last executing test programs: 5.980419526s ago: executing program 1 (id=3803): r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r1, 0x5523, r1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vivid.0/media4/power/runtime_suspended_time\x00', 0x80000, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/controlC0\x00', 0x40102, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000700)={{@raw=0x9, 0x7f, 0x2, 0x406, "26cb83211ffd7f6567850e138dd717bfeb7ab5c5a4909ab7e79491c86f8c5d7d57cdda7ca056a2a31e5dfe27"}, 0x0, @integer64=@value_ptr=&(0x7f0000000300)=0x401, "1cd4f43065c34bdcb5fa6160f24c5f3eb5328361438ff4cd82ad2e9771421debdad4d39a52fc70b9012aff448a8b4a75e7c5126dc19ba1ad1e6542790700000044b0d756001b66abab0c0fd3b4287befd247e5410bef4c186120b5bed4ab64ffeb4b7c5a69166021a8814332515a65fe9300"}) read$auto(r0, 0x0, 0x2) getrlimit$auto(0x3, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r3 = socket(0x2, 0x1, 0x0) bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x0, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r0, 0x4008af25, &(0x7f00000000c0)=0x3) io_uring_register$auto_IORING_REGISTER_BUFFERS2(r2, 0xf, &(0x7f0000000200)="73a2055553de23d38556084e8876d593bed2d8b97e472f5e2ec1a95e330135eabfbd02189ad707637125f6df00c25361ae186a6d2db943173bc0a5590aa2d2fd0d20c36b7eb10556ad69e19c3b96b590ca081e05fbfcef9b17425c5f5d807c662556b2e01c81d71d4d8a040dc56870bc5a98b50736e1641c025a98e92c608318288716ad753e1dbf071b1a2a27ec83f3eeefeb11233c05ca09f9d51b8c00bd1d2fc7b599760278112b6ed5a2ee6274e9858309643e325fc7fd4215b45f28d77ec9e9640fe0d170560080049641c5346f18bb78b0cc", 0x1) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x5, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x400) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r4, 0x0, 0x400000000006) shutdown$auto(r3, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x20009, 0x7fffffffffffffff, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) 5.772326219s ago: executing program 3 (id=3804): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000001940), 0x101000, 0x0) r1 = socket(0x2, 0x801, 0x100) connect$auto(r0, 0x0, 0x7) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)='\x98\x00', 0xb559) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages\x00', 0xe8202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x121041, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) write$auto(r2, &(0x7f0000000080)='/sys/kernel/security\xf9\x1cntegrity/evm/evm_xat\x99rs\x00B\b\xbd\x9f\x15\x81\x15\xb6h\xae', 0x1000000006) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r4 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x220c01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000a, 0xf, 0x5e, r1, 0x7ffc) sysfs$auto(0x2, 0x6f, 0x40) r5 = fsopen$auto(0x0, 0xa) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x80000000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x68e00, 0x0) r6 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r6, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) sethostname$auto(0x0, 0x1) ioctl$auto_UI_DEV_CREATE(r6, 0x5501, 0x0) writev$auto(r6, &(0x7f0000000340)={0x0, 0xda7e}, 0x9) 5.71049334s ago: executing program 1 (id=3805): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) lgetxattr$auto(&(0x7f0000000740)='.\x00', &(0x7f0000000780)='\xda--\x00', 0x0, 0x100) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x180443, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) socket(0x10, 0x2, 0x14) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x6002008c) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pipe$auto(0x0) socketpair$auto(0x1e, 0x1, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r1, 0x40384708, 0x0) 5.37725536s ago: executing program 1 (id=3806): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(r0, 0x0, 0xffd8) r1 = socket(0x26, 0xa, 0x40000e0e) unshare$auto(0x40000080) r2 = socket(0x10, 0x3, 0xc) setsockopt$auto(r2, 0x104000000000010e, 0x1, 0x0, 0x4c5) r3 = ioctl$auto_NS_GET_PID_FROM_PIDNS(r0, 0x8004b706, &(0x7f0000000200)=0xffffffff) ioctl$auto_SW_SYNC_IOC_INC(r3, 0x40045701, &(0x7f0000000240)=0x10000f60) r4 = setfsuid$auto(0xee00) r5 = setfsuid$auto(0xee01) setresuid$auto(r4, r5, r4) close_range$auto(0x0, 0xffffffffffffffff, 0x2) fanotify_init$auto(0x400, 0x2000000000002) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, 0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0x8) openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/setgroups\x00', 0x7f835763b57cbf20, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xa) prctl$auto(0x800, 0xc6, 0x0, 0x2000000002, 0xfffffffffffffffd) write$auto(r1, &(0x7f0000000480)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\x0f\x97\xa1\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd3lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\xfa\v?\\#\xfc\x15-\xbc\xcd$\x83\xcf\xc5D\xcc', 0xc8) socket(0x29, 0x4, 0xc) keyctl$auto(0x23, 0x1, 0x6, 0x3, 0x9) r6 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000140), 0x189000, 0x0) readv$auto(r6, &(0x7f00000018c0)={&(0x7f0000001880), 0x1}, 0x9) prctl$auto(0x1000, 0x80001, 0x0, 0x200000005, 0x100000000000009) madvise$auto(0x20000000000000, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) adjtimex$auto(&(0x7f0000000000)={0xffff92b5, 0x0, 0x9, 0x3, 0x2, 0x80000000000000, 0x80000000, 0x0, 0x4513, 0x9, 0xffffffffffffffff, {0x3, 0x8001}, 0xfffffffc, 0xbfa, 0x4, 0x110, 0x0, 0x2, 0x8, 0x1659, 0x10000, 0x476, 0x4}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) 5.170349948s ago: executing program 2 (id=3807): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x5, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8947, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x80002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mprotect$auto(0x8000, 0x8, 0x8) r1 = syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) wait4$auto(r1, 0x0, 0x80000001, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x8, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) adjtimex$auto(&(0x7f0000000000)={0x8, 0x0, 0xff, 0x7, 0xb, 0x0, 0xffff, 0x0, 0x2, 0xc3, 0x1f6a, {0x0, 0x3}, 0x9, 0x1, 0x6, 0x80000001, 0x0, 0x8, 0x545, 0x1, 0x0, 0x8}) mmap$auto(0x0, 0x100, 0xffb, 0x8000000008012, 0xffffffffffffffff, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10100, 0x0) pread64$auto(r2, 0x0, 0x3, 0x5ef6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sda\x00', 0xa0102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) 4.555774895s ago: executing program 2 (id=3809): select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x48, 0x15, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x1]}, 0x0, 0x0) 4.214912354s ago: executing program 2 (id=3812): mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x86', 0xa) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x42400, 0x0) ioctl$auto_UI_SET_LEDBIT(r2, 0x40045569, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/scsi/sg/allow_dio\x00', 0x101181, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/005/001\x00', 0x100, 0x0) socket(0xa, 0x5, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) signalfd$auto(r1, &(0x7f0000000180)={0x1}, 0x101) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) write$auto(0x6, 0x0, 0x100000001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x109401, 0x0) ioctl$auto_TIOCSTI2(r3, 0x5412, 0x0) 4.211922459s ago: executing program 3 (id=3813): r0 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x101200, 0x0) setsockopt$auto_SO_OOBINLINE(r0, 0x9, 0xa, &(0x7f0000000040)='\'.', 0x5) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0c\x00', 0x4000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_DELAY2(r1, 0x80084121, &(0x7f00000000c0)=0xdcec) fcntl$auto_F_SETSIG(0xffffffffffffffff, 0xa, 0x1) r2 = prctl$auto_SECCOMP_MODE_STRICT(0x25c, 0x1, 0xffffffffffffffff, 0xffff, 0x100000001) ioctl$auto_TIOCNXCL(r2, 0x540d, &(0x7f0000000100)="dc6fe98d4b2cfb44d375c6cf4b1052f6c29d83efee64627aa6930d24e16091eb2aa949211d28b970368118027561aac2653fce5fa092f8a31fad059520e9654856dd17724bc1b3b08b669b95ab63764c394839336cab597c864a0722fa8b3cda9356b9bc46a0247368e2727cec5d0356aa87e3535704e5dabe8b9c5c730186a9963c11cc138ebab30894f2c1163af1bb54578ce91c380737d945b8310b3c4636dd2442d86856d2c4b9050076dde1a58354b8d882c8ee8c843fb6f5654f5b8b4142755d478fca92e6a647ba") ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR322(r1, 0xc0844123, &(0x7f0000000200)={0x800, @status={0x9, 0x0, 0x8, 0x8, 0x1ff, 0x3, 0x9, 0x8001}, @reserved="ab337e12b0a7a5a57a0e11b6092a79c5902627378694ac8a41b19d578cd1a25d1473253346d2ca414cc3daf261c4723c02642ef9c9dcb2ab623b2d694905b16c"}) writev$auto(r1, &(0x7f0000000340)={&(0x7f00000002c0)="6ce82ea23d12e42d568568472eb3b6d6f3b24fa6f6597d780ddc2171dc7dffc9139243ac87f3bd263d4bd7f3f7eb227b157bb28c4caa4a99a16da54cebdc303298cef96cd13c5c3062c424bd6fea3ae460b6ea38d69c66aca581ea3577741eac87c20608634a29619fd08a36c7551aafe84be42c3c4a6b736f89e408", 0x8}, 0x7) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000003c0), r2) sendmsg$auto_NL802154_CMD_SET_SHORT_ADDR(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r3, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x40}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000004}, 0x40000) mremap$auto(0x400, 0x5, 0xfffffffffffffff3, 0x94b3, 0x1) unshare$auto(0x3) r4 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0xa2400, 0x0) shmget$auto(0xe, 0x81, 0x6) readv$auto(r1, &(0x7f0000000640)={&(0x7f0000000540)="69534e1267f520151514dceb4cfdcb8ec10bf45c06ad74ab8c6e29d6b77cff01f126c278b9a23c2fbbacee94eb1c86cd82ffdcf8dfc92369e42077290d0c0e2a5dd6663c322744f30df63e23512d56a829a76eca1911c85b6b65a867761e40410c240d165bdd2d24793c5a8bb2f50db5c7e231d3ed8304d5a3fa450ff38fd0e90d9278181373da63f8116b7819cb00c0b23d781bc2899f777fb1e3a75bbf429a1a6e31d390eaaf9cef755b171b4e6859ddb185b922dffa21a291417ff60c4c1ecdccde2bea30c9e94a53c1a163089a7e", 0x6}, 0x4) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000680)=""/28, 0x1c) getsockopt$auto_SO_COOKIE(r4, 0x7fff, 0x39, &(0x7f00000006c0)='*)\x00', &(0x7f0000000700)=0x80000001) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000740)='/dev/snd/midiC2D2\x00', 0x0, 0x0) r5 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000780), 0x84000, 0x0) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000840), r2) sendmsg$auto_NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x2c, r6, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TIMEOUT_REASON={0x8, 0xf8, 0x8}, @NL80211_ATTR_WIPHY_NAME={0x6, 0x2, 'a\x00'}]}, 0x2c}}, 0x40844) close$auto(r1) ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4048587b, &(0x7f0000001c80)={{r2, &(0x7f0000000940)="4a2c26ac0100ca9d003a0d69764b405764218732d2efe8505d3cc71fbc320fff1099f54ab1310e66bc5f7aac8b97af0fa250b0022ec276c18482ffb387a1adddf7513cf5ee69f578dd1b5767f44d3666e0360cc44c6fe769895d68d25377a3e51f00b828bf0fd6e57db77b4d2164a9ae92e0540b7cd9ed5e2d266daf893d7db5a873cdc26fe76790a3810be5d0c4e34fcd2099f4f560e6467f044b84eac8bc5552d4ba18b03c33d54ad098ac67c8f908554a1c68dd32bfb27182cbf0ed2fbd8afc5536967ca6333c3343f37358b8a16c3b0ce81f4f89e4128814b573b5f360e5e0a360b54174774708c54ef3872dfcb94ea9f76c667ce18cde996b799013242550f27aab6470e73d4826bccb4be4b3ee31f29af1c612c8250865e275e0948c8164892e9d8eaf1d0dc9999752d1b23fc5c6f2cbc9383435e30ab7a58aa01b68981c34c9c916a19cd9ba95ed78cd52a16e9034ca57b778096df88ffeffc2b38fd1814e68df54361f8359feb980eda1e0fcc3d185724a9f0af8880ff8fa442eb1c87c5fbf7ff6aca2d6a881e80e1291d8fc5a30916fc330012dc4ee6d0be76c9174c843f8b687fe407b7ddd5016b802a9ed157bbdb6486bc431350662e81fbbc1b1dbab29120af37f2f548827082708198198680db4a2ad7806fdab93fdc9edba1e67afa911150426aba591efc7780fad72cbff20a8964244682e9a65efd71940dc0449b6b086b72382f58bcc76e64aa7260dd4062bbe8b8e1753d13277a1285eb4e1f43b77612d0f6eb2a66359d6c483091fa11000d8a6fd356d2835a8c8bc7ee8e03a7a7e875b2faed75b39aca09b0e84ac8c66126c60ddcc57628fa4d5135aeb9ab7e1cc5781150aa705f8744a020bf3f208813acf3d867dc0201d76b2fda1f096b91b36a35806c65803bc8492f33d54192c62ed426c6d2659a83570afc06ecf4e96257fd8b9a8de481b5562581ed372aad50744256e67c9d8e5afa38e5be8c9edcea37cc61f5142e8b053844dc96a549230b7a5ebf851ad56c138b046a4bdc1f5652a7c9b0a3d1b88089064c2ac3d883f00a49e71fb4aa6aff115d990346400468617d1e4ca188f38c647cdb7d021962721b293e246699405c07cb9a5a4d5a47b446a82d2f2c7c15b46458a2f429499c0c9148b01463f98826819194d36a964ac8056517450ee05fbbb1bbdd5c575cd91d8a7e1fa69e70d4843d4cac0c5c15e762637ca83549d25f3142eda8888028cde35a8a8de20a71d708a7bd909d784707c20a50feaec4b50165773ef28f1c267e26283546bd83c107dfd8d5c9ffb8c5a89e3f5788fdf4627bc462002c3512eff0318eeddf8e126a16d471b1716e7ef54c012b45c7b45f1c0c892659c456e58ab9a7340ee1cd018d952e1aa97b2fe91e7b452b0ae528ecefa2e3ed04b411ea018f186d4eead9c370109f51478d1542105cb37b72b9db276c7830008cedc3a217a7b033c603ca9fb4d959aaf66897982fd415134bd866276be1d2cc9a3c2bf266d0d89f80c304bf9c46cee440e78ea60fc4969da2a8f27f2e52971309128faa87464cd29ed94b9b81c9f60aaf2d615a27a1647882e981eecdc9914b9bb1468ebcf327d52f655116bf1f7258bcf03e63de3811aac0ad5ee8e5ac3d3e4519d8de0a4118d217eb5e722b8784cff3caca6d9a3a25de00aaf9a87146cb7aa2ef8ad7f38e6eff662d86cac9e8a4ceaf5161d3dc8b6e5e4465e0debcea766bc661a21dbe15d414d849a01c2b2e1e608189ae65eef65b6a9e346229770dc0e653d8bf052ab13163ff21bbfb528a263ae800bb0edefaf1706ada7567b7f1d5f586d96a5c6cbdad37cdc99047b4fad32a39629c4030f491f8003808debe3fde91ffc2ff4ce152df9f620b5d80fcc8056dd0f487f811bd3370594166d6681cdfd5306bbb5729ffded084c26dacea2d73f4ac0c68dfaeffa7b9e0db7ac48f1e3e62e62c3f8acca9cc9da6b7402b3f19d16ce5f60ea0c66139dff25e91cd3c6373cafba119880fdad95a6ad51158710c2ddec318846f18d2468df95cfa4ed1d739309d40222736b7b4a3edb7497a8cf5741816af3ba0cf55f1eb979b676929fb2b826737e18aa1bfe5f8dc366062b5b582240c53d9e91580202503770e552d80955d630095d4e4151e80a15bc8333156d6a6b0538174bdc8e098fcfd262e7716ec26671d139aff1079df4fe8fcef7e8c638766e5586f987de8f30f7228bc544e213cfe80482709e82890d9cd498663ec4a881d1fbc1db8367dda848ae84d33e0b51a11f2de99873a2a826b3314d6f7077e276245adcbb3ed6b419a5fe9ca151a2df0d26fbe70876f237dcdab7b3f9de8c934db8dc46f5ed1bd08661cdebc0d01e66b9901f865819f00ba92f70e2e140b57c4a28a57294c96788c035d543fbb081f26f152b31bb555b4e56734e88c18c7e1e86e0eaa49d8ab30478d6f9617342e411fc96d3de893f72b1140f8a216789c53d872a59bbfb2b35aa6a63b1f560ee2f3c74de521e42a3e62381061f939dca25089282d7e300f19e31f3b9b044979fcc179863b3b75031cb846b673c7e0072bd59b87c8f0f0266d6ebe4530c7b9c9e4f829e9190306856c82b14caf9e43da72bea2b69cf6371d5542c6d54bf6b08434d2ae50cc24e6def9aa7d0c30863ac75a2bad2accf1ad8478ba856cd09accd8dcfcf4f0dc921a896125291b2aa7aec4f84457537eafff75196733a5d67a396f6c7ab907dadaa5b23e712f03c3adcb84126fb750210a0a12b51f69fc09dd764ae3e088206dd171192b770d5e610a3e5d2f0cbb335a32620b6d1f95c0d1f977aa573ad8049d9966f39538e6fedd9ac521058b3715c80e0459cdc72d6fd2b5de89fc575f899c3d9b9a9c1db58bb79390522cc1c6dfd2544ac670bc5b851ab0cb0115d2fdd94a54a4e7c3bdd0c68505813efe04d828c1dbfadaf5085fd21ddce1eb22ae4cc3694392a00c564af4b5937d7f4c08f48dc2f22896a59196385b04bbd47fc011b34c61ea4c2be5e412ad7f28076aeb82f1d240d2afbf92976a225f0d51b38082ba4e67f0cdfe57fa7e59b009594c5463ea493c3a88626434ab33e6fbfce63532e7ab95b9d79dba30f0ef5cee15b9f487d8b3e892dc2008f5a9ec00d1bc492c71ba2eba81444d478a9d10e0c48dc90b42ddde29956e846d016d483b2f587b2fef2ae1dab9c13edaed313c019750638c1655c90cf848a09daef3cd8997c7177124390e3d8fa35a886a247e00d9e9d1b109d9d0b58a3213281112dfe74ea87153b32992ee09a07b6613907da6c982f2fe410c83942d50280b3b305c9c49bf800dde3566aa7ff2061649488434557e3f0b20f26f2906560ab30c86140b9260730356d9bfa72c56f8edb2082184e15e2508f84f217c70f43f3b118f26e6e924c8e461ce3d5753ff6806591b22126629275f085bbb3e9e6e2cbc9d3b361379ee41764d7ced5fb1a71b13a0e43987c17eab98ebdfedd2a31f1a648f8cf7afe122e8684553fdaab78c769d15363026d82bd7e6474ebbdc4f09fec2a45b27ddb9917ace0c2f6ff8a2f683bd883c04e700179cd2835ddae14fc3286280b3bb6570f3db2c83e1207ebf26c9cfa17291991daa36ded14543185044b2b4847401e44bcdca69e177bb51dea5a91076821d1e447da53c971d5bf4f966b00126f599e54110cdcb02ee95fa87c2990efa08db21bd5f3ab723a6436af43dc933862c0e62be41d58e94cd200ab3a273c03eb419a46dcf2239e3293dfa6dad135472dcb8ec95f73122d24293d66434a20ff19684b825d739a11d239a383258f7c7e866e813fd88d7742271af5dde9ac477a152cea382c5f745f4007f15e66748a15bfbe8e55c314ecd4c3841c82ecef50e873d0c2fa75c0e6b6a2794d04a772f1e0737953d789bbc6a9085b6bc9a3d51f9410e1b2136f5f5eea8555baa71155ac858cc1300e3f64cdfca3ef384b8ed7d69637010a97b3ae852f547c9b35aef3fcf798d73734556d6b889000fd46c9d8c3d419554c66214d91d37bf9140b06312ba8dbebd3c76cfad945788e815c63841ad4253072145a49cd410cbeb8e3338604802b79262f8d4c06ef031d3c30e5eb62367f42cd84c8ff2ef587582aa3cd6ca94e31eab684cdf22e5637607379ad90336e4e073727f88f5722f65d6c1268c3fed405e22de67a5e507e673de1a2a486f41006cab3d922c940866819aa5a3d95dc10db55e6103f5c94e2fa3b7ab6cef450aa97d80ca33813a370c6db4b2bc5dfa168dae13e54470307029978ef8cfb28d78293949fb66afeac4b65bb4451ac6f9ff247711951f786c436b95a51d518c390bac8243d47f9f8f38bfa8019693d3420cf66b1ff1cc63933db6f2e2814fc18c4505a9a45b9f2d3d1e0734dc4ede5b60309879731e67ecd2d53ca7b8443744109ae682a5bd54139220e2226a27d8feaac2510dc8881510d120c5414a9ab50d0801baa440b01d2fb391a4335a2417c1034a9769e8789606e9d45703c7614fe5f73116f03cefd5f21bb9f2bf7b00ae5aea2a3c7ed5b4934d43f850c5506e83bf9b39f61b7fe02d925d18be29ded247e37be56d1ecf597f77bb28d5968c5e5827a99c851759cc30363fac675dae25588033c7d7525a16c174a41c79a03428f76e5dfbbd125649cc8e214d93c3cfb141c77a65ef014d47844e140d3655a982efdf4eab51f31a945b16ce6053daab9b849a3d84f785779015be5cdb60f160206588e1d939f28ac74dcacefd555bc33d086eef838c9ae72ce75b87dd93bdf1768c3054a13eb3aaaa046dcb7b2a98522959921c7956f99389a3a0e35c5fd5b7230556681e4261a743b30d73c6689ef49589e4cc718f3e178616e3e83c91b407b6c1940e54dffc305a8d6f242193f85487c4629074ffd43ca3bf73866332dad54148eff82c8d33901b69302164c43c4383a6e4079de1988e68c4fe014d4a81fcdd210e16d3e989e71be97257139e5830c92512bc8cab307fa6ab531b93227e8538fe5bb728a84ad4c99fc6e6d37250716aa5374bae59dff0bdefb19607b171ddfa09a1088ac28a4edf7428468a9ec10b5d6c3da04c50b0642e9a2464ee140b86187ac9a4d6f2885fab114ff5693925b42c8e5faf6f775de7df478e3af884e44492ef85e708bcd6964dccd2104e3957f30c4d763f79184058ba1270b12710cfa5a3b5829db8fbaade132932d9a304617c4af657635e79626363a7563b2ac95b1044670639c22b3389b6b343f1ef717df2e61221d496ce430aa837504450c94c4c8bdbe50d76f7959190b741a478959d02be3fe3a2592a55bbb53c3a50e6a60ed6f880aee5b24232489b98789fa58094b6049e3458be4dc2028d22d346be1765c980af1c53c38cd8205598b70d0e529d8f3393e885e3a78dff6816e3cf4798c2cf052a406131b9d9c02e504cca4421904425dd8596659991e3ce472f412c112b1f637515ca3563ba7c9454c9d0dc4bb230de98be817c394c9f212fc56c7f197d4ebb8aec5b5c81dd97b45d68cbdecc54a5865a59ebc61a0a1e2a9be0ef46a3d2ead2eb8c11817c32e4a3d0e0e10501bc6b2a4de307954e733ae3d1760e4aa46481d1d3d8209d510439b13e664390768c8818b34699b66d126071123b2195ad62f47f2666c3035a68ed1f0602db6ee91b75a61de85e64709b2f3531aaadf45e4cb01804a7f1f4bad1997ec2b000c975aaa460ed5d2074e069c85f8f80b53169984b77a89c8928aa7e1c9ffc46f4eab66bed8de33f8143a7b98bdfc91f2a4fd927eec8138c05132737a9589838488373dc5665e921e", 0x0, &(0x7f0000001940)="19a14d62e6d7533f4698fff80bddd40ae32ef7451f4347621927565d35127f7606cf35ad0eb2f3a5fe739b70e162ee80698decf8ad7f3e2d68ab52c729b7765f3708d50aa4eaf3752e4be5068d98242d27b7e17af3047108bd87231d0517ed835cef51087d4e5f3e2ca0a1dae1e5c33c6ef4760689100317347a7fb38d3713f796ed884cb1f779eaa4f568d03502d4322795aed907f31f555dfeb43a3230f9fc739fc3e9ecf2b28bba15a0f4eae48780b4da255ca97b66f78067b572e3530c50ddaca2485f", 0xfffffff9, &(0x7f0000001a40)="07ba3816026bf5c7e5da97d33577bb51653f03097ce26f2f7c962e0b688e9394a43116d87cfdcebe61eabc5e53f68e2fcd592f91efe925ad4e714ded4208512e3db0dbc071aa98c230ba98ca2a742021dd0a0875c5a454de29350d9f51f4d8638f9df047ecf90da048f17b0438eb7b6763d12a74e21919e8002444418449efc90ebc43037a21da4c02c24ddc87e40442710a193fe9ca92702a56cdab13c3cbe74b", &(0x7f0000001b00)=0x81}, 0x8230, &(0x7f0000001c40)={0x4, 0x7fffffff, &(0x7f0000001b40)="582ed30ea0b582b2d2a4179d18a605950ab2dec1e22791d3dc8735ace16e75c1e2856f3f070dc4ba899c90d1e3040ffcd3a327fce7655f216e7ac6b9e9005577f80df73a718ae5146acaea24200dd7c6e18db22a6d5270d99a3db94c46c709db068d41c56cbaf80e9ac9915b1c1552714187e8bedbf61d61c9cf3fac6adbaa000f251bf8593c284a936bbc2343553b49a4d72636bb2fd70a", &(0x7f0000001c00)="ba832b55d156e920a17a57212c632cbc5d2d21d9cd8d955f209094457f77fa2181b2cd36ac6611f1e655b3ac20df7f479242296e28cd181bd4d5e451", 0x7, 0x80000001}}) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_DELETE(r7, &(0x7f0000001e00)={&(0x7f0000001d00)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001dc0)={&(0x7f0000001d40)={0x44, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@THERMAL_GENL_ATTR_TZ_GOV_NAME={0x2e, 0xd, '/sys/kernel/tracing/set_event_notrace_pid\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000) mremap$auto(0x7, 0x3, 0x1, 0xa, 0x0) pread64$auto(r5, &(0x7f0000001e40)='a\x00', 0x1, 0x4) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000001e80)={'veth1_to_bond\x00'}) fcntl$auto_F_GET_RW_HINT(r1, 0x40b, 0x7) 4.207214925s ago: executing program 1 (id=3814): r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/pagemap\x00', 0x400001, 0x0) ioctl$auto_FS_IOC_FSSETXATTR(r0, 0x401c5820, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x748, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf251900000210000000000000de1390000200776c616e"], 0x34}, 0x1, 0x0, 0x0, 0x20040840}, 0x40000) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, 0x38) ioctl$auto(0x3, 0x4020aea5, 0x38) 4.092355727s ago: executing program 0 (id=3815): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/zram-control/hot_remove\x00', 0x8001, 0x0) pwrite64$auto(r1, &(0x7f0000000200)='/-\xc4-\'(])\x00', 0x8, 0x3) write$auto(0x3, 0x0, 0x1) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nbd1\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r2, 0x0, 0x400000000006) mmap$auto(0x0, 0x8000400008, 0xdf, 0x9b72, 0x2, 0x4f) sysfs$auto(0x2, 0xd, 0x0) r3 = fsopen$auto(0x0, 0x1) r4 = socket(0xa, 0x2, 0x0) setsockopt$auto(r4, 0x29, 0x30, 0x0, 0xd393) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) read$auto_usbfs_devices_fops_usb(r3, 0x0, 0x2d) read$auto_regulator_summary_fops_(r3, 0x0, 0x0) socket(0x2c, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) 3.798344889s ago: executing program 3 (id=3816): unshare$auto(0x5) r0 = socket(0x15, 0x800, 0x0) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r0, 0x7ffe) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000001480)={{@raw=0x9, 0x2, 0x5, 0x0, "e462f5a29a0b2f987b9ea452a1bc9eaafd83a8eb9eea79a10397a3126cb6c4380ae1dc84e847c5ccf57f14eb", @raw=0x8}, 0x1, @integer64=@value=[0xf, 0x80, 0x0, 0x3, 0x3, 0x1000, 0xd1f6, 0x5, 0x10, 0x6, 0x4, 0xbe1, 0x1, 0x0, 0x0, 0xffffffffffffff80, 0x40, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0x5, 0x2, 0x2, 0x7, 0x8, 0x2, 0x1, 0x2, 0x5cb56b90, 0x0, 0x81, 0xfffffffffffffffb, 0x9, 0x0, 0x10, 0x2, 0x6, 0x0, 0x6, 0x5, 0x5, 0x8, 0x6, 0xe7d8, 0x7fff, 0x7fffffff, 0x2, 0x2, 0x0, 0x8000000000000001, 0x6, 0xc500000000000000, 0x2, 0x9, 0x0, 0x40, 0x4, 0x5, 0x4, 0xe, 0xb, 0x800, 0x10000], "2ffa3e20e80e755123e1f42e350d190e3032fa30c3621af4571878aad95f51aea60df3a075b1c15529b67947b4b67f290e12883f526b4e566ef511611abf96d1d9b723613b1fce6def179ed465852003f47d532de2721cc6b407490cd09e96be8bf6d01dca81d1d22f2554f48d1796ac750c48d1a4c1d889a0e6b6528742320c"}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/machinecheck/machinecheck0/cmci_disabled\x00', 0x2062, 0x0) sendfile$auto(r4, r3, 0x0, 0x800) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x44009, 0xdf, 0x9b72, 0x7, 0x28000) r5 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0xfa) write$auto(r5, 0x0, 0xfffffdf1) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) mprotect$auto(0x0, 0x8000000000000001, 0x8) r6 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000840)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) close_range$auto(0x2, r6, 0x401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r7 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) poll$auto(&(0x7f0000000180)={r7, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r8, 0xaf01, 0x0) r9 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) r10 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r10, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x5, 0x10, 0xff, 0x2, &(0x7f00000002c0)}) ioctl$auto_UBI_IOCDET(r9, 0x40046f41, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2) 3.274740755s ago: executing program 1 (id=3817): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/phonet\x00', 0x42000, 0x0) r1 = socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x29, 0x37, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) setsockopt$auto(0x400000000000003, 0x29, 0x3b, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x480, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r2 = socket(0x29, 0x2, 0x0) setuid$auto(0xe) mmap$auto(0x20000000000, 0x7ff, 0xffb, 0x8000000008011, 0x3, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r3, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x5, 0x0, 0x1fffff, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r2, 0x89f1, 0x24) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000002100)=""/15, 0xf) 2.946437931s ago: executing program 0 (id=3818): r0 = openat$auto_bridges_fops_(0xffffffffffffff9c, &(0x7f00000029c0)='/sys/kernel/debug/dri/vkms/encoder-1/bridges\x00', 0x80200, 0x0) (async) r1 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cpu/0/msr\x00', 0x2201, 0x0) ioctl$auto_X86_IOC_RDMSR_REGS(r1, 0xc02063a0, 0x0) (async) read$auto_bridges_fops_(r0, &(0x7f0000002a00)=""/4096, 0x1000) (async, rerun: 64) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sg1\x00', 0x10b043, 0x0) (rerun: 64) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/034/001\x00', 0x201, 0x0) (async) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, &(0x7f0000000200)=0x40) (async, rerun: 64) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) (async, rerun: 64) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) socket(0xa, 0x2, 0x73) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) (async) socket(0xa, 0x2, 0x0) (async) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x161401, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) socket(0x2b, 0x4, 0x4) (async) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x30d540, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) (async, rerun: 32) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) (rerun: 32) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) (async, rerun: 32) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0xc0384707, 0x0) (async, rerun: 32) write$auto_sg_fops_sg(r2, &(0x7f0000000040)="01000000000d0000624c492f4aa7d4bbe91b3ddc84d02747403bbca33c95be8fb08baf91e29260d0deefa78dc1e77a5d", 0x30) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/slabinfo\x00', 0x0, 0x0) 872.214035ms ago: executing program 1 (id=3819): unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0xffffffffffffffff, 0xb, 0x24, 0x0, 0x9) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) setfsuid$auto(0xee00) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15a}, 0x6, 0x8, 0x5) write$auto(0x3, 0x0, 0xffd8) epoll_create$auto(0x3e) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) fadvise64$auto_POSIX_FADV_DONTNEED(r0, 0x6, 0x1800000000000000, 0x4) r1 = socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r2, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000080)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000010) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000200) 787.915913ms ago: executing program 3 (id=3820): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x88) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r0 = socket(0x10, 0x80000, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x8, 0x800) timerfd_settime$auto(r0, 0x2, 0x0, 0x0) openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000140)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_WRITE_READ(r1, 0x5452, &(0x7f0000000000)) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x48, 0x15, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x1]}, 0x0, 0x0) 755.878214ms ago: executing program 2 (id=3821): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x800a, 0x1, 0x9, 0x3, 0x3e, 0x93f, 0x41fedf, 0x3, 0x200006, 0xfffffffffffffffe, 0x1ff, 0xfffffffa, 0x8005, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x10, 0xb64, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x7fc, 0xfffffffc, 0x3, [0x5, 0x0, 0x80000000, 0xffffff7ffffffffe, 0xfffffffffffffffc, 0x0, 0x9f49, 0x9, 0x0, 0x200000000000, 0x9, 0xfff, 0x8f3, 0x0, 0x9, 0x0, 0x0, 0x200000000, 0x8000, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x7fffffffffff, 0x9, 0x0, 0x0, 0x10, 0x8aa5, 0x3, 0x8, 0x400, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x2]}, 0x1fe, 0x80082) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x2, 0x3, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) open(0x0, 0x14927f, 0x0) lstat$auto(0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x2008) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) r1 = socket(0x11, 0x80003, 0x300) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1e/\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9gj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xfe\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', &(0x7f0000000200)={0x0, 0x6}, 0x0, 0x1001) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xffd8) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x2000000, &(0x7f0000000080)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 656.313143ms ago: executing program 0 (id=3822): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/kernel/bpf_stats_enabled\x00', 0x20200, 0x0) preadv$auto(r0, &(0x7f0000000240)={0x0, 0x9}, 0xc, 0x9, 0x402) (async, rerun: 64) mmap$auto(0xfffffffffffff99a, 0x202000d, 0x7, 0xeb2, 0xfffffffffffffffb, 0x0) (async, rerun: 64) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0x1ff) (async) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x2, 0x1, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/slab/kmalloc-64/shrink\x00', 0x2062, 0x0) (async) write$auto(0x4, 0x0, 0x100082) (async, rerun: 32) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async, rerun: 32) sysfs$auto(0x2, 0x2000000000040, 0x0) (async) writev$auto(0x3, &(0x7f0000000140)={&(0x7f0000000180), 0x7111}, 0x8) mmap$auto(0x0, 0x2020006, 0x3, 0x16, 0xfffffffffffffffa, 0x8000) r2 = prctl$auto(0x4e, 0x1, 0x0, 0x0, 0x0) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, 0x0, &(0x7f0000000040)=0x8) (async) ioctl$auto_VHOST_SET_MEM_TABLE(r2, 0x4008af03, 0x0) getsockopt$auto(0xffffffffffffffff, 0x2, 0x1, &(0x7f0000000300)='/sys/kernel/slab/kmalloc-64/shrink\x00', &(0x7f0000000340)=0x92b) (async, rerun: 64) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (rerun: 64) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) (async) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @host}, 0x55) listen$auto(0x3, 0x81) (async) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) (async) futex$auto(0x0, 0x8c, 0x1, 0x0, 0x0, 0x1) r3 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/loginuid\x00', 0x1a9602, 0x0) write$auto_proc_loginuid_operations_base(r3, 0x0, 0x0) 561.583877ms ago: executing program 3 (id=3823): sendmmsg$auto(0x3, &(0x7f0000000200)={{0x0, 0x2, 0x0, 0x104, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) 481.316628ms ago: executing program 0 (id=3824): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x20800, 0x0) (async) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) read$auto(r1, &(0x7f0000000140)='!,W\x82\x01\xc1@\xa6=k\x02\xb0q\x05\xcf3\xec\xc1k1\xa5\b\x8ff<\x95\x14\xf5g:\xf60\r$k0r|\xb9\x81\x9b\xaf\x04F:,\xdc\x81l\xa5\x81\xa4\x997\xbf\x05\x05\x00\x00\x00\v\x87DP\xbb\x9d{\x1cwkj\xfdN\xf6\x90\xad\x1d;\x80\vH\a\x83\x16\x86V*\x8b\x91\xa3\x83\xe1_\x8a E%0\xd6\xc2cl\x9c\x98\xbcGQ<\xb5\xd1\x0e\xc6W\x80\xaam\xd2\xfb>\xae$\xe8\xce\x98\xb0\xdc5\xddA\xb5\x02\xe9\x11\x01ZH\xdc*\x06\xb7\x7f\xcf\xa9&^\x80\x81\x0e\xa1\xba\x7fP<\xc6b/\xef\b\x00\x00\x00\x00\x00\x00\x00\xa9\x1e\xb4\xab\x94\xdd\x99\x98\x7f\xf4\xf3\x04\xe2\xd7!w\x81V\xba\xca\x1d\xb3}n\x1f\x81iN\x9f\xfe*\xe6\xce\xb74\x86\xfe\xb9\x178(\x84al\xd3F5', 0x42) (async) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000ec0)=""/4096, 0x1000) 336.69356ms ago: executing program 2 (id=3825): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x25c, 0x8000000000df, 0x9b72, 0xffffffffffffffff, 0x808000) r1 = io_uring_setup$auto(0x401, 0x0) r2 = syz_clone(0x5c090100, 0x0, 0xffffffffffffff21, 0x0, 0x0, 0x0) r3 = getsockopt$auto(r0, 0x84, 0x81, 0x0, 0x0) mmap$auto(0x0, 0x0, 0x0, 0x8004000eb4, 0x401, 0x8000) r4 = openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto(r5, 0x4509, 0xffffffffffffffff) mmap$auto(0x0, 0x7, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r6 = socket(0xa, 0x1, 0x84) ioctl$auto_SNDRV_PCM_IOCTL_UNLINK(r1, 0x4161, 0x0) r7 = getsockopt$auto(r6, 0x84, 0x80, 0x0, &(0x7f00000000c0)=0x97) write$auto_dev_fops_plock(r4, &(0x7f0000000740)="cacbc35874f3520ede8ad842e90500ae67af5c4b22cd56582e0f3d8bc5c5f248d71a9dea75b359f918bd7aa8c9691bba9d686ef9a6ca1081bfbb40e2ea75159b", 0x40) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r8 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x1c9802, 0x0) pread64$auto(r8, &(0x7f0000000380)='/proc/scsi/sg/devices\x00', 0x100000001, 0x100) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_TX_TS(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000180)=ANY=[@ANYRES64=r7, @ANYRES32=r2, @ANYRESHEX=r8, @ANYRESOCT=r0], 0x108}}, 0x40010) close_range$auto(r0, r1, 0x0) r9 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty32\x00', 0x800, 0x0) ioctl$auto(r9, 0x4b4b, r9) mmap$auto(0xfffffffffffffffc, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) bpf$auto_BPF_PROG_LOAD(0x5, 0x0, 0x3ff) r10 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_VFIO_IOMMU_MAP_DMA(r10, 0x3b71, 0x0) mincore$auto(0x1000, 0x8001, 0x0) fsconfig$auto_XFS_DAX_ALWAYS(r0, 0x10, &(0x7f0000000040)='#\xb0:]\x00', &(0x7f00000003c0)="c960ecac1a2713a967dcb7e65ec47455520283db68e8d46b0798cba8ab8f31e9fc9855e53a5027d26e8ba168dbdb8f9fcca3be6230daa2d04f9db4f276a698ecf1bda0754b356e5611a1656f8dc215eac3007e0823b08936914f6f35d63224e97058b6c287778710ab3590eef0b2fc6daf8f09d932d5dbc6e2770f9336e9acb3f9dfc443fc04c8c74ed3e8b6165578c4cd38a707235c4c9e8e5009bea0938a6eb517c001cdeaf6e78c0024a4410a51f3a34ce271780004a52f4145b1e4b58a03be2f37a9aed5496d12b42e2e9e38853d633fd54a8072374eb8983a4ffa53c5053fa978", 0x1) 217.30606ms ago: executing program 0 (id=3826): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty1\x00', 0x40, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/meminfo\x00', 0x28c40, 0x0) pipe2$auto(0x0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) shmctl$auto_IPC_SET(0xa4, 0x1, &(0x7f00000001c0)={{0x6, 0xffffffffffffffff, 0xffffffffffffffff, 0x9613, 0x4, 0xb, 0x4}, 0xfffffffd, 0x6, 0x4a, 0x484, @raw=0xc6d1, @raw=0xfffffffe, 0x6, 0x0, &(0x7f00000000c0)="62799439c26414b19d", &(0x7f0000000100)="cc9d242aadc978fdcc1907d97314722d2ba29bb657e72c32d1363ed47940a3749252224e0b7bc060f7d7"}) sendmsg$auto_NL80211_CMD_SET_MAC_ACL(r1, &(0x7f0000000740)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000700)={&(0x7f0000000440)={0x2ac, r3, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_ROAM_SUPPORT={0x4}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0x2c8}, @NL80211_ATTR_MNTR_FLAGS={0x36, 0x17, "d437a36d37277b4dcdb9c4e480aafb898c245ec1cc52843b3fa81ddab6bad6551eca63b06cb9a28d65527ba9d19710654371"}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x4e21}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x7}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x5}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'team_slave_1\x00'}, @NL80211_ATTR_SCAN_FREQUENCIES={0x227, 0x2c, 0x0, 0x1, [@generic="e4b57f5930421304f98a8a92492a44161cc9b48752e0cfad811853e9f4d1abc327b7e3f522dca16c701c00bbc939977eaca709ba6f91c99fd6bb9b", @nested={0x1e5, 0x69, 0x0, 0x1, [@generic="c84b72fbb9d72ffa20fb295e6431c03ba19e019df170bba35652fcf8aaada961844961b2d6413476869af9dadc3fe67f2edf674b2eddaccdf08aa1ffc9a4222fb4aef98c0a4d02569eb4b5043d85116cd4f1d9139b6b26015516fe41b00050eb5f70d5712e8b835a5af4b31a98e75ee75a5008e25b483f898018bbc85441363faac6b2ff39529f0197ed44849699cd854d0bb8ce025501ce4bbdd5260ad060ff7c9babc6e2f53993176618aa5b73ae0b17def344ca774055baca7a2e71d632426c2addac04cef03925bbc30190e8acb07f7ea65fff2edf2c2eeefb05fb2d", @typed={0x4, 0xa9}, @typed={0x8, 0x53, 0x0, 0x0, @uid=r4}, @generic="c9dadf5cbf972e7ecfcd65368ca2f3dd2049bf1a3110b3ecd08f20efae5a3e69078d48e5ae84151ac01845f9199e4a242afb6357a12ef73031400d985700717dd7e506771330eb60018d9332a8d8c0921660716b805e9b5eaddcb7e729da04e5954456628254b208acd6a603734a6fc62e0f5189655f70608564da1f8f9c5d2f40a063e166e5618ee107d589b43e9080f9d2c8c59ed1a3b1428be468a1bf47b9bd60d63e1280bd79b20513704b08d29f0e5e1e27ac4992bc5488629d14ca327e3399bb44558a46f794ff67b891145b53013e3650a7631685a97d076a039926d4794686aff72a2bd30e4e7d5f0e0d4c0a6b881be4374e78"]}]}]}, 0x2ac}}, 0x880) 213.822913ms ago: executing program 3 (id=3827): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8002) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(0x8000000000000001, 0x26, 0x8) timer_create$auto(0x8, 0x0, 0x0) timer_settime$auto(0x0, 0xffff7ffc, &(0x7f0000000380)={{}, {0x800002000009, 0x4b}}, 0x0) timer_gettime$auto(0x0, 0x0) fcntl$auto(r0, 0x24, 0x8) r1 = fcntl$auto(0x8000000000000001, 0x26, 0x8) mmap$auto(0x1, 0x2020007, 0x100003, 0x9000000eb1, r1, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc3, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x29, 0x2, 0x9) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) listen$auto(0x3, 0x81) listen$auto(0x3, 0x81) io_uring_setup$auto(0x7, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, 0x0, 0x55) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x8640, 0x0) 17.414828ms ago: executing program 2 (id=3828): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x88010}, 0xc008081) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x1, 0x4, 0xfffffffffffffffb) prctl$auto(0x59616d61, 0x1, 0x1, 0xfffffffffffffffb, 0xffffffffffffffe5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) seccomp$auto(0x3, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x18, &(0x7f0000000380)=@bpf_attr_11={0x4, 0x9, 0x866b, 0x100005, 0x80000009, 0xfffffe01, 0xe6d9, r1}, 0x92) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card0/pcm0c/sub2/sw_params\x00', 0x44f40, 0x0) pread64$auto(r2, 0x0, 0x10001, 0x830) writev$auto(r0, &(0x7f0000000200)={0x0, 0xffc}, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) 0s ago: executing program 0 (id=3829): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) futex$auto(0x0, 0x7, 0x9, 0x0, 0x0, 0x80000001) r0 = socket(0x18, 0x5, 0x0) r1 = bpf$auto(0xb, 0x0, 0x93) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(0xffffffffffffffff, 0x1, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_TTSTAMP(r1, 0x40044103, &(0x7f0000000000)=0x9) r2 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cpuinfo\x00', 0x0, 0x0) preadv$auto(r2, &(0x7f0000009180)={0x0, 0x80000000}, 0x26, 0x4f9, 0x2) r3 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, 0x0) getpgid(0x0) r4 = ioctl$auto_dma_heap_fops_dma_heap(r3, 0xffffffffffdffe00, &(0x7f0000000140)=';') ioctl$auto(0x3, 0x40046201, 0x38) shmctl$auto_SHM_INFO(0x97f6, 0xe, 0x0) r5 = openat$dir(0xffffffffffffff9c, 0x0, 0x40342, 0x22) utimensat$auto(r5, 0x0, 0x0, 0x1000) r6 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x81800, 0x0) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r6, 0x0, 0x800) syz_genetlink_get_family_id$auto_nl80211(0x0, r6) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x40086201, 0x0) kernel console output (not intermixed with test programs): T11807] [U] [ 380.548992][T11807] [U] [ 380.551676][T11807] [U] [ 380.554345][T11807] [U] [ 381.303463][T11813] [U] [ 382.266246][T11834] MTRR 1 not used [ 382.340241][ T29] audit: type=1804 audit(1775424668.340:7): pid=11845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1347" name=2F6E6577726F6F742F3337302F3C6B65726E656C3E2050524F46494C455F56455253494F4E3D32303135303530350A3C6B65726E656C3E20302D434F4D4D454E543D0A3C6B65726E656C3E20302D505245464552454E43453D7B206D61785F61756469745F6C6F673D3332206D61785F6C6561726E696E675F656E7472793D3634207D0A3C6B65726E656C3E20302D434F4E4649473D7B206D6F64653D6C6561726E696E67206772616E745F6C6F673D6E6F2072656A6563745F6C6F673D796573207D0A3C3E3E2050524F46494C455F56455253494F4E3D32303135303530350A dev="tmpfs" ino=1932 res=1 errno=0 [ 382.924163][T11824] kexec: Could not allocate control_code_buffer [ 383.049946][T11843] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 383.070557][T11843] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 383.091944][T11843] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 383.115992][T11843] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 384.328044][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 384.486776][T11870] [U] [ 384.489504][T11870] [U] [ 384.492175][T11870] [U] [ 384.494843][T11870] [U] [ 384.980358][T11870] [U] [ 384.983093][T11870] [U] [ 384.985763][T11870] [U] [ 384.988433][T11870] [U] [ 385.130012][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 385.136046][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 385.142788][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 385.712866][T11884] usb usb4: usbfs: process 11884 (syz.3.1354) did not claim interface 0 before use [ 385.857341][T11870] [U] [ 385.860044][T11870] [U] [ 385.862713][T11870] [U] [ 385.865379][T11870] [U] [ 386.350817][T11870] [U] [ 388.659560][T11950] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1370'. [ 388.827369][T11955] FAULT_INJECTION: forcing a failure. [ 388.827369][T11955] name fail_futex, interval 1, probability 0, space 0, times 0 [ 388.886807][T11955] CPU: 0 UID: 0 PID: 11955 Comm: syz.1.1371 Tainted: G U L syzkaller #0 PREEMPT(full) [ 388.886834][T11955] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 388.886839][T11955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 388.886848][T11955] Call Trace: [ 388.886853][T11955] [ 388.886859][T11955] dump_stack_lvl+0x100/0x190 [ 388.886886][T11955] should_fail_ex.cold+0x5/0xa [ 388.886905][T11955] get_futex_key+0x1d2/0x1620 [ 388.886926][T11955] ? __pfx_get_futex_key+0x10/0x10 [ 388.886943][T11955] ? do_syscall_64+0x106/0xf80 [ 388.886965][T11955] futex_wake+0xea/0x530 [ 388.886989][T11955] ? __pfx_futex_wake+0x10/0x10 [ 388.887013][T11955] ? __lock_acquire+0x4a5/0x2630 [ 388.887037][T11955] do_futex+0x32b/0x350 [ 388.887056][T11955] ? __pfx_do_futex+0x10/0x10 [ 388.887076][T11955] ? find_held_lock+0x2b/0x80 [ 388.887093][T11955] __x64_sys_futex+0x34f/0x4d0 [ 388.887115][T11955] ? __pfx___x64_sys_futex+0x10/0x10 [ 388.887135][T11955] ? safesetid_task_fix_setgid+0x70/0x220 [ 388.887163][T11955] do_syscall_64+0x106/0xf80 [ 388.887178][T11955] ? clear_bhb_loop+0x40/0x90 [ 388.887195][T11955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.887210][T11955] RIP: 0033:0x7fe67059c819 [ 388.887223][T11955] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 388.887237][T11955] RSP: 002b:00007fe6714160e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 388.887251][T11955] RAX: ffffffffffffffda RBX: 00007fe670816098 RCX: 00007fe67059c819 [ 388.887261][T11955] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe67081609c [ 388.887269][T11955] RBP: 00007fe670816090 R08: 0000000000000000 R09: 0000000000000000 [ 388.887278][T11955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.887286][T11955] R13: 00007fe670816128 R14: 00007fff325131f0 R15: 00007fff325132d8 [ 388.887305][T11955] [ 392.929983][T11980] zswap: compressor 000 not available [ 395.490158][T12011] [U] [ 395.492864][T12011] [U] [ 395.495534][T12011] [U] [ 395.498201][T12011] [U] [ 396.282042][T12011] [U] [ 396.284754][T12011] [U] [ 396.287427][T12011] [U] [ 396.290093][T12011] [U] [ 396.508029][T12020] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1383'. [ 396.739516][T12011] [U] [ 396.742219][T12011] [U] [ 396.744890][T12011] [U] [ 396.747562][T12011] [U] [ 397.164232][T12011] [U] [ 397.166946][T12011] [U] [ 397.169616][T12011] [U] [ 397.172284][T12011] [U] [ 397.204440][T12020] vlan1: entered promiscuous mode [ 397.220765][T12020] vlan1: entered allmulticast mode [ 397.489176][T12020] veth0_vlan: entered allmulticast mode [ 397.495667][T12011] [U] [ 397.498355][T12011] [U] [ 397.501024][T12011] [U] [ 397.503690][T12011] [U] [ 397.541684][T12028] futex_wake_op: syz.1.1385 tries to shift op by -2048; fix this program [ 397.881007][T12011] [U] [ 398.061888][T12032] vcan0: tx drop: invalid da for name 0x000000000000efff [ 398.080801][T12035] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 399.066468][T12044] [U] [ 399.069183][T12044] [U] [ 399.071854][T12044] [U] [ 399.074521][T12044] [U] [ 399.656360][T12044] [U] [ 399.659067][T12044] [U] [ 399.661749][T12044] [U] [ 399.664417][T12044] [U] [ 399.902834][T12044] [U] [ 401.364509][T12102] random: crng reseeded on system resumption [ 403.389053][T12149] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1415'. [ 406.721546][T12208] [U] [ 406.724261][T12208] [U] [ 406.726935][T12208] [U] [ 406.729603][T12208] [U] [ 407.073136][T12216] tipc: Started in network mode [ 407.114596][T12208] [U] [ 407.117294][T12208] [U] [ 407.119963][T12208] [U] [ 407.122629][T12208] [U] [ 407.159467][T12216] tipc: Node identity ffffffff, cluster identity 4711 [ 407.188285][T12216] tipc: Node number set to 4294967295 [ 407.207432][T12208] [U] [ 407.210151][T12208] [U] [ 407.212826][T12208] [U] [ 407.215499][T12208] [U] [ 407.700002][T12208] [U] [ 407.702709][T12208] [U] [ 407.705377][T12208] [U] [ 407.708045][T12208] [U] [ 408.019371][T12208] [U] [ 408.022078][T12208] [U] [ 408.024748][T12208] [U] [ 408.027418][T12208] [U] [ 408.092221][T12226] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 408.211661][T12208] [U] [ 408.214897][T12226] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 408.243129][T12226] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 408.301108][T12226] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 409.470721][T12275] FAULT_INJECTION: forcing a failure. [ 409.470721][T12275] name failslab, interval 1, probability 0, space 0, times 0 [ 409.569900][T12275] CPU: 0 UID: 0 PID: 12275 Comm: syz.1.1445 Tainted: G U L syzkaller #0 PREEMPT(full) [ 409.569926][T12275] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 409.569931][T12275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 409.569940][T12275] Call Trace: [ 409.569945][T12275] [ 409.569950][T12275] dump_stack_lvl+0x100/0x190 [ 409.569977][T12275] should_fail_ex.cold+0x5/0xa [ 409.569995][T12275] ? tomoyo_realpath_from_path+0xb6/0x690 [ 409.570017][T12275] should_failslab+0xc2/0x120 [ 409.570034][T12275] __kmalloc_noprof+0xe0/0x850 [ 409.570061][T12275] tomoyo_realpath_from_path+0xb6/0x690 [ 409.570086][T12275] tomoyo_path_number_perm+0x23c/0x580 [ 409.570104][T12275] ? tomoyo_path_number_perm+0x22e/0x580 [ 409.570123][T12275] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 409.570165][T12275] ? find_held_lock+0x2b/0x80 [ 409.570179][T12275] ? __fget_files+0x215/0x3d0 [ 409.570193][T12275] ? hook_file_ioctl_common+0x146/0x410 [ 409.570215][T12275] ? __fget_files+0x21f/0x3d0 [ 409.570233][T12275] security_file_ioctl+0xd3/0x230 [ 409.570252][T12275] __x64_sys_ioctl+0xb7/0x210 [ 409.570277][T12275] do_syscall_64+0x106/0xf80 [ 409.570292][T12275] ? clear_bhb_loop+0x40/0x90 [ 409.570310][T12275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.570325][T12275] RIP: 0033:0x7fe67059c819 [ 409.570338][T12275] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 409.570352][T12275] RSP: 002b:00007fe671437028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 409.570366][T12275] RAX: ffffffffffffffda RBX: 00007fe670815fa0 RCX: 00007fe67059c819 [ 409.570376][T12275] RDX: 0000000000000000 RSI: 0000000040086201 RDI: 0000000000000003 [ 409.570384][T12275] RBP: 00007fe671437090 R08: 0000000000000000 R09: 0000000000000000 [ 409.570392][T12275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.570401][T12275] R13: 00007fe670816038 R14: 00007fe670815fa0 R15: 00007fff325132d8 [ 409.570420][T12275] [ 409.570444][T12275] ERROR: Out of memory at tomoyo_realpath_from_path. [ 410.111433][T12288] FAULT_INJECTION: forcing a failure. [ 410.111433][T12288] name failslab, interval 1, probability 0, space 0, times 0 [ 410.135619][T12296] [U] [ 410.138314][T12296] [U] [ 410.140984][T12296] [U] [ 410.143658][T12296] [U] [ 410.170941][T11882] Bluetooth: hci0: command 0x0c1a tx timeout [ 410.270007][T12288] CPU: 0 UID: 0 PID: 12288 Comm: syz.2.1449 Tainted: G U L syzkaller #0 PREEMPT(full) [ 410.270033][T12288] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 410.270038][T12288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 410.270047][T12288] Call Trace: [ 410.270052][T12288] [ 410.270058][T12288] dump_stack_lvl+0x100/0x190 [ 410.270084][T12288] should_fail_ex.cold+0x5/0xa [ 410.270102][T12288] should_failslab+0xc2/0x120 [ 410.270119][T12288] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 410.270143][T12288] ? __d_alloc+0x34/0xa80 [ 410.270160][T12288] ? security_inode_alloc+0xcf/0x2c0 [ 410.270180][T12288] __d_alloc+0x34/0xa80 [ 410.270195][T12288] ? __ns_ref_active_get+0x9f/0x1b0 [ 410.270216][T12288] path_from_stashed+0x427/0x750 [ 410.270233][T12288] ? do_raw_spin_unlock+0x145/0x1e0 [ 410.270259][T12288] ns_get_path+0x60/0x80 [ 410.270275][T12288] proc_ns_get_link+0x121/0x230 [ 410.270298][T12288] ? __pfx_proc_ns_get_link+0x10/0x10 [ 410.270321][T12288] ? atime_needs_update+0x8b/0x6b0 [ 410.270344][T12288] pick_link+0xd17/0x13c0 [ 410.270366][T12288] ? __pfx_proc_ns_get_link+0x10/0x10 [ 410.270390][T12288] step_into_slowpath+0x9ba/0xf90 [ 410.270416][T12288] ? __pfx_step_into_slowpath+0x10/0x10 [ 410.270438][T12288] ? find_held_lock+0x2b/0x80 [ 410.270459][T12288] path_openat+0xf95/0x31a0 [ 410.270481][T12288] ? __pfx_path_openat+0x10/0x10 [ 410.270503][T12288] do_file_open+0x20e/0x430 [ 410.270521][T12288] ? __pfx_do_file_open+0x10/0x10 [ 410.270550][T12288] ? alloc_fd+0x476/0x790 [ 410.270567][T12288] ? do_getname+0x191/0x390 [ 410.270606][T12288] do_sys_openat2+0x10d/0x1e0 [ 410.270627][T12288] ? __pfx_do_sys_openat2+0x10/0x10 [ 410.270648][T12288] ? rcu_is_watching+0x12/0xc0 [ 410.270676][T12288] __x64_sys_openat+0x12d/0x210 [ 410.270697][T12288] ? __pfx___x64_sys_openat+0x10/0x10 [ 410.270724][T12288] do_syscall_64+0x106/0xf80 [ 410.270740][T12288] ? clear_bhb_loop+0x40/0x90 [ 410.270757][T12288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.270772][T12288] RIP: 0033:0x7f233775d04e [ 410.270785][T12288] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 410.270799][T12288] RSP: 002b:00007f23385e2ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 410.270813][T12288] RAX: ffffffffffffffda RBX: 00007f23385e36c0 RCX: 00007f233775d04e [ 410.270823][T12288] RDX: 0000000000000002 RSI: 00007f23385e2f90 RDI: ffffffffffffff9c [ 410.270832][T12288] RBP: 00007f2337832c91 R08: 0000000000000000 R09: 0000000000000000 [ 410.270841][T12288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.270849][T12288] R13: 00007f2337a16218 R14: 00007f2337a16180 R15: 00007ffe05adb448 [ 410.270868][T12288] [ 410.679296][T11882] Bluetooth: hci3: command 0x0c1a tx timeout [ 410.685384][T11882] Bluetooth: hci2: command 0x0c1a tx timeout [ 410.691406][T11882] Bluetooth: hci1: command 0x0c1a tx timeout [ 410.766168][T12296] [U] [ 410.768871][T12296] [U] [ 410.771542][T12296] [U] [ 410.774209][T12296] [U] [ 410.777024][T12296] [U] [ 410.779694][T12296] [U] [ 410.782361][T12296] [U] [ 410.785029][T12296] [U] [ 410.787943][T12296] [U] [ 410.790616][T12296] [U] [ 410.793285][T12296] [U] [ 410.795950][T12296] [U] [ 410.798750][T12296] [U] [ 410.801423][T12296] [U] [ 410.804090][T12296] [U] [ 410.806757][T12296] [U] [ 410.809596][T12296] [U] [ 410.812271][T12296] [U] [ 410.814937][T12296] [U] [ 410.817601][T12296] [U] [ 411.019794][T12296] [U] [ 411.022508][T12296] [U] [ 411.025177][T12296] [U] [ 411.027844][T12296] [U] [ 411.088363][T12296] [U] [ 411.091069][T12296] [U] [ 411.093739][T12296] [U] [ 411.096407][T12296] [U] [ 411.111526][T12296] [U] [ 411.114218][T12296] [U] [ 411.116893][T12296] [U] [ 411.119560][T12296] [U] [ 411.183204][T12296] [U] [ 411.185898][T12296] [U] [ 411.188569][T12296] [U] [ 411.191237][T12296] [U] [ 411.201543][T12296] [U] [ 411.204229][T12296] [U] [ 411.206896][T12296] [U] [ 411.209562][T12296] [U] [ 411.268128][T12307] FAULT_INJECTION: forcing a failure. [ 411.268128][T12307] name failslab, interval 1, probability 0, space 0, times 0 [ 411.281195][T12296] [U] [ 411.283880][T12296] [U] [ 411.286547][T12296] [U] [ 411.289238][T12296] [U] [ 411.302315][T12307] CPU: 0 UID: 0 PID: 12307 Comm: syz.1.1451 Tainted: G U L syzkaller #0 PREEMPT(full) [ 411.302341][T12307] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 411.302346][T12307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 411.302356][T12307] Call Trace: [ 411.302360][T12307] [ 411.302366][T12307] dump_stack_lvl+0x100/0x190 [ 411.302394][T12307] should_fail_ex.cold+0x5/0xa [ 411.302413][T12307] should_failslab+0xc2/0x120 [ 411.302430][T12307] __kmalloc_cache_noprof+0x7a/0x6f0 [ 411.302449][T12307] ? sctp_endpoint_new+0xfc/0xb20 [ 411.302477][T12307] sctp_endpoint_new+0xfc/0xb20 [ 411.302495][T12307] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 411.302510][T12307] ? lockdep_init_map_type+0x5c/0x250 [ 411.302532][T12307] ? lockdep_init_map_type+0x5c/0x250 [ 411.302551][T12307] ? lockdep_init_map_type+0x5c/0x250 [ 411.302571][T12307] ? lockdep_init_map_type+0x5c/0x250 [ 411.302593][T12307] sctp_init_sock+0xe2b/0x1300 [ 411.302607][T12307] ? __pfx_sctp_init_sock+0x10/0x10 [ 411.302622][T12307] inet_create+0x94c/0x1060 [ 411.302642][T12307] ? inet_create+0x94/0x1060 [ 411.302663][T12307] __sock_create+0x339/0x860 [ 411.302687][T12307] __sys_socket+0x14d/0x260 [ 411.302707][T12307] ? __pfx___sys_socket+0x10/0x10 [ 411.302731][T12307] __x64_sys_socket+0x72/0xb0 [ 411.302749][T12307] ? lockdep_hardirqs_on+0x78/0x100 [ 411.302764][T12307] do_syscall_64+0x106/0xf80 [ 411.302778][T12307] ? clear_bhb_loop+0x40/0x90 [ 411.302796][T12307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.302810][T12307] RIP: 0033:0x7fe67059c819 [ 411.302823][T12307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 411.302837][T12307] RSP: 002b:00007fe671437028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 411.302851][T12307] RAX: ffffffffffffffda RBX: 00007fe670815fa0 RCX: 00007fe67059c819 [ 411.302861][T12307] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002 [ 411.302869][T12307] RBP: 00007fe670632c91 R08: 0000000000000000 R09: 0000000000000000 [ 411.302878][T12307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.302886][T12307] R13: 00007fe670816038 R14: 00007fe670815fa0 R15: 00007fff325132d8 [ 411.302905][T12307] [ 411.891971][T12296] [U] [ 411.894680][T12296] [U] [ 411.897347][T12296] [U] [ 411.900013][T12296] [U] [ 411.921937][T12296] [U] [ 411.924632][T12296] [U] [ 411.927300][T12296] [U] [ 411.929989][T12296] [U] [ 411.938533][T12296] [U] [ 411.941222][T12296] [U] [ 411.943891][T12296] [U] [ 411.946556][T12296] [U] [ 411.971697][T12296] [U] [ 411.974391][T12296] [U] [ 411.977063][T12296] [U] [ 411.979731][T12296] [U] [ 411.991987][T12296] [U] [ 411.994671][T12296] [U] [ 411.997337][T12296] [U] [ 412.000018][T12296] [U] [ 412.012115][T12296] [U] [ 412.014804][T12296] [U] [ 412.017494][T12296] [U] [ 412.020162][T12296] [U] [ 412.037737][T12296] [U] [ 412.040448][T12296] [U] [ 412.043118][T12296] [U] [ 412.045783][T12296] [U] [ 412.060685][T12296] [U] [ 412.063374][T12296] [U] [ 412.066046][T12296] [U] [ 412.068712][T12296] [U] [ 412.094131][T12296] [U] [ 412.096818][T12296] [U] [ 412.099486][T12296] [U] [ 412.102151][T12296] [U] [ 412.112036][T12296] [U] [ 412.114720][T12296] [U] [ 412.117391][T12296] [U] [ 412.120062][T12296] [U] [ 412.592244][T12296] [U] [ 413.043306][T12323] netlink: 'syz.1.1454': attribute type 2 has an invalid length. [ 413.068797][T12323] netlink: 'syz.1.1454': attribute type 3 has an invalid length. [ 413.102296][T12323] netlink: 158 bytes leftover after parsing attributes in process `syz.1.1454'. [ 413.131076][T12323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1454'. [ 413.831872][T12345] FAULT_INJECTION: forcing a failure. [ 413.831872][T12345] name failslab, interval 1, probability 0, space 0, times 0 [ 413.910261][T12345] CPU: 0 UID: 0 PID: 12345 Comm: syz.2.1459 Tainted: G U L syzkaller #0 PREEMPT(full) [ 413.910287][T12345] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 413.910293][T12345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 413.910302][T12345] Call Trace: [ 413.910307][T12345] [ 413.910312][T12345] dump_stack_lvl+0x100/0x190 [ 413.910339][T12345] should_fail_ex.cold+0x5/0xa [ 413.910357][T12345] ? tomoyo_encode2+0xfb/0x3c0 [ 413.910377][T12345] should_failslab+0xc2/0x120 [ 413.910394][T12345] __kmalloc_noprof+0xe0/0x850 [ 413.910422][T12345] tomoyo_encode2+0xfb/0x3c0 [ 413.910445][T12345] tomoyo_encode+0x29/0x50 [ 413.910465][T12345] tomoyo_realpath_from_path+0x18c/0x690 [ 413.910491][T12345] tomoyo_path_number_perm+0x23c/0x580 [ 413.910508][T12345] ? tomoyo_path_number_perm+0x22e/0x580 [ 413.910528][T12345] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 413.910568][T12345] ? find_held_lock+0x2b/0x80 [ 413.910582][T12345] ? __fget_files+0x215/0x3d0 [ 413.910596][T12345] ? hook_file_ioctl_common+0x146/0x410 [ 413.910619][T12345] ? __fget_files+0x21f/0x3d0 [ 413.910636][T12345] security_file_ioctl+0xd3/0x230 [ 413.910656][T12345] __x64_sys_ioctl+0xb7/0x210 [ 413.910680][T12345] do_syscall_64+0x106/0xf80 [ 413.910695][T12345] ? clear_bhb_loop+0x40/0x90 [ 413.910713][T12345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.910728][T12345] RIP: 0033:0x7f233779c819 [ 413.910741][T12345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 413.910755][T12345] RSP: 002b:00007f2338625028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 413.910770][T12345] RAX: ffffffffffffffda RBX: 00007f2337a15fa0 RCX: 00007f233779c819 [ 413.910779][T12345] RDX: 0000000000000000 RSI: 0000000040086201 RDI: 0000000000000003 [ 413.910788][T12345] RBP: 00007f2338625090 R08: 0000000000000000 R09: 0000000000000000 [ 413.910796][T12345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 413.910805][T12345] R13: 00007f2337a16038 R14: 00007f2337a15fa0 R15: 00007ffe05adb448 [ 413.910824][T12345] [ 413.910854][T12345] ERROR: Out of memory at tomoyo_realpath_from_path. [ 414.261830][T12351] random: crng reseeded on system resumption [ 415.010794][T12365] netlink: 'syz.0.1464': attribute type 2 has an invalid length. [ 415.060866][T12365] netlink: 'syz.0.1464': attribute type 3 has an invalid length. [ 415.103512][T12365] netlink: 158 bytes leftover after parsing attributes in process `syz.0.1464'. [ 415.133485][T12365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1464'. [ 415.619739][T12385] vivid-007: ================= START STATUS ================= [ 415.679504][T12385] vivid-007: Generate PTS: true [ 415.707858][T12385] vivid-007: Generate SCR: true [ 415.734946][T12385] tpg source WxH: 320x240 (Y'CbCr) [ 415.768132][T12385] tpg field: 1 [ 415.806950][T12385] tpg crop: (0,0)/320x240 [ 415.830804][T12385] tpg compose: (0,0)/320x240 [ 415.854805][T12385] tpg colorspace: 8 [ 415.885629][T12385] tpg transfer function: 0/0 [ 415.925418][T12385] tpg Y'CbCr encoding: 0/0 [ 415.943322][T12385] tpg quantization: 0/0 [ 415.965654][T12385] tpg RGB range: 0/2 [ 415.980836][T12385] vivid-007: ================== END STATUS ================== [ 416.695478][T12409] FAULT_INJECTION: forcing a failure. [ 416.695478][T12409] name failslab, interval 1, probability 0, space 0, times 0 [ 416.820901][T12409] CPU: 0 UID: 0 PID: 12409 Comm: syz.0.1472 Tainted: G U L syzkaller #0 PREEMPT(full) [ 416.820934][T12409] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 416.820940][T12409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 416.820950][T12409] Call Trace: [ 416.820955][T12409] [ 416.820961][T12409] dump_stack_lvl+0x100/0x190 [ 416.820989][T12409] should_fail_ex.cold+0x5/0xa [ 416.821008][T12409] should_failslab+0xc2/0x120 [ 416.821025][T12409] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 416.821049][T12409] ? proc_alloc_inode+0x25/0x200 [ 416.821073][T12409] ? __pfx_proc_alloc_inode+0x10/0x10 [ 416.821095][T12409] proc_alloc_inode+0x25/0x200 [ 416.821116][T12409] alloc_inode+0x68/0x250 [ 416.821136][T12409] new_inode+0x22/0x1c0 [ 416.821158][T12409] proc_pid_make_inode+0x22/0x160 [ 416.821180][T12409] proc_pident_instantiate+0x85/0x310 [ 416.821204][T12409] proc_pident_lookup+0x1e3/0x270 [ 416.821230][T12409] __lookup_slow+0x251/0x460 [ 416.821251][T12409] ? __pfx___lookup_slow+0x10/0x10 [ 416.821287][T12409] lookup_slow+0x50/0x70 [ 416.821306][T12409] link_path_walk+0x1377/0x1cc0 [ 416.821336][T12409] path_openat+0x1be/0x31a0 [ 416.821350][T12409] ? kasan_save_stack+0x3f/0x50 [ 416.821363][T12409] ? kasan_save_stack+0x30/0x50 [ 416.821376][T12409] ? kasan_save_track+0x14/0x30 [ 416.821389][T12409] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 416.821416][T12409] ? __pfx_path_openat+0x10/0x10 [ 416.821439][T12409] do_file_open+0x20e/0x430 [ 416.821456][T12409] ? __pfx_do_file_open+0x10/0x10 [ 416.821479][T12409] ? __pfx_kfree_link+0x10/0x10 [ 416.821505][T12409] ? alloc_fd+0x476/0x790 [ 416.821522][T12409] ? do_getname+0x191/0x390 [ 416.821543][T12409] do_sys_openat2+0x10d/0x1e0 [ 416.821563][T12409] ? __pfx_do_sys_openat2+0x10/0x10 [ 416.821590][T12409] __x64_sys_openat+0x12d/0x210 [ 416.821611][T12409] ? __pfx___x64_sys_openat+0x10/0x10 [ 416.821638][T12409] do_syscall_64+0x106/0xf80 [ 416.821653][T12409] ? clear_bhb_loop+0x40/0x90 [ 416.821671][T12409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.821686][T12409] RIP: 0033:0x7f343a95d04e [ 416.821700][T12409] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 416.821714][T12409] RSP: 002b:00007f3438bf5ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 416.821729][T12409] RAX: ffffffffffffffda RBX: 00007f3438bf66c0 RCX: 00007f343a95d04e [ 416.821739][T12409] RDX: 0000000000000002 RSI: 00007f3438bf5f90 RDI: ffffffffffffff9c [ 416.821748][T12409] RBP: 00007f343aa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 416.821757][T12409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 416.821765][T12409] R13: 00007f343ac16128 R14: 00007f343ac16090 R15: 00007ffe1f861ef8 [ 416.821786][T12409] [ 417.589688][T12417] FAULT_INJECTION: forcing a failure. [ 417.589688][T12417] name failslab, interval 1, probability 0, space 0, times 0 [ 417.678498][T12417] CPU: 0 UID: 0 PID: 12417 Comm: syz.1.1475 Tainted: G U L syzkaller #0 PREEMPT(full) [ 417.678528][T12417] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 417.678534][T12417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 417.678542][T12417] Call Trace: [ 417.678547][T12417] [ 417.678553][T12417] dump_stack_lvl+0x100/0x190 [ 417.678579][T12417] should_fail_ex.cold+0x5/0xa [ 417.678597][T12417] should_failslab+0xc2/0x120 [ 417.678614][T12417] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 417.678639][T12417] ? __alloc_skb+0x140/0x710 [ 417.678664][T12417] __alloc_skb+0x140/0x710 [ 417.678685][T12417] ? __alloc_skb+0x5b7/0x710 [ 417.678706][T12417] ? __pfx___alloc_skb+0x10/0x10 [ 417.678728][T12417] ? idr_get_next+0xec/0x150 [ 417.678743][T12417] ? __pfx_idr_get_next+0x10/0x10 [ 417.678759][T12417] ctrl_build_family_msg+0x36/0xa0 [ 417.678780][T12417] ctrl_getfamily+0x361/0x550 [ 417.678799][T12417] ? __pfx_ctrl_getfamily+0x10/0x10 [ 417.678823][T12417] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 417.678842][T12417] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 417.678865][T12417] genl_family_rcv_msg_doit+0x214/0x300 [ 417.678885][T12417] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 417.678903][T12417] ? genl_get_cmd+0x3ef/0x720 [ 417.678924][T12417] ? __dev_queue_xmit+0x5af/0x4800 [ 417.678944][T12417] ? __radix_tree_lookup+0x217/0x2b0 [ 417.678969][T12417] genl_rcv_msg+0x560/0x800 [ 417.678989][T12417] ? __pfx_genl_rcv_msg+0x10/0x10 [ 417.679007][T12417] ? __pfx_ctrl_getfamily+0x10/0x10 [ 417.679032][T12417] netlink_rcv_skb+0x159/0x420 [ 417.679048][T12417] ? __pfx_genl_rcv_msg+0x10/0x10 [ 417.679067][T12417] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 417.679091][T12417] ? netlink_deliver_tap+0x1ae/0xcc0 [ 417.679108][T12417] genl_rcv+0x28/0x40 [ 417.679123][T12417] netlink_unicast+0x5aa/0x870 [ 417.679142][T12417] ? __pfx_netlink_unicast+0x10/0x10 [ 417.679164][T12417] netlink_sendmsg+0x8b0/0xda0 [ 417.679183][T12417] ? __pfx_netlink_sendmsg+0x10/0x10 [ 417.679201][T12417] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 417.679220][T12417] __sys_sendto+0x468/0x4b0 [ 417.679240][T12417] ? __pfx_netlink_sendmsg+0x10/0x10 [ 417.679257][T12417] ? __pfx___sys_sendto+0x10/0x10 [ 417.679284][T12417] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 417.679300][T12417] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 417.679329][T12417] __x64_sys_sendto+0xe0/0x1c0 [ 417.679350][T12417] ? do_syscall_64+0x95/0xf80 [ 417.679365][T12417] ? lockdep_hardirqs_on+0x78/0x100 [ 417.679380][T12417] do_syscall_64+0x106/0xf80 [ 417.679394][T12417] ? clear_bhb_loop+0x40/0x90 [ 417.679413][T12417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.679427][T12417] RIP: 0033:0x7fe67055d04e [ 417.679440][T12417] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 417.679455][T12417] RSP: 002b:00007fe671414e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 417.679469][T12417] RAX: ffffffffffffffda RBX: 00007fe6714166c0 RCX: 00007fe67055d04e [ 417.679478][T12417] RDX: 0000000000000020 RSI: 00007fe671415000 RDI: 0000000000000089 [ 417.679487][T12417] RBP: 0000000000000000 R08: 00007fe671414f04 R09: 000000000000000c [ 417.679495][T12417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000089 [ 417.679504][T12417] R13: 00007fe671414f58 R14: 00007fe671415000 R15: 0000000000000000 [ 417.679523][T12417] [ 419.750913][T12437] ubi31: attaching mtd0 [ 419.842053][T12437] ubi31: scanning is finished [ 419.883903][T12437] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 420.628280][T12454] FAULT_INJECTION: forcing a failure. [ 420.628280][T12454] name failslab, interval 1, probability 0, space 0, times 0 [ 420.628334][T12454] CPU: 0 UID: 0 PID: 12454 Comm: syz.1.1483 Tainted: G U L syzkaller #0 PREEMPT(full) [ 420.628358][T12454] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 420.628363][T12454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 420.628372][T12454] Call Trace: [ 420.628377][T12454] [ 420.628383][T12454] dump_stack_lvl+0x100/0x190 [ 420.628410][T12454] should_fail_ex.cold+0x5/0xa [ 420.628430][T12454] should_failslab+0xc2/0x120 [ 420.628447][T12454] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 420.628471][T12454] ? mqueue_alloc_inode+0x25/0x50 [ 420.628484][T12454] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 420.628505][T12454] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 420.628528][T12454] mqueue_alloc_inode+0x25/0x50 [ 420.628542][T12454] alloc_inode+0x68/0x250 [ 420.628563][T12454] new_inode+0x22/0x1c0 [ 420.628585][T12454] mqueue_get_inode+0x2e/0xe00 [ 420.628609][T12454] ? sget_fc+0x801/0xc70 [ 420.628633][T12454] ? __pfx_mqueue_fill_super+0x10/0x10 [ 420.628655][T12454] mqueue_fill_super+0x14d/0x260 [ 420.628670][T12454] get_tree_nodev+0xdd/0x190 [ 420.628685][T12454] mqueue_get_tree+0xf1/0x130 [ 420.628707][T12454] vfs_get_tree+0x92/0x320 [ 420.628728][T12454] fc_mount_longterm+0x1a/0x270 [ 420.628751][T12454] mq_init_ns+0x482/0x820 [ 420.628769][T12454] copy_ipcs+0x3dd/0x7e0 [ 420.628787][T12454] create_new_namespaces+0x20a/0xac0 [ 420.628804][T12454] ? security_capable+0x80/0x260 [ 420.628821][T12454] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 420.628839][T12454] ksys_unshare+0x473/0xad0 [ 420.628860][T12454] ? __pfx_ksys_unshare+0x10/0x10 [ 420.628886][T12454] __x64_sys_unshare+0x31/0x40 [ 420.628904][T12454] do_syscall_64+0x106/0xf80 [ 420.628918][T12454] ? clear_bhb_loop+0x40/0x90 [ 420.628936][T12454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.628950][T12454] RIP: 0033:0x7fe67059c819 [ 420.628963][T12454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 420.628977][T12454] RSP: 002b:00007fe6713f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 420.628992][T12454] RAX: ffffffffffffffda RBX: 00007fe670816180 RCX: 00007fe67059c819 [ 420.629002][T12454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 420.629011][T12454] RBP: 00007fe670632c91 R08: 0000000000000000 R09: 0000000000000000 [ 420.629020][T12454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.629029][T12454] R13: 00007fe670816218 R14: 00007fe670816180 R15: 00007fff325132d8 [ 420.629049][T12454] [ 420.894520][T12437] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 421.547249][T12460] FAULT_INJECTION: forcing a failure. [ 421.547249][T12460] name failslab, interval 1, probability 0, space 0, times 0 [ 421.547279][T12460] CPU: 0 UID: 0 PID: 12460 Comm: syz.3.1485 Tainted: G U L syzkaller #0 PREEMPT(full) [ 421.547303][T12460] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 421.547309][T12460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 421.547319][T12460] Call Trace: [ 421.547323][T12460] [ 421.547329][T12460] dump_stack_lvl+0x100/0x190 [ 421.547356][T12460] should_fail_ex.cold+0x5/0xa [ 421.547375][T12460] should_failslab+0xc2/0x120 [ 421.547392][T12460] __kvmalloc_node_noprof+0xfa/0xa00 [ 421.547406][T12460] ? keyctl_update_key+0xdf/0x160 [ 421.547464][T12460] keyctl_update_key+0xdf/0x160 [ 421.547481][T12460] __do_sys_keyctl+0x302/0x5a0 [ 421.547499][T12460] do_syscall_64+0x106/0xf80 [ 421.547514][T12460] ? clear_bhb_loop+0x40/0x90 [ 421.547531][T12460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.547546][T12460] RIP: 0033:0x7fd7d699c819 [ 421.547559][T12460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 421.547573][T12460] RSP: 002b:00007fd7d7860028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 421.547588][T12460] RAX: ffffffffffffffda RBX: 00007fd7d6c15fa0 RCX: 00007fd7d699c819 [ 421.547598][T12460] RDX: 0000000000000107 RSI: ffffeffffffffffe RDI: 0000000000000002 [ 421.547607][T12460] RBP: 00007fd7d6a32c91 R08: 000800000000000c R09: 0000000000000000 [ 421.547616][T12460] R10: 0000000000000803 R11: 0000000000000246 R12: 0000000000000000 [ 421.547624][T12460] R13: 00007fd7d6c16038 R14: 00007fd7d6c15fa0 R15: 00007fffe13427c8 [ 421.547643][T12460] [ 426.002604][T12482] [U] ^@ [ 426.237050][T12519] ptrace attach of "./syz-executor exec"[5829] was attempted by ""[12519] [ 430.371129][T12564] NFSD: Failed to start, no listeners configured. [ 431.553754][T12575] vcan0: tx drop: invalid da for name 0x000000000000efff [ 435.490611][T12595] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1518'. [ 436.095948][T12614] futex_wake_op: syz.1.1521 tries to shift op by -2048; fix this program [ 436.455381][T12614] futex_wake_op: syz.1.1521 tries to shift op by -2048; fix this program [ 436.679389][T12620] FAULT_INJECTION: forcing a failure. [ 436.679389][T12620] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 436.958142][T12620] CPU: 0 UID: 0 PID: 12620 Comm: syz.0.1523 Tainted: G U L syzkaller #0 PREEMPT(full) [ 436.958168][T12620] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 436.958173][T12620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 436.958183][T12620] Call Trace: [ 436.958188][T12620] [ 436.958194][T12620] dump_stack_lvl+0x100/0x190 [ 436.958221][T12620] should_fail_ex.cold+0x5/0xa [ 436.958240][T12620] _copy_to_user+0x32/0xd0 [ 436.958261][T12620] simple_read_from_buffer+0xcb/0x170 [ 436.958286][T12620] proc_fail_nth_read+0x1af/0x230 [ 436.958307][T12620] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 436.958328][T12620] ? rw_verify_area+0xce/0x6d0 [ 436.958350][T12620] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 436.958369][T12620] vfs_read+0x1e4/0xb30 [ 436.958386][T12620] ? __pfx_vfs_read+0x10/0x10 [ 436.958399][T12620] ? __fget_files+0x215/0x3d0 [ 436.958418][T12620] ? __fget_files+0x21f/0x3d0 [ 436.958438][T12620] ksys_read+0x12a/0x250 [ 436.958452][T12620] ? __pfx_ksys_read+0x10/0x10 [ 436.958471][T12620] do_syscall_64+0x106/0xf80 [ 436.958486][T12620] ? clear_bhb_loop+0x40/0x90 [ 436.958504][T12620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.958519][T12620] RIP: 0033:0x7f343a95d04e [ 436.958532][T12620] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 436.958546][T12620] RSP: 002b:00007f3438bf5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 436.958560][T12620] RAX: ffffffffffffffda RBX: 00007f3438bf66c0 RCX: 00007f343a95d04e [ 436.958570][T12620] RDX: 000000000000000f RSI: 00007f3438bf60a0 RDI: 0000000000000004 [ 436.958579][T12620] RBP: 00007f3438bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 436.958588][T12620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 436.958596][T12620] R13: 00007f343ac16128 R14: 00007f343ac16090 R15: 00007ffe1f861ef8 [ 436.958615][T12620] [ 437.156227][T12622] TCP: TCP_TX_DELAY enabled [ 437.749462][T12630] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1528'. [ 437.794096][T12631] vivid-007: ================= START STATUS ================= [ 437.824844][T12631] vivid-007: Generate PTS: true [ 437.829708][T12631] vivid-007: Generate SCR: true [ 438.016840][T12631] tpg source WxH: 320x240 (Y'CbCr) [ 438.043683][T12631] tpg field: 1 [ 438.085288][T12631] tpg crop: (0,0)/320x240 [ 438.095281][T12631] tpg compose: (0,0)/320x240 [ 438.128001][T12631] tpg colorspace: 8 [ 438.151479][T12631] tpg transfer function: 0/0 [ 438.182963][T12631] tpg Y'CbCr encoding: 0/0 [ 438.212744][T12631] tpg quantization: 0/0 [ 438.245940][T12631] tpg RGB range: 0/2 [ 438.280969][T12631] vivid-007: ================== END STATUS ================== [ 440.118618][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.126845][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.365390][T12673] input: jJǸ-9%vJ86 as /devices/virtual/input/input30 [ 441.563494][ T29] audit: type=1804 audit(1775424727.541:8): pid=12695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1542" name=2F6E6577726F6F742F3336302F08 dev="tmpfs" ino=1884 res=1 errno=0 [ 442.169492][T12703] Invalid ELF header magic: != ELF [ 443.962695][T12705] [U] ^@ [ 448.871196][T12757] netlink: 'syz.0.1560': attribute type 3 has an invalid length. [ 452.364909][T12784] [U] [ 452.367625][T12784] [U] [ 452.370306][T12784] [U] [ 452.372975][T12784] [U] [ 452.492276][T12784] [U] [ 452.495004][T12784] [U] [ 452.497677][T12784] [U] [ 452.500348][T12784] [U] [ 452.729200][T12784] [U] [ 452.731923][T12784] [U] [ 452.734593][T12784] [U] [ 452.737263][T12784] [U] [ 452.906698][T12784] [U] [ 452.909404][T12784] [U] [ 452.912075][T12784] [U] [ 452.914742][T12784] [U] [ 453.300389][T12784] [U] [ 454.237266][T12791] program syz.1.1566 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 454.534376][T12795] Invalid ELF header magic: != ELF [ 455.090548][T12794] hub 1-0:1.0: USB hub found [ 455.099958][T12812] netlink: 'syz.1.1573': attribute type 3 has an invalid length. [ 455.122677][T12794] hub 1-0:1.0: 1 port detected [ 455.863791][T12810] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 455.910805][T12810] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 455.965611][T12810] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 456.025526][T12810] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 456.339872][T12838] ubi0: attaching mtd0 [ 456.376092][T12838] ubi0: scanning is finished [ 456.416544][T12838] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 456.890094][T12838] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 457.408560][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 457.578249][T12868] binder: 12867:12868 ioctl 400c620e 0 returned -22 [ 457.633622][T12879] FAULT_INJECTION: forcing a failure. [ 457.633622][T12879] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 457.769511][T12879] CPU: 0 UID: 0 PID: 12879 Comm: syz.0.1592 Tainted: G U L syzkaller #0 PREEMPT(full) [ 457.769555][T12879] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 457.769565][T12879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 457.769581][T12879] Call Trace: [ 457.769586][T12879] [ 457.769592][T12879] dump_stack_lvl+0x100/0x190 [ 457.769618][T12879] should_fail_ex.cold+0x5/0xa [ 457.769637][T12879] _copy_from_iter+0x1f4/0x1690 [ 457.769659][T12879] ? __asan_memset+0x23/0x50 [ 457.769681][T12879] ? __pfx__copy_from_iter+0x10/0x10 [ 457.769699][T12879] ? __pfx___alloc_skb+0x10/0x10 [ 457.769729][T12879] netlink_sendmsg+0x808/0xda0 [ 457.769748][T12879] ? __pfx_netlink_sendmsg+0x10/0x10 [ 457.769763][T12879] ? __import_iovec+0x1d2/0x640 [ 457.769783][T12879] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 457.769802][T12879] ____sys_sendmsg+0x9e1/0xb70 [ 457.769819][T12879] ? __pfx_netlink_sendmsg+0x10/0x10 [ 457.769841][T12879] ? __pfx_____sys_sendmsg+0x10/0x10 [ 457.769867][T12879] ___sys_sendmsg+0x190/0x1e0 [ 457.769888][T12879] ? __pfx____sys_sendmsg+0x10/0x10 [ 457.769928][T12879] __sys_sendmsg+0x170/0x220 [ 457.769942][T12879] ? __pfx___sys_sendmsg+0x10/0x10 [ 457.769977][T12879] do_syscall_64+0x106/0xf80 [ 457.769992][T12879] ? clear_bhb_loop+0x40/0x90 [ 457.770011][T12879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.770025][T12879] RIP: 0033:0x7f343a99c819 [ 457.770038][T12879] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 457.770052][T12879] RSP: 002b:00007f343b78b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 457.770066][T12879] RAX: ffffffffffffffda RBX: 00007f343ac15fa0 RCX: 00007f343a99c819 [ 457.770076][T12879] RDX: 0000000000048000 RSI: 0000200000000000 RDI: 0000000000000003 [ 457.770084][T12879] RBP: 00007f343b78b090 R08: 0000000000000000 R09: 0000000000000000 [ 457.770093][T12879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.770101][T12879] R13: 00007f343ac16038 R14: 00007f343ac15fa0 R15: 00007ffe1f861ef8 [ 457.770120][T12879] [ 458.269895][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 458.276003][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 458.282040][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 458.346509][T12886] netlink: 'syz.0.1595': attribute type 3 has an invalid length. [ 458.580956][T12890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1596'. [ 458.653577][T12891] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1596'. [ 459.449265][T12894] FAULT_INJECTION: forcing a failure. [ 459.449265][T12894] name failslab, interval 1, probability 0, space 0, times 0 [ 459.558513][T12894] CPU: 0 UID: 0 PID: 12894 Comm: syz.2.1597 Tainted: G U L syzkaller #0 PREEMPT(full) [ 459.558540][T12894] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 459.558546][T12894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 459.558555][T12894] Call Trace: [ 459.558560][T12894] [ 459.558566][T12894] dump_stack_lvl+0x100/0x190 [ 459.558592][T12894] should_fail_ex.cold+0x5/0xa [ 459.558611][T12894] ? tomoyo_realpath_from_path+0xb6/0x690 [ 459.558633][T12894] should_failslab+0xc2/0x120 [ 459.558657][T12894] __kmalloc_noprof+0xe0/0x850 [ 459.558685][T12894] tomoyo_realpath_from_path+0xb6/0x690 [ 459.558712][T12894] tomoyo_check_open_permission+0x2af/0x3c0 [ 459.558732][T12894] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 459.558770][T12894] ? do_raw_spin_lock+0x128/0x260 [ 459.558793][T12894] ? path_get+0x61/0x80 [ 459.558813][T12894] tomoyo_file_open+0x6b/0x90 [ 459.558828][T12894] security_file_open+0xb5/0x1e0 [ 459.558848][T12894] do_dentry_open+0x5aa/0x1660 [ 459.558866][T12894] ? security_inode_permission+0xbf/0x250 [ 459.558887][T12894] vfs_open+0x82/0x3f0 [ 459.558908][T12894] path_openat+0x208c/0x31a0 [ 459.558931][T12894] ? __pfx_path_openat+0x10/0x10 [ 459.558954][T12894] do_file_open+0x20e/0x430 [ 459.558971][T12894] ? __pfx_do_file_open+0x10/0x10 [ 459.559001][T12894] ? alloc_fd+0x476/0x790 [ 459.559018][T12894] ? do_getname+0x191/0x390 [ 459.559039][T12894] do_sys_openat2+0x10d/0x1e0 [ 459.559059][T12894] ? __pfx_do_sys_openat2+0x10/0x10 [ 459.559086][T12894] __x64_sys_openat+0x12d/0x210 [ 459.559107][T12894] ? __pfx___x64_sys_openat+0x10/0x10 [ 459.559135][T12894] do_syscall_64+0x106/0xf80 [ 459.559151][T12894] ? clear_bhb_loop+0x40/0x90 [ 459.559169][T12894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.559184][T12894] RIP: 0033:0x7f233779c819 [ 459.559197][T12894] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 459.559212][T12894] RSP: 002b:00007f2338625028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 459.559226][T12894] RAX: ffffffffffffffda RBX: 00007f2337a15fa0 RCX: 00007f233779c819 [ 459.559236][T12894] RDX: 0000000000080200 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 459.559245][T12894] RBP: 00007f2337832c91 R08: 0000000000000000 R09: 0000000000000000 [ 459.559254][T12894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.559262][T12894] R13: 00007f2337a16038 R14: 00007f2337a15fa0 R15: 00007ffe05adb448 [ 459.559282][T12894] [ 459.559288][T12894] ERROR: Out of memory at tomoyo_realpath_from_path. [ 459.920421][T12904] vivid-007: ================= START STATUS ================= [ 459.965891][T12904] vivid-007: Generate PTS: true [ 459.985794][T12904] vivid-007: Generate SCR: true [ 460.027435][T12904] tpg source WxH: 320x240 (Y'CbCr) [ 460.032548][T12904] tpg field: 1 [ 460.114227][T12904] tpg crop: (0,0)/320x240 [ 460.179168][T12904] tpg compose: (0,0)/320x240 [ 460.183765][T12904] tpg colorspace: 8 [ 460.224163][T12904] tpg transfer function: 0/0 [ 460.263859][T12904] tpg Y'CbCr encoding: 0/0 [ 460.276181][T12909] hub 1-0:1.0: USB hub found [ 460.309657][T12909] hub 1-0:1.0: 1 port detected [ 460.334707][T12904] tpg quantization: 0/0 [ 460.359310][T12904] tpg RGB range: 0/2 [ 460.396997][T12904] vivid-007: ================== END STATUS ================== [ 462.792808][T12943] [U] ^@ [ 482.759919][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 482.769661][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 482.779586][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 482.787260][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 482.796526][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 483.943783][ T6705] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.427141][ T6705] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.562474][T13883] chnl_net:caif_netlink_parms(): no params data found [ 484.723094][ T6705] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.858621][T11882] Bluetooth: hci4: command tx timeout [ 485.055981][ T6705] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.728149][T13883] bridge0: port 1(bridge_slave_0) entered blocking state [ 485.813991][T13883] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.865412][T13883] bridge_slave_0: entered allmulticast mode [ 485.939247][T13883] bridge_slave_0: entered promiscuous mode [ 485.948995][ T6705] bridge_slave_1: left allmulticast mode [ 485.955006][ T6705] bridge_slave_1: left promiscuous mode [ 486.049554][ T6705] bridge0: port 2(bridge_slave_1) entered disabled state [ 486.171212][ T6705] bridge_slave_0: left allmulticast mode [ 486.176878][ T6705] bridge_slave_0: left promiscuous mode [ 486.254404][ T6705] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.944502][T11882] Bluetooth: hci4: command tx timeout [ 487.514875][ T6705] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 487.600014][ T6705] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 487.658794][ T6705] bond0 (unregistering): Released all slaves [ 487.726374][T13883] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.759781][T13883] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.826252][T13883] bridge_slave_1: entered allmulticast mode [ 487.878362][T13883] bridge_slave_1: entered promiscuous mode [ 488.131557][T13883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 488.222111][T13883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 488.493904][T13883] team0: Port device team_slave_0 added [ 488.553953][T13883] team0: Port device team_slave_1 added [ 488.972325][T13883] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 488.979283][T13883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.025608][T11882] Bluetooth: hci4: command tx timeout [ 489.196588][T13883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 489.403098][T13883] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 489.410388][T13883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.640666][T13883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 490.131117][ T6705] hsr_slave_0: left promiscuous mode [ 490.169382][ T6705] hsr_slave_1: left promiscuous mode [ 490.241668][ T6705] veth1_macvtap: left promiscuous mode [ 490.284230][ T6705] veth0_macvtap: left promiscuous mode [ 490.307668][ T6705] veth1_vlan: left promiscuous mode [ 490.343942][ T6705] veth0_vlan: left promiscuous mode [ 491.102928][T11882] Bluetooth: hci4: command tx timeout [ 491.179736][ T6705] team0 (unregistering): Port device team_slave_1 removed [ 491.747397][T13883] hsr_slave_0: entered promiscuous mode [ 491.807650][T13883] hsr_slave_1: entered promiscuous mode [ 493.634081][T13883] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 493.754872][T13883] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 493.828589][T13883] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 493.892391][T13883] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 494.267430][T13883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 494.380640][T13883] 8021q: adding VLAN 0 to HW filter on device team0 [ 494.444841][ T6708] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.451924][ T6708] bridge0: port 1(bridge_slave_0) entered forwarding state [ 494.531995][ T6708] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.539123][ T6708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 494.770650][T13883] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 495.559903][T13883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 495.762001][T13883] veth0_vlan: entered promiscuous mode [ 495.847886][T13883] veth1_vlan: entered promiscuous mode [ 496.014626][T13883] veth0_macvtap: entered promiscuous mode [ 496.104334][T13883] veth1_macvtap: entered promiscuous mode [ 496.208599][T13883] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 496.273098][T13883] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 496.370402][ T6708] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.420472][ T6708] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.494315][ T6708] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.503011][ T6708] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.864806][ T6705] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 496.872626][ T6705] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 496.982759][ T6708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.047176][ T6708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.848052][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 497.876060][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 497.883599][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 497.891268][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 497.898667][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 498.493795][T14663] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2885'. [ 498.974624][ T6705] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.165314][T14635] chnl_net:caif_netlink_parms(): no params data found [ 499.467075][ T6705] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.814503][ T6705] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.990627][T11882] Bluetooth: hci1: command tx timeout [ 500.066668][T14729] vcan0: tx drop: invalid da for name 0x000000000000efff [ 500.114740][ T6705] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.379215][ T6705] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.596369][T14635] bridge0: port 1(bridge_slave_0) entered blocking state [ 500.603455][T14635] bridge0: port 1(bridge_slave_0) entered disabled state [ 500.702628][T14635] bridge_slave_0: entered allmulticast mode [ 500.739594][T14635] bridge_slave_0: entered promiscuous mode [ 500.814059][T14635] bridge0: port 2(bridge_slave_1) entered blocking state [ 500.865777][T14635] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.918609][T14635] bridge_slave_1: entered allmulticast mode [ 500.976582][T14635] bridge_slave_1: entered promiscuous mode [ 501.148304][T14635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 501.257445][T14635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 501.438102][T14635] team0: Port device team_slave_0 added [ 501.520026][T14635] team0: Port device team_slave_1 added [ 501.599451][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.605751][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.622792][ T6705] bridge_slave_1: left allmulticast mode [ 501.645125][ T6705] bridge_slave_1: left promiscuous mode [ 501.679517][ T6705] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.782201][ T6705] bridge_slave_0: left allmulticast mode [ 501.814339][ T6705] bridge_slave_0: left promiscuous mode [ 501.876952][ T6705] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.011203][T14805] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 502.068283][T11882] Bluetooth: hci1: command tx timeout [ 503.088733][ T6705] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 503.151063][ T6705] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 503.231291][ T6705] bond0 (unregistering): Released all slaves [ 503.446400][T14635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.501824][T14635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 503.723792][T14635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.859867][ T6705] tipc: Left network mode [ 503.868088][T14635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 503.875018][T14635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 504.149279][T11882] Bluetooth: hci1: command tx timeout [ 504.210621][T14635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 504.800564][ T6708] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.861812][T14635] hsr_slave_0: entered promiscuous mode [ 504.954008][T14635] hsr_slave_1: entered promiscuous mode [ 505.001145][T14635] debugfs: 'hsr0' already exists in 'hsr' [ 505.006875][T14635] Cannot create hsr debugfs directory [ 506.144922][T14949] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 506.230374][T11882] Bluetooth: hci1: command tx timeout [ 506.243915][ T6705] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 506.312437][ T6705] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 506.413389][ T6705] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 506.484870][ T6705] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 506.657668][ T6705] veth1_macvtap: left promiscuous mode [ 506.724571][ T6705] veth0_macvtap: left promiscuous mode [ 506.757907][ T6705] veth1_vlan: left promiscuous mode [ 506.803605][ T6705] veth0_vlan: left promiscuous mode [ 507.811260][ T6705] team0 (unregistering): Port device team_slave_1 removed [ 507.929174][ T6705] team0 (unregistering): Port device team_slave_0 removed [ 510.316676][T14635] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 510.448026][T14635] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 510.567592][T14635] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 510.719231][T14635] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 511.470465][T14635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 511.613442][T14635] 8021q: adding VLAN 0 to HW filter on device team0 [ 511.777819][ T6704] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.784961][ T6704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 511.897714][ T6704] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.904843][ T6704] bridge0: port 2(bridge_slave_1) entered forwarding state [ 512.118508][T14635] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 513.501429][T14635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 513.738749][T14635] veth0_vlan: entered promiscuous mode [ 513.810104][T14635] veth1_vlan: entered promiscuous mode [ 513.964237][T14635] veth0_macvtap: entered promiscuous mode [ 514.014148][T14635] veth1_macvtap: entered promiscuous mode [ 514.100126][T14635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 514.168155][T14635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 514.278688][ T6708] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.317170][ T6708] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.409506][ T6708] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.462472][ T6708] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.716601][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 514.753469][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 514.893118][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 514.967759][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 515.633710][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 515.649091][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 515.656889][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 515.664628][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 515.671987][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 516.169229][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.440070][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.609873][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.816640][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.047768][T15268] chnl_net:caif_netlink_parms(): no params data found [ 517.580116][ T49] gretap0: left allmulticast mode [ 517.604649][ T49] gretap0: left promiscuous mode [ 517.609720][ T49] bridge0: port 3(gretap0) entered disabled state [ 517.754964][ T5837] Bluetooth: hci2: command tx timeout [ 517.782346][ T49] bridge_slave_1: left allmulticast mode [ 517.822796][ T49] bridge_slave_1: left promiscuous mode [ 517.864868][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.951385][ T49] bridge_slave_0: left allmulticast mode [ 517.990168][ T49] bridge_slave_0: left promiscuous mode [ 518.033716][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.949776][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 519.047411][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 519.130557][ T49] bond0 (unregistering): Released all slaves [ 519.273639][T15268] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.319400][T15268] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.369168][T15268] bridge_slave_0: entered allmulticast mode [ 519.400414][T15268] bridge_slave_0: entered promiscuous mode [ 519.491071][T15268] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.532997][T15268] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.564261][T15268] bridge_slave_1: entered allmulticast mode [ 519.594281][T15268] bridge_slave_1: entered promiscuous mode [ 519.836760][ T5837] Bluetooth: hci2: command tx timeout [ 519.888022][T15268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 520.052988][T15268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 520.318445][T15268] team0: Port device team_slave_0 added [ 520.396355][ T49] hsr_slave_0: left promiscuous mode [ 520.466205][ T49] hsr_slave_1: left promiscuous mode [ 520.532111][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 520.579459][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 520.637103][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 520.680124][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 520.771822][ T49] veth1_macvtap: left promiscuous mode [ 520.816214][ T49] veth0_macvtap: left promiscuous mode [ 520.821758][ T49] veth1_vlan: left promiscuous mode [ 521.197704][T15429] [U] [ 521.200439][T15429] [U] [ 521.203109][T15429] [U] [ 521.205785][T15429] [U] [ 521.303403][T15429] [U] [ 521.306106][T15429] [U] [ 521.308802][T15429] [U] [ 521.311473][T15429] [U] [ 521.364959][T15429] [U] [ 521.367657][T15429] [U] [ 521.370327][T15429] [U] [ 521.372993][T15429] [U] [ 521.446408][T15429] [U] [ 521.449113][T15429] [U] [ 521.451784][T15429] [U] [ 521.454452][T15429] [U] [ 521.526790][T15429] [U] [ 521.529497][T15429] [U] [ 521.532173][T15429] [U] [ 521.534838][T15429] [U] [ 521.586490][T15429] [U] [ 521.589194][T15429] [U] [ 521.591864][T15429] [U] [ 521.594534][T15429] [U] [ 521.651568][T15429] [U] [ 521.654262][T15429] [U] [ 521.656931][T15429] [U] [ 521.659601][T15429] [U] [ 521.707343][T15429] [U] [ 521.710061][T15429] [U] [ 521.712755][T15429] [U] [ 521.715426][T15429] [U] [ 521.781104][T15429] [U] [ 521.783803][T15429] [U] [ 521.786473][T15429] [U] [ 521.789143][T15429] [U] [ 521.797496][ T49] team0 (unregistering): Port device team_slave_1 removed [ 521.838946][T15429] [U] [ 521.841635][T15429] [U] [ 521.844307][T15429] [U] [ 521.846978][T15429] [U] [ 521.878651][ T49] team0 (unregistering): Port device team_slave_0 removed [ 521.918995][ T5837] Bluetooth: hci2: command tx timeout [ 521.958420][T15429] [U] [ 521.961115][T15429] [U] [ 521.963787][T15429] [U] [ 521.966458][T15429] [U] [ 522.060900][T15429] [U] [ 522.063609][T15429] [U] [ 522.066279][T15429] [U] [ 522.068976][T15429] [U] [ 522.143664][T15429] [U] [ 522.146376][T15429] [U] [ 522.149051][T15429] [U] [ 522.151717][T15429] [U] [ 522.204656][T15429] [U] [ 522.207356][T15429] [U] [ 522.210024][T15429] [U] [ 522.212692][T15429] [U] [ 522.253397][T15429] [U] [ 522.256097][T15429] [U] [ 522.258764][T15429] [U] [ 522.261431][T15429] [U] [ 522.309130][T15429] [U] [ 522.388839][T15268] team0: Port device team_slave_1 added [ 522.605570][T15268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 522.652727][T15268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 522.763776][T15268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 522.905995][T15268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 522.950204][T15268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 523.101805][T15268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 523.344605][T15268] hsr_slave_0: entered promiscuous mode [ 523.406901][T15268] hsr_slave_1: entered promiscuous mode [ 523.460770][T15268] debugfs: 'hsr0' already exists in 'hsr' [ 523.466526][T15268] Cannot create hsr debugfs directory [ 523.999578][ T5837] Bluetooth: hci2: command tx timeout [ 525.276096][T15540] netlink: 202 bytes leftover after parsing attributes in process `syz.2.3405'. [ 525.702748][T15555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3414'. [ 525.713843][T15268] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 525.767300][T15268] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 525.835306][T15268] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 525.900657][T15268] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 526.350422][T15268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 526.442799][T15587] vcan0: tx drop: invalid da for name 0x000000000000efff [ 526.453208][T15268] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.525999][ T6709] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.533126][ T6709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.619003][ T6709] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.626161][ T6709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 527.520822][T15268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 527.723771][T15268] veth0_vlan: entered promiscuous mode [ 527.795637][T15268] veth1_vlan: entered promiscuous mode [ 527.971476][T15268] veth0_macvtap: entered promiscuous mode [ 528.041524][T15268] veth1_macvtap: entered promiscuous mode [ 528.162879][T15268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 528.275085][T15268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 528.430284][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.550765][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.601140][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.682974][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.020478][T15633] kexec: Could not allocate control_code_buffer [ 529.070235][ T6709] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 529.092232][ T6709] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 529.148136][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 529.174294][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 529.461451][T15665] FAULT_INJECTION: forcing a failure. [ 529.461451][T15665] name failslab, interval 1, probability 0, space 0, times 0 [ 529.550789][T15665] CPU: 0 UID: 0 PID: 15665 Comm: syz.0.3457 Tainted: G U L syzkaller #0 PREEMPT(full) [ 529.550818][T15665] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 529.550824][T15665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 529.550832][T15665] Call Trace: [ 529.550838][T15665] [ 529.550844][T15665] dump_stack_lvl+0x100/0x190 [ 529.550872][T15665] should_fail_ex.cold+0x5/0xa [ 529.550891][T15665] should_failslab+0xc2/0x120 [ 529.550908][T15665] __kmalloc_cache_noprof+0x7a/0x6f0 [ 529.550929][T15665] ? snd_seq_port_connect+0x61/0x560 [ 529.550946][T15665] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 529.550961][T15665] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 529.550980][T15665] snd_seq_port_connect+0x61/0x560 [ 529.550996][T15665] ? _raw_read_unlock+0x28/0x50 [ 529.551010][T15665] ? check_subscription_permission.isra.0+0x146/0x240 [ 529.551030][T15665] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 529.551051][T15665] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 529.551080][T15665] call_seq_client_ctl+0xa3/0x130 [ 529.551098][T15665] snd_seq_kernel_client_ctl+0x77/0xd0 [ 529.551116][T15665] snd_seq_oss_midi_open+0x48b/0x6b0 [ 529.551140][T15665] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 529.551173][T15665] snd_seq_oss_synth_setup_midi+0x131/0x590 [ 529.551199][T15665] snd_seq_oss_open+0x82e/0xa10 [ 529.551220][T15665] odev_open+0x79/0xc0 [ 529.551235][T15665] ? __pfx_odev_open+0x10/0x10 [ 529.551251][T15665] soundcore_open+0x2e3/0x5a0 [ 529.551270][T15665] ? __pfx_soundcore_open+0x10/0x10 [ 529.551287][T15665] chrdev_open+0x234/0x6a0 [ 529.551303][T15665] ? __pfx_apparmor_file_open+0x10/0x10 [ 529.551321][T15665] ? __pfx_chrdev_open+0x10/0x10 [ 529.551338][T15665] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 529.551358][T15665] do_dentry_open+0x6d8/0x1660 [ 529.551374][T15665] ? __pfx_chrdev_open+0x10/0x10 [ 529.551394][T15665] vfs_open+0x82/0x3f0 [ 529.551415][T15665] path_openat+0x208c/0x31a0 [ 529.551438][T15665] ? __pfx_path_openat+0x10/0x10 [ 529.551461][T15665] do_file_open+0x20e/0x430 [ 529.551478][T15665] ? __pfx_do_file_open+0x10/0x10 [ 529.551508][T15665] ? alloc_fd+0x476/0x790 [ 529.551526][T15665] ? do_getname+0x191/0x390 [ 529.551546][T15665] do_sys_openat2+0x10d/0x1e0 [ 529.551566][T15665] ? __pfx_do_sys_openat2+0x10/0x10 [ 529.551593][T15665] __x64_sys_openat+0x12d/0x210 [ 529.551614][T15665] ? __pfx___x64_sys_openat+0x10/0x10 [ 529.551649][T15665] do_syscall_64+0x106/0xf80 [ 529.551666][T15665] ? clear_bhb_loop+0x40/0x90 [ 529.551685][T15665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.551700][T15665] RIP: 0033:0x7f9992b9c819 [ 529.551713][T15665] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 529.551728][T15665] RSP: 002b:00007f9990df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 529.551742][T15665] RAX: ffffffffffffffda RBX: 00007f9992e15fa0 RCX: 00007f9992b9c819 [ 529.551752][T15665] RDX: 0000000000000080 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 529.551762][T15665] RBP: 00007f9992c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 529.551771][T15665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 529.551780][T15665] R13: 00007f9992e16038 R14: 00007f9992e15fa0 R15: 00007ffc38f20bf8 [ 529.551800][T15665] [ 530.398289][T11882] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 530.528817][T11882] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 530.538300][T15683] FAULT_INJECTION: forcing a failure. [ 530.538300][T15683] name fail_futex, interval 1, probability 0, space 0, times 0 [ 530.571640][T15683] CPU: 0 UID: 0 PID: 15683 Comm: syz.0.3461 Tainted: G U L syzkaller #0 PREEMPT(full) [ 530.571665][T15683] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 530.571671][T15683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 530.571679][T15683] Call Trace: [ 530.571684][T15683] [ 530.571689][T15683] dump_stack_lvl+0x100/0x190 [ 530.571715][T15683] should_fail_ex.cold+0x5/0xa [ 530.571733][T15683] get_futex_key+0x1d2/0x1620 [ 530.571755][T15683] ? __pfx_get_futex_key+0x10/0x10 [ 530.571775][T15683] ? trace_pid_list_is_set+0x22c/0x390 [ 530.571801][T15683] futex_wait_setup+0x83/0x510 [ 530.571829][T15683] __futex_wait+0x19f/0x300 [ 530.571853][T15683] ? __pfx___futex_wait+0x10/0x10 [ 530.571874][T15683] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 530.571898][T15683] ? lockdep_hardirqs_on+0x78/0x100 [ 530.571914][T15683] ? __pfx_futex_wake_mark+0x10/0x10 [ 530.571940][T15683] ? find_held_lock+0x2b/0x80 [ 530.571955][T15683] ? futex_wake+0x456/0x530 [ 530.571981][T15683] futex_wait+0xed/0x380 [ 530.572004][T15683] ? __pfx_futex_wait+0x10/0x10 [ 530.572040][T15683] do_futex+0x1ef/0x350 [ 530.572060][T15683] ? __pfx_do_futex+0x10/0x10 [ 530.572081][T15683] ? __fget_files+0x21f/0x3d0 [ 530.572102][T15683] __x64_sys_futex+0x34f/0x4d0 [ 530.572124][T15683] ? __pfx___x64_sys_futex+0x10/0x10 [ 530.572144][T15683] ? __pfx_do_preadv+0x10/0x10 [ 530.572172][T15683] do_syscall_64+0x106/0xf80 [ 530.572186][T15683] ? clear_bhb_loop+0x40/0x90 [ 530.572204][T15683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.572219][T15683] RIP: 0033:0x7f9992b9c819 [ 530.572232][T15683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 530.572246][T15683] RSP: 002b:00007f9990db40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 530.572260][T15683] RAX: ffffffffffffffda RBX: 00007f9992e16188 RCX: 00007f9992b9c819 [ 530.572269][T15683] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9992e16188 [ 530.572278][T15683] RBP: 00007f9992e16180 R08: 0000000000000000 R09: 0000000000000000 [ 530.572287][T15683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 530.572295][T15683] R13: 00007f9992e16218 R14: 00007ffc38f20b10 R15: 00007ffc38f20bf8 [ 530.572314][T15683] [ 530.834828][ T6709] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.885891][ T6709] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.907623][T11882] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 530.924482][T11882] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 530.949063][ T6709] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.010197][T11882] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 531.034160][ T6709] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.396234][ T6709] bridge_slave_1: left allmulticast mode [ 531.417428][ T6709] bridge_slave_1: left promiscuous mode [ 531.440525][ T6709] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.476779][ T6709] bridge_slave_0: left allmulticast mode [ 531.502086][ T6709] bridge_slave_0: left promiscuous mode [ 531.534923][T15702] netlink: 202 bytes leftover after parsing attributes in process `syz.3.3465'. [ 531.547563][ T6709] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.578523][T15701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3464'. [ 531.886667][ T6709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 531.930466][ T6709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 531.946443][ T6709] bond0 (unregistering): Released all slaves [ 532.040774][ T6709] tipc: Left network mode [ 532.493054][ T6709] hsr_slave_0: left promiscuous mode [ 532.504850][T15722] FAULT_INJECTION: forcing a failure. [ 532.504850][T15722] name failslab, interval 1, probability 0, space 0, times 0 [ 532.558706][ T6709] hsr_slave_1: left promiscuous mode [ 532.582217][T15722] CPU: 0 UID: 0 PID: 15722 Comm: syz.3.3469 Tainted: G U L syzkaller #0 PREEMPT(full) [ 532.582242][T15722] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 532.582248][T15722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 532.582256][T15722] Call Trace: [ 532.582261][T15722] [ 532.582267][T15722] dump_stack_lvl+0x100/0x190 [ 532.582295][T15722] should_fail_ex.cold+0x5/0xa [ 532.582317][T15722] should_failslab+0xc2/0x120 [ 532.582334][T15722] __kmalloc_cache_noprof+0x7a/0x6f0 [ 532.582361][T15722] ? snd_seq_port_connect+0x61/0x560 [ 532.582378][T15722] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 532.582394][T15722] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 532.582413][T15722] snd_seq_port_connect+0x61/0x560 [ 532.582430][T15722] ? _raw_read_unlock+0x28/0x50 [ 532.582443][T15722] ? check_subscription_permission.isra.0+0x146/0x240 [ 532.582464][T15722] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 532.582485][T15722] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 532.582513][T15722] call_seq_client_ctl+0xa3/0x130 [ 532.582532][T15722] snd_seq_kernel_client_ctl+0x77/0xd0 [ 532.582550][T15722] snd_seq_oss_midi_open+0x48b/0x6b0 [ 532.582572][T15722] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 532.582593][T15722] ? find_held_lock+0x2b/0x80 [ 532.582613][T15722] ? lockdep_hardirqs_on+0x78/0x100 [ 532.582628][T15722] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 532.582651][T15722] ? get_mididev+0x115/0x160 [ 532.582673][T15722] snd_seq_oss_synth_setup_midi+0x131/0x590 [ 532.582699][T15722] snd_seq_oss_open+0x82e/0xa10 [ 532.582720][T15722] odev_open+0x79/0xc0 [ 532.582735][T15722] ? __pfx_odev_open+0x10/0x10 [ 532.582750][T15722] soundcore_open+0x2e3/0x5a0 [ 532.582770][T15722] ? __pfx_soundcore_open+0x10/0x10 [ 532.582787][T15722] chrdev_open+0x234/0x6a0 [ 532.582802][T15722] ? __pfx_apparmor_file_open+0x10/0x10 [ 532.582820][T15722] ? __pfx_chrdev_open+0x10/0x10 [ 532.582837][T15722] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 532.582858][T15722] do_dentry_open+0x6d8/0x1660 [ 532.582874][T15722] ? __pfx_chrdev_open+0x10/0x10 [ 532.582895][T15722] vfs_open+0x82/0x3f0 [ 532.582916][T15722] path_openat+0x208c/0x31a0 [ 532.582939][T15722] ? __pfx_path_openat+0x10/0x10 [ 532.582962][T15722] do_file_open+0x20e/0x430 [ 532.582979][T15722] ? __pfx_do_file_open+0x10/0x10 [ 532.583009][T15722] ? alloc_fd+0x476/0x790 [ 532.583027][T15722] ? do_getname+0x191/0x390 [ 532.583047][T15722] do_sys_openat2+0x10d/0x1e0 [ 532.583067][T15722] ? __pfx_do_sys_openat2+0x10/0x10 [ 532.583094][T15722] __x64_sys_openat+0x12d/0x210 [ 532.583115][T15722] ? __pfx___x64_sys_openat+0x10/0x10 [ 532.583142][T15722] do_syscall_64+0x106/0xf80 [ 532.583156][T15722] ? clear_bhb_loop+0x40/0x90 [ 532.583175][T15722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.583190][T15722] RIP: 0033:0x7f391239c819 [ 532.583203][T15722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 532.583218][T15722] RSP: 002b:00007f3913289028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 532.583232][T15722] RAX: ffffffffffffffda RBX: 00007f3912615fa0 RCX: 00007f391239c819 [ 532.583243][T15722] RDX: 0000000000000080 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 532.583252][T15722] RBP: 00007f3912432c91 R08: 0000000000000000 R09: 0000000000000000 [ 532.583261][T15722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.583270][T15722] R13: 00007f3912616038 R14: 00007f3912615fa0 R15: 00007ffed10b6348 [ 532.583291][T15722] [ 532.583911][ T6709] veth1_macvtap: left promiscuous mode [ 533.262743][ T5837] Bluetooth: hci3: command tx timeout [ 533.675836][ T6709] veth0_macvtap: left promiscuous mode [ 533.700113][ T6709] veth1_vlan: left promiscuous mode [ 533.723228][ T6709] veth0_vlan: left promiscuous mode [ 534.298917][ T6709] team0 (unregistering): Port device team_slave_1 removed [ 534.358358][ T6709] team0 (unregistering): Port device team_slave_0 removed [ 534.741514][T15672] chnl_net:caif_netlink_parms(): no params data found [ 535.120934][T15672] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.175766][T15672] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.182893][T15672] bridge_slave_0: entered allmulticast mode [ 535.237669][T15672] bridge_slave_0: entered promiscuous mode [ 535.284848][ T5837] Bluetooth: hci3: command tx timeout [ 535.293043][T15672] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.326573][T15672] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.364320][T15672] bridge_slave_1: entered allmulticast mode [ 535.408377][T15672] bridge_slave_1: entered promiscuous mode [ 535.512820][T15672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 535.576952][T15672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 535.710790][T15788] netlink: 202 bytes leftover after parsing attributes in process `syz.3.3476'. [ 535.745314][T15672] team0: Port device team_slave_0 added [ 535.752561][T15672] team0: Port device team_slave_1 added [ 535.972578][T15672] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 536.024667][T15672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 536.125107][T15672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 536.161928][T15672] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 536.184492][T15672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 536.241280][T15672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 536.371511][T15672] hsr_slave_0: entered promiscuous mode [ 536.398932][T15672] hsr_slave_1: entered promiscuous mode [ 536.429637][T15672] debugfs: 'hsr0' already exists in 'hsr' [ 536.462194][T15672] Cannot create hsr debugfs directory [ 537.365616][ T5837] Bluetooth: hci3: command tx timeout [ 537.942237][T15672] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 537.999839][T15672] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 538.048685][T15672] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 538.119949][T15672] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 539.271788][T15672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 539.361544][T15672] 8021q: adding VLAN 0 to HW filter on device team0 [ 539.446068][ T5837] Bluetooth: hci3: command tx timeout [ 539.587926][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.595045][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 539.692109][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.699241][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.723619][T15672] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 540.991890][T15672] veth0_vlan: entered promiscuous mode [ 541.034553][T15672] veth1_vlan: entered promiscuous mode [ 541.134085][T15672] veth0_macvtap: entered promiscuous mode [ 541.196007][T15672] veth1_macvtap: entered promiscuous mode [ 541.227106][T15925] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3496'. [ 541.244692][T15672] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 541.330314][T15672] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 541.382057][ T6705] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.436615][ T6705] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.515266][ T6705] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.544667][ T6705] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.600080][T15940] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3500'. [ 541.785395][ T6705] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.819965][ T6705] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.909342][ T6704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.934907][ T6704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.130793][T15956] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3503'. [ 542.284591][T15959] [U] [ 542.287297][T15959] [U] [ 542.289968][T15959] [U] [ 542.292639][T15959] [U] [ 542.369338][T15959] [U] [ 542.372045][T15959] [U] [ 542.374740][T15959] [U] [ 542.377408][T15959] [U] [ 542.570389][T15959] [U] [ 542.573091][T15959] [U] [ 542.575760][T15959] [U] [ 542.578429][T15959] [U] [ 542.666812][T15959] [U] [ 542.669517][T15959] [U] [ 542.672185][T15959] [U] [ 542.674850][T15959] [U] [ 542.772569][T15959] [U] [ 542.775274][T15959] [U] [ 542.777944][T15959] [U] [ 542.780611][T15959] [U] [ 542.853788][T15959] [U] [ 542.856490][T15959] [U] [ 542.859159][T15959] [U] [ 542.861825][T15959] [U] [ 542.985672][T15959] [U] [ 542.988373][T15959] [U] [ 542.991039][T15959] [U] [ 542.993707][T15959] [U] [ 543.064982][T15959] [U] [ 543.067684][T15959] [U] [ 543.070352][T15959] [U] [ 543.073021][T15959] [U] [ 543.145051][T15959] [U] [ 543.147753][T15959] [U] [ 543.150421][T15959] [U] [ 543.153089][T15959] [U] [ 543.234318][T15959] [U] [ 543.237016][T15959] [U] [ 543.239685][T15959] [U] [ 543.242351][T15959] [U] [ 543.267996][T15992] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 543.306948][T15959] [U] [ 544.257014][T16014] netlink: 'syz.2.3516': attribute type 1 has an invalid length. [ 544.275576][T16014] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3516'. [ 545.899068][T16037] [U] ^@ [ 547.498944][T16097] netlink: 202 bytes leftover after parsing attributes in process `syz.2.3536'. [ 547.653643][ T6709] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.833300][ T6709] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.969518][T16104] vcan0: tx drop: invalid da for name 0x000000000000efff [ 548.019650][ T6709] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.109452][ T6709] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.178634][T11882] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 548.189360][T11882] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 548.197305][T11882] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 548.205620][T11882] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 548.214969][T11882] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 548.518487][ T6709] bridge_slave_1: left allmulticast mode [ 548.555192][ T6709] bridge_slave_1: left promiscuous mode [ 548.583811][ T6709] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.626290][ T6709] bridge_slave_0: left allmulticast mode [ 548.660215][ T6709] bridge_slave_0: left promiscuous mode [ 548.674875][ T6709] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.390156][T16140] netlink: set zone limit has 8 unknown bytes [ 549.416732][ T6709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 549.453752][ T6709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 549.479527][ T6709] bond0 (unregistering): Released all slaves [ 549.745041][ T6709] hsr_slave_0: left promiscuous mode [ 549.752807][ T6709] hsr_slave_1: left promiscuous mode [ 549.758619][ T6709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 549.767142][ T6709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 549.775382][ T6709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 549.783466][ T6709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 549.803104][ T6709] veth1_macvtap: left promiscuous mode [ 549.814917][ T6709] veth0_macvtap: left promiscuous mode [ 549.832300][ T6709] veth1_vlan: left promiscuous mode [ 549.839809][ T6709] veth0_vlan: left promiscuous mode [ 550.252410][T11882] Bluetooth: hci0: command tx timeout [ 550.269052][ T6709] team0 (unregistering): Port device team_slave_1 removed [ 550.321197][ T6709] team0 (unregistering): Port device team_slave_0 removed [ 550.545913][T16171] vcan0: tx drop: invalid da for name 0x000000000000efff [ 550.862929][T16105] chnl_net:caif_netlink_parms(): no params data found [ 551.135687][T16105] bridge0: port 1(bridge_slave_0) entered blocking state [ 551.153579][T16105] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.168395][T16105] bridge_slave_0: entered allmulticast mode [ 551.186393][T16105] bridge_slave_0: entered promiscuous mode [ 551.204138][T16105] bridge0: port 2(bridge_slave_1) entered blocking state [ 551.224332][T16105] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.247684][T16105] bridge_slave_1: entered allmulticast mode [ 551.268367][T16105] bridge_slave_1: entered promiscuous mode [ 551.326418][T16105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 551.386197][T16105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 551.489541][T16105] team0: Port device team_slave_0 added [ 551.519938][T16105] team0: Port device team_slave_1 added [ 551.609224][T16105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 551.635344][T16105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 551.680615][T16204] block2mtd: illegal erase size [ 551.722031][T16105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 551.765243][T16105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 551.783215][T16105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 551.922593][T16105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 552.161580][T16105] hsr_slave_0: entered promiscuous mode [ 552.179859][T16105] hsr_slave_1: entered promiscuous mode [ 552.226290][T16105] debugfs: 'hsr0' already exists in 'hsr' [ 552.279318][T16105] Cannot create hsr debugfs directory [ 552.333662][T11882] Bluetooth: hci0: command tx timeout [ 552.927055][T16231] FAULT_INJECTION: forcing a failure. [ 552.927055][T16231] name failslab, interval 1, probability 0, space 0, times 0 [ 553.003938][T16231] CPU: 0 UID: 0 PID: 16231 Comm: syz.2.3567 Tainted: G U L syzkaller #0 PREEMPT(full) [ 553.003966][T16231] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 553.003972][T16231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 553.003981][T16231] Call Trace: [ 553.003987][T16231] [ 553.003993][T16231] dump_stack_lvl+0x100/0x190 [ 553.004020][T16231] should_fail_ex.cold+0x5/0xa [ 553.004038][T16231] should_failslab+0xc2/0x120 [ 553.004056][T16231] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 553.004079][T16231] ? __mpol_dup+0x74/0x390 [ 553.004100][T16231] __mpol_dup+0x74/0x390 [ 553.004118][T16231] ? __pfx___mpol_dup+0x10/0x10 [ 553.004141][T16231] mbind_range+0x2ad/0x550 [ 553.004162][T16231] do_mbind+0x7dc/0xfd0 [ 553.004186][T16231] ? __pfx_do_mbind+0x10/0x10 [ 553.004204][T16231] ? ksys_write+0x190/0x250 [ 553.004218][T16231] ? ksys_write+0x190/0x250 [ 553.004241][T16231] ? __pfx_get_nodes+0x10/0x10 [ 553.004260][T16231] kernel_mbind+0x1b7/0x200 [ 553.004281][T16231] ? __pfx_kernel_mbind+0x10/0x10 [ 553.004305][T16231] do_syscall_64+0x106/0xf80 [ 553.004320][T16231] ? clear_bhb_loop+0x40/0x90 [ 553.004338][T16231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.004354][T16231] RIP: 0033:0x7f0c5f39c819 [ 553.004367][T16231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 553.004390][T16231] RSP: 002b:00007f0c602a0028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 553.004405][T16231] RAX: ffffffffffffffda RBX: 00007f0c5f615fa0 RCX: 00007f0c5f39c819 [ 553.004416][T16231] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 553.004425][T16231] RBP: 00007f0c5f432c91 R08: 0000002000000006 R09: 0000000000000002 [ 553.004434][T16231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 553.004443][T16231] R13: 00007f0c5f616038 R14: 00007f0c5f615fa0 R15: 00007ffd950b81b8 [ 553.004463][T16231] [ 553.890194][T16105] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 553.928315][T16105] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 553.970606][T16105] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 554.015872][T16105] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 554.270336][T16105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 554.380562][T16105] 8021q: adding VLAN 0 to HW filter on device team0 [ 554.414650][T11882] Bluetooth: hci0: command tx timeout [ 554.444503][ T6704] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.451596][ T6704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.522629][ T6704] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.529770][ T6704] bridge0: port 2(bridge_slave_1) entered forwarding state [ 554.700184][T16105] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 554.849483][T16285] FAULT_INJECTION: forcing a failure. [ 554.849483][T16285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 555.010643][T16285] CPU: 0 UID: 0 PID: 16285 Comm: syz.3.3576 Tainted: G U L syzkaller #0 PREEMPT(full) [ 555.010670][T16285] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 555.010676][T16285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 555.010685][T16285] Call Trace: [ 555.010690][T16285] [ 555.010697][T16285] dump_stack_lvl+0x100/0x190 [ 555.010724][T16285] should_fail_ex.cold+0x5/0xa [ 555.010743][T16285] _copy_to_user+0x32/0xd0 [ 555.010764][T16285] poll_select_finish+0x32f/0x670 [ 555.010780][T16285] ? __pfx_poll_select_finish+0x10/0x10 [ 555.010797][T16285] ? ktime_get_ts64+0x2d2/0x3f0 [ 555.010815][T16285] ? read_tsc+0x9/0x20 [ 555.010832][T16285] ? ktime_get_ts64+0x256/0x3f0 [ 555.010851][T16285] kern_select+0x21b/0x270 [ 555.010867][T16285] ? __pfx_kern_select+0x10/0x10 [ 555.010889][T16285] __x64_sys_select+0xbd/0x160 [ 555.010903][T16285] ? do_syscall_64+0x95/0xf80 [ 555.010918][T16285] ? lockdep_hardirqs_on+0x78/0x100 [ 555.010933][T16285] do_syscall_64+0x106/0xf80 [ 555.010947][T16285] ? clear_bhb_loop+0x40/0x90 [ 555.010964][T16285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.010980][T16285] RIP: 0033:0x7f391239c819 [ 555.010992][T16285] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 555.011007][T16285] RSP: 002b:00007f3913289028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 555.011021][T16285] RAX: ffffffffffffffda RBX: 00007f3912615fa0 RCX: 00007f391239c819 [ 555.011031][T16285] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 555.011040][T16285] RBP: 00007f3912432c91 R08: 00002000000001c0 R09: 0000000000000000 [ 555.011050][T16285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 555.011059][T16285] R13: 00007f3912616038 R14: 00007f3912615fa0 R15: 00007ffed10b6348 [ 555.011079][T16285] [ 555.697989][T16105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 555.814376][T16105] veth0_vlan: entered promiscuous mode [ 555.853648][T16105] veth1_vlan: entered promiscuous mode [ 555.942456][T16105] veth0_macvtap: entered promiscuous mode [ 555.995737][T16105] veth1_macvtap: entered promiscuous mode [ 556.075812][T16105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 556.169785][T16105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 556.256202][ T6704] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.274386][ T6704] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.387473][ T6704] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.429937][ T6704] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.496217][T11882] Bluetooth: hci0: command tx timeout [ 556.605169][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.612980][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 556.766518][ T175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.786105][ T175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 557.823920][T16291] FAULT_INJECTION: forcing a failure. [ 557.823920][T16291] name fail_futex, interval 1, probability 0, space 0, times 0 [ 557.900084][T16291] CPU: 0 UID: 0 PID: 16291 Comm: syz.3.3576 Tainted: G U L syzkaller #0 PREEMPT(full) [ 557.900110][T16291] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 557.900116][T16291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 557.900124][T16291] Call Trace: [ 557.900129][T16291] [ 557.900135][T16291] dump_stack_lvl+0x100/0x190 [ 557.900162][T16291] should_fail_ex.cold+0x5/0xa [ 557.900179][T16291] get_futex_key+0x295/0x1620 [ 557.900200][T16291] ? __pfx_get_futex_key+0x10/0x10 [ 557.900217][T16291] ? lock_acquire+0x1cf/0x380 [ 557.900243][T16291] futex_wake+0xea/0x530 [ 557.900267][T16291] ? __pfx_futex_wake+0x10/0x10 [ 557.900289][T16291] ? exit_mm_release+0x19/0x30 [ 557.900314][T16291] do_futex+0x32b/0x350 [ 557.900334][T16291] ? __pfx_do_futex+0x10/0x10 [ 557.900352][T16291] ? __might_fault+0xc5/0x140 [ 557.900379][T16291] mm_release+0x24a/0x2f0 [ 557.900394][T16291] do_exit+0x704/0x2b60 [ 557.900417][T16291] ? __pfx_do_exit+0x10/0x10 [ 557.900436][T16291] ? do_raw_spin_lock+0x128/0x260 [ 557.900458][T16291] ? find_held_lock+0x2b/0x80 [ 557.900472][T16291] ? get_signal+0x7e0/0x21e0 [ 557.900489][T16291] do_group_exit+0xd5/0x2a0 [ 557.900511][T16291] get_signal+0x1ec7/0x21e0 [ 557.900531][T16291] ? ksys_write+0x190/0x250 [ 557.900547][T16291] ? __pfx_get_signal+0x10/0x10 [ 557.900564][T16291] ? do_futex+0x192/0x350 [ 557.900585][T16291] arch_do_signal_or_restart+0x91/0x770 [ 557.900605][T16291] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 557.900629][T16291] ? __pfx___x64_sys_futex+0x10/0x10 [ 557.900653][T16291] exit_to_user_mode_loop+0x86/0x4a0 [ 557.900678][T16291] do_syscall_64+0x668/0xf80 [ 557.900693][T16291] ? clear_bhb_loop+0x40/0x90 [ 557.900711][T16291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.900726][T16291] RIP: 0033:0x7f391239c819 [ 557.900738][T16291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 557.900752][T16291] RSP: 002b:00007f39132680e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 557.900766][T16291] RAX: fffffffffffffe00 RBX: 00007f3912616098 RCX: 00007f391239c819 [ 557.900776][T16291] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3912616098 [ 557.900785][T16291] RBP: 00007f3912616090 R08: 0000000000000000 R09: 0000000000000000 [ 557.900794][T16291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.900802][T16291] R13: 00007f3912616128 R14: 00007ffed10b6260 R15: 00007ffed10b6348 [ 557.900825][T16291] [ 558.622998][ T29] audit: type=1400 audit(2147483672.577:9): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=16327 comm="syz.3.3581" [ 559.803536][T16364] bridge0: port 3(batadv0) entered blocking state [ 559.833179][T16364] bridge0: port 3(batadv0) entered disabled state [ 559.880998][T16364] batadv0: entered allmulticast mode [ 559.898607][T16338] [U] ^@ [ 559.924551][T16364] batadv0: entered promiscuous mode [ 559.933799][T16366] vcan0: tx drop: invalid da for name 0x000000000000efff [ 559.966448][T16364] bridge0: port 3(batadv0) entered blocking state [ 559.972970][T16364] bridge0: port 3(batadv0) entered forwarding state [ 560.337410][ T6709] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 560.347250][ T6709] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 562.170161][T16436] vcan0: tx drop: invalid da for name 0x000000000000efff [ 562.661505][T16423] [U] ^@ [ 562.664658][T16447] vcan0: tx drop: invalid da for name 0x000000000000efff [ 563.063447][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.071181][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.517210][T16473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3607'. [ 563.871998][T16456] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 563.878307][T16456] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 563.886911][T16456] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 563.901751][T16456] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 563.909353][T16456] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 563.917538][T16456] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 563.925775][T16456] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 563.932199][T16456] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 563.940777][T16456] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 563.950827][T16456] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 563.956890][T16456] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 563.965222][T16456] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 564.872711][T16481] [U] ^@ [ 565.221398][T11882] Bluetooth: hci4: command 0x0c1a tx timeout [ 565.308521][T16504] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 565.308521][T16504] The task syz.3.3614 (16504) triggered the difference, watch for misbehavior. [ 565.681947][T16509] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 565.853671][T16510] FAULT_INJECTION: forcing a failure. [ 565.853671][T16510] name failslab, interval 1, probability 0, space 0, times 0 [ 565.913790][T16510] CPU: 0 UID: 0 PID: 16510 Comm: syz.1.3616 Tainted: G U L syzkaller #0 PREEMPT(full) [ 565.913816][T16510] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 565.913821][T16510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 565.913830][T16510] Call Trace: [ 565.913835][T16510] [ 565.913840][T16510] dump_stack_lvl+0x100/0x190 [ 565.913867][T16510] should_fail_ex.cold+0x5/0xa [ 565.913885][T16510] should_failslab+0xc2/0x120 [ 565.913902][T16510] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 565.913925][T16510] ? mas_alloc_nodes+0x280/0x390 [ 565.913952][T16510] mas_alloc_nodes+0x280/0x390 [ 565.913976][T16510] mas_preallocate+0x39c/0xf10 [ 565.913995][T16510] ? __pfx_mas_preallocate+0x10/0x10 [ 565.914023][T16510] ? vm_area_alloc+0x1f/0x160 [ 565.914045][T16510] ? lockdep_init_map_type+0x5c/0x250 [ 565.914068][T16510] __mmap_region+0x12b5/0x29e0 [ 565.914094][T16510] ? __pfx___mmap_region+0x10/0x10 [ 565.914120][T16510] ? set_next_entity+0x11e/0x9c0 [ 565.914146][T16510] ? __lock_acquire+0x4a5/0x2630 [ 565.914164][T16510] ? find_held_lock+0x2b/0x80 [ 565.914187][T16510] ? find_held_lock+0x2b/0x80 [ 565.914201][T16510] ? finish_task_switch.isra.0+0x200/0xb80 [ 565.914217][T16510] ? finish_task_switch.isra.0+0x200/0xb80 [ 565.914241][T16510] ? trace_sched_exit_tp+0x13a/0x180 [ 565.914260][T16510] ? __schedule+0x1000/0x6120 [ 565.914309][T16510] ? rcu_is_watching+0x12/0xc0 [ 565.914332][T16510] ? cap_capable+0x107/0x460 [ 565.914351][T16510] mmap_region+0x180/0x3e0 [ 565.914376][T16510] do_mmap+0xc63/0x12f0 [ 565.914397][T16510] ? __pfx_do_mmap+0x10/0x10 [ 565.914414][T16510] ? __pfx_down_write_killable+0x10/0x10 [ 565.914436][T16510] vm_mmap_pgoff+0x29e/0x470 [ 565.914457][T16510] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 565.914476][T16510] ? do_futex+0x192/0x350 [ 565.914497][T16510] ? __pfx_do_futex+0x10/0x10 [ 565.914520][T16510] ksys_mmap_pgoff+0xe1/0x650 [ 565.914536][T16510] ? __x64_sys_futex+0x34f/0x4d0 [ 565.914554][T16510] ? __x64_sys_futex+0x358/0x4d0 [ 565.914574][T16510] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 565.914591][T16510] ? xfd_validate_state+0x129/0x190 [ 565.914616][T16510] __x64_sys_mmap+0x125/0x190 [ 565.914641][T16510] do_syscall_64+0x106/0xf80 [ 565.914655][T16510] ? clear_bhb_loop+0x40/0x90 [ 565.914673][T16510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.914688][T16510] RIP: 0033:0x7f318779c819 [ 565.914701][T16510] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 565.914715][T16510] RSP: 002b:00007f3188575028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 565.914730][T16510] RAX: ffffffffffffffda RBX: 00007f3187a16090 RCX: 00007f318779c819 [ 565.914740][T16510] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000 [ 565.914748][T16510] RBP: 00007f3187832c91 R08: 0000000000000007 R09: 0000000000028000 [ 565.914757][T16510] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 565.914765][T16510] R13: 00007f3187a16128 R14: 00007f3187a16090 R15: 00007ffc224efb28 [ 565.914784][T16510] [ 566.263208][T11882] Bluetooth: hci2: command 0x0c1a tx timeout [ 566.269772][T11882] Bluetooth: hci1: command 0x0c1a tx timeout [ 566.275775][T11882] Bluetooth: hci0: command 0x0c1a tx timeout [ 566.353937][T16520] Invalid ELF header magic: != ELF [ 566.758054][T16531] program syz.3.3622 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 567.299521][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 567.520816][T16534] [U] ^@ [ 568.340942][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 568.346978][T11882] Bluetooth: hci1: command 0x0c1a tx timeout [ 568.354283][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 568.380378][T16559] FAULT_INJECTION: forcing a failure. [ 568.380378][T16559] name failslab, interval 1, probability 0, space 0, times 0 [ 568.447099][T16559] CPU: 0 UID: 0 PID: 16559 Comm: syz.2.3629 Tainted: G U L syzkaller #0 PREEMPT(full) [ 568.447125][T16559] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 568.447131][T16559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 568.447141][T16559] Call Trace: [ 568.447146][T16559] [ 568.447152][T16559] dump_stack_lvl+0x100/0x190 [ 568.447179][T16559] should_fail_ex.cold+0x5/0xa [ 568.447198][T16559] should_failslab+0xc2/0x120 [ 568.447215][T16559] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 568.447238][T16559] ? ext4_alloc_io_end_vec+0x2b/0x1c0 [ 568.447258][T16559] ext4_alloc_io_end_vec+0x2b/0x1c0 [ 568.447277][T16559] ext4_do_writepages+0x1772/0x3f50 [ 568.447301][T16559] ? find_held_lock+0x2b/0x80 [ 568.447326][T16559] ? __pfx_ext4_do_writepages+0x10/0x10 [ 568.447357][T16559] ? ext4_writepages+0x347/0x790 [ 568.447377][T16559] ext4_writepages+0x347/0x790 [ 568.447398][T16559] ? __pfx_ext4_writepages+0x10/0x10 [ 568.447425][T16559] ? do_writepages+0x4b5/0x600 [ 568.447443][T16559] ? do_writepages+0x4b5/0x600 [ 568.447462][T16559] ? __pfx_ext4_writepages+0x10/0x10 [ 568.447484][T16559] do_writepages+0x278/0x600 [ 568.447504][T16559] ? __pfx_do_writepages+0x10/0x10 [ 568.447521][T16559] ? do_raw_spin_unlock+0x145/0x1e0 [ 568.447543][T16559] ? _raw_spin_unlock+0x28/0x50 [ 568.447567][T16559] filemap_writeback+0x22d/0x2e0 [ 568.447586][T16559] ? __pfx_filemap_writeback+0x10/0x10 [ 568.447627][T16559] ? mt_find+0x45e/0x8e0 [ 568.447645][T16559] ? __pfx_mt_find+0x10/0x10 [ 568.447663][T16559] file_write_and_wait_range+0xcd/0x140 [ 568.447686][T16559] ext4_sync_file+0x358/0xbc0 [ 568.447708][T16559] ? __pfx_ext4_sync_file+0x10/0x10 [ 568.447727][T16559] ? __up_read+0x260/0x700 [ 568.447749][T16559] ? __pfx___up_read+0x10/0x10 [ 568.447776][T16559] ? __do_sys_msync+0x39b/0x590 [ 568.447801][T16559] ? __pfx_ext4_sync_file+0x10/0x10 [ 568.447819][T16559] vfs_fsync_range+0x9b/0x190 [ 568.447839][T16559] __do_sys_msync+0x3ca/0x590 [ 568.447865][T16559] do_syscall_64+0x106/0xf80 [ 568.447880][T16559] ? clear_bhb_loop+0x40/0x90 [ 568.447898][T16559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.447913][T16559] RIP: 0033:0x7f0c5f39c819 [ 568.447927][T16559] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 568.447941][T16559] RSP: 002b:00007f0c602a0028 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 568.447956][T16559] RAX: ffffffffffffffda RBX: 00007f0c5f615fa0 RCX: 00007f0c5f39c819 [ 568.447966][T16559] RDX: 0000000000000006 RSI: 0000002000000005 RDI: 0000000000200000 [ 568.447976][T16559] RBP: 00007f0c5f432c91 R08: 0000000000000000 R09: 0000000000000000 [ 568.447985][T16559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 568.447994][T16559] R13: 00007f0c5f616038 R14: 00007f0c5f615fa0 R15: 00007ffd950b81b8 [ 568.448014][T16559] [ 568.779820][T16561] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3629'. [ 569.052751][ T5837] Bluetooth: hci4: unexpected event 0x20 length: 219 > 7 [ 569.389740][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 570.421079][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 570.427151][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 570.433191][T11882] Bluetooth: hci1: command 0x0c1a tx timeout [ 570.667571][T16582] [U] ^@ [ 570.689178][T16593] program syz.3.3635 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 571.117114][ T29] audit: type=1807 audit(2147483685.090:10): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 571.160914][T16592] FAULT_INJECTION: forcing a failure. [ 571.160914][T16592] name failslab, interval 1, probability 0, space 0, times 0 [ 571.177221][T16586] ima: policy update failed [ 571.187725][ T29] audit: type=1802 audit(2147483685.110:11): pid=16593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.3635" res=0 errno=0 [ 571.245454][T16592] CPU: 0 UID: 0 PID: 16592 Comm: syz.0.3636 Tainted: G U L syzkaller #0 PREEMPT(full) [ 571.245485][T16592] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 571.245492][T16592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 571.245501][T16592] Call Trace: [ 571.245506][T16592] [ 571.245512][T16592] dump_stack_lvl+0x100/0x190 [ 571.245540][T16592] should_fail_ex.cold+0x5/0xa [ 571.245559][T16592] should_failslab+0xc2/0x120 [ 571.245576][T16592] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 571.245598][T16592] ? security_inode_alloc+0x3b/0x2c0 [ 571.245615][T16592] ? lockdep_init_map_type+0x5c/0x250 [ 571.245638][T16592] security_inode_alloc+0x3b/0x2c0 [ 571.245655][T16592] inode_init_always_gfp+0xced/0x1040 [ 571.245675][T16592] alloc_inode+0x8e/0x250 [ 571.245694][T16592] new_inode+0x22/0x1c0 [ 571.245716][T16592] shmem_get_inode+0x212/0x1040 [ 571.245738][T16592] ? __pfx_shmem_get_inode+0x10/0x10 [ 571.245757][T16592] ? rcu_is_watching+0x12/0xc0 [ 571.245778][T16592] ? percpu_counter_add_batch+0xb9/0x230 [ 571.245803][T16592] __shmem_file_setup+0x3ac/0x490 [ 571.245825][T16592] ? __pfx___shmem_file_setup+0x10/0x10 [ 571.245848][T16592] ? vm_area_alloc+0x1f/0x160 [ 571.245871][T16592] shmem_zero_setup+0x96/0x1b0 [ 571.245886][T16592] __mmap_region+0x2198/0x29e0 [ 571.245911][T16592] ? __pfx___mmap_region+0x10/0x10 [ 571.245938][T16592] ? set_next_entity+0x11e/0x9c0 [ 571.245963][T16592] ? __lock_acquire+0x4a5/0x2630 [ 571.245981][T16592] ? find_held_lock+0x2b/0x80 [ 571.246003][T16592] ? find_held_lock+0x2b/0x80 [ 571.246017][T16592] ? finish_task_switch.isra.0+0x200/0xb80 [ 571.246034][T16592] ? finish_task_switch.isra.0+0x200/0xb80 [ 571.246057][T16592] ? trace_sched_exit_tp+0x13a/0x180 [ 571.246075][T16592] ? __schedule+0x1000/0x6120 [ 571.246122][T16592] ? rcu_is_watching+0x12/0xc0 [ 571.246144][T16592] ? cap_capable+0x107/0x460 [ 571.246162][T16592] mmap_region+0x180/0x3e0 [ 571.246188][T16592] do_mmap+0xc63/0x12f0 [ 571.246209][T16592] ? __pfx_do_mmap+0x10/0x10 [ 571.246226][T16592] ? __pfx_down_write_killable+0x10/0x10 [ 571.246248][T16592] vm_mmap_pgoff+0x29e/0x470 [ 571.246268][T16592] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 571.246287][T16592] ? do_futex+0x192/0x350 [ 571.246307][T16592] ? __pfx_do_futex+0x10/0x10 [ 571.246329][T16592] ksys_mmap_pgoff+0xe1/0x650 [ 571.246346][T16592] ? __x64_sys_futex+0x34f/0x4d0 [ 571.246364][T16592] ? __x64_sys_futex+0x358/0x4d0 [ 571.246383][T16592] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 571.246400][T16592] ? xfd_validate_state+0x129/0x190 [ 571.246425][T16592] __x64_sys_mmap+0x125/0x190 [ 571.246448][T16592] do_syscall_64+0x106/0xf80 [ 571.246463][T16592] ? clear_bhb_loop+0x40/0x90 [ 571.246495][T16592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.246511][T16592] RIP: 0033:0x7f9992b9c819 [ 571.246525][T16592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.246540][T16592] RSP: 002b:00007f9990db4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 571.246554][T16592] RAX: ffffffffffffffda RBX: 00007f9992e16180 RCX: 00007f9992b9c819 [ 571.246564][T16592] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 571.246573][T16592] RBP: 00007f9992c32c91 R08: fffffffffffffffa R09: 0000000000008000 [ 571.246582][T16592] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 571.246590][T16592] R13: 00007f9992e16218 R14: 00007f9992e16180 R15: 00007ffc38f20bf8 [ 571.246611][T16592] [ 571.960354][ T29] audit: type=1802 audit(2147483685.160:12): pid=16586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.3635" res=0 errno=0 [ 574.743229][T16617] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3642'. [ 576.950516][T16681] sp0: Synchronizing with TNC [ 577.534983][T16692] vcan0: tx drop: invalid da for name 0x000000000000efff [ 577.755472][T16701] netlink: 'syz.2.3664': attribute type 1 has an invalid length. [ 577.867658][T16703] netlink: 504 bytes leftover after parsing attributes in process `syz.2.3665'. [ 577.890765][T16703] netlink: 350 bytes leftover after parsing attributes in process `syz.2.3665'. [ 579.992794][ T51] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 580.013061][T16720] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 581.882243][T16750] block2mtd: illegal erase size [ 581.961958][T16750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3676'. [ 584.073328][ T175] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.200646][T16774] input: jJǸ-9%vJ86 as /devices/virtual/input/input41 [ 584.300531][T16792] nbd: must specify a device to reconfigure [ 586.159053][T16828] ubi0: attaching mtd0 [ 586.164278][T16828] ubi0: scanning is finished [ 586.203786][T16828] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 586.444190][T16828] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 588.118311][T16900] zswap: compressor not available [ 588.695390][T16929] zswap: compressor not available [ 589.295029][T16952] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3723'. [ 589.642091][T16952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 589.801193][T16952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 589.918438][T16952] bond0 (unregistering): Released all slaves [ 590.250307][T16969] netlink: 'syz.1.3727': attribute type 33 has an invalid length. [ 590.668815][T16971] zswap: compressor not available [ 590.837068][ T29] audit: type=1800 audit(2147483704.801:13): pid=16978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3730" name="dbroot" dev="configfs" ino=69654 res=0 errno=0 [ 593.433472][T17010] FAULT_INJECTION: forcing a failure. [ 593.433472][T17010] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 593.762720][T17010] CPU: 0 UID: 0 PID: 17010 Comm: syz.3.3738 Tainted: G U L syzkaller #0 PREEMPT(full) [ 593.762748][T17010] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 593.762754][T17010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 593.762763][T17010] Call Trace: [ 593.762768][T17010] [ 593.762774][T17010] dump_stack_lvl+0x100/0x190 [ 593.762801][T17010] should_fail_ex.cold+0x5/0xa [ 593.762821][T17010] _copy_from_user+0x2e/0xd0 [ 593.762841][T17010] snd_seq_oss_write+0x395/0x7f0 [ 593.762867][T17010] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 593.762890][T17010] ? apparmor_file_permission+0x13f/0x1c0 [ 593.762910][T17010] ? bpf_lsm_file_permission+0x9/0x10 [ 593.762928][T17010] odev_write+0x51/0xa0 [ 593.762945][T17010] vfs_write+0x2aa/0x1070 [ 593.762960][T17010] ? __pfx_odev_write+0x10/0x10 [ 593.762979][T17010] ? __pfx_vfs_write+0x10/0x10 [ 593.762991][T17010] ? find_held_lock+0x2b/0x80 [ 593.763006][T17010] ? __fget_files+0x215/0x3d0 [ 593.763020][T17010] ? __fget_files+0x215/0x3d0 [ 593.763037][T17010] ? __fget_files+0x21f/0x3d0 [ 593.763056][T17010] ksys_write+0x12a/0x250 [ 593.763071][T17010] ? __pfx_ksys_write+0x10/0x10 [ 593.763090][T17010] do_syscall_64+0x106/0xf80 [ 593.763106][T17010] ? clear_bhb_loop+0x40/0x90 [ 593.763124][T17010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.763139][T17010] RIP: 0033:0x7f391239c819 [ 593.763152][T17010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 593.763166][T17010] RSP: 002b:00007f3913289028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 593.763180][T17010] RAX: ffffffffffffffda RBX: 00007f3912615fa0 RCX: 00007f391239c819 [ 593.763190][T17010] RDX: 00000000000002f8 RSI: 0000200000000040 RDI: 0000000000000007 [ 593.763199][T17010] RBP: 00007f3912432c91 R08: 0000000000000000 R09: 0000000000000000 [ 593.763207][T17010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.763216][T17010] R13: 00007f3912616038 R14: 00007f3912615fa0 R15: 00007ffed10b6348 [ 593.763242][T17010] [ 593.976822][ C0] hrtimer: interrupt took 204085884 ns [ 594.263043][T17016] [U] [ 594.265762][T17016] [U] [ 594.268432][T17016] [U] [ 594.271097][T17016] [U] [ 594.349106][T17016] [U] [ 594.351804][T17016] [U] [ 594.354472][T17016] [U] [ 594.357140][T17016] [U] [ 594.409409][T17016] [U] [ 594.412103][T17016] [U] [ 594.414785][T17016] [U] [ 594.417455][T17016] [U] [ 594.440647][T17016] [U] [ 594.443338][T17016] [U] [ 594.446006][T17016] [U] [ 594.448676][T17016] [U] [ 594.530605][T17016] [U] [ 594.533301][T17016] [U] [ 594.535973][T17016] [U] [ 594.538663][T17016] [U] [ 594.583715][T17016] [U] [ 594.586411][T17016] [U] [ 594.589081][T17016] [U] [ 594.591752][T17016] [U] [ 594.652360][T17016] [U] [ 594.655057][T17016] [U] [ 594.657750][T17016] [U] [ 594.660420][T17016] [U] [ 594.738923][T17016] [U] [ 594.741619][T17016] [U] [ 594.744290][T17016] [U] [ 594.746960][T17016] [U] [ 594.858145][T17016] [U] [ 594.860850][T17016] [U] [ 594.863538][T17016] [U] [ 594.866205][T17016] [U] [ 595.040707][T17016] [U] [ 595.043415][T17016] [U] [ 595.046083][T17016] [U] [ 595.048759][T17016] [U] [ 595.108546][T17016] [U] [ 595.111246][T17016] [U] [ 595.113913][T17016] [U] [ 595.116578][T17016] [U] [ 595.414074][T17016] [U] [ 595.416786][T17016] [U] [ 595.419455][T17016] [U] [ 595.422123][T17016] [U] [ 595.522518][T17016] [U] [ 595.783330][T17028] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3741'. [ 595.870905][T17028] FAULT_INJECTION: forcing a failure. [ 595.870905][T17028] name failslab, interval 1, probability 0, space 0, times 0 [ 595.931603][T17028] CPU: 0 UID: 0 PID: 17028 Comm: syz.1.3741 Tainted: G U L syzkaller #0 PREEMPT(full) [ 595.931630][T17028] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 595.931636][T17028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 595.931645][T17028] Call Trace: [ 595.931650][T17028] [ 595.931656][T17028] dump_stack_lvl+0x100/0x190 [ 595.931684][T17028] should_fail_ex.cold+0x5/0xa [ 595.931702][T17028] ? lsm_blob_alloc+0x68/0x90 [ 595.931724][T17028] should_failslab+0xc2/0x120 [ 595.931741][T17028] __kmalloc_noprof+0xe0/0x850 [ 595.931763][T17028] ? trace_kmalloc+0x101/0x130 [ 595.931783][T17028] lsm_blob_alloc+0x68/0x90 [ 595.931806][T17028] security_sk_alloc+0x2d/0x290 [ 595.931823][T17028] sk_prot_alloc+0x12a/0x2a0 [ 595.931842][T17028] sk_alloc+0x36/0xe80 [ 595.931866][T17028] __netlink_create+0x5e/0x2c0 [ 595.931888][T17028] ? __wake_up+0x3f/0x60 [ 595.931906][T17028] netlink_create+0x293/0x610 [ 595.931927][T17028] ? __pfx_genl_bind+0x10/0x10 [ 595.931943][T17028] ? __pfx_genl_unbind+0x10/0x10 [ 595.931957][T17028] ? __pfx_genl_release+0x10/0x10 [ 595.931976][T17028] __sock_create+0x339/0x860 [ 595.931998][T17028] __sys_socket+0x14d/0x260 [ 595.932016][T17028] ? __pfx___sys_socket+0x10/0x10 [ 595.932049][T17028] __x64_sys_socket+0x72/0xb0 [ 595.932068][T17028] ? lockdep_hardirqs_on+0x78/0x100 [ 595.932084][T17028] do_syscall_64+0x106/0xf80 [ 595.932098][T17028] ? clear_bhb_loop+0x40/0x90 [ 595.932117][T17028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.932133][T17028] RIP: 0033:0x7f318779c819 [ 595.932146][T17028] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 595.932160][T17028] RSP: 002b:00007f3188596028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 595.932174][T17028] RAX: ffffffffffffffda RBX: 00007f3187a15fa0 RCX: 00007f318779c819 [ 595.932185][T17028] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 595.932194][T17028] RBP: 00007f3187832c91 R08: 0000000000000000 R09: 0000000000000000 [ 595.932204][T17028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.932213][T17028] R13: 00007f3187a16038 R14: 00007f3187a15fa0 R15: 00007ffc224efb28 [ 595.932232][T17028] [ 596.231927][T17038] zswap: compressor not available [ 597.706149][T17096] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3755'. [ 597.785308][T17096] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 597.875750][T17096] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 597.950705][T17096] bond0 (unregistering): Released all slaves [ 598.615737][T17111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3757'. [ 599.361547][T17130] zswap: compressor not available [ 601.081312][T17178] FAULT_INJECTION: forcing a failure. [ 601.081312][T17178] name failslab, interval 1, probability 0, space 0, times 0 [ 601.141799][T17178] CPU: 0 UID: 0 PID: 17178 Comm: syz.2.3772 Tainted: G U L syzkaller #0 PREEMPT(full) [ 601.141825][T17178] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 601.141830][T17178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 601.141839][T17178] Call Trace: [ 601.141844][T17178] [ 601.141850][T17178] dump_stack_lvl+0x100/0x190 [ 601.141877][T17178] should_fail_ex.cold+0x5/0xa [ 601.141895][T17178] ? tomoyo_realpath_from_path+0xb6/0x690 [ 601.141917][T17178] should_failslab+0xc2/0x120 [ 601.141934][T17178] __kmalloc_noprof+0xe0/0x850 [ 601.141961][T17178] tomoyo_realpath_from_path+0xb6/0x690 [ 601.141990][T17178] tomoyo_path_number_perm+0x23c/0x580 [ 601.142007][T17178] ? tomoyo_path_number_perm+0x22e/0x580 [ 601.142027][T17178] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 601.142063][T17178] ? find_held_lock+0x2b/0x80 [ 601.142078][T17178] ? __fget_files+0x215/0x3d0 [ 601.142092][T17178] ? hook_file_ioctl_common+0x146/0x410 [ 601.142115][T17178] ? __fget_files+0x21f/0x3d0 [ 601.142132][T17178] security_file_ioctl+0xd3/0x230 [ 601.142151][T17178] __x64_sys_ioctl+0xb7/0x210 [ 601.142176][T17178] do_syscall_64+0x106/0xf80 [ 601.142191][T17178] ? clear_bhb_loop+0x40/0x90 [ 601.142209][T17178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.142224][T17178] RIP: 0033:0x7f0c5f39c819 [ 601.142237][T17178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 601.142251][T17178] RSP: 002b:00007f0c6027f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 601.142265][T17178] RAX: ffffffffffffffda RBX: 00007f0c5f616090 RCX: 00007f0c5f39c819 [ 601.142275][T17178] RDX: 0000000000000000 RSI: 0000000040086201 RDI: 0000000000000003 [ 601.142283][T17178] RBP: 00007f0c6027f090 R08: 0000000000000000 R09: 0000000000000000 [ 601.142292][T17178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.142300][T17178] R13: 00007f0c5f616128 R14: 00007f0c5f616090 R15: 00007ffd950b81b8 [ 601.142319][T17178] [ 601.142343][T17178] ERROR: Out of memory at tomoyo_realpath_from_path. [ 603.055919][T17202] syz.2.3779 (17202): /proc/17201/oom_adj is deprecated, please use /proc/17201/oom_score_adj instead. [ 603.396490][ T29] audit: type=1800 audit(2147483717.354:14): pid=17205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3780" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 604.585971][T17216] [U] [ 604.588680][T17216] [U] [ 604.591350][T17216] [U] [ 604.594016][T17216] [U] [ 605.368707][T17216] [U] [ 605.371669][T17216] [U] [ 605.374338][T17216] [U] [ 605.377002][T17216] [U] [ 605.948895][T17216] [U] [ 605.951606][T17216] [U] [ 605.954276][T17216] [U] [ 605.956945][T17216] [U] [ 606.081381][T17216] [U] [ 606.084088][T17216] [U] [ 606.086758][T17216] [U] [ 606.089424][T17216] [U] [ 606.231866][T17216] [U] [ 606.850085][T17247] netlink: 'syz.2.3789': attribute type 9 has an invalid length. [ 606.909305][T17247] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3789'. [ 608.640518][T17324] random: crng reseeded on system resumption [ 608.728418][T17325] sd 0:0:1:0: PR command failed: 1026 [ 608.765353][T17325] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 608.937461][T17325] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 609.763030][T17334] input: jJǸ-9%vJ86 as /devices/virtual/input/input45 [ 610.558342][ T29] audit: type=1800 audit(2147483724.511:15): pid=17364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3813" name="lu_gp_id" dev="configfs" ino=71794 res=0 errno=0 [ 611.201480][T17378] [U] [ 611.204197][T17378] [U] [ 611.206867][T17378] [U] [ 611.209538][T17378] [U] [ 611.731840][T17378] [U] [ 611.734550][T17378] [U] [ 611.737222][T17378] [U] [ 611.739911][T17378] [U] [ 612.674289][T17378] [U] [ 612.677002][T17378] [U] [ 612.679675][T17378] [U] [ 612.682350][T17378] [U] [ 613.613735][T17378] [U] [ 614.254665][T17419] zram: Added device: zram2 [ 614.346883][T17421] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 614.625163][ T5833] ================================================================== [ 614.625184][ T5833] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 614.625213][ T5833] Write of size 8 at addr ffffc900041e9be0 by task kworker/0:3/5833 [ 614.625225][ T5833] [ 614.625234][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/0:3 Tainted: G U L syzkaller #0 PREEMPT(full) [ 614.625257][ T5833] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 614.625262][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 614.625275][ T5833] Workqueue: events_power_efficient fb_flashcursor [ 614.625293][ T5833] Call Trace: [ 614.625298][ T5833] [ 614.625303][ T5833] dump_stack_lvl+0x100/0x190 [ 614.625325][ T5833] print_report+0x156/0x4c9 [ 614.625346][ T5833] ? _raw_spin_lock_irqsave+0x52/0x60 [ 614.625368][ T5833] ? __virt_addr_valid+0x81/0x620 [ 614.625392][ T5833] ? sys_imageblit+0x19fb/0x1d60 [ 614.625413][ T5833] kasan_report+0xdf/0x1e0 [ 614.625429][ T5833] ? sys_imageblit+0x19fb/0x1d60 [ 614.625453][ T5833] sys_imageblit+0x19fb/0x1d60 [ 614.625477][ T5833] ? __pfx_sys_imageblit+0x10/0x10 [ 614.625502][ T5833] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 614.625521][ T5833] soft_cursor+0x524/0xa10 [ 614.625542][ T5833] bit_cursor+0xe58/0x16f0 [ 614.625562][ T5833] ? __pfx_bit_cursor+0x10/0x10 [ 614.625583][ T5833] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 614.625599][ T5833] ? get_color+0x1da/0x450 [ 614.625614][ T5833] ? __pfx_bit_cursor+0x10/0x10 [ 614.625631][ T5833] fb_flashcursor+0x338/0x430 [ 614.625647][ T5833] process_one_work+0xa23/0x19a0 [ 614.625672][ T5833] ? __pfx_process_one_work+0x10/0x10 [ 614.625695][ T5833] ? __pfx_fb_flashcursor+0x10/0x10 [ 614.625711][ T5833] worker_thread+0x5ef/0xe50 [ 614.625735][ T5833] ? kthread+0x13a/0x450 [ 614.625754][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 614.625774][ T5833] kthread+0x370/0x450 [ 614.625792][ T5833] ? __pfx_kthread+0x10/0x10 [ 614.625812][ T5833] ret_from_fork+0x754/0xd80 [ 614.625834][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 614.625856][ T5833] ? __switch_to+0x7b4/0x1120 [ 614.625872][ T5833] ? __pfx_kthread+0x10/0x10 [ 614.625892][ T5833] ret_from_fork_asm+0x1a/0x30 [ 614.625912][ T5833] [ 614.625917][ T5833] [ 614.625921][ T5833] The buggy address belongs to a vmalloc virtual mapping [ 614.625930][ T5833] Memory state around the buggy address: [ 614.625938][ T5833] ffffc900041e9a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 614.625951][ T5833] ffffc900041e9b00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 614.625961][ T5833] >ffffc900041e9b80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 614.625968][ T5833] ^ [ 614.625976][ T5833] ffffc900041e9c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 614.625986][ T5833] ffffc900041e9c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 614.625993][ T5833] ================================================================== [ 614.626019][ T5833] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 614.626029][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/0:3 Tainted: G U L syzkaller #0 PREEMPT(full) [ 614.626050][ T5833] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 614.626056][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 614.626065][ T5833] Workqueue: events_power_efficient fb_flashcursor [ 614.626081][ T5833] Call Trace: [ 614.626085][ T5833] [ 614.626090][ T5833] dump_stack_lvl+0x100/0x190 [ 614.626111][ T5833] vpanic+0x552/0x970 [ 614.626125][ T5833] ? __pfx_vpanic+0x10/0x10 [ 614.626139][ T5833] ? mark_held_locks+0x40/0x70 [ 614.626164][ T5833] ? sys_imageblit+0x19fb/0x1d60 [ 614.626185][ T5833] panic+0xd1/0xe0 [ 614.626198][ T5833] ? __pfx_panic+0x10/0x10 [ 614.626214][ T5833] ? check_panic_on_warn+0x1f/0x90 [ 614.626236][ T5833] check_panic_on_warn.cold+0x19/0x34 [ 614.626252][ T5833] end_report.part.0+0x3a/0x90 [ 614.626271][ T5833] kasan_report.cold+0xe/0x18 [ 614.626292][ T5833] ? sys_imageblit+0x19fb/0x1d60 [ 614.626315][ T5833] sys_imageblit+0x19fb/0x1d60 [ 614.626340][ T5833] ? __pfx_sys_imageblit+0x10/0x10 [ 614.626365][ T5833] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 614.626382][ T5833] soft_cursor+0x524/0xa10 [ 614.626403][ T5833] bit_cursor+0xe58/0x16f0 [ 614.626424][ T5833] ? __pfx_bit_cursor+0x10/0x10 [ 614.626445][ T5833] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 614.626460][ T5833] ? get_color+0x1da/0x450 [ 614.626475][ T5833] ? __pfx_bit_cursor+0x10/0x10 [ 614.626493][ T5833] fb_flashcursor+0x338/0x430 [ 614.626509][ T5833] process_one_work+0xa23/0x19a0 [ 614.626533][ T5833] ? __pfx_process_one_work+0x10/0x10 [ 614.626556][ T5833] ? __pfx_fb_flashcursor+0x10/0x10 [ 614.626572][ T5833] worker_thread+0x5ef/0xe50 [ 614.626596][ T5833] ? kthread+0x13a/0x450 [ 614.626614][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 614.626634][ T5833] kthread+0x370/0x450 [ 614.626653][ T5833] ? __pfx_kthread+0x10/0x10 [ 614.626672][ T5833] ret_from_fork+0x754/0xd80 [ 614.626694][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 614.626716][ T5833] ? __switch_to+0x7b4/0x1120 [ 614.626732][ T5833] ? __pfx_kthread+0x10/0x10 [ 614.626752][ T5833] ret_from_fork_asm+0x1a/0x30 [ 614.626772][ T5833] [ 614.626818][ T5833] Kernel Offset: disabled