last executing test programs: 12.157235197s ago: executing program 1 (id=475): setsockopt$auto_SO_PEEK_OFF(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000040)='/dev/ptp0\x00', 0x1f8) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r1, 0x4068aea3, &(0x7f0000000040)={0xc9}) mmap$auto(0x80000001, 0x8000000000000000, 0x0, 0x16, r0, 0xe076) 11.90164319s ago: executing program 1 (id=476): unshare$auto(0x40000080) r0 = socket(0x9, 0x4, 0xffffffff) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r0, 0x7ffe) (async) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r0, 0x7ffe) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/machinecheck/machinecheck0/cmci_disabled\x00', 0x2062, 0x0) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/machinecheck/machinecheck0/cmci_disabled\x00', 0x2062, 0x0) sendfile$auto(r2, r1, 0x0, 0x800) prctl$auto(0xd560, 0x1, 0x0, 0x1, 0xfffffffffffffffe) (async) r3 = prctl$auto(0xd560, 0x1, 0x0, 0x1, 0xfffffffffffffffe) r4 = openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/tracing/uprobe_profile\x00', 0x201, 0x0) write$auto(r4, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x120000a3d9) (async) write$auto(r4, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x120000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) close_range$auto(0x2, r3, 0x401) (async) close_range$auto(0x2, r3, 0x401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) poll$auto(&(0x7f0000000180)={r5, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r6, 0xaf01, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) (async) r7 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) ioctl$auto_UBI_IOCDET(r7, 0x40046f41, 0x0) (async) ioctl$auto_UBI_IOCDET(r7, 0x40046f41, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2) ioctl$auto_VHOST_SET_LOG_FD2(r5, 0x4004af07, &(0x7f00000003c0)) (async) ioctl$auto_VHOST_SET_LOG_FD2(r5, 0x4004af07, &(0x7f00000003c0)) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x2) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/idVendor\x00', 0x80000, 0x0) splice$auto(r8, &(0x7f0000000040)=0x7, r7, &(0x7f0000000080)=0x4, 0x26c4, 0x895) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0xfdd5, 0xd, 0x378, 0x9) 10.776346126s ago: executing program 1 (id=484): close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/peer_notif_delay\x00', 0x68880, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto(r0, 0x0, 0x3) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) r1 = socket(0x2, 0xa, 0x1) r2 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r1, 0x10000, 0xffffffffffffffff}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003040), r4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000000340)={0x28, r5, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x20008800) mmap$auto(0x0, 0x2009, 0xfffffffffffffffa, 0x8000200008011, r2, 0x8000) setsockopt$auto_SO_REUSEPORT(r3, 0x904, 0xf, &(0x7f0000000000)='#)$}]\x00', 0x71c) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) 10.635473307s ago: executing program 1 (id=486): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535"}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x10001, 0x1, 0x9, 0xc4, 0x9bc, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x5, 0x401, 0x4, 0x0, 0xa0, 0x5, 0x2, 0x9, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb78, 0x100000000, 0x3, 0x7, 0x7fffffffffffffff, 0x1, 0xd, 0x3, 0x71, 0x0, 0x8, 0x2, 0x3, 0xffffffffffffffbb, 0x2d7, 0x1, 0x5a, 0x6, 0x2, 0x800000000, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0x9, 0x3ff, 0x8, 0x7, 0xffff, 0x50ce0883, 0x3d9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x7, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x2, 0x6, 0x1, 0x3, 0x3, 0xfffffffffffff16a, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x6, 0x4, 0x2, 0x3, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x2, 0x2, 0x45f3, 0x2e1, 0x0, 0x4, 0x0, 0x8001, 0x0, 0x1, 0x7, 0xcf4, 0x1, 0x3, 0x0, 0x4, 0x6, 0x9, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x8, 0x9, 0xfffffffffffffffb, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x0, 0x1, 0x9, 0x210001, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x3], {0x9, 0x3, 0x6, 0x0, 0x4, 0x895, 0x3fdc, 0x6, 0x5}, {0x2, 0x1d11, 0x54ed, 0x0, 0x101, 0xff, 0x7, 0xa, 0xb}}) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="000329bd7000fedbdf250900000008000c000100008008000300", @ANYRES32, @ANYBLOB="08002c000001000008001d"], 0x3c}, 0x1, 0x0, 0x0, 0x20000828}, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x20004884) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x3}, 0x3ef3}, 0x3, 0x0) recvmmsg$auto(0x3, 0x0, 0xfffe, 0x10000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="0100"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r3, @ANYBLOB="18000000", @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r2, &(0x7f0000000000)='-\x00', 0x30) socket$nl_generic(0x10, 0x3, 0x10) timerfd_create$auto(0x9, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/rose3/statistics/tx_bytes\x00', 0x200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000003800)=""/168, 0xa8) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) 9.643364313s ago: executing program 1 (id=491): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x6) ioprio_set$auto(0x1, 0xee01, 0x0) r0 = socket(0x11, 0x2, 0x2) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket(0x2, 0x2, 0x5) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/034/001\x00', 0x201, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) truncate$auto(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x6) listxattr$auto(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) close_range$auto(r0, r1, 0x91) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x161401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) socket(0x2b, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x30d540, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy1/net/wpan1/queues/tx-0/byte_queue_limits/stall_thrs\x00', 0x182b02, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x22902, 0x0) 9.005291422s ago: executing program 1 (id=493): r0 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1\x00', 0x20401, 0x0) (async) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x4604, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x4604, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x4, 0xeb1, 0xffffffffffffffff, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/cad_pid\x00', 0x242, 0x0) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/cad_pid\x00', 0x242, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000040)) write$auto(r2, 0x0, 0x40100000a3d9) (async) write$auto(r2, 0x0, 0x40100000a3d9) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000080)) (async) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000080)) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/power/autosuspend_delay_ms\x00', 0x20461, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000240)="a430570554ec9522bf6b0ee906203099a723b55628f6ffe0e9", 0x19) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES16=r1, @ANYRES32=0x0], 0x34}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) (async) sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES16=r1, @ANYRES32=0x0], 0x34}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x440980, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) (async) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$auto(0x0, 0x8000000000000001, 0x1db, 0xebe, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x1, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_max_cpu\x00', 0xa001, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_max_cpu\x00', 0xa001, 0x0) socket(0x2, 0x1, 0x106) landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) (async) landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ram12\x00', 0x14fa02, 0x0) io_uring_setup$auto(0x7, 0x0) 5.633573944s ago: executing program 0 (id=505): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x109, 0x4002, 0x6, 0x10, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29b, 0x100, 0x7f, 0x8001, 0x4000006, 0x2000}, {0x100, 0x1, 0x57, 0x4, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) madvise$auto(0x0, 0x200007, 0x8) r0 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x8, 0x4000003, 0x4, 0x5) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x400000, 0x0) ioctl$auto_OTPERASE(r1, 0x400c4d19, &(0x7f0000000040)={0x8e, 0x0, 0x5}) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) socket(0x26, 0x80805, 0xffffffff) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0x200204, 0x15) 5.353671673s ago: executing program 0 (id=507): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pipe2$auto(0x0, 0x80) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000000), 0x80101, 0x0) write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f00000000c0)='1t', 0x2) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x53) socket(0x10, 0x3, 0x6) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="a0010000", @ANYRES16=0x0, @ANYBLOB="000425bd7000"], 0x1a0}, 0x1, 0x0, 0x0, 0x24004000}, 0x40000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) process_vm_readv$auto(0x0, &(0x7f0000000080)={0x0, 0x100fff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000400), 0x40000000001243}, 0x6, 0x0) keyctl$auto(0x1d, 0xffffffffffffffff, 0x8, 0x5, 0x8) 1.705500955s ago: executing program 2 (id=521): pwrite64$auto(0xc8, &(0x7f00000011c0)='\vX\xb5n\x91\vI\x1eRN8\x99\x88\xca\xd9\xec\x1epJ\"ds\x1cJr\xde:\x00!\r>\x94\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18\x89\x15\x0e\x1b\x95\xaf\xee\xe69\x8d(<\xc7+\x83\xfcQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9\xb7\x9d\xb6r9\x02\x00\x00\x00\x00\x00\x00\xc3\xc3\xdbS\xdc\xfc\x19\xba\xab\xe4\x8b\xdeT3^\a\xb2\xf3}\t4\xa2^\xe4b?\xb2Q\x8d\x8c\x83\x8e\xfe\x8e\b\x93M\x9e3\xa5`hN\xe36\xc3\x99\xe7L\x12\xaar}\x90\x05>\xab\xc9\xb7^\xcc\r\xb9V\x10\xa5\x81\x96e\x80\'\xc6\x06', 0x10, 0x0) fsconfig$auto(0xffffffffffffffff, 0x80, 0x0, 0x0, 0x0) sendto$auto(0x3, 0x0, 0x4, 0x3, &(0x7f0000000440)=@tipc=@name={0x1e, 0x2, 0x1, {{0x2}, 0x3}}, 0x20) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x10000100200000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9) recvfrom$auto(r0, 0x0, 0x0, 0x6, 0x0, 0x0) setrlimit$auto(0xb, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) getxattrat$auto(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0, 0x10) mmap$auto(0x0, 0xa00006, 0x100, 0x80000000010, 0xffffffffffffffff, 0x300000000000) mmap$auto(0x2000000003, 0x400009, 0x8, 0x50, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x18}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r1 = io_uring_setup$auto(0xc, 0x0) mmap$auto(0x0, 0x400408, 0x10001, 0x411, r1, 0x8000) mprotect$auto(0x8000, 0x8, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) prctl$auto(0x1, 0x1, 0xffffffffffffffff, 0xff, 0x8000) acct$auto(&(0x7f0000000000)='/dev/bus/usb/036/001\x00') r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_CLAIMINTERFACE(r2, 0x8004550f, 0x0) 1.185899429s ago: executing program 3 (id=523): r0 = setfsgid$auto(0x0) setresgid$auto(r0, 0x0, r0) lstat$auto(0x0, &(0x7f0000000240)={0x4, 0xe7a0000, 0x8, 0x0, 0xee01, r0, 0x0, 0x20, 0x9, 0x1000, 0xffffffeffffffffd, 0xb7, 0xb, 0xffffffff7ffffffc, 0x9, 0x3000000000000000, 0x200000100103}) ioctl$auto_EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000040)={r1, 0x6, 0x1, 0x1, 0x9, 0x6}) setresgid$auto(0x81, r0, 0xee00) setgroups$auto(0xc00000000, 0xfffffffffffffffc) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) socket(0x2, 0x3, 0x100) poll$auto(0x0, 0x8, 0x1) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x84, 0x73, 0x0, &(0x7f0000000100)=0x99) 1.164720528s ago: executing program 0 (id=524): socket(0xa, 0x2, 0x0) (async) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x20000008000) socket(0x10, 0x2, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) (async) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) (async) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) ioctl$auto(0x3, 0x800005411, 0x38) 1.07633276s ago: executing program 3 (id=525): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x3}, 0x6, 0x3, 0x4, 0x2e) (async) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) (async) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) (async) mmap$auto(0x4, 0x202000a, 0x5, 0x14, 0xffffffffffffffff, 0x8000) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000540)={0xfff, &(0x7f0000000180)="f2e37aa851f172bd24308737938225756749a2cd058f981d81224e731c1514b4fd0290f2fb02"}) (async) sendfile$auto(r1, r0, &(0x7f0000000040)=0x6, 0x5) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dmmidi2\x00', 0x519402, 0x0) (async) write$auto(0xca, 0x0, 0x2d9) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) semctl$auto_SETVAL(0x2, 0x5, 0x10, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) setresuid$auto(0x2, 0x7, 0x0) setresuid$auto(0x0, 0x0, 0x0) (async) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x2000, 0x0) 873.139359ms ago: executing program 0 (id=526): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/xt_recent/parameters/ip_list_uid\x00', 0x10b142, 0x0) sendfile$auto(r0, r0, 0x0, 0x1000200) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xc0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_GET(r3, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001400)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fedbdf2512000000"], 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) write$auto(r3, &(0x7f0000000340)='/dev/snapshot\x00', 0x2) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5", 0x2f8) ioctl$auto_SNDCTL_SEQ_SYNC(r1, 0x5101, 0x0) r5 = socket(0x2, 0x80802, 0x0) r6 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) ioctl$auto_SNAPSHOT_PREF_IMAGE_SIZE(r6, 0x3312, 0x0) socket(0x2b, 0x1, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0xfffff98e, &(0x7f0000000340)={0x7fffffff, 0x8001, 0x2, 0x6, 0x9, 0x8, r5, [], {0x6, 0x8000006, 0x4000000f, 0x2df, 0x1, 0x10000, 0x501, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace\x00', 0x82000, 0x0) mprotect$auto(0x200000000000, 0x8000000000000000, 0xc) sched_setscheduler$auto(0x0, 0x5, 0x0) sendfile$auto(0xffffffffffffffff, 0x3, &(0x7f0000000040)=0x8081, 0xc3e0) read$auto(0xffffffffffffffff, 0x0, 0x20) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r7 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2}) 701.172242ms ago: executing program 3 (id=527): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r2 = waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000080)={@_si_pad}, 0x401, &(0x7f0000000100)={{0x0, 0xfffffffffffeffff}, {0x8, 0xffffffff80000001}, 0x80000000, 0x1, 0x9, 0x9, 0x7ff, 0x1, 0x200, 0x3, 0x6, 0xfffffffffffffeff, 0x8, 0x4, 0x8000000000000001, 0xc73}) r3 = waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000240)={@siginfo_0_0={0xfd33, 0x32, 0x5, @_sigsys={&(0x7f00000001c0)="5102ab62289e7926ebaadf5df4871736106da1ac392c39225cbb065cf5d6ee1870be083718685f79981bc4c759c0068e3e1a3ec5ce30bd0fc790d728ae6ca4183a37971100cda84bf793cb28b111c9d134f6344c0517f6edb7a2679816f29b665a670b0789aa804db24d7603df2f98db7b", 0x0, 0x1}}}, 0x0, &(0x7f00000002c0)={{0x10000, 0x10001}, {0x400, 0x80000001}, 0x5, 0x8000, 0x1, 0x200, 0x3, 0x100000001, 0x88b, 0x7, 0x4, 0x10001, 0x3, 0x5, 0x81, 0x8000}) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000380), 0x400001, 0x0) kcmp$auto_KCMP_EPOLL_TFD(r2, r3, 0x7, r0, 0x4) r4 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0xdd, 0x0, [{0x17b, 0x400, 0x8}]}) pwrite64$auto(0xc8, 0x0, 0x28, 0x100000000) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x10, 0x2, 0xc) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) close_range$auto(0x2, r0, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000080)={@_si_pad}, 0x401, &(0x7f0000000100)={{0x0, 0xfffffffffffeffff}, {0x8, 0xffffffff80000001}, 0x80000000, 0x1, 0x9, 0x9, 0x7ff, 0x1, 0x200, 0x3, 0x6, 0xfffffffffffffeff, 0x8, 0x4, 0x8000000000000001, 0xc73}) (async) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000240)={@siginfo_0_0={0xfd33, 0x32, 0x5, @_sigsys={&(0x7f00000001c0)="5102ab62289e7926ebaadf5df4871736106da1ac392c39225cbb065cf5d6ee1870be083718685f79981bc4c759c0068e3e1a3ec5ce30bd0fc790d728ae6ca4183a37971100cda84bf793cb28b111c9d134f6344c0517f6edb7a2679816f29b665a670b0789aa804db24d7603df2f98db7b", 0x0, 0x1}}}, 0x0, &(0x7f00000002c0)={{0x10000, 0x10001}, {0x400, 0x80000001}, 0x5, 0x8000, 0x1, 0x200, 0x3, 0x100000001, 0x88b, 0x7, 0x4, 0x10001, 0x3, 0x5, 0x81, 0x8000}) (async) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000380), 0x400001, 0x0) (async) kcmp$auto_KCMP_EPOLL_TFD(r2, r3, 0x7, r0, 0x4) (async) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae41, r4) (async) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0xdd, 0x0, [{0x17b, 0x400, 0x8}]}) (async) pwrite64$auto(0xc8, 0x0, 0x28, 0x100000000) (async) 630.817033ms ago: executing program 2 (id=528): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = epoll_create$auto(0x3e) flock$auto(r0, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYRESDEC, @ANYRES16=r2, @ANYRES8=r3, @ANYRES32=r4], 0x28}}, 0x40480d0) 495.312402ms ago: executing program 3 (id=529): mmap$auto(0x2, 0x0, 0xffffffffffffffff, 0x44eb1, 0x602, 0xf58d) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) (async) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, 0x38) (async) ioctl$auto(0x3, 0xae41, 0x38) ioctl$auto(0x3, 0x4020aea5, 0x38) 481.703707ms ago: executing program 2 (id=530): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x3) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x40000008000) socket(0x2a, 0x3, 0xb) bind$auto(0x3, &(0x7f0000000100), 0x6b) getcwd$auto(0x0, 0x0) bind$auto(0x3, 0x0, 0x6a) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) getcwd$auto(&(0x7f0000000000)='3\x00', 0x80) getsockopt$auto_SO_RCVPRIORITY(r0, 0xadfa, 0x52, &(0x7f0000000080)='.\'#\xd3/:-&^\xda{-\x00', &(0x7f00000000c0)=0x6) mmap$auto(0x729300a9, 0x8, 0x3, 0x12, 0xfffffffffffffffa, 0x1001) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/netdevsim0/promote_secondaries\x00', 0x40001, 0x0) write$auto(r1, &(0x7f0000000040)='\x00', 0x9) sysfs$auto(0x2, 0x12, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000180)=ANY=[@ANYBLOB="34000000cdaf60130c7362db420dcd2bb9cb3e8c490edf667a34b81c87811cd21cdafc3707c80c48943b9ce4b87bdf39b19b88cdd5c4e07c41a95b0dc3876b0bf75f96fe5abf2fac465685d0bb4371c63ee792e50bed7a9fd26422ee82f0cf638db00dd7d591c08bb8bdf22776709551cac2266e27172b79131f8841897d3d65a99515cebf7c676b6b5802606872c592475fe68cf9ab74d8df6f14e265d8a9b154a7db33ee299ec7aa3e061a727149000042596b61b69bb6a7215390e0318de15a59ebf22090fe38630bb756173f7ac2d00eefa3a8321ed277b5021b7be159e7969e3704fb493cdf2dd749fc94f57df22af4437e371a", @ANYRES16=r4, @ANYBLOB="010029bd7000ffdbdf25050000000800050001000000180001801400020073797a5f74756e000000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x11}, 0x24000802) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) adjtimex$auto(0x0) write$auto(r0, &(0x7f0000000340)='3\x00', 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x100842, 0x0) r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) r6 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x200300, 0x0) read$auto_snd_timer_f_ops_timer(r6, &(0x7f0000000100)=""/88, 0x58) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000000)={{0x0, 0x2, 0x200800, 0x2, 0xce}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r5, 0x5420, 0x0) 398.351031ms ago: executing program 0 (id=531): mmap$auto(0x1, 0x5, 0x4000000000df, 0x16, 0x200000401, 0x8004) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop10\x00', 0x61e502, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x208000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af03, 0x0) ioctl$auto_VHOST_NET_SET_BACKEND(r1, 0x4008af30, 0x0) mmap$auto(0x92fe, 0x9, 0xff8, 0x40000000000010, r0, 0x7ffd) madvise$auto(0x0, 0x400053, 0x9) r2 = getpid() mkdir$auto(&(0x7f0000000300)='}[,&*}\x00', 0x6) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = getpid() r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) sendmmsg$auto(r4, &(0x7f0000000140)={{0x0, 0x200084c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x4}, 0xffffffff, 0xc5c) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000180), 0x7112}, 0x8) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f00000001c0)="8c9700089d1b208365d5b5d112dbab029ed13881d2f2c7ba2eb01c3db79f77fdc2bb50c64a925009dff4cd1aca925c57100112d88f73348a54396800ed598a0e5500d7c0cbb6b1e91d", 0x40000000001243}, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xffffffffffffffff, 0x0) mount$auto(0x0, &(0x7f0000000280)='}[,&*}\x00', &(0x7f00000000c0)='nfsd\x00', 0xcf, 0x0) r5 = open(&(0x7f0000000180)='}[,&*}\x00', 0x68000, 0x19) tgkill$auto_SIGCONT(r2, r2, 0x12) capset$auto(&(0x7f0000000040)={0xea74, r2}, 0x0) openat$auto_state_fops_(0xffffffffffffff9c, 0x0, 0x1e9482, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statx$auto(r5, 0x0, 0x1200, 0x1, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0x40305828, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video20\x00', 0x80000, 0x0) 298.995425ms ago: executing program 2 (id=532): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) r0 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r0, 0x65, 0x1, 0x0, 0x800) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) close_range$auto(0x2, 0x8, 0x0) epoll_pwait$auto(r0, &(0x7f0000000000)={0x24d6c897, 0x1}, 0x906, 0x6, &(0x7f0000000080)={0x3}, 0x8) 253.107123ms ago: executing program 3 (id=533): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x2, 0x2) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/034/001\x00', 0x201, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x161401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) socket(0x2b, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x30d540, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x404c4701, 0x0) 156.33833ms ago: executing program 2 (id=534): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="f21e8858", @ANYBLOB="1e00df45"], 0x1ac}}, 0x4010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='\t\x00\x00\x00', @ANYBLOB="1e00df"], 0x1ac}, 0x1, 0x0, 0x0, 0x5}, 0x40000d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='f'], 0x1ac}}, 0x40000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_GET(r1, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001400)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002bbdff010000000800000000"], 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x202200, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD_GROUP(0xffffffffffffffff, 0x3, &(0x7f0000000100)={@_si_pad}, 0x2) ioctl$auto_SNDCTL_DSP_GETFMTS(r3, 0x8004500b, 0x0) 66.947249ms ago: executing program 0 (id=535): mmap$auto(0x4, 0x8004, 0x4000000000df, 0x100040eb5, 0x401, 0x300000000000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x28, 0x0, 0x400, 0x70bd26, 0x25dfdc01, {}, [@BATADV_ATTR_BLA_VID={0x6, 0x20, 0x40}, @BATADV_ATTR_NEIGH_ADDRESS={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0xc008054}, 0x24008000) (async, rerun: 32) socket(0x10, 0x2, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) madvise$auto(0x4000000000002, 0x4, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) mmap$auto(0x4, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) (async, rerun: 64) io_uring_setup$auto(0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/sg/def_reserved_size\x00', 0xc8000, 0x0) (async, rerun: 64) close_range$auto(0x2, 0xa, 0x0) (async, rerun: 64) socket(0xa, 0x1, 0x84) (async) socket(0x28, 0x5, 0x1000000) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x82202, 0x0) io_uring_setup$auto(0x1, 0x0) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) (async) arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x3) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) (async) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) (async) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x1400, 0x0, 0x80}, 0x20000084) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS2\x00', 0x101e81, 0x0) 64.616016ms ago: executing program 3 (id=536): r0 = socket(0x2c, 0x80003, 0x0) r1 = socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x29, 0x36, &(0x7f00000001c0)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setsockopt$auto(r0, 0x11b, 0x3, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) 0s ago: executing program 2 (id=537): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x6, 0x43, 0x8, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0xd7, 0x7, 0x8004, 0x5, 0x5, 0x7, 0x4, 0x61, 0x103}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/bonding/bond0\x00', 0x18b000, 0x0) pread64$auto(r2, &(0x7f0000000180)='/proc-NesH\x1fk\xdd\x00\x00\x00\x00\x88\x00\x00\x00\x00\x00:\x19\xf4\xe2\xb7:\x81\xf8\xedl\x9d\x9a\'\xf8D,\xc0x\x1d\xf5JE\xcd7\xc3^\xbc2\xc7\xbf\xe5\x7f\xb93 \xcd${!\x9a`\x96\x86\x96D|\xf0H\x8c\x05:\xae\xa6\x88x@\x82E\x92f\xe3h\x05\x0f9\x9e\v\t\x18\x8b\xec\xd7\xe8 1 [ 90.773570][ T5830] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.782303][ T5830] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.790749][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.796510][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.807064][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.807134][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.822310][ T5838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.831466][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.839271][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.843330][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.854493][ T5835] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.863307][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.871158][ T5830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.879031][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.884171][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.892670][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.895390][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.904154][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.909291][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.548834][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 91.572167][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 91.633607][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 91.738729][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 91.871401][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.878708][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.886530][ T5823] bridge_slave_0: entered allmulticast mode [ 91.894449][ T5823] bridge_slave_0: entered promiscuous mode [ 91.903252][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.910421][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.918091][ T5824] bridge_slave_0: entered allmulticast mode [ 91.925705][ T5824] bridge_slave_0: entered promiscuous mode [ 91.947964][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.955277][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.963485][ T5823] bridge_slave_1: entered allmulticast mode [ 91.970899][ T5823] bridge_slave_1: entered promiscuous mode [ 91.979229][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.987247][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.994863][ T5824] bridge_slave_1: entered allmulticast mode [ 92.002488][ T5824] bridge_slave_1: entered promiscuous mode [ 92.105420][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.112891][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.120070][ T5825] bridge_slave_0: entered allmulticast mode [ 92.127813][ T5825] bridge_slave_0: entered promiscuous mode [ 92.153482][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.165697][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.176980][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.184349][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.191931][ T5825] bridge_slave_1: entered allmulticast mode [ 92.199480][ T5825] bridge_slave_1: entered promiscuous mode [ 92.206853][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.214468][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.221838][ T5822] bridge_slave_0: entered allmulticast mode [ 92.229404][ T5822] bridge_slave_0: entered promiscuous mode [ 92.239462][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.251964][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.284653][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.292074][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.299244][ T5822] bridge_slave_1: entered allmulticast mode [ 92.307000][ T5822] bridge_slave_1: entered promiscuous mode [ 92.378448][ T5824] team0: Port device team_slave_0 added [ 92.387198][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.411441][ T5823] team0: Port device team_slave_0 added [ 92.419354][ T5824] team0: Port device team_slave_1 added [ 92.427638][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.451304][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.467754][ T5823] team0: Port device team_slave_1 added [ 92.500403][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.537158][ T5825] team0: Port device team_slave_0 added [ 92.545828][ T5825] team0: Port device team_slave_1 added [ 92.576983][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.584491][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.611061][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.648683][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.655995][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.682549][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.696564][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.703939][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.730197][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.742479][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.749448][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.775455][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.800790][ T5822] team0: Port device team_slave_0 added [ 92.809788][ T5822] team0: Port device team_slave_1 added [ 92.848115][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.855316][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.881572][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.928829][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.936305][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.962362][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.003740][ T5823] hsr_slave_0: entered promiscuous mode [ 93.010451][ T5823] hsr_slave_1: entered promiscuous mode [ 93.016962][ T51] Bluetooth: hci1: command tx timeout [ 93.017762][ T51] Bluetooth: hci0: command tx timeout [ 93.022578][ T5146] Bluetooth: hci3: command tx timeout [ 93.029446][ T51] Bluetooth: hci2: command tx timeout [ 93.063347][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.070358][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.096722][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.114435][ T5824] hsr_slave_0: entered promiscuous mode [ 93.121090][ T5824] hsr_slave_1: entered promiscuous mode [ 93.127630][ T5824] debugfs: 'hsr0' already exists in 'hsr' [ 93.133509][ T5824] Cannot create hsr debugfs directory [ 93.163269][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.170254][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.196757][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.296359][ T5825] hsr_slave_0: entered promiscuous mode [ 93.303799][ T5825] hsr_slave_1: entered promiscuous mode [ 93.310124][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 93.316086][ T5825] Cannot create hsr debugfs directory [ 93.426747][ T5822] hsr_slave_0: entered promiscuous mode [ 93.433553][ T5822] hsr_slave_1: entered promiscuous mode [ 93.439793][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 93.445803][ T5822] Cannot create hsr debugfs directory [ 93.802595][ T5823] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.825147][ T5823] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.836460][ T5823] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.849360][ T5823] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.948147][ T5824] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.965534][ T5824] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.976629][ T5824] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.004381][ T5824] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.118876][ T5825] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.129879][ T5825] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.154928][ T5825] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.169830][ T5825] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.237600][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.300886][ T5822] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.312454][ T5822] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.324091][ T5822] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.336636][ T5822] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.360357][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.409360][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.416671][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.447434][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.454612][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.496711][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.557248][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.595944][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.603272][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.628983][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.657547][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.664785][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.744925][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.795546][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.802792][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.836831][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.844197][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.907302][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.979147][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.019553][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.026856][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.077272][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.084599][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.093379][ T51] Bluetooth: hci3: command tx timeout [ 95.098838][ T51] Bluetooth: hci0: command tx timeout [ 95.107138][ T5146] Bluetooth: hci1: command tx timeout [ 95.112926][ T51] Bluetooth: hci2: command tx timeout [ 95.227979][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.405435][ T5823] veth0_vlan: entered promiscuous mode [ 95.444855][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.456550][ T5823] veth1_vlan: entered promiscuous mode [ 95.527588][ T5823] veth0_macvtap: entered promiscuous mode [ 95.555772][ T5823] veth1_macvtap: entered promiscuous mode [ 95.590805][ T5824] veth0_vlan: entered promiscuous mode [ 95.622411][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.636221][ T5824] veth1_vlan: entered promiscuous mode [ 95.656658][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.683475][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.704961][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.739839][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.757702][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.794727][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.868577][ T5824] veth0_macvtap: entered promiscuous mode [ 95.907500][ T5824] veth1_macvtap: entered promiscuous mode [ 95.938508][ T429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.948271][ T429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.958671][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.015331][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.030946][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.038309][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.083165][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.103984][ T5825] veth0_vlan: entered promiscuous mode [ 96.149175][ T5823] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.154348][ T1023] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.178369][ T1023] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.188090][ T1023] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.217440][ T5822] veth0_vlan: entered promiscuous mode [ 96.227802][ T1023] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.239543][ T5825] veth1_vlan: entered promiscuous mode [ 96.308427][ T5822] veth1_vlan: entered promiscuous mode [ 96.449402][ T5825] veth0_macvtap: entered promiscuous mode [ 96.453113][ T1023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.481664][ T1023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.514366][ T5825] veth1_macvtap: entered promiscuous mode [ 96.573784][ T5822] veth0_macvtap: entered promiscuous mode [ 96.583909][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.592798][ T5822] veth1_macvtap: entered promiscuous mode [ 96.606409][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.620991][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.647065][ T29] audit: type=1800 audit(1775742256.393:2): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3" name="dbroot" dev="configfs" ino=8220 res=0 errno=0 [ 96.676652][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.727526][ T1153] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.745599][ T1153] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.790470][ T1153] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.799880][ T1153] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.819769][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.859768][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.941162][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.960686][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.030762][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.052433][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.172296][ T5146] Bluetooth: hci0: command tx timeout [ 97.177841][ T51] Bluetooth: hci1: command tx timeout [ 97.187900][ T5146] Bluetooth: hci2: command tx timeout [ 97.193182][ T5828] Bluetooth: hci3: command tx timeout [ 97.270552][ T5923] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 97.287566][ T10] cfg80211: failed to load regulatory.db [ 97.320317][ T5923] vhci_hcd vhci_hcd.2: invalid port number 111 [ 97.361727][ T5923] vhci_hcd vhci_hcd.2: invalid port number 111 [ 97.377974][ T5923] mmap: syz.3.4 (5923) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 97.561258][ T429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.570270][ T429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.768838][ T429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.768863][ T429] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.914928][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.981940][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.088856][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.123451][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.514566][ T5944] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 99.253200][ T5828] Bluetooth: hci3: command tx timeout [ 99.254390][ T51] Bluetooth: hci1: command tx timeout [ 99.258712][ T5828] Bluetooth: hci2: command tx timeout [ 99.264554][ T5146] Bluetooth: hci0: command tx timeout [ 99.281904][ T5955] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.521100][ T5961] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 99.540167][ T5961] FAULT_INJECTION: forcing a failure. [ 99.540167][ T5961] name failslab, interval 1, probability 0, space 0, times 1 [ 99.556206][ T5961] CPU: 0 UID: 0 PID: 5961 Comm: syz.1.11 Not tainted syzkaller #0 PREEMPT(full) [ 99.556251][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 99.556279][ T5961] Call Trace: [ 99.556290][ T5961] [ 99.556307][ T5961] dump_stack_lvl+0x100/0x190 [ 99.556374][ T5961] should_fail_ex.cold+0x5/0xa [ 99.556418][ T5961] should_failslab+0xc2/0x120 [ 99.556457][ T5961] __kmalloc_cache_noprof+0x7a/0x6f0 [ 99.556499][ T5961] ? create_filter_start.constprop.0+0x1c4/0x310 [ 99.556552][ T5961] ? __asan_memcpy+0x3c/0x60 [ 99.556605][ T5961] create_filter_start.constprop.0+0x1c4/0x310 [ 99.556670][ T5961] create_filter+0xb5/0x210 [ 99.556738][ T5961] ? __pfx_create_filter+0x10/0x10 [ 99.556799][ T5961] ? find_held_lock+0x2b/0x80 [ 99.556839][ T5961] apply_event_filter+0x220/0x500 [ 99.556898][ T5961] ? __pfx_apply_event_filter+0x10/0x10 [ 99.556967][ T5961] event_filter_write+0x16d/0x290 [ 99.557012][ T5961] vfs_write+0x2aa/0x1070 [ 99.557046][ T5961] ? __pfx_event_filter_write+0x10/0x10 [ 99.557090][ T5961] ? __pfx_vfs_write+0x10/0x10 [ 99.557124][ T5961] ? __fget_files+0x215/0x3d0 [ 99.557172][ T5961] ? __fget_files+0x21f/0x3d0 [ 99.557219][ T5961] ksys_write+0x12a/0x250 [ 99.557252][ T5961] ? __pfx_ksys_write+0x10/0x10 [ 99.557299][ T5961] do_syscall_64+0x106/0xf80 [ 99.557334][ T5961] ? clear_bhb_loop+0x40/0x90 [ 99.557377][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.557411][ T5961] RIP: 0033:0x7fa62db9c819 [ 99.557447][ T5961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.557485][ T5961] RSP: 002b:00007fa62e9fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 99.557522][ T5961] RAX: ffffffffffffffda RBX: 00007fa62de15fa0 RCX: 00007fa62db9c819 [ 99.557544][ T5961] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 99.557563][ T5961] RBP: 00007fa62dc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 99.557583][ T5961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.557602][ T5961] R13: 00007fa62de16038 R14: 00007fa62de15fa0 R15: 00007ffdebc80518 [ 99.557647][ T5961] [ 99.953773][ T5963] GUP no longer grows the stack in syz.0.12 (5963): 1000-401000 (0) [ 99.963315][ T5963] CPU: 0 UID: 0 PID: 5963 Comm: syz.0.12 Not tainted syzkaller #0 PREEMPT(full) [ 99.963361][ T5963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 99.963382][ T5963] Call Trace: [ 99.963393][ T5963] [ 99.963405][ T5963] dump_stack_lvl+0x100/0x190 [ 99.963465][ T5963] gup_vma_lookup.cold+0x83/0x96 [ 99.963516][ T5963] fixup_user_fault+0x253/0x510 [ 99.963560][ T5963] fault_in_user_writeable+0x70/0xe0 [ 99.963605][ T5963] futex_wake_op+0xba0/0xdc0 [ 99.963669][ T5963] ? __pfx_futex_wake_op+0x10/0x10 [ 99.963732][ T5963] ? __pfx_futex_wait+0x10/0x10 [ 99.963809][ T5963] do_futex+0x2f1/0x350 [ 99.963858][ T5963] ? __pfx_do_futex+0x10/0x10 [ 99.963909][ T5963] ? fput+0x79/0x100 [ 99.963954][ T5963] __x64_sys_futex+0x34f/0x4d0 [ 99.964002][ T5963] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 99.964041][ T5963] ? __pfx___x64_sys_futex+0x10/0x10 [ 99.964105][ T5963] do_syscall_64+0x106/0xf80 [ 99.964140][ T5963] ? clear_bhb_loop+0x40/0x90 [ 99.964181][ T5963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.964216][ T5963] RIP: 0033:0x7ff3ea39c819 [ 99.964244][ T5963] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.964274][ T5963] RSP: 002b:00007ff3eb279028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 99.964306][ T5963] RAX: ffffffffffffffda RBX: 00007ff3ea615fa0 RCX: 00007ff3ea39c819 [ 99.964327][ T5963] RDX: 0000000000000002 RSI: 0000000000000085 RDI: 0000000000000000 [ 99.964346][ T5963] RBP: 00007ff3ea432c91 R08: 0000000000000000 R09: 0000000000000001 [ 99.964365][ T5963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.964384][ T5963] R13: 00007ff3ea616038 R14: 00007ff3ea615fa0 R15: 00007ffd59518df8 [ 99.964427][ T5963] [ 101.208916][ T10] Process accounting resumed [ 101.232905][ T5975] process 'syz.1.15' launched '/dev/fd/3' with NULL argv: empty string added [ 101.289971][ T5975] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.651141][ T5978] FAULT_INJECTION: forcing a failure. [ 101.651141][ T5978] name failslab, interval 1, probability 0, space 0, times 0 [ 101.708304][ T5981] Zero length message leads to an empty skb [ 101.742222][ T5978] CPU: 1 UID: 0 PID: 5978 Comm: syz.1.16 Not tainted syzkaller #0 PREEMPT(full) [ 101.742252][ T5978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 101.742266][ T5978] Call Trace: [ 101.742274][ T5978] [ 101.742283][ T5978] dump_stack_lvl+0x100/0x190 [ 101.742325][ T5978] should_fail_ex.cold+0x5/0xa [ 101.742354][ T5978] should_failslab+0xc2/0x120 [ 101.742382][ T5978] __kmalloc_node_noprof+0xe6/0x850 [ 101.742420][ T5978] ? alloc_slab_obj_exts+0xae/0x260 [ 101.742460][ T5978] alloc_slab_obj_exts+0xae/0x260 [ 101.742496][ T5978] __memcg_slab_post_alloc_hook+0x246/0x990 [ 101.742532][ T5978] ? kasan_save_track+0x14/0x30 [ 101.742558][ T5978] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 101.742597][ T5978] ? alloc_inode+0x183/0x250 [ 101.742648][ T5978] alloc_inode+0x183/0x250 [ 101.742682][ T5978] alloc_anon_inode+0x2a/0x3e0 [ 101.742711][ T5978] anon_inode_make_secure_inode+0x2f/0x140 [ 101.742745][ T5978] __anon_inode_getfile+0x1cf/0x280 [ 101.742774][ T5978] ? _copy_to_user+0xaf/0xd0 [ 101.742807][ T5978] io_uring_setup.cold+0x1a41/0x1d79 [ 101.742849][ T5978] ? __pfx_io_uring_setup+0x10/0x10 [ 101.742891][ T5978] ? __pfx_do_futex+0x10/0x10 [ 101.742936][ T5978] ? __x64_sys_close_range+0x30f/0x5d0 [ 101.742964][ T5978] ? __pfx___x64_sys_futex+0x10/0x10 [ 101.742998][ T5978] ? __pfx___x64_sys_close_range+0x10/0x10 [ 101.743032][ T5978] __x64_sys_io_uring_setup+0xc2/0x170 [ 101.743082][ T5978] do_syscall_64+0x106/0xf80 [ 101.743107][ T5978] ? clear_bhb_loop+0x40/0x90 [ 101.743137][ T5978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.743162][ T5978] RIP: 0033:0x7fa62db9c819 [ 101.743182][ T5978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 101.743204][ T5978] RSP: 002b:00007fa62e9fd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 101.743226][ T5978] RAX: ffffffffffffffda RBX: 00007fa62de15fa0 RCX: 00007fa62db9c819 [ 101.743241][ T5978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000084 [ 101.743255][ T5978] RBP: 00007fa62dc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 101.743269][ T5978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.743282][ T5978] R13: 00007fa62de16038 R14: 00007fa62de15fa0 R15: 00007ffdebc80518 [ 101.743313][ T5978] [ 102.409252][ T5986] random: crng reseeded on system resumption [ 102.572285][ T5986] hub 1-0:1.0: USB hub found [ 102.583752][ T5986] hub 1-0:1.0: 1 port detected [ 105.102612][ T6031] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. /[ 107.544730][ T6058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.33'. [ 108.099103][ T6064] __vm_enough_memory: pid: 6064, comm: syz.2.34, bytes: 4398046457856 not enough memory for the allocation [ 108.775630][ T5828] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 111.300831][ T6094] futex_wake_op: syz.3.40 tries to shift op by -2048; fix this program [ 111.356916][ T6094] 0x000000000001-0x000000020000 : "" [ 111.414608][ T6094] ftl_cs: FTL header corrupt! [ 112.673292][ T6100] netlink: 28 bytes leftover after parsing attributes in process `syz.3.42'. [ 113.472160][ T6116] netlink: 28 bytes leftover after parsing attributes in process `syz.1.44'. [ 114.480419][ T6137] FAULT_INJECTION: forcing a failure. [ 114.480419][ T6137] name failslab, interval 1, probability 0, space 0, times 0 [ 114.496205][ T6137] CPU: 0 UID: 0 PID: 6137 Comm: syz.0.50 Tainted: G L syzkaller #0 PREEMPT(full) [ 114.496258][ T6137] Tainted: [L]=SOFTLOCKUP [ 114.496269][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 114.496288][ T6137] Call Trace: [ 114.496299][ T6137] [ 114.496311][ T6137] dump_stack_lvl+0x100/0x190 [ 114.496371][ T6137] should_fail_ex.cold+0x5/0xa [ 114.496413][ T6137] should_failslab+0xc2/0x120 [ 114.496451][ T6137] __kmalloc_cache_noprof+0x7a/0x6f0 [ 114.496499][ T6137] ? create_filter_start.constprop.0+0x1c4/0x310 [ 114.496557][ T6137] ? __asan_memcpy+0x3c/0x60 [ 114.496614][ T6137] create_filter_start.constprop.0+0x1c4/0x310 [ 114.496688][ T6137] create_filter+0xb5/0x210 [ 114.496743][ T6137] ? __pfx_create_filter+0x10/0x10 [ 114.496798][ T6137] ? find_held_lock+0x2b/0x80 [ 114.496837][ T6137] apply_event_filter+0x220/0x500 [ 114.496893][ T6137] ? __pfx_apply_event_filter+0x10/0x10 [ 114.496960][ T6137] event_filter_write+0x16d/0x290 [ 114.497005][ T6137] vfs_write+0x2aa/0x1070 [ 114.497039][ T6137] ? __pfx_event_filter_write+0x10/0x10 [ 114.497086][ T6137] ? __pfx_vfs_write+0x10/0x10 [ 114.497118][ T6137] ? __fget_files+0x215/0x3d0 [ 114.497169][ T6137] ? __fget_files+0x21f/0x3d0 [ 114.497215][ T6137] ksys_write+0x12a/0x250 [ 114.497250][ T6137] ? __pfx_ksys_write+0x10/0x10 [ 114.497298][ T6137] do_syscall_64+0x106/0xf80 [ 114.497333][ T6137] ? clear_bhb_loop+0x40/0x90 [ 114.497373][ T6137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.497405][ T6137] RIP: 0033:0x7ff3ea39c819 [ 114.497443][ T6137] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 114.497474][ T6137] RSP: 002b:00007ff3eb279028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 114.497506][ T6137] RAX: ffffffffffffffda RBX: 00007ff3ea615fa0 RCX: 00007ff3ea39c819 [ 114.497527][ T6137] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 114.497545][ T6137] RBP: 00007ff3ea432c91 R08: 0000000000000000 R09: 0000000000000000 [ 114.497565][ T6137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.497592][ T6137] R13: 00007ff3ea616038 R14: 00007ff3ea615fa0 R15: 00007ffd59518df8 [ 114.497635][ T6137] [ 115.107215][ T6146] futex_wake_op: syz.0.51 tries to shift op by -2048; fix this program [ 115.120780][ T6146] 0x000000000001-0x000000020000 : "" [ 115.129256][ T6146] ftl_cs: FTL header corrupt! [ 116.404468][ T6173] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 117.002556][ T6180] netlink: 28 bytes leftover after parsing attributes in process `syz.0.59'. [ 117.378995][ T6186] zswap: compressor not available [ 118.953026][ T6231] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff81b1213a (__mcheck_cpu_init_prepare_banks+0x18a/0x380) [ 118.968851][ T6231] Call Trace: [ 118.972207][ T6231] [ 118.975193][ T6231] ? __pfx___mcheck_cpu_init_prepare_banks+0x10/0x10 [ 118.982021][ T6231] ? __pfx_call_function_single_prep_ipi+0x10/0x10 [ 118.988621][ T6231] mce_cpu_restart+0xd5/0x1f0 [ 118.993382][ T6231] ? __pfx_mce_cpu_restart+0x10/0x10 [ 118.998755][ T6231] smp_call_function_many_cond+0x11fc/0x1500 [ 119.004816][ T6231] ? __pfx_mce_cpu_restart+0x10/0x10 [ 119.010205][ T6231] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 119.016112][ T6231] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 119.022527][ T6231] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 119.028629][ T6231] ? __timer_delete_sync+0x151/0x1c0 [ 119.034094][ T6231] ? __pfx_mce_cpu_restart+0x10/0x10 [ 119.039482][ T6231] on_each_cpu_cond_mask+0x40/0x90 [ 119.044682][ T6231] set_bank+0x240/0x3a0 [ 119.048936][ T6231] ? __pfx_set_bank+0x10/0x10 [ 119.053700][ T6231] ? find_held_lock+0x2b/0x80 [ 119.058435][ T6231] ? sysfs_file_kobj+0xe4/0x290 [ 119.063371][ T6231] ? sysfs_file_kobj+0xe4/0x290 [ 119.068309][ T6231] ? __pfx_set_bank+0x10/0x10 [ 119.073063][ T6231] dev_attr_store+0x58/0x80 [ 119.077638][ T6231] ? __pfx_dev_attr_store+0x10/0x10 [ 119.082888][ T6231] sysfs_kf_write+0xf2/0x150 [ 119.087547][ T6231] kernfs_fop_write_iter+0x3e0/0x5f0 [ 119.092887][ T6231] ? __pfx_sysfs_kf_write+0x10/0x10 [ 119.098158][ T6231] vfs_write+0x6ac/0x1070 [ 119.102535][ T6231] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 119.108397][ T6231] ? __pfx_vfs_write+0x10/0x10 [ 119.113283][ T6231] ksys_write+0x12a/0x250 [ 119.117661][ T6231] ? __pfx_ksys_write+0x10/0x10 [ 119.122564][ T6231] do_syscall_64+0x106/0xf80 [ 119.127201][ T6231] ? clear_bhb_loop+0x40/0x90 [ 119.131956][ T6231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.137897][ T6231] RIP: 0033:0x7ff3ea39c819 [ 119.142363][ T6231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 119.162023][ T6231] RSP: 002b:00007ff3eb279028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 119.170487][ T6231] RAX: ffffffffffffffda RBX: 00007ff3ea615fa0 RCX: 00007ff3ea39c819 [ 119.178703][ T6231] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000003 [ 119.186741][ T6231] RBP: 00007ff3ea432c91 R08: 0000000000000000 R09: 0000000000000000 [ 119.194845][ T6231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.202857][ T6231] R13: 00007ff3ea616038 R14: 00007ff3ea615fa0 R15: 00007ffd59518df8 [ 119.211102][ T6231] syzkaller syzkaller login: [ 121.408483][ T6267] netlink: 334 bytes leftover after parsing attributes in process `syz.0.75'. [ 122.822761][ T6294] random: crng reseeded on system resumption [ 122.889548][ T6292] FAULT_INJECTION: forcing a failure. [ 122.889548][ T6292] name failslab, interval 1, probability 0, space 0, times 0 [ 122.987421][ T6292] CPU: 1 UID: 0 PID: 6292 Comm: syz.2.83 Tainted: G L syzkaller #0 PREEMPT(full) [ 122.987487][ T6292] Tainted: [L]=SOFTLOCKUP [ 122.987500][ T6292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 122.987520][ T6292] Call Trace: [ 122.987531][ T6292] [ 122.987543][ T6292] dump_stack_lvl+0x100/0x190 [ 122.987605][ T6292] should_fail_ex.cold+0x5/0xa [ 122.987647][ T6292] should_failslab+0xc2/0x120 [ 122.987685][ T6292] __kmalloc_cache_noprof+0x7a/0x6f0 [ 122.987732][ T6292] ? create_filter_start.constprop.0+0x81/0x310 [ 122.987789][ T6292] ? rcu_is_watching+0x12/0xc0 [ 122.987849][ T6292] create_filter_start.constprop.0+0x81/0x310 [ 122.987916][ T6292] create_filter+0xb5/0x210 [ 122.987972][ T6292] ? __pfx_create_filter+0x10/0x10 [ 122.988038][ T6292] ? find_held_lock+0x2b/0x80 [ 122.988077][ T6292] apply_event_filter+0x220/0x500 [ 122.988135][ T6292] ? __pfx_apply_event_filter+0x10/0x10 [ 122.988205][ T6292] event_filter_write+0x16d/0x290 [ 122.988256][ T6292] vfs_write+0x2aa/0x1070 [ 122.988291][ T6292] ? __pfx_event_filter_write+0x10/0x10 [ 122.988337][ T6292] ? __pfx_vfs_write+0x10/0x10 [ 122.988369][ T6292] ? __fget_files+0x215/0x3d0 [ 122.988413][ T6292] ? __fget_files+0x21f/0x3d0 [ 122.988462][ T6292] ksys_write+0x12a/0x250 [ 122.988496][ T6292] ? __pfx_ksys_write+0x10/0x10 [ 122.988544][ T6292] do_syscall_64+0x106/0xf80 [ 122.988578][ T6292] ? clear_bhb_loop+0x40/0x90 [ 122.988638][ T6292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.988673][ T6292] RIP: 0033:0x7fe7a979c819 [ 122.988702][ T6292] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.988734][ T6292] RSP: 002b:00007fe7aa5ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.988765][ T6292] RAX: ffffffffffffffda RBX: 00007fe7a9a15fa0 RCX: 00007fe7a979c819 [ 122.988787][ T6292] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 122.988806][ T6292] RBP: 00007fe7a9832c91 R08: 0000000000000000 R09: 0000000000000000 [ 122.988825][ T6292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.988845][ T6292] R13: 00007fe7a9a16038 R14: 00007fe7a9a15fa0 R15: 00007fff8798a778 [ 122.988889][ T6292] [ 125.923687][ T6329] netlink: 314 bytes leftover after parsing attributes in process `syz.1.100'. [ 126.203613][ T6332] FAULT_INJECTION: forcing a failure. [ 126.203613][ T6332] name failslab, interval 1, probability 0, space 0, times 0 [ 126.247000][ T6332] CPU: 1 UID: 0 PID: 6332 Comm: syz.1.93 Tainted: G L syzkaller #0 PREEMPT(full) [ 126.247055][ T6332] Tainted: [L]=SOFTLOCKUP [ 126.247067][ T6332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 126.247087][ T6332] Call Trace: [ 126.247097][ T6332] [ 126.247109][ T6332] dump_stack_lvl+0x100/0x190 [ 126.247169][ T6332] should_fail_ex.cold+0x5/0xa [ 126.247209][ T6332] ? process_preds+0x452/0x1d90 [ 126.247260][ T6332] should_failslab+0xc2/0x120 [ 126.247297][ T6332] __kmalloc_noprof+0xe0/0x850 [ 126.247360][ T6332] process_preds+0x452/0x1d90 [ 126.247422][ T6332] ? create_filter_start.constprop.0+0x134/0x310 [ 126.247483][ T6332] create_filter+0x140/0x210 [ 126.247546][ T6332] ? __pfx_create_filter+0x10/0x10 [ 126.247604][ T6332] ? find_held_lock+0x2b/0x80 [ 126.247644][ T6332] apply_event_filter+0x220/0x500 [ 126.247701][ T6332] ? __pfx_apply_event_filter+0x10/0x10 [ 126.247772][ T6332] event_filter_write+0x16d/0x290 [ 126.247816][ T6332] vfs_write+0x2aa/0x1070 [ 126.247850][ T6332] ? __pfx_event_filter_write+0x10/0x10 [ 126.247897][ T6332] ? __pfx_vfs_write+0x10/0x10 [ 126.247929][ T6332] ? __fget_files+0x215/0x3d0 [ 126.247972][ T6332] ? __fget_files+0x21f/0x3d0 [ 126.248019][ T6332] ksys_write+0x12a/0x250 [ 126.248052][ T6332] ? __pfx_ksys_write+0x10/0x10 [ 126.248098][ T6332] do_syscall_64+0x106/0xf80 [ 126.248133][ T6332] ? clear_bhb_loop+0x40/0x90 [ 126.248174][ T6332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.248208][ T6332] RIP: 0033:0x7fa62db9c819 [ 126.248236][ T6332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.248268][ T6332] RSP: 002b:00007fa62e9fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 126.248299][ T6332] RAX: ffffffffffffffda RBX: 00007fa62de15fa0 RCX: 00007fa62db9c819 [ 126.248320][ T6332] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 126.248339][ T6332] RBP: 00007fa62dc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 126.248373][ T6332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.248393][ T6332] R13: 00007fa62de16038 R14: 00007fa62de15fa0 R15: 00007ffdebc80518 [ 126.248438][ T6332] syzkaller syzkaller login: [ 129.373202][ T6386] FAULT_INJECTION: forcing a failure. [ 129.373202][ T6386] name failslab, interval 1, probability 0, space 0, times 0 [ 129.386022][ T6386] CPU: 0 UID: 0 PID: 6386 Comm: syz.0.105 Tainted: G L syzkaller #0 PREEMPT(full) [ 129.386075][ T6386] Tainted: [L]=SOFTLOCKUP [ 129.386087][ T6386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 129.386106][ T6386] Call Trace: [ 129.386117][ T6386] [ 129.386129][ T6386] dump_stack_lvl+0x100/0x190 [ 129.386188][ T6386] should_fail_ex.cold+0x5/0xa [ 129.386229][ T6386] ? process_preds+0x452/0x1d90 [ 129.386280][ T6386] should_failslab+0xc2/0x120 [ 129.386318][ T6386] __kmalloc_noprof+0xe0/0x850 [ 129.386388][ T6386] process_preds+0x452/0x1d90 [ 129.386451][ T6386] ? create_filter_start.constprop.0+0x134/0x310 [ 129.386514][ T6386] create_filter+0x140/0x210 [ 129.386570][ T6386] ? __pfx_create_filter+0x10/0x10 [ 129.386629][ T6386] ? find_held_lock+0x2b/0x80 [ 129.386668][ T6386] apply_event_filter+0x220/0x500 [ 129.386725][ T6386] ? __pfx_apply_event_filter+0x10/0x10 [ 129.386792][ T6386] event_filter_write+0x16d/0x290 [ 129.386836][ T6386] vfs_write+0x2aa/0x1070 [ 129.386870][ T6386] ? __pfx_event_filter_write+0x10/0x10 [ 129.386916][ T6386] ? __pfx_vfs_write+0x10/0x10 [ 129.386949][ T6386] ? __fget_files+0x215/0x3d0 [ 129.386992][ T6386] ? __fget_files+0x21f/0x3d0 [ 129.387038][ T6386] ksys_write+0x12a/0x250 [ 129.387071][ T6386] ? __pfx_ksys_write+0x10/0x10 [ 129.387117][ T6386] do_syscall_64+0x106/0xf80 [ 129.387158][ T6386] ? clear_bhb_loop+0x40/0x90 [ 129.387200][ T6386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.387235][ T6386] RIP: 0033:0x7ff3ea39c819 [ 129.387263][ T6386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.387295][ T6386] RSP: 002b:00007ff3eb279028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 129.387327][ T6386] RAX: ffffffffffffffda RBX: 00007ff3ea615fa0 RCX: 00007ff3ea39c819 [ 129.387347][ T6386] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 129.387373][ T6386] RBP: 00007ff3ea432c91 R08: 0000000000000000 R09: 0000000000000000 [ 129.387393][ T6386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.387412][ T6386] R13: 00007ff3ea616038 R14: 00007ff3ea615fa0 R15: 00007ffd59518df8 [ 129.387457][ T6386] [ 130.518318][ T6404] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 132.266202][ T6434] FAULT_INJECTION: forcing a failure. [ 132.266202][ T6434] name failslab, interval 1, probability 0, space 0, times 0 [ 132.279339][ T6434] CPU: 1 UID: 0 PID: 6434 Comm: syz.0.115 Tainted: G L syzkaller #0 PREEMPT(full) [ 132.279376][ T6434] Tainted: [L]=SOFTLOCKUP [ 132.279384][ T6434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 132.279398][ T6434] Call Trace: [ 132.279406][ T6434] [ 132.279415][ T6434] dump_stack_lvl+0x100/0x190 [ 132.279458][ T6434] should_fail_ex.cold+0x5/0xa [ 132.279487][ T6434] should_failslab+0xc2/0x120 [ 132.279515][ T6434] __kmalloc_cache_noprof+0x7a/0x6f0 [ 132.279548][ T6434] ? create_filter_start.constprop.0+0x81/0x310 [ 132.279590][ T6434] ? rcu_is_watching+0x12/0xc0 [ 132.279632][ T6434] create_filter_start.constprop.0+0x81/0x310 [ 132.279676][ T6434] create_filter+0xb5/0x210 [ 132.279716][ T6434] ? __pfx_create_filter+0x10/0x10 [ 132.279757][ T6434] ? find_held_lock+0x2b/0x80 [ 132.279784][ T6434] apply_event_filter+0x220/0x500 [ 132.279825][ T6434] ? __pfx_apply_event_filter+0x10/0x10 [ 132.279874][ T6434] event_filter_write+0x16d/0x290 [ 132.279906][ T6434] vfs_write+0x2aa/0x1070 [ 132.279931][ T6434] ? __pfx_event_filter_write+0x10/0x10 [ 132.279963][ T6434] ? __pfx_vfs_write+0x10/0x10 [ 132.279986][ T6434] ? __fget_files+0x215/0x3d0 [ 132.280017][ T6434] ? __fget_files+0x21f/0x3d0 [ 132.280049][ T6434] ksys_write+0x12a/0x250 [ 132.280073][ T6434] ? __pfx_ksys_write+0x10/0x10 [ 132.280107][ T6434] do_syscall_64+0x106/0xf80 [ 132.280133][ T6434] ? clear_bhb_loop+0x40/0x90 [ 132.280162][ T6434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.280187][ T6434] RIP: 0033:0x7ff3ea39c819 [ 132.280206][ T6434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 132.280229][ T6434] RSP: 002b:00007ff3eb279028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 132.280251][ T6434] RAX: ffffffffffffffda RBX: 00007ff3ea615fa0 RCX: 00007ff3ea39c819 [ 132.280266][ T6434] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 132.280280][ T6434] RBP: 00007ff3ea432c91 R08: 0000000000000000 R09: 0000000000000000 [ 132.280295][ T6434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.280308][ T6434] R13: 00007ff3ea616038 R14: 00007ff3ea615fa0 R15: 00007ffd59518df8 [ 132.280347][ T6434] [ 133.097040][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.111583][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.622525][ T6461] misc userio: Invalid payload size [ 134.702223][ T6471] block2mtd: illegal erase size [ 139.168023][ T6563] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 139.206315][ T6564] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 140.488903][ T6549] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 141.158544][ T6601] can: request_module (can-proto-5) failed. [ 141.951666][ T6621] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 141.962109][ T6621] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 142.109572][ T6621] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 142.176158][ T6621] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 142.201592][ T6621] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 142.298421][ T6621] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 142.437452][ T6621] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 142.467020][ T6621] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 142.538800][ T6621] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 142.613082][ T6621] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 142.621680][ T6621] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 142.753640][ T6621] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 143.153750][ T6643] netlink: 4 bytes leftover after parsing attributes in process `syz.0.158'. [ 143.164947][ T6643] netlink: 13 bytes leftover after parsing attributes in process `syz.0.158'. [ 143.902854][ T6659] netlink: 28 bytes leftover after parsing attributes in process `syz.0.163'. [ 143.985795][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 144.224588][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 144.451963][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 144.691592][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 145.397148][ T6690] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xeffffd12 [ 146.051710][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 146.291840][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 146.536486][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 146.771567][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 146.781558][ T6718] QAT: Invalid ioctl -2146921981 [ 148.131708][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 148.371564][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 148.611949][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 148.851730][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 149.095157][ T6776] ovs_: entered promiscuous mode [ 149.441856][ T6767] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 149.764545][ T6784] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 149.781745][ T6784] vhci_hcd vhci_hcd.1: SetHubDepth req not supported for USB 2.0 roothub [ 151.021679][ T6810] bond0: invalid ARP target specified [ 154.341730][ T6867] ACPI: Can not change Invalid GPE/Fixed Event status [ 154.405556][ T6867] netlink: 16 bytes leftover after parsing attributes in process `syz.1.202'. [ 154.563459][ T29] audit: type=1326 audit(1775742314.303:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.3.204" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f59bdf9c819 code=0x0 [ 154.670523][ T6871] syz.2.205 uses obsolete (PF_INET,SOCK_PACKET) [ 155.180611][ T5828] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 155.580947][ T6899] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 155.962924][ T6908] netlink: 4 bytes leftover after parsing attributes in process `syz.3.214'. [ 157.619276][ T6937] zswap: compressor not available [ 157.675282][ T6949] cougar: G6 mapped to space [ 158.665757][ T6973] vhci_hcd vhci_hcd.2: invalid port number 255 [ 158.870166][ T6986] vivid-007: ================= START STATUS ================= [ 158.878631][ T6986] vivid-007: Generate PTS: true [ 158.885012][ T6986] vivid-007: Generate SCR: true [ 158.900663][ T6986] tpg source WxH: 320x240 (Y'CbCr) [ 158.906508][ T6986] tpg field: 1 [ 158.909928][ T6986] tpg crop: (0,0)/320x240 [ 158.919114][ T6986] tpg compose: (0,0)/320x240 [ 158.924226][ T6986] tpg colorspace: 8 [ 158.928353][ T6986] tpg transfer function: 0/0 [ 158.943417][ T6986] tpg Y'CbCr encoding: 0/0 [ 158.948011][ T6986] tpg quantization: 0/0 [ 158.959328][ T6986] tpg RGB range: 0/2 [ 158.963852][ T6986] vivid-007: ================== END STATUS ================== [ 161.286784][ T7044] netlink: 330 bytes leftover after parsing attributes in process `syz.0.246'. [ 161.311983][ T7044] \: renamed from lo (while UP) [ 162.483513][ T7027] netlink: 62 bytes leftover after parsing attributes in process `syz.1.242'. [ 162.548514][ T7037] netlink: 62 bytes leftover after parsing attributes in process `syz.1.242'. [ 162.671184][ T7076] netlink: 28 bytes leftover after parsing attributes in process `syz.0.252'. [ 162.742792][ T7076] team0: Port device team_slave_1 removed [ 163.354153][ T7088] kAFS: Invalid Command on /proc/fs/afs/cells file [ 163.966902][ T7096] can: request_module (can-proto-5) failed. [ 165.533792][ T7120] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7fed39335 pfn:0x78000 [ 165.552911][ T7120] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 165.580483][ T7120] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 165.621795][ T7120] raw: 00000007fed39335 0000000000000000 0000000400000002 0000000000000000 [ 165.649714][ T7120] page dumped because: unmovable page [ 165.681695][ T7120] page_owner tracks the page as allocated [ 165.687923][ T7120] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5821, tgid 5821 (syz-executor), ts 90506919194, free_ts 90250066240 [ 165.771612][ T7120] post_alloc_hook+0x153/0x170 [ 165.776510][ T7120] get_page_from_freelist+0x111d/0x3140 [ 165.811600][ T7120] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 165.817980][ T7120] alloc_pages_mpol+0x1fb/0x550 [ 165.848926][ T7120] alloc_pages_noprof+0x136/0x390 [ 165.876550][ T7120] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 165.901580][ T7120] vmalloc_user_noprof+0x9e/0xe0 [ 165.922574][ T7120] kcov_ioctl+0x4c/0x720 [ 165.937161][ T7120] __x64_sys_ioctl+0x18e/0x210 [ 165.952346][ T7120] do_syscall_64+0x106/0xf80 [ 165.957049][ T7120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.981709][ T7120] page last free pid 5811 tgid 5811 stack trace: [ 165.998382][ T7120] free_unref_folios+0xaea/0x1790 [ 166.008555][ T7120] folios_put_refs+0x53c/0x840 [ 166.021609][ T7120] free_pages_and_swap_cache+0x242/0x480 [ 166.027377][ T7120] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 166.051609][ T7120] tlb_finish_mmu+0x1b0/0x810 [ 166.062616][ T7120] unmap_region+0x2d9/0x3b0 [ 166.077580][ T7120] vms_complete_munmap_vmas+0xa4b/0xdd0 [ 166.092800][ T7120] do_vmi_align_munmap+0x44f/0x5f0 [ 166.101902][ T7120] do_vmi_munmap+0x1f8/0x3e0 [ 166.111340][ T7120] __vm_munmap+0x196/0x390 [ 166.121570][ T7120] __x64_sys_munmap+0x59/0x80 [ 166.139234][ T7120] do_syscall_64+0x106/0xf80 [ 166.151142][ T7120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.283223][ T7154] random: crng reseeded on system resumption [ 167.291303][ T7149] [U] [ 168.776467][ T5828] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 168.776513][ T5828] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 168.791829][ T5828] Bluetooth: hci3: Dropping invalid advertising data [ 168.800164][ T5828] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 168.800220][ T5828] Bluetooth: hci3: Dropping invalid advertising data [ 168.800267][ T5828] Bluetooth: hci3: Malformed LE Event: 0x02 [ 170.895327][ T7206] bond0: invalid ARP target specified [ 171.142251][ T7206] netlink: 28 bytes leftover after parsing attributes in process `syz.2.286'. [ 171.181939][ T7206] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.189506][ T7206] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 171.234842][ T7206] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 171.242469][ T7206] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 171.334775][ T7217] FAULT_INJECTION: forcing a failure. [ 171.334775][ T7217] name failslab, interval 1, probability 0, space 0, times 0 [ 171.350187][ T7217] CPU: 1 UID: 0 PID: 7217 Comm: syz.3.290 Tainted: G L syzkaller #0 PREEMPT(full) [ 171.350247][ T7217] Tainted: [L]=SOFTLOCKUP [ 171.350258][ T7217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 171.350277][ T7217] Call Trace: [ 171.350288][ T7217] [ 171.350299][ T7217] dump_stack_lvl+0x100/0x190 [ 171.350355][ T7217] should_fail_ex.cold+0x5/0xa [ 171.350393][ T7217] ? tomoyo_encode2+0xfb/0x3c0 [ 171.350437][ T7217] should_failslab+0xc2/0x120 [ 171.350471][ T7217] __kmalloc_noprof+0xe0/0x850 [ 171.350516][ T7217] ? d_absolute_path+0x136/0x1b0 [ 171.350564][ T7217] tomoyo_encode2+0xfb/0x3c0 [ 171.350610][ T7217] tomoyo_encode+0x29/0x50 [ 171.350649][ T7217] tomoyo_realpath_from_path+0x18c/0x690 [ 171.350700][ T7217] tomoyo_path_number_perm+0x23c/0x580 [ 171.350735][ T7217] ? tomoyo_path_number_perm+0x22e/0x580 [ 171.350772][ T7217] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 171.350807][ T7217] ? find_held_lock+0x2b/0x80 [ 171.350836][ T7217] ? rcu_read_unlock+0x17/0x60 [ 171.350875][ T7217] ? do_raw_spin_lock+0x128/0x260 [ 171.350919][ T7217] ? find_held_lock+0x2b/0x80 [ 171.350963][ T7217] ? __pfx_d_add+0x10/0x10 [ 171.350999][ T7217] ? d_alloc+0x176/0x1e0 [ 171.351031][ T7217] ? current_check_access_path+0x281/0x460 [ 171.351076][ T7217] ? __pfx_current_check_access_path+0x10/0x10 [ 171.351118][ T7217] ? simple_lookup+0x105/0x1d0 [ 171.351145][ T7217] ? lookup_one_qstr_excl+0xb3/0x250 [ 171.351189][ T7217] tomoyo_path_mkdir+0x9b/0xe0 [ 171.351228][ T7217] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 171.351266][ T7217] security_path_mkdir+0x154/0x2e0 [ 171.351312][ T7217] filename_mkdirat+0x168/0x5e0 [ 171.351350][ T7217] ? __pfx_filename_mkdirat+0x10/0x10 [ 171.351394][ T7217] ? strncpy_from_user+0x19d/0x2d0 [ 171.351434][ T7217] ? do_getname+0x191/0x390 [ 171.351484][ T7217] __x64_sys_mkdir+0x6b/0x90 [ 171.351525][ T7217] do_syscall_64+0x106/0xf80 [ 171.351560][ T7217] ? clear_bhb_loop+0x40/0x90 [ 171.351604][ T7217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.351638][ T7217] RIP: 0033:0x7f59bdf9c819 [ 171.351667][ T7217] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 171.351697][ T7217] RSP: 002b:00007f59bee9d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 171.351729][ T7217] RAX: ffffffffffffffda RBX: 00007f59be216090 RCX: 00007f59bdf9c819 [ 171.351751][ T7217] RDX: 0000000000000000 RSI: 0000000000008001 RDI: 0000200000000100 [ 171.351771][ T7217] RBP: 00007f59be032c91 R08: 0000000000000000 R09: 0000000000000000 [ 171.351791][ T7217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 171.351810][ T7217] R13: 00007f59be216128 R14: 00007f59be216090 R15: 00007ffd74ae7be8 [ 171.351855][ T7217] [ 171.713079][ T7213] ptrace attach of "./syz-executor exec"[5825] was attempted by "./syz-executor exec"[7213] [ 171.781650][ T7217] ERROR: Out of memory at tomoyo_realpath_from_path. [ 171.874597][ T7213] vivid-007: ================= START STATUS ================= [ 172.001919][ T7213] vivid-007: Generate PTS: true [ 172.101984][ T7213] vivid-007: Generate SCR: true [ 172.106962][ T7213] tpg source WxH: 320x240 (Y'CbCr) [ 172.208959][ T7213] tpg field: 1 [ 172.231544][ T7213] tpg crop: (0,0)/320x240 [ 172.238120][ T7213] tpg compose: (0,0)/320x240 [ 172.301954][ T7213] tpg colorspace: 8 [ 172.305968][ T7213] tpg transfer function: 0/0 [ 172.315678][ T7213] tpg Y'CbCr encoding: 0/0 [ 172.336201][ T7213] tpg quantization: 0/0 [ 172.351552][ T7213] tpg RGB range: 0/2 [ 172.356752][ T7213] vivid-007: ================== END STATUS ================== [ 172.532090][ T7235] netlink: 'syz.2.291': attribute type 11 has an invalid length. [ 173.082699][ T7240] FAULT_INJECTION: forcing a failure. [ 173.082699][ T7240] name failslab, interval 1, probability 0, space 0, times 0 [ 173.097438][ T7240] CPU: 0 UID: 0 PID: 7240 Comm: syz.3.294 Tainted: G L syzkaller #0 PREEMPT(full) [ 173.097489][ T7240] Tainted: [L]=SOFTLOCKUP [ 173.097499][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 173.097517][ T7240] Call Trace: [ 173.097527][ T7240] [ 173.097539][ T7240] dump_stack_lvl+0x100/0x190 [ 173.097602][ T7240] should_fail_ex.cold+0x5/0xa [ 173.097645][ T7240] should_failslab+0xc2/0x120 [ 173.097685][ T7240] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 173.097737][ T7240] ? __mpol_dup+0x74/0x390 [ 173.097787][ T7240] __mpol_dup+0x74/0x390 [ 173.097828][ T7240] ? __pfx___mpol_dup+0x10/0x10 [ 173.097869][ T7240] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 173.097922][ T7240] ? sp_alloc+0x27/0x160 [ 173.097971][ T7240] sp_alloc+0x4d/0x160 [ 173.098015][ T7240] mpol_set_shared_policy+0xa5/0x890 [ 173.098068][ T7240] ? __pfx_shmem_set_policy+0x10/0x10 [ 173.098108][ T7240] mbind_range+0x339/0x550 [ 173.098167][ T7240] do_mbind+0x7dc/0xfd0 [ 173.098221][ T7240] ? __might_fault+0xc5/0x140 [ 173.098272][ T7240] ? __pfx_do_mbind+0x10/0x10 [ 173.098326][ T7240] ? _copy_from_user+0x59/0xd0 [ 173.098380][ T7240] ? __pfx_get_nodes+0x10/0x10 [ 173.098424][ T7240] kernel_mbind+0x1b7/0x200 [ 173.098473][ T7240] ? __pfx_kernel_mbind+0x10/0x10 [ 173.098530][ T7240] do_syscall_64+0x106/0xf80 [ 173.098565][ T7240] ? clear_bhb_loop+0x40/0x90 [ 173.098606][ T7240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.098640][ T7240] RIP: 0033:0x7f59bdf9c819 [ 173.098668][ T7240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.098701][ T7240] RSP: 002b:00007f59beebe028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 173.098732][ T7240] RAX: ffffffffffffffda RBX: 00007f59be215fa0 RCX: 00007f59bdf9c819 [ 173.098753][ T7240] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 173.098773][ T7240] RBP: 00007f59be032c91 R08: 0000000000000003 R09: 0000000000000003 [ 173.098794][ T7240] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 173.098814][ T7240] R13: 00007f59be216038 R14: 00007f59be215fa0 R15: 00007ffd74ae7be8 [ 173.098857][ T7240] [ 173.447410][ T7248] netlink: 342 bytes leftover after parsing attributes in process `syz.1.295'. [ 173.615636][ T7251] capability: warning: `syz.3.296' uses 32-bit capabilities (legacy support in use) [ 175.775934][ T7256] netlink: 62 bytes leftover after parsing attributes in process `syz.3.298'. [ 175.787460][ T7256] netlink: 62 bytes leftover after parsing attributes in process `syz.3.298'. [ 175.846884][ T7279] netlink: 28 bytes leftover after parsing attributes in process `syz.0.304'. [ 177.624407][ T7318] zram0: detected capacity change from 0 to 16 [ 178.411911][ T7322] zswap: compressor  not available [ 178.658196][ T7341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.318'. [ 178.770424][ T7344] bond0: invalid ARP target specified [ 178.904124][ T7346] netlink: 'syz.0.319': attribute type 1 has an invalid length. [ 178.938410][ T7346] netlink: 9 bytes leftover after parsing attributes in process `syz.0.319'. [ 179.098754][ T7344] netlink: 28 bytes leftover after parsing attributes in process `syz.1.317'. [ 179.131545][ T7344] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.177668][ T7344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 179.245450][ T7344] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.302875][ T7344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.599784][ T7458] bridge0: port 3(bond0) entered blocking state [ 184.648633][ T7458] bridge0: port 3(bond0) entered disabled state [ 184.674078][ T7458] bond0: entered allmulticast mode [ 184.694175][ T7458] bond_slave_0: entered allmulticast mode [ 184.762600][ T7458] bond_slave_1: entered allmulticast mode [ 184.773152][ T7458] bond0: entered promiscuous mode [ 184.778290][ T7458] bond_slave_0: entered promiscuous mode [ 184.869170][ T7458] bond_slave_1: entered promiscuous mode [ 184.884142][ T7458] bridge0: port 3(bond0) entered blocking state [ 184.890872][ T7458] bridge0: port 3(bond0) entered forwarding state [ 184.917180][ T7464] FAULT_INJECTION: forcing a failure. [ 184.917180][ T7464] name failslab, interval 1, probability 0, space 0, times 0 [ 184.931024][ T7464] CPU: 0 UID: 0 PID: 7464 Comm: syz.3.343 Tainted: G L syzkaller #0 PREEMPT(full) [ 184.931077][ T7464] Tainted: [L]=SOFTLOCKUP [ 184.931089][ T7464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 184.931114][ T7464] Call Trace: [ 184.931126][ T7464] [ 184.931141][ T7464] dump_stack_lvl+0x100/0x190 [ 184.931200][ T7464] should_fail_ex.cold+0x5/0xa [ 184.931240][ T7464] should_failslab+0xc2/0x120 [ 184.931288][ T7464] __kmalloc_cache_noprof+0x7a/0x6f0 [ 184.931333][ T7464] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 184.931389][ T7464] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 184.931439][ T7464] ? __mutex_lock+0x26a/0x1b90 [ 184.931482][ T7464] ? tomoyo_path_number_perm+0x46d/0x580 [ 184.931524][ T7464] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 184.931573][ T7464] ? kasan_quarantine_put+0x104/0x240 [ 184.931630][ T7464] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 184.931679][ T7464] ? __pfx___mutex_lock+0x10/0x10 [ 184.931714][ T7464] ? find_held_lock+0x2b/0x80 [ 184.931747][ T7464] ? tomoyo_path_number_perm+0x28f/0x580 [ 184.931788][ T7464] ? tomoyo_path_number_perm+0x28f/0x580 [ 184.931846][ T7464] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 184.931888][ T7464] ? futex_wait+0x125/0x380 [ 184.931949][ T7464] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 184.932006][ T7464] snd_pcm_oss_get_formats+0x7d/0x350 [ 184.932052][ T7464] ? do_vfs_ioctl+0x226/0x13e0 [ 184.932102][ T7464] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 184.932164][ T7464] snd_pcm_oss_ioctl+0x1719/0x3720 [ 184.932212][ T7464] ? find_held_lock+0x2b/0x80 [ 184.932245][ T7464] ? __fget_files+0x215/0x3d0 [ 184.932285][ T7464] ? hook_file_ioctl_common+0x146/0x410 [ 184.932331][ T7464] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 184.932385][ T7464] ? __fget_files+0x21f/0x3d0 [ 184.932426][ T7464] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 184.932477][ T7464] __x64_sys_ioctl+0x18e/0x210 [ 184.932533][ T7464] do_syscall_64+0x106/0xf80 [ 184.932567][ T7464] ? clear_bhb_loop+0x40/0x90 [ 184.932609][ T7464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.932643][ T7464] RIP: 0033:0x7f59bdf9c819 [ 184.932670][ T7464] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 184.932702][ T7464] RSP: 002b:00007f59bee5b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 184.932733][ T7464] RAX: ffffffffffffffda RBX: 00007f59be216270 RCX: 00007f59bdf9c819 [ 184.932754][ T7464] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000006 [ 184.932774][ T7464] RBP: 00007f59be032c91 R08: 0000000000000000 R09: 0000000000000000 [ 184.932793][ T7464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.932813][ T7464] R13: 00007f59be216308 R14: 00007f59be216270 R15: 00007ffd74ae7be8 [ 184.932856][ T7464] [ 185.842119][ T7474] Unable to find swap-space signature [ 187.067742][ T7505] netlink: 122 bytes leftover after parsing attributes in process `syz.3.355'. [ 187.149423][ T7505] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 187.340625][ T7511] ======================================================= [ 187.340625][ T7511] WARNING: The mand mount option has been deprecated and [ 187.340625][ T7511] and is ignored by this kernel. Remove the mand [ 187.340625][ T7511] option from the mount to silence this warning. [ 187.340625][ T7511] ======================================================= [ 187.609670][ T7518] netlink: 16 bytes leftover after parsing attributes in process `syz.1.358'. [ 188.129908][ T7529] netlink: 'syz.3.362': attribute type 1 has an invalid length. [ 188.161813][ T7529] netlink: 9 bytes leftover after parsing attributes in process `syz.3.362'. [ 188.332732][ T7537] FAULT_INJECTION: forcing a failure. [ 188.332732][ T7537] name failslab, interval 1, probability 0, space 0, times 0 [ 188.401567][ T7537] CPU: 0 UID: 0 PID: 7537 Comm: syz.2.365 Tainted: G L syzkaller #0 PREEMPT(full) [ 188.401614][ T7537] Tainted: [L]=SOFTLOCKUP [ 188.401625][ T7537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 188.401642][ T7537] Call Trace: [ 188.401653][ T7537] [ 188.401664][ T7537] dump_stack_lvl+0x100/0x190 [ 188.401718][ T7537] should_fail_ex.cold+0x5/0xa [ 188.401757][ T7537] should_failslab+0xc2/0x120 [ 188.401794][ T7537] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 188.401847][ T7537] ? sock_alloc_inode+0x25/0x1c0 [ 188.401890][ T7537] ? __pfx_sock_alloc_inode+0x10/0x10 [ 188.401932][ T7537] sock_alloc_inode+0x25/0x1c0 [ 188.401970][ T7537] alloc_inode+0x68/0x250 [ 188.402016][ T7537] sock_alloc+0x44/0x280 [ 188.402057][ T7537] ? security_socket_create+0x7f/0x250 [ 188.402095][ T7537] __sock_create+0xc2/0x860 [ 188.402145][ T7537] __sys_socket+0x14d/0x260 [ 188.402190][ T7537] ? __pfx___sys_socket+0x10/0x10 [ 188.402247][ T7537] __x64_sys_socket+0x72/0xb0 [ 188.402290][ T7537] ? lockdep_hardirqs_on+0x78/0x100 [ 188.402325][ T7537] do_syscall_64+0x106/0xf80 [ 188.402357][ T7537] ? clear_bhb_loop+0x40/0x90 [ 188.402395][ T7537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.402427][ T7537] RIP: 0033:0x7fe7a979c819 [ 188.402452][ T7537] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 188.402482][ T7537] RSP: 002b:00007fe7aa5ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 188.402513][ T7537] RAX: ffffffffffffffda RBX: 00007fe7a9a15fa0 RCX: 00007fe7a979c819 [ 188.402533][ T7537] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000015 [ 188.402552][ T7537] RBP: 00007fe7a9832c91 R08: 0000000000000000 R09: 0000000000000000 [ 188.402571][ T7537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 188.402590][ T7537] R13: 00007fe7a9a16038 R14: 00007fe7a9a15fa0 R15: 00007fff8798a778 [ 188.402633][ T7537] [ 188.402836][ T7537] socket: no more sockets [ 189.436558][ T7560] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 191.020260][ T7586] binder: 7584:7586 ioctl c0306201 2000000000c0 returned -14 [ 193.439520][ T7679] netlink: 'syz.2.388': attribute type 1 has an invalid length. [ 193.957564][ T7691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.391'. [ 193.982972][ T7691] FAULT_INJECTION: forcing a failure. [ 193.982972][ T7691] name failslab, interval 1, probability 0, space 0, times 0 [ 194.005097][ T7691] CPU: 1 UID: 0 PID: 7691 Comm: syz.1.391 Tainted: G L syzkaller #0 PREEMPT(full) [ 194.005150][ T7691] Tainted: [L]=SOFTLOCKUP [ 194.005162][ T7691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 194.005181][ T7691] Call Trace: [ 194.005191][ T7691] [ 194.005203][ T7691] dump_stack_lvl+0x100/0x190 [ 194.005263][ T7691] should_fail_ex.cold+0x5/0xa [ 194.005305][ T7691] should_failslab+0xc2/0x120 [ 194.005345][ T7691] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 194.005400][ T7691] ? skb_clone+0x190/0x400 [ 194.005441][ T7691] skb_clone+0x190/0x400 [ 194.005476][ T7691] netlink_deliver_tap+0xaed/0xcc0 [ 194.005523][ T7691] netlink_unicast+0x650/0x870 [ 194.005577][ T7691] ? __pfx_netlink_unicast+0x10/0x10 [ 194.005632][ T7691] netlink_sendmsg+0x8b0/0xda0 [ 194.005679][ T7691] ? __pfx_netlink_sendmsg+0x10/0x10 [ 194.005729][ T7691] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 194.005774][ T7691] __sys_sendto+0x468/0x4b0 [ 194.005825][ T7691] ? __pfx_netlink_sendmsg+0x10/0x10 [ 194.005866][ T7691] ? __pfx___sys_sendto+0x10/0x10 [ 194.005931][ T7691] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 194.005969][ T7691] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 194.006035][ T7691] __x64_sys_sendto+0xe0/0x1c0 [ 194.006099][ T7691] ? do_syscall_64+0x95/0xf80 [ 194.006137][ T7691] ? lockdep_hardirqs_on+0x78/0x100 [ 194.006174][ T7691] do_syscall_64+0x106/0xf80 [ 194.006208][ T7691] ? clear_bhb_loop+0x40/0x90 [ 194.006252][ T7691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.006288][ T7691] RIP: 0033:0x7fa62db5d04e [ 194.006316][ T7691] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 194.006349][ T7691] RSP: 002b:00007fa62e9fbe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 194.006381][ T7691] RAX: ffffffffffffffda RBX: 00007fa62e9fd6c0 RCX: 00007fa62db5d04e [ 194.006402][ T7691] RDX: 0000000000000028 RSI: 00007fa62e9fc000 RDI: 000000000000000a [ 194.006428][ T7691] RBP: 0000000000000000 R08: 00007fa62e9fbf04 R09: 000000000000000c [ 194.006448][ T7691] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 194.006467][ T7691] R13: 00007fa62e9fbf58 R14: 00007fa62e9fc000 R15: 0000000000000000 [ 194.006511][ T7691] [ 194.536284][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.542975][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.458498][ T7741] netlink: 'syz.0.405': attribute type 1 has an invalid length. [ 196.724114][ T7749] FAULT_INJECTION: forcing a failure. [ 196.724114][ T7749] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 196.789359][ T7749] CPU: 1 UID: 0 PID: 7749 Comm: syz.1.407 Tainted: G L syzkaller #0 PREEMPT(full) [ 196.789408][ T7749] Tainted: [L]=SOFTLOCKUP [ 196.789419][ T7749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 196.789437][ T7749] Call Trace: [ 196.789447][ T7749] [ 196.789458][ T7749] dump_stack_lvl+0x100/0x190 [ 196.789515][ T7749] should_fail_ex.cold+0x5/0xa [ 196.789555][ T7749] _copy_from_user+0x2e/0xd0 [ 196.789610][ T7749] kstrtouint_from_user+0xd6/0x1d0 [ 196.789664][ T7749] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 196.789716][ T7749] ? __lock_acquire+0x4a5/0x2630 [ 196.789768][ T7749] ? ocfs2_map_and_dirty_folio+0x670/0x8f0 [ 196.789825][ T7749] proc_fail_nth_write+0x83/0x220 [ 196.789868][ T7749] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 196.789924][ T7749] vfs_write+0x2aa/0x1070 [ 196.789959][ T7749] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 196.790003][ T7749] ? irqentry_exit+0x180/0x670 [ 196.790039][ T7749] ? __pfx_vfs_write+0x10/0x10 [ 196.790089][ T7749] ? __asan_memset+0x23/0x50 [ 196.790144][ T7749] ksys_write+0x12a/0x250 [ 196.790177][ T7749] ? __pfx_ksys_write+0x10/0x10 [ 196.790223][ T7749] do_syscall_64+0x106/0xf80 [ 196.790256][ T7749] ? clear_bhb_loop+0x40/0x90 [ 196.790295][ T7749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.790326][ T7749] RIP: 0033:0x7fa62db5d04e [ 196.790357][ T7749] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 196.790394][ T7749] RSP: 002b:00007fa62e9dbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 196.790424][ T7749] RAX: ffffffffffffffda RBX: 00007fa62e9dc6c0 RCX: 00007fa62db5d04e [ 196.790444][ T7749] RDX: 0000000000000001 RSI: 00007fa62e9dc0a0 RDI: 0000000000000003 [ 196.790462][ T7749] RBP: 00007fa62e9dc090 R08: 0000000000000000 R09: 0000000000000000 [ 196.790481][ T7749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.790499][ T7749] R13: 00007fa62de16128 R14: 00007fa62de16090 R15: 00007ffdebc80518 [ 196.790541][ T7749] [ 197.268589][ T7753] block2mtd: Using custom MTD label '' for dev [ 197.281601][ T7753] block2mtd: error: cannot open device [ 198.011835][ T7768] FAULT_INJECTION: forcing a failure. [ 198.011835][ T7768] name failslab, interval 1, probability 0, space 0, times 0 [ 198.071627][ T7768] CPU: 0 UID: 0 PID: 7768 Comm: syz.1.415 Tainted: G L syzkaller #0 PREEMPT(full) [ 198.071679][ T7768] Tainted: [L]=SOFTLOCKUP [ 198.071690][ T7768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 198.071709][ T7768] Call Trace: [ 198.071719][ T7768] [ 198.071730][ T7768] dump_stack_lvl+0x100/0x190 [ 198.071789][ T7768] should_fail_ex.cold+0x5/0xa [ 198.071829][ T7768] ? tomoyo_realpath_from_path+0xb6/0x690 [ 198.071880][ T7768] should_failslab+0xc2/0x120 [ 198.071920][ T7768] __kmalloc_noprof+0xe0/0x850 [ 198.071984][ T7768] tomoyo_realpath_from_path+0xb6/0x690 [ 198.072046][ T7768] tomoyo_check_open_permission+0x2af/0x3c0 [ 198.072092][ T7768] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 198.072176][ T7768] ? do_raw_spin_lock+0x128/0x260 [ 198.072233][ T7768] ? path_get+0x61/0x80 [ 198.072279][ T7768] tomoyo_file_open+0x6b/0x90 [ 198.072324][ T7768] security_file_open+0xb5/0x1e0 [ 198.072374][ T7768] do_dentry_open+0x5aa/0x1660 [ 198.072414][ T7768] ? security_inode_permission+0xbf/0x250 [ 198.072464][ T7768] vfs_open+0x82/0x3f0 [ 198.072514][ T7768] path_openat+0x208c/0x31a0 [ 198.072566][ T7768] ? __pfx_path_openat+0x10/0x10 [ 198.072621][ T7768] do_file_open+0x20e/0x430 [ 198.072662][ T7768] ? __pfx_do_file_open+0x10/0x10 [ 198.072727][ T7768] ? alloc_fd+0x476/0x790 [ 198.072766][ T7768] ? do_getname+0x191/0x390 [ 198.072816][ T7768] do_sys_openat2+0x10d/0x1e0 [ 198.072864][ T7768] ? __pfx_do_sys_openat2+0x10/0x10 [ 198.072927][ T7768] __x64_sys_openat+0x12d/0x210 [ 198.072975][ T7768] ? __pfx___x64_sys_openat+0x10/0x10 [ 198.073038][ T7768] do_syscall_64+0x106/0xf80 [ 198.073073][ T7768] ? clear_bhb_loop+0x40/0x90 [ 198.073118][ T7768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.073154][ T7768] RIP: 0033:0x7fa62db9c819 [ 198.073181][ T7768] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 198.073213][ T7768] RSP: 002b:00007fa62e9fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 198.073246][ T7768] RAX: ffffffffffffffda RBX: 00007fa62de15fa0 RCX: 00007fa62db9c819 [ 198.073269][ T7768] RDX: 0000000000000300 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 198.073298][ T7768] RBP: 00007fa62dc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 198.073319][ T7768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.073339][ T7768] R13: 00007fa62de16038 R14: 00007fa62de15fa0 R15: 00007ffdebc80518 [ 198.073383][ T7768] [ 198.073398][ T7768] ERROR: Out of memory at tomoyo_realpath_from_path. [ 200.527300][ T7811] netlink: 28 bytes leftover after parsing attributes in process `syz.3.428'. [ 200.557563][ T7811] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.565734][ T7811] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.726283][ T7811] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.735537][ T7811] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.593469][ T7850] NFSD: Failed to start, no listeners configured. [ 203.259050][ T7860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.392584][ T7860] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.555773][ T7865] netlink: 16 bytes leftover after parsing attributes in process `syz.1.440'. [ 204.029604][ T7871] FAULT_INJECTION: forcing a failure. [ 204.029604][ T7871] name failslab, interval 1, probability 0, space 0, times 0 [ 204.042603][ T7871] CPU: 0 UID: 0 PID: 7871 Comm: syz.0.442 Tainted: G L syzkaller #0 PREEMPT(full) [ 204.042657][ T7871] Tainted: [L]=SOFTLOCKUP [ 204.042689][ T7871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 204.042709][ T7871] Call Trace: [ 204.042720][ T7871] [ 204.042733][ T7871] dump_stack_lvl+0x100/0x190 [ 204.042795][ T7871] should_fail_ex.cold+0x5/0xa [ 204.042837][ T7871] should_failslab+0xc2/0x120 [ 204.042884][ T7871] __kmalloc_cache_noprof+0x7a/0x6f0 [ 204.042934][ T7871] ? create_filter_start.constprop.0+0x1c4/0x310 [ 204.042991][ T7871] ? __asan_memcpy+0x3c/0x60 [ 204.043049][ T7871] create_filter_start.constprop.0+0x1c4/0x310 [ 204.043121][ T7871] create_filter+0xb5/0x210 [ 204.043179][ T7871] ? __pfx_create_filter+0x10/0x10 [ 204.043238][ T7871] ? find_held_lock+0x2b/0x80 [ 204.043278][ T7871] apply_event_filter+0x220/0x500 [ 204.043340][ T7871] ? __pfx_apply_event_filter+0x10/0x10 [ 204.043411][ T7871] event_filter_write+0x16d/0x290 [ 204.043457][ T7871] vfs_write+0x2aa/0x1070 [ 204.043493][ T7871] ? __pfx_event_filter_write+0x10/0x10 [ 204.043540][ T7871] ? __pfx_vfs_write+0x10/0x10 [ 204.043574][ T7871] ? __fget_files+0x215/0x3d0 [ 204.043619][ T7871] ? __fget_files+0x21f/0x3d0 [ 204.043667][ T7871] ksys_write+0x12a/0x250 [ 204.043701][ T7871] ? __pfx_ksys_write+0x10/0x10 [ 204.043748][ T7871] do_syscall_64+0x106/0xf80 [ 204.043792][ T7871] ? clear_bhb_loop+0x40/0x90 [ 204.043835][ T7871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.043881][ T7871] RIP: 0033:0x7ff3ea39c819 [ 204.043911][ T7871] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.043944][ T7871] RSP: 002b:00007ff3eb279028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 204.043976][ T7871] RAX: ffffffffffffffda RBX: 00007ff3ea615fa0 RCX: 00007ff3ea39c819 [ 204.044015][ T7871] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 204.044051][ T7871] RBP: 00007ff3ea432c91 R08: 0000000000000000 R09: 0000000000000000 [ 204.044072][ T7871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.044092][ T7871] R13: 00007ff3ea616038 R14: 00007ff3ea615fa0 R15: 00007ffd59518df8 [ 204.044137][ T7871] [ 206.353560][ T7925] netlink: 25 bytes leftover after parsing attributes in process `syz.3.453'. [ 207.853846][ T29] audit: type=1800 audit(4294985683.434:4): pid=7938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.458" name="features" dev="configfs" ino=16982 res=0 errno=0 [ 207.979468][ T7930] FAULT_INJECTION: forcing a failure. [ 207.979468][ T7930] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 208.087301][ T7930] CPU: 0 UID: 0 PID: 7930 Comm: syz.0.457 Tainted: G L syzkaller #0 PREEMPT(full) [ 208.087350][ T7930] Tainted: [L]=SOFTLOCKUP [ 208.087361][ T7930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 208.087379][ T7930] Call Trace: [ 208.087389][ T7930] [ 208.087400][ T7930] dump_stack_lvl+0x100/0x190 [ 208.087456][ T7930] should_fail_ex.cold+0x5/0xa [ 208.087543][ T7930] ? prepare_alloc_pages+0x16d/0x5f0 [ 208.087586][ T7930] should_fail_alloc_page+0xeb/0x140 [ 208.087626][ T7930] prepare_alloc_pages+0x1f0/0x5f0 [ 208.087674][ T7930] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 208.087730][ T7930] ? is_bpf_text_address+0x8a/0x1a0 [ 208.087784][ T7930] ? is_bpf_text_address+0x8a/0x1a0 [ 208.087844][ T7930] ? bpf_ksym_find+0x124/0x1c0 [ 208.087888][ T7930] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 208.087926][ T7930] ? is_bpf_text_address+0x94/0x1a0 [ 208.087988][ T7930] ? kernel_text_address+0x8d/0x100 [ 208.088039][ T7930] ? __kernel_text_address+0xd/0x30 [ 208.088088][ T7930] ? unwind_get_return_address+0x59/0xa0 [ 208.088126][ T7930] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 208.088183][ T7930] ? __lock_acquire+0x4a5/0x2630 [ 208.088228][ T7930] ? __lock_acquire+0x4a5/0x2630 [ 208.088285][ T7930] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 208.088323][ T7930] ? policy_nodemask+0xed/0x4f0 [ 208.088362][ T7930] alloc_pages_mpol+0x1fb/0x550 [ 208.088400][ T7930] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 208.088436][ T7930] ? swap_entry_swapped+0x1ff/0x2b0 [ 208.088473][ T7930] ? __pfx_swap_entry_swapped+0x10/0x10 [ 208.088511][ T7930] folio_alloc_mpol_noprof+0x36/0x340 [ 208.088555][ T7930] swap_cache_alloc_folio+0x1a8/0x300 [ 208.088607][ T7930] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 208.088670][ T7930] swap_cluster_readahead+0x411/0x770 [ 208.088729][ T7930] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 208.088785][ T7930] ? __lock_acquire+0x4a5/0x2630 [ 208.088829][ T7930] ? __xa_set_mark+0xd1/0x120 [ 208.088889][ T7930] ? get_vma_policy+0x23d/0x3b0 [ 208.088933][ T7930] swapin_readahead+0x160/0x12c0 [ 208.089002][ T7930] ? __pfx_swapin_readahead+0x10/0x10 [ 208.089051][ T7930] ? find_held_lock+0x2b/0x80 [ 208.089083][ T7930] ? swap_table_get+0x103/0x2c0 [ 208.089127][ T7930] ? swap_table_get+0x103/0x2c0 [ 208.089185][ T7930] ? swap_table_get+0x10d/0x2c0 [ 208.089233][ T7930] ? swap_cache_get_folio+0x1ae/0x600 [ 208.089283][ T7930] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 208.089329][ T7930] ? __pfx_get_swap_device+0x10/0x10 [ 208.089373][ T7930] ? do_swap_page+0xb2e/0x6900 [ 208.089418][ T7930] do_swap_page+0xb2e/0x6900 [ 208.089486][ T7930] ? __pfx_do_swap_page+0x10/0x10 [ 208.089539][ T7930] ? do_raw_spin_lock+0x128/0x260 [ 208.089592][ T7930] ? rcu_is_watching+0x12/0xc0 [ 208.089643][ T7930] ? __pte_offset_map+0x179/0x310 [ 208.089684][ T7930] __handle_mm_fault+0x18c7/0x2b60 [ 208.089741][ T7930] ? reacquire_held_locks+0xce/0x1e0 [ 208.089787][ T7930] ? __pfx___handle_mm_fault+0x10/0x10 [ 208.089849][ T7930] ? lock_vma_under_rcu+0x17c/0x590 [ 208.089921][ T7930] handle_mm_fault+0x36d/0xa20 [ 208.089976][ T7930] do_user_addr_fault+0x5a3/0x12f0 [ 208.090021][ T7930] exc_page_fault+0x6f/0xd0 [ 208.090056][ T7930] asm_exc_page_fault+0x26/0x30 [ 208.090088][ T7930] RIP: 0033:0x7ff3ea2507bf [ 208.090114][ T7930] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 fb 44 8d 56 04 4c 8d 0d 52 18 3b 00 89 f0 4c 8d 05 49 f8 3a 00 89 c2 81 e2 ff 1f 00 00 <49> 8b 0c d1 48 39 f1 74 28 48 85 c9 74 29 45 38 1c 10 75 23 83 c0 [ 208.090144][ T7930] RSP: 002b:00007ffd59518e38 EFLAGS: 00010202 [ 208.090170][ T7930] RAX: 000000008b854e23 RBX: ffffffff8b854e23 RCX: 0000001b30a07070 [ 208.090191][ T7930] RDX: 0000000000000e23 RSI: ffffffff8b854e23 RDI: 0000000000000011 [ 208.090210][ T7930] RBP: 0000000000000028 R08: 00007ff3ea600000 R09: 00007ff3ea602000 [ 208.090229][ T7930] R10: 000000008b854e27 R11: 0000000000000011 R12: 00007ff3ea616128 [ 208.090249][ T7930] R13: 0000000000000029 R14: ffffffff8b854235 R15: 00007ff3eb145720 [ 208.090270][ T7930] ? mtree_range_walk+0x3c5/0xcd0 [ 208.090322][ T7930] ? mas_alloc_nodes+0x73/0x390 [ 208.090376][ T7930] ? mas_alloc_nodes+0x73/0x390 [ 208.090431][ T7930] [ 209.237040][ T7960] block2mtd: illegal erase size [ 209.421261][ T7964] block2mtd: illegal erase size [ 209.976972][ T7981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.470'. [ 210.217092][ T7985] netlink: 8 bytes leftover after parsing attributes in process `syz.1.472'. [ 211.293487][ T8011] netlink: 9 bytes leftover after parsing attributes in process `syz.3.479'. [ 211.387310][ T8015] netlink: 330 bytes leftover after parsing attributes in process `syz.2.480'. [ 212.129964][ T8039] netlink: 25 bytes leftover after parsing attributes in process `syz.1.486'. [ 212.150480][ T8038] FAULT_INJECTION: forcing a failure. [ 212.150480][ T8038] name failslab, interval 1, probability 0, space 0, times 0 [ 212.191725][ T8038] CPU: 0 UID: 0 PID: 8038 Comm: syz.3.485 Tainted: G L syzkaller #0 PREEMPT(full) [ 212.191781][ T8038] Tainted: [L]=SOFTLOCKUP [ 212.191794][ T8038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 212.191813][ T8038] Call Trace: [ 212.191823][ T8038] [ 212.191836][ T8038] dump_stack_lvl+0x100/0x190 [ 212.191896][ T8038] should_fail_ex.cold+0x5/0xa [ 212.191937][ T8038] should_failslab+0xc2/0x120 [ 212.191976][ T8038] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 212.192028][ T8038] ? create_new_namespaces+0x30/0xac0 [ 212.192066][ T8038] ? rcu_is_watching+0x12/0xc0 [ 212.192125][ T8038] create_new_namespaces+0x30/0xac0 [ 212.192161][ T8038] ? bpf_lsm_capable+0x9/0x10 [ 212.192198][ T8038] ? security_capable+0x80/0x260 [ 212.192238][ T8038] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 212.192280][ T8038] ksys_unshare+0x473/0xad0 [ 212.192328][ T8038] ? __pfx_ksys_unshare+0x10/0x10 [ 212.192387][ T8038] __x64_sys_unshare+0x31/0x40 [ 212.192430][ T8038] do_syscall_64+0x106/0xf80 [ 212.192466][ T8038] ? clear_bhb_loop+0x40/0x90 [ 212.192506][ T8038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.192541][ T8038] RIP: 0033:0x7f59bdf9c819 [ 212.192576][ T8038] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.192609][ T8038] RSP: 002b:00007f59bee9d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 212.192640][ T8038] RAX: ffffffffffffffda RBX: 00007f59be216090 RCX: 00007f59bdf9c819 [ 212.192660][ T8038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 212.192678][ T8038] RBP: 00007f59be032c91 R08: 0000000000000000 R09: 0000000000000000 [ 212.192698][ T8038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 212.192722][ T8038] R13: 00007f59be216128 R14: 00007f59be216090 R15: 00007ffd74ae7be8 [ 212.192765][ T8038] [ 212.561961][ T8041] netlink: 330 bytes leftover after parsing attributes in process `syz.2.487'. [ 212.586272][ T8041] netlink: 330 bytes leftover after parsing attributes in process `syz.2.487'. [ 212.974991][ T8048] netlink: 'syz.2.489': attribute type 1 has an invalid length. [ 213.470053][ T8063] input: jJǸ-9%vJ86 as /devices/virtual/input/input6 [ 213.768474][ T29] audit: type=1800 audit(4294985689.354:5): pid=8065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.492" name="features" dev="configfs" ino=18130 res=0 errno=0 [ 216.492629][ T8089] dyndbg: expected <4096 bytes into control [ 218.094059][ T8130] sp0: Synchronizing with TNC [ 218.157233][ T8130] binder: 8129:8130 ioctl 40044591 2000000000c0 returned -22 [ 218.741874][ T8155] futex_wake_op: syz.3.515 tries to shift op by -2048; fix this program [ 221.964375][ T8206] random: crng reseeded on system resumption [ 222.653204][ T8230] ================================================================== [ 222.653237][ T8230] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 222.653306][ T8230] Write of size 8 at addr ffffc900047099a0 by task syz.3.536/8230 [ 222.653335][ T8230] [ 222.653354][ T8230] CPU: 0 UID: 0 PID: 8230 Comm: syz.3.536 Tainted: G L syzkaller #0 PREEMPT(full) [ 222.653400][ T8230] Tainted: [L]=SOFTLOCKUP [ 222.653413][ T8230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 222.653432][ T8230] Call Trace: [ 222.653443][ T8230] [ 222.653455][ T8230] dump_stack_lvl+0x100/0x190 [ 222.653509][ T8230] print_report+0x156/0x4c9 [ 222.653557][ T8230] ? _raw_spin_lock_irqsave+0x52/0x60 [ 222.653617][ T8230] ? sys_imageblit+0x19fb/0x1d60 [ 222.653670][ T8230] kasan_report+0xdf/0x1e0 [ 222.653715][ T8230] ? sys_imageblit+0x19fb/0x1d60 [ 222.653775][ T8230] sys_imageblit+0x19fb/0x1d60 [ 222.653841][ T8230] ? __pfx_sys_imageblit+0x10/0x10 [ 222.653896][ T8230] ? prb_read_valid+0x78/0xa0 [ 222.653944][ T8230] ? __pfx_prb_read_valid+0x10/0x10 [ 222.654001][ T8230] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 222.654045][ T8230] soft_cursor+0x524/0xa10 [ 222.654095][ T8230] ? fb_get_color_depth+0x120/0x250 [ 222.654139][ T8230] bit_cursor+0xe58/0x16f0 [ 222.654189][ T8230] ? __pfx_bit_cursor+0x10/0x10 [ 222.654232][ T8230] ? __lock_acquire+0x4a5/0x2630 [ 222.654280][ T8230] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 222.654315][ T8230] ? get_color+0x1da/0x450 [ 222.654352][ T8230] ? __pfx_bit_cursor+0x10/0x10 [ 222.654395][ T8230] fbcon_cursor+0x43c/0x5e0 [ 222.654433][ T8230] ? add_softcursor+0x180/0x290 [ 222.654484][ T8230] set_cursor+0x1db/0x250 [ 222.654531][ T8230] con_write+0x89/0xb0 [ 222.654563][ T8230] n_tty_write+0x44f/0x12d0 [ 222.654612][ T8230] ? __pfx_n_tty_write+0x10/0x10 [ 222.654652][ T8230] ? trace_kmalloc+0x101/0x130 [ 222.654690][ T8230] ? __pfx_woken_wake_function+0x10/0x10 [ 222.654757][ T8230] ? rcu_is_watching+0x12/0xc0 [ 222.654813][ T8230] ? file_tty_write.isra.0+0x694/0x890 [ 222.654869][ T8230] ? kfree+0x2ec/0x6b0 [ 222.654916][ T8230] ? __pfx_n_tty_write+0x10/0x10 [ 222.654955][ T8230] file_tty_write.isra.0+0x4d2/0x890 [ 222.655015][ T8230] redirected_tty_write+0xd4/0x120 [ 222.655070][ T8230] vfs_write+0x6ac/0x1070 [ 222.655104][ T8230] ? __pfx_redirected_tty_write+0x10/0x10 [ 222.655162][ T8230] ? __pfx_vfs_write+0x10/0x10 [ 222.655193][ T8230] ? find_held_lock+0x2b/0x80 [ 222.655267][ T8230] ksys_write+0x12a/0x250 [ 222.655300][ T8230] ? __pfx_ksys_write+0x10/0x10 [ 222.655339][ T8230] do_syscall_64+0x106/0xf80 [ 222.655373][ T8230] ? clear_bhb_loop+0x40/0x90 [ 222.655413][ T8230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.655448][ T8230] RIP: 0033:0x7f59bdf9c819 [ 222.655475][ T8230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 222.655507][ T8230] RSP: 002b:00007f59beebe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 222.655538][ T8230] RAX: ffffffffffffffda RBX: 00007f59be215fa0 RCX: 00007f59bdf9c819 [ 222.655560][ T8230] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000006 [ 222.655579][ T8230] RBP: 00007f59be032c91 R08: 0000000000000000 R09: 0000000000000000 [ 222.655600][ T8230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.655619][ T8230] R13: 00007f59be216038 R14: 00007f59be215fa0 R15: 00007ffd74ae7be8 [ 222.655653][ T8230] [ 222.655664][ T8230] [ 222.655673][ T8230] The buggy address belongs to a vmalloc virtual mapping [ 222.655695][ T8230] Memory state around the buggy address: [ 222.655721][ T8230] ffffc90004709880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 222.655747][ T8230] ffffc90004709900: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 222.655771][ T8230] >ffffc90004709980: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 222.655790][ T8230] ^ [ 222.655808][ T8230] ffffc90004709a00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 222.655832][ T8230] ffffc90004709a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 222.655851][ T8230] ================================================================== [ 222.667387][ T8230] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 222.667423][ T8230] CPU: 0 UID: 0 PID: 8230 Comm: syz.3.536 Tainted: G L syzkaller #0 PREEMPT(full) [ 222.667475][ T8230] Tainted: [L]=SOFTLOCKUP [ 222.667488][ T8230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 222.667508][ T8230] Call Trace: [ 222.667519][ T8230] [ 222.667533][ T8230] dump_stack_lvl+0x100/0x190 [ 222.667589][ T8230] vpanic+0x552/0x970 [ 222.667621][ T8230] ? __pfx_vpanic+0x10/0x10 [ 222.667659][ T8230] ? sys_imageblit+0x19fb/0x1d60 [ 222.667718][ T8230] panic+0xd1/0xe0 [ 222.667749][ T8230] ? __pfx_panic+0x10/0x10 [ 222.667782][ T8230] ? sys_imageblit+0x19fb/0x1d60 [ 222.667835][ T8230] ? preempt_schedule_common+0x42/0xc0 [ 222.667875][ T8230] check_panic_on_warn.cold+0x19/0x34 [ 222.667912][ T8230] end_report.part.0+0x3a/0x90 [ 222.667959][ T8230] kasan_report.cold+0xe/0x18 [ 222.668008][ T8230] ? sys_imageblit+0x19fb/0x1d60 [ 222.668080][ T8230] sys_imageblit+0x19fb/0x1d60 [ 222.668148][ T8230] ? __pfx_sys_imageblit+0x10/0x10 [ 222.668204][ T8230] ? prb_read_valid+0x78/0xa0 [ 222.668251][ T8230] ? __pfx_prb_read_valid+0x10/0x10 [ 222.668302][ T8230] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 222.668344][ T8230] soft_cursor+0x524/0xa10 [ 222.668393][ T8230] ? fb_get_color_depth+0x120/0x250 [ 222.668436][ T8230] bit_cursor+0xe58/0x16f0 [ 222.668483][ T8230] ? __pfx_bit_cursor+0x10/0x10 [ 222.668526][ T8230] ? __lock_acquire+0x4a5/0x2630 [ 222.668576][ T8230] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 222.668612][ T8230] ? get_color+0x1da/0x450 [ 222.668648][ T8230] ? __pfx_bit_cursor+0x10/0x10 [ 222.668690][ T8230] fbcon_cursor+0x43c/0x5e0 [ 222.668735][ T8230] ? add_softcursor+0x180/0x290 [ 222.668802][ T8230] set_cursor+0x1db/0x250 [ 222.668850][ T8230] con_write+0x89/0xb0 [ 222.668881][ T8230] n_tty_write+0x44f/0x12d0 [ 222.668931][ T8230] ? __pfx_n_tty_write+0x10/0x10 [ 222.668970][ T8230] ? trace_kmalloc+0x101/0x130 [ 222.669009][ T8230] ? __pfx_woken_wake_function+0x10/0x10 [ 222.669064][ T8230] ? rcu_is_watching+0x12/0xc0 [ 222.669117][ T8230] ? file_tty_write.isra.0+0x694/0x890 [ 222.669171][ T8230] ? kfree+0x2ec/0x6b0 [ 222.669216][ T8230] ? __pfx_n_tty_write+0x10/0x10 [ 222.669257][ T8230] file_tty_write.isra.0+0x4d2/0x890 [ 222.669318][ T8230] redirected_tty_write+0xd4/0x120 [ 222.669379][ T8230] vfs_write+0x6ac/0x1070 [ 222.669412][ T8230] ? __pfx_redirected_tty_write+0x10/0x10 [ 222.669469][ T8230] ? __pfx_vfs_write+0x10/0x10 [ 222.669509][ T8230] ? find_held_lock+0x2b/0x80 [ 222.669555][ T8230] ksys_write+0x12a/0x250 [ 222.669601][ T8230] ? __pfx_ksys_write+0x10/0x10 [ 222.669641][ T8230] do_syscall_64+0x106/0xf80 [ 222.669676][ T8230] ? clear_bhb_loop+0x40/0x90 [ 222.669723][ T8230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.669758][ T8230] RIP: 0033:0x7f59bdf9c819 [ 222.669786][ T8230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 222.669818][ T8230] RSP: 002b:00007f59beebe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 222.669850][ T8230] RAX: ffffffffffffffda RBX: 00007f59be215fa0 RCX: 00007f59bdf9c819 [ 222.669872][ T8230] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000006 [ 222.669894][ T8230] RBP: 00007f59be032c91 R08: 0000000000000000 R09: 0000000000000000 [ 222.669913][ T8230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.669931][ T8230] R13: 00007f59be216038 R14: 00007f59be215fa0 R15: 00007ffd74ae7be8 [ 222.669963][ T8230] [ 222.670560][ T8230] Kernel Offset: disabled