 0, space 0, times 0 [ 225.547005][ T7581] CPU: 1 UID: 0 PID: 7581 Comm: syz.0.338 Not tainted syzkaller #0 PREEMPT(full) [ 225.547034][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 225.547044][ T7581] Call Trace: [ 225.547051][ T7581] [ 225.547058][ T7581] dump_stack_lvl+0x100/0x190 [ 225.547090][ T7581] should_fail_ex.cold+0x5/0xa [ 225.547112][ T7581] get_futex_key+0x1d2/0x1620 [ 225.547138][ T7581] ? __pfx_get_futex_key+0x10/0x10 [ 225.547160][ T7581] ? find_held_lock+0x2b/0x80 [ 225.547178][ T7581] ? futex_wake+0x456/0x530 [ 225.547210][ T7581] futex_wake+0xea/0x530 [ 225.547238][ T7581] ? __pfx_futex_wait+0x10/0x10 [ 225.547266][ T7581] ? __pfx_futex_wake+0x10/0x10 [ 225.547302][ T7581] do_futex+0x32b/0x350 [ 225.547327][ T7581] ? __pfx_do_futex+0x10/0x10 [ 225.547350][ T7581] ? fdget+0x18b/0x210 [ 225.547368][ T7581] ? __sys_sendmsg+0x18f/0x220 [ 225.547400][ T7581] __x64_sys_futex+0x34f/0x4d0 [ 225.547427][ T7581] ? __pfx___x64_sys_futex+0x10/0x10 [ 225.547460][ T7581] do_syscall_64+0x106/0xf80 [ 225.547478][ T7581] ? clear_bhb_loop+0x40/0x90 [ 225.547501][ T7581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.547520][ T7581] RIP: 0033:0x7f2c3df9c819 [ 225.547535][ T7581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 225.547551][ T7581] RSP: 002b:00007f2c3ee730e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 225.547569][ T7581] RAX: ffffffffffffffda RBX: 00007f2c3e215fa8 RCX: 00007f2c3df9c819 [ 225.547580][ T7581] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2c3e215fac [ 225.547591][ T7581] RBP: 00007f2c3e215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 225.547601][ T7581] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 225.547620][ T7581] R13: 00007f2c3e216038 R14: 00007fffaae17a00 R15: 00007fffaae17ae8 [ 225.547641][ T7581] [ 228.553372][ T7592] FAULT_INJECTION: forcing a failure. [ 228.553372][ T7592] name fail_futex, interval 1, probability 0, space 0, times 0 [ 228.726657][ T7592] CPU: 1 UID: 0 PID: 7592 Comm: syz.3.349 Not tainted syzkaller #0 PREEMPT(full) [ 228.726702][ T7592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 228.726719][ T7592] Call Trace: [ 228.726730][ T7592] [ 228.726742][ T7592] dump_stack_lvl+0x100/0x190 [ 228.726795][ T7592] should_fail_ex.cold+0x5/0xa [ 228.726833][ T7592] get_futex_key+0x1d2/0x1620 [ 228.726878][ T7592] ? __pfx_get_futex_key+0x10/0x10 [ 228.726915][ T7592] ? __lock_acquire+0xd73/0x2630 [ 228.726966][ T7592] futex_wake+0xea/0x530 [ 228.726998][ T7592] ? __pfx_futex_wake+0x10/0x10 [ 228.727029][ T7592] ? find_held_lock+0x2b/0x80 [ 228.727046][ T7592] ? f_setown+0x12a/0x290 [ 228.727069][ T7592] ? f_setown+0x12a/0x290 [ 228.727094][ T7592] do_futex+0x32b/0x350 [ 228.727119][ T7592] ? __pfx_do_futex+0x10/0x10 [ 228.727143][ T7592] ? do_fcntl+0x811/0x1670 [ 228.727176][ T7592] __x64_sys_futex+0x34f/0x4d0 [ 228.727221][ T7592] ? __pfx___x64_sys_futex+0x10/0x10 [ 228.727260][ T7592] ? tomoyo_file_fcntl+0x6c/0xc0 [ 228.727287][ T7592] do_syscall_64+0x106/0xf80 [ 228.727305][ T7592] ? clear_bhb_loop+0x40/0x90 [ 228.727327][ T7592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.727345][ T7592] RIP: 0033:0x7f5eee59c819 [ 228.727361][ T7592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 228.727378][ T7592] RSP: 002b:00007f5eef3d90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 228.727396][ T7592] RAX: ffffffffffffffda RBX: 00007f5eee815fa8 RCX: 00007f5eee59c819 [ 228.727408][ T7592] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5eee815fac [ 228.727419][ T7592] RBP: 00007f5eee815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 228.727430][ T7592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 228.727440][ T7592] R13: 00007f5eee816038 R14: 00007fff413cc860 R15: 00007fff413cc948 [ 228.727462][ T7592] [ 229.266630][ T7609] kexec: Could not allocate control_code_buffer [ 232.850560][ T7643] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 237.275018][ T7683] NFSD: Failed to start, no listeners configured. [ 241.821544][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 241.909873][ T7739] futex_wake_op: syz.2.369 tries to shift op by -2048; fix this program [ 241.967737][ T7739] futex_wake_op: syz.2.369 tries to shift op by -2048; fix this program [ 243.524023][ T7771] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 244.935409][ T7794] netlink: 12 bytes leftover after parsing attributes in process `syz.0.384'. [ 245.016461][ T7794] i: entered promiscuous mode [ 255.587262][ T7895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.402'. [ 259.787761][ T7946] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 263.497108][ T7987] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 264.452414][ T7994] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 266.460389][ T8024] FAULT_INJECTION: forcing a failure. [ 266.460389][ T8024] name failslab, interval 1, probability 0, space 0, times 0 [ 266.557417][ T8024] CPU: 0 UID: 0 PID: 8024 Comm: syz.0.433 Not tainted syzkaller #0 PREEMPT(full) [ 266.557445][ T8024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 266.557456][ T8024] Call Trace: [ 266.557462][ T8024] [ 266.557470][ T8024] dump_stack_lvl+0x100/0x190 [ 266.557512][ T8024] should_fail_ex.cold+0x5/0xa [ 266.557534][ T8024] should_failslab+0xc2/0x120 [ 266.557556][ T8024] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 266.557585][ T8024] ? security_inode_alloc+0x3b/0x2c0 [ 266.557606][ T8024] ? lockdep_init_map_type+0x5c/0x250 [ 266.557635][ T8024] security_inode_alloc+0x3b/0x2c0 [ 266.557656][ T8024] inode_init_always_gfp+0xced/0x1040 [ 266.557680][ T8024] alloc_inode+0x8e/0x250 [ 266.557706][ T8024] new_inode+0x22/0x1c0 [ 266.557733][ T8024] nfsd_mkdir+0x78/0x460 [ 266.557753][ T8024] ? dput.part.0+0xdd/0x570 [ 266.557780][ T8024] nfsd_fill_super+0x3f9/0x560 [ 266.557803][ T8024] ? __pfx_nfsd_fill_super+0x10/0x10 [ 266.557824][ T8024] get_tree_keyed+0x10e/0x1d0 [ 266.557855][ T8024] vfs_get_tree+0x92/0x320 [ 266.557881][ T8024] path_mount+0x7d0/0x23d0 [ 266.557908][ T8024] ? __pfx_path_mount+0x10/0x10 [ 266.557929][ T8024] ? lockdep_hardirqs_on+0x78/0x100 [ 266.557951][ T8024] ? putname+0xb1/0x110 [ 266.557970][ T8024] ? kmem_cache_free+0x124/0x6a0 [ 266.558003][ T8024] ? __x64_sys_mount+0x293/0x310 [ 266.558024][ T8024] __x64_sys_mount+0x293/0x310 [ 266.558047][ T8024] ? __pfx___x64_sys_mount+0x10/0x10 [ 266.558076][ T8024] do_syscall_64+0x106/0xf80 [ 266.558093][ T8024] ? clear_bhb_loop+0x40/0x90 [ 266.558116][ T8024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.558134][ T8024] RIP: 0033:0x7f2c3df9c819 [ 266.558151][ T8024] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 266.558168][ T8024] RSP: 002b:00007f2c3ee52028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 266.558186][ T8024] RAX: ffffffffffffffda RBX: 00007f2c3e216090 RCX: 00007f2c3df9c819 [ 266.558197][ T8024] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 266.558208][ T8024] RBP: 00007f2c3e032c91 R08: 0000000000000000 R09: 0000000000000000 [ 266.558218][ T8024] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 266.558228][ T8024] R13: 00007f2c3e216128 R14: 00007f2c3e216090 R15: 00007fffaae17ae8 [ 266.558250][ T8024] [ 267.579088][ T8031] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 272.667299][ T8066] kexec: Could not allocate control_code_buffer [ 272.766423][ T8107] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 274.570269][ T8140] FAULT_INJECTION: forcing a failure. [ 274.570269][ T8140] name failslab, interval 1, probability 0, space 0, times 0 [ 274.630809][ T8140] CPU: 0 UID: 0 PID: 8140 Comm: syz.0.462 Not tainted syzkaller #0 PREEMPT(full) [ 274.630851][ T8140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 274.630869][ T8140] Call Trace: [ 274.630879][ T8140] [ 274.630891][ T8140] dump_stack_lvl+0x100/0x190 [ 274.630944][ T8140] should_fail_ex.cold+0x5/0xa [ 274.630981][ T8140] should_failslab+0xc2/0x120 [ 274.631017][ T8140] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 274.631064][ T8140] ? security_inode_alloc+0x3b/0x2c0 [ 274.631099][ T8140] ? lockdep_init_map_type+0x5c/0x250 [ 274.631151][ T8140] security_inode_alloc+0x3b/0x2c0 [ 274.631187][ T8140] inode_init_always_gfp+0xced/0x1040 [ 274.631227][ T8140] alloc_inode+0x8e/0x250 [ 274.631268][ T8140] new_inode+0x22/0x1c0 [ 274.631307][ T8140] ? dput.part.0+0xdd/0x570 [ 274.631351][ T8140] simple_fill_super+0x2d9/0x680 [ 274.631391][ T8140] ? __pfx_nfsd_fill_super+0x10/0x10 [ 274.631429][ T8140] nfsd_fill_super+0x98/0x560 [ 274.631464][ T8140] ? __pfx_set_anon_super_fc+0x10/0x10 [ 274.631521][ T8140] ? __pfx_nfsd_fill_super+0x10/0x10 [ 274.631559][ T8140] get_tree_keyed+0x10e/0x1d0 [ 274.631610][ T8140] vfs_get_tree+0x92/0x320 [ 274.631656][ T8140] path_mount+0x7d0/0x23d0 [ 274.631702][ T8140] ? __pfx_path_mount+0x10/0x10 [ 274.631737][ T8140] ? lockdep_hardirqs_on+0x78/0x100 [ 274.631772][ T8140] ? putname+0xb1/0x110 [ 274.631803][ T8140] ? kmem_cache_free+0x124/0x6a0 [ 274.631859][ T8140] ? __x64_sys_mount+0x293/0x310 [ 274.631895][ T8140] __x64_sys_mount+0x293/0x310 [ 274.631934][ T8140] ? __pfx___x64_sys_mount+0x10/0x10 [ 274.631986][ T8140] do_syscall_64+0x106/0xf80 [ 274.632016][ T8140] ? clear_bhb_loop+0x40/0x90 [ 274.632055][ T8140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.632086][ T8140] RIP: 0033:0x7f2c3df9c819 [ 274.632112][ T8140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 274.632140][ T8140] RSP: 002b:00007f2c3ee52028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 274.632170][ T8140] RAX: ffffffffffffffda RBX: 00007f2c3e216090 RCX: 00007f2c3df9c819 [ 274.632190][ T8140] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 274.632208][ T8140] RBP: 00007f2c3e032c91 R08: 0000000000000000 R09: 0000000000000000 [ 274.632225][ T8140] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 274.632242][ T8140] R13: 00007f2c3e216128 R14: 00007f2c3e216090 R15: 00007fffaae17ae8 [ 274.632283][ T8140] [ 275.555998][ T8158] FAULT_INJECTION: forcing a failure. [ 275.555998][ T8158] name failslab, interval 1, probability 0, space 0, times 0 [ 275.683328][ T8158] CPU: 0 UID: 0 PID: 8158 Comm: syz.3.467 Not tainted syzkaller #0 PREEMPT(full) [ 275.683374][ T8158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 275.683392][ T8158] Call Trace: [ 275.683412][ T8158] [ 275.683425][ T8158] dump_stack_lvl+0x100/0x190 [ 275.683478][ T8158] should_fail_ex.cold+0x5/0xa [ 275.683515][ T8158] should_failslab+0xc2/0x120 [ 275.683555][ T8158] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 275.683599][ T8158] ? security_inode_alloc+0x3b/0x2c0 [ 275.683633][ T8158] ? lockdep_init_map_type+0x5c/0x250 [ 275.683681][ T8158] security_inode_alloc+0x3b/0x2c0 [ 275.683717][ T8158] inode_init_always_gfp+0xced/0x1040 [ 275.683757][ T8158] alloc_inode+0x8e/0x250 [ 275.683799][ T8158] new_inode+0x22/0x1c0 [ 275.683845][ T8158] nfsd_mkdir+0x78/0x460 [ 275.683879][ T8158] ? dput.part.0+0xdd/0x570 [ 275.683923][ T8158] nfsd_fill_super+0x3f9/0x560 [ 275.683964][ T8158] ? __pfx_nfsd_fill_super+0x10/0x10 [ 275.684000][ T8158] get_tree_keyed+0x10e/0x1d0 [ 275.684052][ T8158] vfs_get_tree+0x92/0x320 [ 275.684098][ T8158] path_mount+0x7d0/0x23d0 [ 275.684144][ T8158] ? __pfx_path_mount+0x10/0x10 [ 275.684178][ T8158] ? lockdep_hardirqs_on+0x78/0x100 [ 275.684215][ T8158] ? putname+0xb1/0x110 [ 275.684247][ T8158] ? kmem_cache_free+0x124/0x6a0 [ 275.684305][ T8158] ? __x64_sys_mount+0x293/0x310 [ 275.684341][ T8158] __x64_sys_mount+0x293/0x310 [ 275.684380][ T8158] ? __pfx___x64_sys_mount+0x10/0x10 [ 275.684441][ T8158] do_syscall_64+0x106/0xf80 [ 275.684470][ T8158] ? clear_bhb_loop+0x40/0x90 [ 275.684509][ T8158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.684541][ T8158] RIP: 0033:0x7f5eee59c819 [ 275.684568][ T8158] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 275.684597][ T8158] RSP: 002b:00007f5eef3b8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 275.684627][ T8158] RAX: ffffffffffffffda RBX: 00007f5eee816090 RCX: 00007f5eee59c819 [ 275.684645][ T8158] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 275.684662][ T8158] RBP: 00007f5eee632c91 R08: 0000000000000000 R09: 0000000000000000 [ 275.684680][ T8158] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 275.684697][ T8158] R13: 00007f5eee816128 R14: 00007f5eee816090 R15: 00007fff413cc948 [ 275.684734][ T8158] [ 276.329044][ T8164] aoe: copy from user failed [ 276.335168][ T8164] aoe: could not set interface list: too many interfaces [ 276.410760][ T8166] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 276.640081][ T8178] FAULT_INJECTION: forcing a failure. [ 276.640081][ T8178] name failslab, interval 1, probability 0, space 0, times 0 [ 276.653091][ T8178] CPU: 0 UID: 0 PID: 8178 Comm: syz.1.472 Not tainted syzkaller #0 PREEMPT(full) [ 276.653132][ T8178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 276.653150][ T8178] Call Trace: [ 276.653160][ T8178] [ 276.653172][ T8178] dump_stack_lvl+0x100/0x190 [ 276.653225][ T8178] should_fail_ex.cold+0x5/0xa [ 276.653263][ T8178] should_failslab+0xc2/0x120 [ 276.653299][ T8178] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 276.653346][ T8178] ? security_inode_alloc+0x3b/0x2c0 [ 276.653381][ T8178] ? lockdep_init_map_type+0x5c/0x250 [ 276.653430][ T8178] security_inode_alloc+0x3b/0x2c0 [ 276.653466][ T8178] inode_init_always_gfp+0xced/0x1040 [ 276.653506][ T8178] alloc_inode+0x8e/0x250 [ 276.653547][ T8178] new_inode+0x22/0x1c0 [ 276.653593][ T8178] nfsd_mkdir+0x78/0x460 [ 276.653624][ T8178] ? dput.part.0+0xdd/0x570 [ 276.653665][ T8178] nfsd_fill_super+0x3f9/0x560 [ 276.653704][ T8178] ? __pfx_nfsd_fill_super+0x10/0x10 [ 276.653741][ T8178] get_tree_keyed+0x10e/0x1d0 [ 276.653802][ T8178] vfs_get_tree+0x92/0x320 [ 276.653848][ T8178] path_mount+0x7d0/0x23d0 [ 276.653893][ T8178] ? __pfx_path_mount+0x10/0x10 [ 276.653927][ T8178] ? lockdep_hardirqs_on+0x78/0x100 [ 276.653963][ T8178] ? putname+0xb1/0x110 [ 276.653995][ T8178] ? kmem_cache_free+0x124/0x6a0 [ 276.654053][ T8178] ? __x64_sys_mount+0x293/0x310 [ 276.654088][ T8178] __x64_sys_mount+0x293/0x310 [ 276.654127][ T8178] ? __pfx___x64_sys_mount+0x10/0x10 [ 276.654177][ T8178] do_syscall_64+0x106/0xf80 [ 276.654207][ T8178] ? clear_bhb_loop+0x40/0x90 [ 276.654245][ T8178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.654276][ T8178] RIP: 0033:0x7f948a99c819 [ 276.654301][ T8178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 276.654329][ T8178] RSP: 002b:00007f9488bcd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 276.654358][ T8178] RAX: ffffffffffffffda RBX: 00007f948ac16090 RCX: 00007f948a99c819 [ 276.654377][ T8178] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 276.654395][ T8178] RBP: 00007f948aa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 276.654412][ T8178] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 276.654429][ T8178] R13: 00007f948ac16128 R14: 00007f948ac16090 R15: 00007fff4b9e08f8 [ 276.654470][ T8178] [ 278.017773][ T8174] kexec: Could not allocate control_code_buffer [ 278.869080][ T8208] FAULT_INJECTION: forcing a failure. [ 278.869080][ T8208] name failslab, interval 1, probability 0, space 0, times 0 [ 278.899684][ T8208] CPU: 1 UID: 0 PID: 8208 Comm: syz.2.480 Not tainted syzkaller #0 PREEMPT(full) [ 278.899711][ T8208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 278.899724][ T8208] Call Trace: [ 278.899732][ T8208] [ 278.899739][ T8208] dump_stack_lvl+0x100/0x190 [ 278.899771][ T8208] should_fail_ex.cold+0x5/0xa [ 278.899793][ T8208] should_failslab+0xc2/0x120 [ 278.899814][ T8208] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 278.899844][ T8208] ? security_inode_alloc+0x3b/0x2c0 [ 278.899866][ T8208] ? lockdep_init_map_type+0x5c/0x250 [ 278.899894][ T8208] security_inode_alloc+0x3b/0x2c0 [ 278.899915][ T8208] inode_init_always_gfp+0xced/0x1040 [ 278.899939][ T8208] alloc_inode+0x8e/0x250 [ 278.899965][ T8208] new_inode+0x22/0x1c0 [ 278.899992][ T8208] nfsd_mkdir+0x78/0x460 [ 278.900013][ T8208] ? dput.part.0+0xdd/0x570 [ 278.900039][ T8208] nfsd_fill_super+0x3f9/0x560 [ 278.900062][ T8208] ? __pfx_nfsd_fill_super+0x10/0x10 [ 278.900084][ T8208] get_tree_keyed+0x10e/0x1d0 [ 278.900114][ T8208] vfs_get_tree+0x92/0x320 [ 278.900141][ T8208] path_mount+0x7d0/0x23d0 [ 278.900167][ T8208] ? __pfx_path_mount+0x10/0x10 [ 278.900188][ T8208] ? lockdep_hardirqs_on+0x78/0x100 [ 278.900210][ T8208] ? putname+0xb1/0x110 [ 278.900229][ T8208] ? kmem_cache_free+0x124/0x6a0 [ 278.900262][ T8208] ? __x64_sys_mount+0x293/0x310 [ 278.900283][ T8208] __x64_sys_mount+0x293/0x310 [ 278.900306][ T8208] ? __pfx___x64_sys_mount+0x10/0x10 [ 278.900335][ T8208] do_syscall_64+0x106/0xf80 [ 278.900353][ T8208] ? clear_bhb_loop+0x40/0x90 [ 278.900380][ T8208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.900399][ T8208] RIP: 0033:0x7fde80b9c819 [ 278.900415][ T8208] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 278.900432][ T8208] RSP: 002b:00007fde819c9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 278.900450][ T8208] RAX: ffffffffffffffda RBX: 00007fde80e16090 RCX: 00007fde80b9c819 [ 278.900461][ T8208] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 278.900479][ T8208] RBP: 00007fde80c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 278.900489][ T8208] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 278.900499][ T8208] R13: 00007fde80e16128 R14: 00007fde80e16090 R15: 00007ffd60a75d08 [ 278.900522][ T8208] [ 279.504625][ T8214] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 280.832323][ T8237] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 281.044502][ T8221] kexec: Could not allocate control_code_buffer [ 281.251099][ T8245] FAULT_INJECTION: forcing a failure. [ 281.251099][ T8245] name failslab, interval 1, probability 0, space 0, times 0 [ 281.268806][ T8245] CPU: 0 UID: 0 PID: 8245 Comm: syz.2.492 Not tainted syzkaller #0 PREEMPT(full) [ 281.268845][ T8245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 281.268861][ T8245] Call Trace: [ 281.268870][ T8245] [ 281.268882][ T8245] dump_stack_lvl+0x100/0x190 [ 281.268934][ T8245] should_fail_ex.cold+0x5/0xa [ 281.268971][ T8245] should_failslab+0xc2/0x120 [ 281.269003][ T8245] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 281.269051][ T8245] ? alloc_inode+0x183/0x250 [ 281.269105][ T8245] alloc_inode+0x183/0x250 [ 281.269148][ T8245] new_inode+0x22/0x1c0 [ 281.269193][ T8245] nfsd_mkdir+0x78/0x460 [ 281.269228][ T8245] ? dput.part.0+0xdd/0x570 [ 281.269271][ T8245] nfsd_fill_super+0x3f9/0x560 [ 281.269310][ T8245] ? __pfx_nfsd_fill_super+0x10/0x10 [ 281.269345][ T8245] get_tree_keyed+0x10e/0x1d0 [ 281.269395][ T8245] vfs_get_tree+0x92/0x320 [ 281.269439][ T8245] path_mount+0x7d0/0x23d0 [ 281.269483][ T8245] ? __pfx_path_mount+0x10/0x10 [ 281.269528][ T8245] ? lockdep_hardirqs_on+0x78/0x100 [ 281.269564][ T8245] ? putname+0xb1/0x110 [ 281.269596][ T8245] ? kmem_cache_free+0x124/0x6a0 [ 281.269654][ T8245] ? __x64_sys_mount+0x293/0x310 [ 281.269690][ T8245] __x64_sys_mount+0x293/0x310 [ 281.269730][ T8245] ? __pfx___x64_sys_mount+0x10/0x10 [ 281.269779][ T8245] do_syscall_64+0x106/0xf80 [ 281.269804][ T8245] ? clear_bhb_loop+0x40/0x90 [ 281.269832][ T8245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.269862][ T8245] RIP: 0033:0x7fde80b9c819 [ 281.269888][ T8245] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 281.269916][ T8245] RSP: 002b:00007fde819c9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 281.269946][ T8245] RAX: ffffffffffffffda RBX: 00007fde80e16090 RCX: 00007fde80b9c819 [ 281.269965][ T8245] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 281.269984][ T8245] RBP: 00007fde80c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 281.270002][ T8245] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 281.270019][ T8245] R13: 00007fde80e16128 R14: 00007fde80e16090 R15: 00007ffd60a75d08 [ 281.270060][ T8245] [ 281.675894][ T8246] FAULT_INJECTION: forcing a failure. [ 281.675894][ T8246] name failslab, interval 1, probability 0, space 0, times 0 [ 281.724186][ T8246] CPU: 0 UID: 0 PID: 8246 Comm: syz.3.491 Not tainted syzkaller #0 PREEMPT(full) [ 281.724226][ T8246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 281.724242][ T8246] Call Trace: [ 281.724252][ T8246] [ 281.724262][ T8246] dump_stack_lvl+0x100/0x190 [ 281.724314][ T8246] should_fail_ex.cold+0x5/0xa [ 281.724351][ T8246] should_failslab+0xc2/0x120 [ 281.724385][ T8246] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 281.724428][ T8246] ? alloc_inode+0x183/0x250 [ 281.724477][ T8246] alloc_inode+0x183/0x250 [ 281.724517][ T8246] new_inode+0x22/0x1c0 [ 281.724562][ T8246] nfsd_mkdir+0x78/0x460 [ 281.724596][ T8246] ? dput.part.0+0xdd/0x570 [ 281.724653][ T8246] nfsd_fill_super+0x3f9/0x560 [ 281.724690][ T8246] ? __pfx_nfsd_fill_super+0x10/0x10 [ 281.724724][ T8246] get_tree_keyed+0x10e/0x1d0 [ 281.724772][ T8246] vfs_get_tree+0x92/0x320 [ 281.724811][ T8246] path_mount+0x7d0/0x23d0 [ 281.724849][ T8246] ? __pfx_path_mount+0x10/0x10 [ 281.724884][ T8246] ? lockdep_hardirqs_on+0x78/0x100 [ 281.724919][ T8246] ? putname+0xb1/0x110 [ 281.724949][ T8246] ? kmem_cache_free+0x124/0x6a0 [ 281.725004][ T8246] ? __x64_sys_mount+0x293/0x310 [ 281.725037][ T8246] __x64_sys_mount+0x293/0x310 [ 281.725075][ T8246] ? __pfx___x64_sys_mount+0x10/0x10 [ 281.725127][ T8246] do_syscall_64+0x106/0xf80 [ 281.725156][ T8246] ? clear_bhb_loop+0x40/0x90 [ 281.725194][ T8246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.725226][ T8246] RIP: 0033:0x7f5eee59c819 [ 281.725253][ T8246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 281.725281][ T8246] RSP: 002b:00007f5eef3b8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 281.725310][ T8246] RAX: ffffffffffffffda RBX: 00007f5eee816090 RCX: 00007f5eee59c819 [ 281.725329][ T8246] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 281.725347][ T8246] RBP: 00007f5eee632c91 R08: 0000000000000000 R09: 0000000000000000 [ 281.725364][ T8246] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 281.725380][ T8246] R13: 00007f5eee816128 R14: 00007f5eee816090 R15: 00007fff413cc948 [ 281.725419][ T8246] [ 282.177135][ T8254] FAULT_INJECTION: forcing a failure. [ 282.177135][ T8254] name failslab, interval 1, probability 0, space 0, times 0 [ 282.194484][ T8254] CPU: 1 UID: 0 PID: 8254 Comm: syz.1.494 Not tainted syzkaller #0 PREEMPT(full) [ 282.194524][ T8254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 282.194540][ T8254] Call Trace: [ 282.194550][ T8254] [ 282.194560][ T8254] dump_stack_lvl+0x100/0x190 [ 282.194610][ T8254] should_fail_ex.cold+0x5/0xa [ 282.194646][ T8254] should_failslab+0xc2/0x120 [ 282.194678][ T8254] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 282.194719][ T8254] ? __d_alloc+0x34/0xa80 [ 282.194760][ T8254] __d_alloc+0x34/0xa80 [ 282.194798][ T8254] d_alloc+0x4a/0x1e0 [ 282.194835][ T8254] lookup_one_qstr_excl+0x175/0x250 [ 282.194880][ T8254] start_dirop+0x59/0xb0 [ 282.194910][ T8254] simple_start_creating+0xf9/0x110 [ 282.194938][ T8254] ? __pfx_simple_start_creating+0x10/0x10 [ 282.195018][ T8254] nfsd_mkdir+0xf6/0x460 [ 282.195052][ T8254] ? dput.part.0+0xdd/0x570 [ 282.195097][ T8254] nfsd_fill_super+0x3f9/0x560 [ 282.195137][ T8254] ? __pfx_nfsd_fill_super+0x10/0x10 [ 282.195170][ T8254] get_tree_keyed+0x10e/0x1d0 [ 282.195216][ T8254] vfs_get_tree+0x92/0x320 [ 282.195259][ T8254] path_mount+0x7d0/0x23d0 [ 282.195299][ T8254] ? __pfx_path_mount+0x10/0x10 [ 282.195331][ T8254] ? lockdep_hardirqs_on+0x78/0x100 [ 282.195364][ T8254] ? putname+0xb1/0x110 [ 282.195395][ T8254] ? kmem_cache_free+0x124/0x6a0 [ 282.195462][ T8254] ? __x64_sys_mount+0x293/0x310 [ 282.195498][ T8254] __x64_sys_mount+0x293/0x310 [ 282.195536][ T8254] ? __pfx___x64_sys_mount+0x10/0x10 [ 282.195588][ T8254] do_syscall_64+0x106/0xf80 [ 282.195616][ T8254] ? clear_bhb_loop+0x40/0x90 [ 282.195653][ T8254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.195681][ T8254] RIP: 0033:0x7f948a99c819 [ 282.195708][ T8254] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 282.195733][ T8254] RSP: 002b:00007f9488bcd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 282.195763][ T8254] RAX: ffffffffffffffda RBX: 00007f948ac16090 RCX: 00007f948a99c819 [ 282.195783][ T8254] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 282.195801][ T8254] RBP: 00007f948aa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 282.195818][ T8254] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 282.195835][ T8254] R13: 00007f948ac16128 R14: 00007f948ac16090 R15: 00007fff4b9e08f8 [ 282.195875][ T8254] [ 282.600389][ T8262] FAULT_INJECTION: forcing a failure. [ 282.600389][ T8262] name failslab, interval 1, probability 0, space 0, times 0 [ 282.681076][ T8262] CPU: 0 UID: 0 PID: 8262 Comm: syz.0.496 Not tainted syzkaller #0 PREEMPT(full) [ 282.681106][ T8262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 282.681116][ T8262] Call Trace: [ 282.681131][ T8262] [ 282.681141][ T8262] dump_stack_lvl+0x100/0x190 [ 282.681191][ T8262] should_fail_ex.cold+0x5/0xa [ 282.681221][ T8262] ? __pfx_nfsd_fill_super+0x10/0x10 [ 282.681244][ T8262] should_failslab+0xc2/0x120 [ 282.681265][ T8262] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 282.681295][ T8262] ? alloc_inode+0x183/0x250 [ 282.681326][ T8262] ? __pfx_nfsd_fill_super+0x10/0x10 [ 282.681348][ T8262] alloc_inode+0x183/0x250 [ 282.681374][ T8262] new_inode+0x22/0x1c0 [ 282.681400][ T8262] ? __pfx_nfsd_fill_super+0x10/0x10 [ 282.681421][ T8262] nfsd_fill_super+0x145/0x560 [ 282.681445][ T8262] ? __pfx_nfsd_fill_super+0x10/0x10 [ 282.681466][ T8262] get_tree_keyed+0x10e/0x1d0 [ 282.681496][ T8262] vfs_get_tree+0x92/0x320 [ 282.681523][ T8262] path_mount+0x7d0/0x23d0 [ 282.681550][ T8262] ? __pfx_path_mount+0x10/0x10 [ 282.681571][ T8262] ? lockdep_hardirqs_on+0x78/0x100 [ 282.681592][ T8262] ? putname+0xb1/0x110 [ 282.681612][ T8262] ? kmem_cache_free+0x124/0x6a0 [ 282.681645][ T8262] ? __x64_sys_mount+0x293/0x310 [ 282.681666][ T8262] __x64_sys_mount+0x293/0x310 [ 282.681689][ T8262] ? __pfx___x64_sys_mount+0x10/0x10 [ 282.681718][ T8262] do_syscall_64+0x106/0xf80 [ 282.681745][ T8262] ? clear_bhb_loop+0x40/0x90 [ 282.681768][ T8262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.681786][ T8262] RIP: 0033:0x7f2c3df9c819 [ 282.681803][ T8262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 282.681821][ T8262] RSP: 002b:00007f2c3ee52028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 282.681839][ T8262] RAX: ffffffffffffffda RBX: 00007f2c3e216090 RCX: 00007f2c3df9c819 [ 282.681851][ T8262] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 282.681861][ T8262] RBP: 00007f2c3e032c91 R08: 0000000000000000 R09: 0000000000000000 [ 282.681871][ T8262] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 282.681881][ T8262] R13: 00007f2c3e216128 R14: 00007f2c3e216090 R15: 00007fffaae17ae8 [ 282.681905][ T8262] [ 284.950285][ T8294] FAULT_INJECTION: forcing a failure. [ 284.950285][ T8294] name failslab, interval 1, probability 0, space 0, times 0 [ 284.977166][ T8296] aoe: copy from user failed [ 284.992231][ T8296] aoe: could not set interface list: too many interfaces [ 284.999545][ T8294] CPU: 1 UID: 0 PID: 8294 Comm: syz.0.504 Not tainted syzkaller #0 PREEMPT(full) [ 284.999583][ T8294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 284.999600][ T8294] Call Trace: [ 284.999610][ T8294] [ 284.999621][ T8294] dump_stack_lvl+0x100/0x190 [ 284.999674][ T8294] should_fail_ex.cold+0x5/0xa [ 284.999713][ T8294] should_failslab+0xc2/0x120 [ 284.999756][ T8294] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 284.999804][ T8294] ? security_inode_alloc+0x3b/0x2c0 [ 284.999838][ T8294] ? lockdep_init_map_type+0x5c/0x250 [ 284.999887][ T8294] security_inode_alloc+0x3b/0x2c0 [ 284.999939][ T8294] inode_init_always_gfp+0xced/0x1040 [ 284.999980][ T8294] alloc_inode+0x8e/0x250 [ 285.000023][ T8294] new_inode+0x22/0x1c0 [ 285.000069][ T8294] nfsd_mkdir+0x78/0x460 [ 285.000104][ T8294] ? dput.part.0+0xdd/0x570 [ 285.000149][ T8294] nfsd_fill_super+0x3f9/0x560 [ 285.000188][ T8294] ? __pfx_nfsd_fill_super+0x10/0x10 [ 285.000224][ T8294] get_tree_keyed+0x10e/0x1d0 [ 285.000276][ T8294] vfs_get_tree+0x92/0x320 [ 285.000322][ T8294] path_mount+0x7d0/0x23d0 [ 285.000367][ T8294] ? __pfx_path_mount+0x10/0x10 [ 285.000402][ T8294] ? lockdep_hardirqs_on+0x78/0x100 [ 285.000439][ T8294] ? putname+0xb1/0x110 [ 285.000480][ T8294] ? kmem_cache_free+0x124/0x6a0 [ 285.000536][ T8294] ? __x64_sys_mount+0x293/0x310 [ 285.000572][ T8294] __x64_sys_mount+0x293/0x310 [ 285.000612][ T8294] ? __pfx___x64_sys_mount+0x10/0x10 [ 285.000664][ T8294] do_syscall_64+0x106/0xf80 [ 285.000694][ T8294] ? clear_bhb_loop+0x40/0x90 [ 285.000734][ T8294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.000772][ T8294] RIP: 0033:0x7f2c3df9c819 [ 285.000799][ T8294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 285.000826][ T8294] RSP: 002b:00007f2c3ee73028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 285.000855][ T8294] RAX: ffffffffffffffda RBX: 00007f2c3e215fa0 RCX: 00007f2c3df9c819 [ 285.000875][ T8294] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 285.000892][ T8294] RBP: 00007f2c3e032c91 R08: 0000000000000000 R09: 0000000000000000 [ 285.000909][ T8294] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 285.000926][ T8294] R13: 00007f2c3e216038 R14: 00007f2c3e215fa0 R15: 00007fffaae17ae8 [ 285.000967][ T8294] [ 286.044031][ T8319] FAULT_INJECTION: forcing a failure. [ 286.044031][ T8319] name failslab, interval 1, probability 0, space 0, times 0 [ 286.109968][ T8319] CPU: 1 UID: 0 PID: 8319 Comm: syz.1.511 Not tainted syzkaller #0 PREEMPT(full) [ 286.110024][ T8319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 286.110043][ T8319] Call Trace: [ 286.110053][ T8319] [ 286.110065][ T8319] dump_stack_lvl+0x100/0x190 [ 286.110120][ T8319] should_fail_ex.cold+0x5/0xa [ 286.110159][ T8319] should_failslab+0xc2/0x120 [ 286.110196][ T8319] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 286.110247][ T8319] ? __d_alloc+0x34/0xa80 [ 286.110292][ T8319] __d_alloc+0x34/0xa80 [ 286.110334][ T8319] d_alloc+0x4a/0x1e0 [ 286.110373][ T8319] lookup_one_qstr_excl+0x175/0x250 [ 286.110421][ T8319] start_dirop+0x59/0xb0 [ 286.110451][ T8319] simple_start_creating+0xf9/0x110 [ 286.110482][ T8319] ? __pfx_simple_start_creating+0x10/0x10 [ 286.110525][ T8319] nfsd_fill_super+0x1c9/0x560 [ 286.110568][ T8319] ? __pfx_nfsd_fill_super+0x10/0x10 [ 286.110602][ T8319] get_tree_keyed+0x10e/0x1d0 [ 286.110659][ T8319] vfs_get_tree+0x92/0x320 [ 286.110714][ T8319] path_mount+0x7d0/0x23d0 [ 286.110762][ T8319] ? __pfx_path_mount+0x10/0x10 [ 286.110798][ T8319] ? lockdep_hardirqs_on+0x78/0x100 [ 286.110837][ T8319] ? putname+0xb1/0x110 [ 286.110871][ T8319] ? kmem_cache_free+0x124/0x6a0 [ 286.110929][ T8319] ? __x64_sys_mount+0x293/0x310 [ 286.110966][ T8319] __x64_sys_mount+0x293/0x310 [ 286.111006][ T8319] ? __pfx___x64_sys_mount+0x10/0x10 [ 286.111059][ T8319] do_syscall_64+0x106/0xf80 [ 286.111090][ T8319] ? clear_bhb_loop+0x40/0x90 [ 286.111134][ T8319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.111162][ T8319] RIP: 0033:0x7f948a99c819 [ 286.111187][ T8319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 286.111211][ T8319] RSP: 002b:00007f9488bcd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 286.111241][ T8319] RAX: ffffffffffffffda RBX: 00007f948ac16090 RCX: 00007f948a99c819 [ 286.111260][ T8319] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 286.111278][ T8319] RBP: 00007f948aa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 286.111296][ T8319] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 286.111314][ T8319] R13: 00007f948ac16128 R14: 00007f948ac16090 R15: 00007fff4b9e08f8 [ 286.111356][ T8319] [ 286.942722][ T8306] kexec: Could not allocate control_code_buffer [ 287.466275][ T8337] FAULT_INJECTION: forcing a failure. [ 287.466275][ T8337] name failslab, interval 1, probability 0, space 0, times 0 [ 287.500746][ T8337] CPU: 1 UID: 0 PID: 8337 Comm: syz.1.517 Not tainted syzkaller #0 PREEMPT(full) [ 287.500789][ T8337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 287.500807][ T8337] Call Trace: [ 287.500817][ T8337] [ 287.500828][ T8337] dump_stack_lvl+0x100/0x190 [ 287.500883][ T8337] should_fail_ex.cold+0x5/0xa [ 287.500921][ T8337] should_failslab+0xc2/0x120 [ 287.500956][ T8337] __kmalloc_cache_noprof+0x7a/0x6f0 [ 287.500998][ T8337] ? get_mountpoint+0x174/0x4f0 [ 287.501040][ T8337] ? do_lock_mount.part.0+0x242/0xb10 [ 287.501082][ T8337] get_mountpoint+0x174/0x4f0 [ 287.501131][ T8337] do_lock_mount.part.0+0x336/0xb10 [ 287.501173][ T8337] path_mount+0x8f5/0x23d0 [ 287.501212][ T8337] ? __pfx_path_mount+0x10/0x10 [ 287.501246][ T8337] ? lockdep_hardirqs_on+0x78/0x100 [ 287.501281][ T8337] ? putname+0xb1/0x110 [ 287.501332][ T8337] ? __x64_sys_mount+0x293/0x310 [ 287.501367][ T8337] __x64_sys_mount+0x293/0x310 [ 287.501406][ T8337] ? __pfx___x64_sys_mount+0x10/0x10 [ 287.501456][ T8337] do_syscall_64+0x106/0xf80 [ 287.501486][ T8337] ? clear_bhb_loop+0x40/0x90 [ 287.501522][ T8337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.501551][ T8337] RIP: 0033:0x7f948a99c819 [ 287.501577][ T8337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 287.501605][ T8337] RSP: 002b:00007f9488bee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 287.501634][ T8337] RAX: ffffffffffffffda RBX: 00007f948ac15fa0 RCX: 00007f948a99c819 [ 287.501652][ T8337] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 287.501679][ T8337] RBP: 00007f948aa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 287.501695][ T8337] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 287.501710][ T8337] R13: 00007f948ac16038 R14: 00007f948ac15fa0 R15: 00007fff4b9e08f8 [ 287.501750][ T8337] [ 287.889391][ T8344] aoe: copy from user failed [ 287.915487][ T8344] aoe: could not set interface list: too many interfaces [ 288.143835][ T8349] FAULT_INJECTION: forcing a failure. [ 288.143835][ T8349] name failslab, interval 1, probability 0, space 0, times 0 [ 288.180839][ T8349] CPU: 0 UID: 0 PID: 8349 Comm: syz.2.521 Not tainted syzkaller #0 PREEMPT(full) [ 288.180882][ T8349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 288.180900][ T8349] Call Trace: [ 288.180910][ T8349] [ 288.180922][ T8349] dump_stack_lvl+0x100/0x190 [ 288.180975][ T8349] should_fail_ex.cold+0x5/0xa [ 288.181013][ T8349] should_failslab+0xc2/0x120 [ 288.181049][ T8349] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 288.181097][ T8349] ? security_inode_alloc+0x3b/0x2c0 [ 288.181136][ T8349] ? lockdep_init_map_type+0x5c/0x250 [ 288.181180][ T8349] security_inode_alloc+0x3b/0x2c0 [ 288.181215][ T8349] inode_init_always_gfp+0xced/0x1040 [ 288.181255][ T8349] alloc_inode+0x8e/0x250 [ 288.181296][ T8349] new_inode+0x22/0x1c0 [ 288.181339][ T8349] nfsd_mkdir+0x78/0x460 [ 288.181373][ T8349] ? dput.part.0+0xdd/0x570 [ 288.181414][ T8349] nfsd_fill_super+0x3f9/0x560 [ 288.181453][ T8349] ? __pfx_nfsd_fill_super+0x10/0x10 [ 288.181489][ T8349] get_tree_keyed+0x10e/0x1d0 [ 288.181541][ T8349] vfs_get_tree+0x92/0x320 [ 288.181585][ T8349] path_mount+0x7d0/0x23d0 [ 288.181629][ T8349] ? __pfx_path_mount+0x10/0x10 [ 288.181671][ T8349] ? lockdep_hardirqs_on+0x78/0x100 [ 288.181708][ T8349] ? putname+0xb1/0x110 [ 288.181740][ T8349] ? kmem_cache_free+0x124/0x6a0 [ 288.181797][ T8349] ? __x64_sys_mount+0x293/0x310 [ 288.181832][ T8349] __x64_sys_mount+0x293/0x310 [ 288.181872][ T8349] ? __pfx___x64_sys_mount+0x10/0x10 [ 288.181923][ T8349] do_syscall_64+0x106/0xf80 [ 288.181952][ T8349] ? clear_bhb_loop+0x40/0x90 [ 288.181990][ T8349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.182021][ T8349] RIP: 0033:0x7fde80b9c819 [ 288.182046][ T8349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 288.182074][ T8349] RSP: 002b:00007fde819c9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 288.182104][ T8349] RAX: ffffffffffffffda RBX: 00007fde80e16090 RCX: 00007fde80b9c819 [ 288.182124][ T8349] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 288.182142][ T8349] RBP: 00007fde80c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 288.182159][ T8349] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 288.182177][ T8349] R13: 00007fde80e16128 R14: 00007fde80e16090 R15: 00007ffd60a75d08 [ 288.182218][ T8349] [ 288.585289][ T8351] netlink: 4 bytes leftover after parsing attributes in process `syz.0.523'. [ 288.619754][ T8351] netlink: 'syz.0.523': attribute type 1 has an invalid length. [ 288.658414][ T8351] netlink: 5 bytes leftover after parsing attributes in process `syz.0.523'. [ 289.208210][ T8363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.533'. [ 290.325568][ T8353] kexec: Could not allocate control_code_buffer [ 290.389698][ T8376] FAULT_INJECTION: forcing a failure. [ 290.389698][ T8376] name failslab, interval 1, probability 0, space 0, times 0 [ 290.418416][ T8376] CPU: 1 UID: 0 PID: 8376 Comm: syz.0.537 Not tainted syzkaller #0 PREEMPT(full) [ 290.418458][ T8376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 290.418475][ T8376] Call Trace: [ 290.418485][ T8376] [ 290.418497][ T8376] dump_stack_lvl+0x100/0x190 [ 290.418550][ T8376] should_fail_ex.cold+0x5/0xa [ 290.418586][ T8376] should_failslab+0xc2/0x120 [ 290.418621][ T8376] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 290.418666][ T8376] ? alloc_vfsmnt+0x23/0x6a0 [ 290.418715][ T8376] alloc_vfsmnt+0x23/0x6a0 [ 290.418758][ T8376] path_mount+0x1e6b/0x23d0 [ 290.418802][ T8376] ? __pfx_path_mount+0x10/0x10 [ 290.418837][ T8376] ? lockdep_hardirqs_on+0x78/0x100 [ 290.418873][ T8376] ? putname+0xb1/0x110 [ 290.418905][ T8376] ? kmem_cache_free+0x124/0x6a0 [ 290.418961][ T8376] ? __x64_sys_mount+0x293/0x310 [ 290.418996][ T8376] __x64_sys_mount+0x293/0x310 [ 290.419035][ T8376] ? __pfx___x64_sys_mount+0x10/0x10 [ 290.419085][ T8376] do_syscall_64+0x106/0xf80 [ 290.419115][ T8376] ? clear_bhb_loop+0x40/0x90 [ 290.419152][ T8376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.419184][ T8376] RIP: 0033:0x7f2c3df9c819 [ 290.419209][ T8376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 290.419237][ T8376] RSP: 002b:00007f2c3ee73028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 290.419267][ T8376] RAX: ffffffffffffffda RBX: 00007f2c3e215fa0 RCX: 00007f2c3df9c819 [ 290.419286][ T8376] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 290.419304][ T8376] RBP: 00007f2c3e032c91 R08: 0000000000000000 R09: 0000000000000000 [ 290.419322][ T8376] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 290.419339][ T8376] R13: 00007f2c3e216038 R14: 00007f2c3e215fa0 R15: 00007fffaae17ae8 [ 290.419388][ T8376] [ 291.449651][ T8399] netlink: 'syz.2.536': attribute type 11 has an invalid length. [ 291.460577][ T8399] netlink: 'syz.2.536': attribute type 11 has an invalid length. [ 291.469580][ T8399] netlink: 'syz.2.536': attribute type 11 has an invalid length. [ 291.855332][ T8403] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 292.471734][ T8423] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 292.862946][ T8428] netlink: 4 bytes leftover after parsing attributes in process `syz.2.544'. [ 294.056559][ T8451] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 294.794728][ T8467] FAULT_INJECTION: forcing a failure. [ 294.794728][ T8467] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 294.823859][ T8467] CPU: 1 UID: 0 PID: 8467 Comm: syz.3.553 Not tainted syzkaller #0 PREEMPT(full) [ 294.823896][ T8467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 294.823911][ T8467] Call Trace: [ 294.823920][ T8467] [ 294.823930][ T8467] dump_stack_lvl+0x100/0x190 [ 294.823976][ T8467] should_fail_ex.cold+0x5/0xa [ 294.824010][ T8467] _copy_from_iter+0x1f4/0x1690 [ 294.824054][ T8467] ? __pfx__copy_from_iter+0x10/0x10 [ 294.824086][ T8467] ? aa_file_perm+0x7e4/0x14d0 [ 294.824137][ T8467] copy_page_from_iter+0xde/0x180 [ 294.824178][ T8467] anon_pipe_write+0xae4/0x1d40 [ 294.824227][ T8467] ? __pfx_anon_pipe_write+0x10/0x10 [ 294.824260][ T8467] ? apparmor_file_permission+0x13f/0x1c0 [ 294.824297][ T8467] ? bpf_lsm_file_permission+0x9/0x10 [ 294.824324][ T8467] ? security_file_permission+0x76/0x210 [ 294.824364][ T8467] ? rw_verify_area+0xce/0x6d0 [ 294.824408][ T8467] vfs_write+0x6ac/0x1070 [ 294.824437][ T8467] ? __pfx_anon_pipe_write+0x10/0x10 [ 294.824467][ T8467] ? __pfx_vfs_write+0x10/0x10 [ 294.824492][ T8467] ? find_held_lock+0x2b/0x80 [ 294.824542][ T8467] ksys_write+0x1f8/0x250 [ 294.824568][ T8467] ? __pfx_ksys_write+0x10/0x10 [ 294.824605][ T8467] do_syscall_64+0x106/0xf80 [ 294.824632][ T8467] ? clear_bhb_loop+0x40/0x90 [ 294.824665][ T8467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.824692][ T8467] RIP: 0033:0x7f5eee59c819 [ 294.824725][ T8467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 294.824751][ T8467] RSP: 002b:00007f5eef376028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 294.824778][ T8467] RAX: ffffffffffffffda RBX: 00007f5eee816270 RCX: 00007f5eee59c819 [ 294.824796][ T8467] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 294.824812][ T8467] RBP: 00007f5eef376090 R08: 0000000000000000 R09: 0000000000000000 [ 294.824828][ T8467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.824843][ T8467] R13: 00007f5eee816308 R14: 00007f5eee816270 R15: 00007fff413cc948 [ 294.824882][ T8467] [ 295.434683][ T8477] ================================================================== [ 295.434697][ T8477] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 295.434731][ T8477] Write of size 8 at addr ffffc90004379260 by task syz.0.557/8477 [ 295.434746][ T8477] [ 295.434756][ T8477] CPU: 0 UID: 0 PID: 8477 Comm: syz.0.557 Not tainted syzkaller #0 PREEMPT(full) [ 295.434777][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 295.434788][ T8477] Call Trace: [ 295.434794][ T8477] [ 295.434801][ T8477] dump_stack_lvl+0x100/0x190 [ 295.434828][ T8477] print_report+0x156/0x4c9 [ 295.434853][ T8477] ? _raw_spin_lock_irqsave+0x52/0x60 [ 295.434881][ T8477] ? __virt_addr_valid+0x81/0x620 [ 295.434906][ T8477] ? sys_imageblit+0x19fb/0x1d60 [ 295.434932][ T8477] kasan_report+0xdf/0x1e0 [ 295.434958][ T8477] ? sys_imageblit+0x19fb/0x1d60 [ 295.434989][ T8477] sys_imageblit+0x19fb/0x1d60 [ 295.435019][ T8477] ? __pfx_sys_imageblit+0x10/0x10 [ 295.435050][ T8477] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 295.435072][ T8477] soft_cursor+0x524/0xa10 [ 295.435098][ T8477] bit_cursor+0xe58/0x16f0 [ 295.435122][ T8477] ? __pfx_bit_cursor+0x10/0x10 [ 295.435148][ T8477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 295.435168][ T8477] ? get_color+0x1da/0x450 [ 295.435186][ T8477] ? __pfx_bit_cursor+0x10/0x10 [ 295.435208][ T8477] fbcon_cursor+0x43c/0x5e0 [ 295.435227][ T8477] ? mark_lock+0x9f0/0xa20 [ 295.435250][ T8477] hide_cursor+0x87/0x230 [ 295.435274][ T8477] do_con_write+0x23fe/0x8540 [ 295.435290][ T8477] ? trace_contention_end+0x140/0x180 [ 295.435315][ T8477] ? __mutex_lock+0x26a/0x1b90 [ 295.435336][ T8477] ? __pfx___mutex_lock+0x10/0x10 [ 295.435354][ T8477] ? do_raw_spin_lock+0x128/0x260 [ 295.435380][ T8477] ? __pfx_do_con_write+0x10/0x10 [ 295.435401][ T8477] con_write+0x23/0xb0 [ 295.435430][ T8477] n_tty_write+0x44f/0x12d0 [ 295.435456][ T8477] ? __pfx_n_tty_write+0x10/0x10 [ 295.435476][ T8477] ? trace_kmalloc+0x101/0x130 [ 295.435496][ T8477] ? __pfx_woken_wake_function+0x10/0x10 [ 295.435525][ T8477] ? rcu_is_watching+0x12/0xc0 [ 295.435554][ T8477] ? file_tty_write.isra.0+0x694/0x890 [ 295.435582][ T8477] ? kfree+0x2ec/0x6b0 [ 295.435605][ T8477] ? __pfx_n_tty_write+0x10/0x10 [ 295.435626][ T8477] file_tty_write.isra.0+0x4d2/0x890 [ 295.435659][ T8477] redirected_tty_write+0xd4/0x120 [ 295.435688][ T8477] vfs_write+0x6ac/0x1070 [ 295.435705][ T8477] ? __pfx_redirected_tty_write+0x10/0x10 [ 295.435734][ T8477] ? __pfx_vfs_write+0x10/0x10 [ 295.435750][ T8477] ? find_held_lock+0x2b/0x80 [ 295.435772][ T8477] ksys_write+0x12a/0x250 [ 295.435789][ T8477] ? __pfx_ksys_write+0x10/0x10 [ 295.435809][ T8477] do_syscall_64+0x106/0xf80 [ 295.435826][ T8477] ? clear_bhb_loop+0x40/0x90 [ 295.435846][ T8477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.435865][ T8477] RIP: 0033:0x7f2c3df9c819 [ 295.435879][ T8477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 295.435897][ T8477] RSP: 002b:00007f2c3ee73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 295.435915][ T8477] RAX: ffffffffffffffda RBX: 00007f2c3e215fa0 RCX: 00007f2c3df9c819 [ 295.435926][ T8477] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000006 [ 295.435936][ T8477] RBP: 00007f2c3e032c91 R08: 0000000000000000 R09: 0000000000000000 [ 295.435947][ T8477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.435957][ T8477] R13: 00007f2c3e216038 R14: 00007f2c3e215fa0 R15: 00007fffaae17ae8 [ 295.435973][ T8477] [ 295.435980][ T8477] [ 295.435985][ T8477] The buggy address belongs to a vmalloc virtual mapping [ 295.435998][ T8477] Memory state around the buggy address: [ 295.436007][ T8477] ffffc90004379100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 295.436020][ T8477] ffffc90004379180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 295.436032][ T8477] >ffffc90004379200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 295.436041][ T8477] ^ [ 295.436051][ T8477] ffffc90004379280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 295.436063][ T8477] ffffc90004379300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 295.436072][ T8477] ================================================================== [ 295.436167][ T8477] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 295.436181][ T8477] CPU: 0 UID: 0 PID: 8477 Comm: syz.0.557 Not tainted syzkaller #0 PREEMPT(full) [ 295.436203][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 295.436213][ T8477] Call Trace: [ 295.436220][ T8477] [ 295.436227][ T8477] dump_stack_lvl+0x100/0x190 [ 295.436254][ T8477] vpanic+0x552/0x970 [ 295.436271][ T8477] ? __pfx_vpanic+0x10/0x10 [ 295.436290][ T8477] ? sys_imageblit+0x19fb/0x1d60 [ 295.436318][ T8477] panic+0xd1/0xe0 [ 295.436357][ T8477] ? __pfx_panic+0x10/0x10 [ 295.436375][ T8477] ? sys_imageblit+0x19fb/0x1d60 [ 295.436402][ T8477] ? preempt_schedule_common+0x42/0xc0 [ 295.436441][ T8477] check_panic_on_warn.cold+0x19/0x34 [ 295.436461][ T8477] end_report.part.0+0x3a/0x90 [ 295.436487][ T8477] kasan_report.cold+0xe/0x18 [ 295.436512][ T8477] ? sys_imageblit+0x19fb/0x1d60 [ 295.436541][ T8477] sys_imageblit+0x19fb/0x1d60 [ 295.436572][ T8477] ? __pfx_sys_imageblit+0x10/0x10 [ 295.436605][ T8477] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 295.436627][ T8477] soft_cursor+0x524/0xa10 [ 295.436653][ T8477] bit_cursor+0xe58/0x16f0 [ 295.436677][ T8477] ? __pfx_bit_cursor+0x10/0x10 [ 295.436703][ T8477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 295.436722][ T8477] ? get_color+0x1da/0x450 [ 295.436741][ T8477] ? __pfx_bit_cursor+0x10/0x10 [ 295.436763][ T8477] fbcon_cursor+0x43c/0x5e0 [ 295.436782][ T8477] ? mark_lock+0x9f0/0xa20 [ 295.436805][ T8477] hide_cursor+0x87/0x230 [ 295.436830][ T8477] do_con_write+0x23fe/0x8540 [ 295.436846][ T8477] ? trace_contention_end+0x140/0x180 [ 295.436872][ T8477] ? __mutex_lock+0x26a/0x1b90 [ 295.436893][ T8477] ? __pfx___mutex_lock+0x10/0x10 [ 295.436912][ T8477] ? do_raw_spin_lock+0x128/0x260 [ 295.436939][ T8477] ? __pfx_do_con_write+0x10/0x10 [ 295.436959][ T8477] con_write+0x23/0xb0 [ 295.436975][ T8477] n_tty_write+0x44f/0x12d0 [ 295.437000][ T8477] ? __pfx_n_tty_write+0x10/0x10 [ 295.437020][ T8477] ? trace_kmalloc+0x101/0x130 [ 295.437040][ T8477] ? __pfx_woken_wake_function+0x10/0x10 [ 295.437068][ T8477] ? rcu_is_watching+0x12/0xc0 [ 295.437095][ T8477] ? file_tty_write.isra.0+0x694/0x890 [ 295.437124][ T8477] ? kfree+0x2ec/0x6b0 [ 295.437147][ T8477] ? __pfx_n_tty_write+0x10/0x10 [ 295.437168][ T8477] file_tty_write.isra.0+0x4d2/0x890 [ 295.437198][ T8477] redirected_tty_write+0xd4/0x120 [ 295.437227][ T8477] vfs_write+0x6ac/0x1070 [ 295.437244][ T8477] ? __pfx_redirected_tty_write+0x10/0x10 [ 295.437274][ T8477] ? __pfx_vfs_write+0x10/0x10 [ 295.437290][ T8477] ? find_held_lock+0x2b/0x80 [ 295.437313][ T8477] ksys_write+0x12a/0x250 [ 295.437330][ T8477] ? __pfx_ksys_write+0x10/0x10 [ 295.437350][ T8477] do_syscall_64+0x106/0xf80 [ 295.437367][ T8477] ? clear_bhb_loop+0x40/0x90 [ 295.437387][ T8477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.437412][ T8477] RIP: 0033:0x7f2c3df9c819 [ 295.437426][ T8477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 295.437443][ T8477] RSP: 002b:00007f2c3ee73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 295.437461][ T8477] RAX: ffffffffffffffda RBX: 00007f2c3e215fa0 RCX: 00007f2c3df9c819 [ 295.437472][ T8477] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000006 [ 295.437484][ T8477] RBP: 00007f2c3e032c91 R08: 0000000000000000 R09: 0000000000000000 [ 295.437495][ T8477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.437506][ T8477] R13: 00007f2c3e216038 R14: 00007f2c3e215fa0 R15: 00007fffaae17ae8 [ 295.437522][ T8477] [ 295.437712][ T8477] Kernel Offset: disabled