last executing test programs: 9.129458912s ago: executing program 0 (id=2898): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) open(&(0x7f0000000000)='./bus\x00', 0x22042, 0x45) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x60}, 0x3) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x400caed0, r0) 6.570575629s ago: executing program 3 (id=2901): socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20342, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x1c, 0x0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) readv$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) capget$auto(0x0, 0xfffffffffffffffe) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) 6.569817685s ago: executing program 0 (id=2910): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) fchownat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6) socket(0x2a, 0x80000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x0, @remote}, 0x6a) write$auto_proc_loginuid_operations_base(0xffffffffffffffff, &(0x7f0000000040), 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/orangefs/dcache_timeout_msecs\x00', 0x8ea182, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) open(&(0x7f0000000800)='./file1\x00', 0x163ac1, 0x82) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x4) 6.402870537s ago: executing program 2 (id=2903): setregid$auto(0xffffffffffffffff, 0xfffe) setresgid$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) r0 = socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x401, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) getsockopt$auto(r0, 0x84, 0x1a, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="0100df050400000008000c0002000000a470000000000000"], 0x1c}, 0x1, 0x300000000000000, 0x0, 0x4081}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="01002bbd7000fbdbdf250100000031208be8a5b4f52d83483e5c2d79da46e337d98473588f99774c7eb4868b973c1cef8187525db7b5b4e78678eb59512dbc7b11f4e29c29e3273c870a9555cf469e67e8886341e84d38edd658cf267f92e1e785a50fe500fbc125a65f8a4e5aa458a90f3d87fc71eca6309fc0ee1724cea121a7c96dbba43270448ec20cd22915c1cfa658b316e773d1eff747e371aace10d66450a3666b7be9754bde44d1"], 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x0) sendmsg$auto_ILA_CMD_FLUSH(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x40008c4) 6.184846592s ago: executing program 1 (id=2905): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x60b42, 0x0) socket(0xa, 0x1, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/net/sctp/snmp\x00', 0x88000, 0x0) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/etherd/flush\x00', 0x140900, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) pipe2$auto(0x0, 0x80) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r1 = getpid() r2 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vkms/clients\x00', 0x2100, 0x0) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) ioctl$auto(r0, 0x40246f4c, r2) 5.799012083s ago: executing program 1 (id=2906): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x80000000008000) close_range$auto(0x2, 0xa, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0x2, 0x5, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioperm$auto(0x800, 0x5, 0xd) setxattrat$auto(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0, 0x1) r1 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/nbd4/hctx0/type\x00', 0x40000, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r1, &(0x7f0000000280)=""/218, 0xda) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/loop7/hctx0/sched_tags_bitmap\x00', 0x2, 0x0) pread64$auto(r2, 0x0, 0x3, 0x8) r3 = socket(0x1e, 0x1, 0x0) bind$auto(r3, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x1, {0x0, 0x4, 0x1}}, 0x66) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r4) sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(r4, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) 5.791929927s ago: executing program 2 (id=2907): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) pipe$auto(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getuid() sendmsg$auto_MACSEC_CMD_ADD_RXSA(0xffffffffffffffff, 0x0, 0x44810) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x9d90, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000020c0)=""/4093, 0xffd) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) mmap$auto(0x0, 0xaef, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0302, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x4008ae61, 0xffffffffffffffff) madvise$auto(0x0, 0x454, 0x9) 5.596868591s ago: executing program 3 (id=2909): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8000, 0x0) ioctl$auto(0x3, 0xc0b45545, 0xfffffffffffff4e0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fb\x00', 0x101000, 0x0) preadv$auto(r0, &(0x7f00000002c0)={0x0, 0x8010000}, 0x5, 0xfb, 0x8100000001) socket(0x28, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x1, 0x1, 0x25, &(0x7f0000000000)='\x00', 0x4) mmap$auto(0x0, 0x1, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xc2082, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r1 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x400073) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x5db}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 5.516949136s ago: executing program 0 (id=2911): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) lchown$auto(&(0x7f0000000080)='./file0\x00', 0xee01, 0xee00) write$auto(0x3, 0x0, 0x100082) r1 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000000040)=""/4096, 0xfffffe82) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) ioctl$auto(0xffffffffffffffff, 0x800064d1, 0xffffffffffffffff) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x480080, 0x0) read$auto_v4l2_fops_v4l2_dev(r2, 0x0, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) open(0x0, 0x0, 0x101) r3 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) mremap$auto(0x110c230000, 0x0, 0x101, 0x3, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x2000000, &(0x7f0000000080)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) ioctl$auto(r3, 0x40246f4c, 0x38) 5.390816147s ago: executing program 3 (id=2912): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mprotect$auto(0x0, 0x806121, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) readahead$auto(0xffffffffffffffff, 0x10, 0xd8) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000240)=ANY=[@ANYBLOB="080100", @ANYRES16=r0, @ANYBLOB="080027bd7000fddbdf2569000000060065000900000006004f01090000001700130013c366f9244357d432f6e44cc4bf4e5878fe5d00080002002f247b0005006000080000000500a3000200000045001f00ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e90000005c007580ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5a6468d0f3a3919ee7a2bf863f683c121bc"], 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001ec0)='/sys/power/mem_sleep\x00', 0x2402, 0x0) write$auto(r1, &(0x7f0000000cc0)='\x00\xad\xe8\xc7.\xf0\xb0f\xd2\x02\x00>\x00\xae\x1a\x13I_{\xe8\n\xd4n\x9f\xae\xed\xcd6\x9f\xf6\x01\x00s\xa6\x03y\x97\x0eR\xb8\xb7\xcc\x83\xb8O\xe5\b_\xd0\xd7\xc0+:\x17\x8d\xf4\t\x00\x00\x00`\xdb\x80E|X\xc3\xa4H\xb9\xd8\x03*\x9c\x00\x00\x00\x00\x00\x00\x00[\x1a\fX[\xb8\x91M\xdb\xe7\xdc6w\xb1\x8b9\x9a\x9a\xf9c\x95)b\xff\x80\xd5\xbb\xc9+Ed\xa16?\xab<\xee\x8b\x18\xe6\xf3a]1OZ\x9e\xa9\xb2;H\xbcn}n\xca\x0e\x0e\xd8\xce_2\xe2\xb1@\x8dy\v\xc3\xacH\x9a\t\x8e\xa1g\xa2?\x89\x01\xb9\xf1\xbb%[\xf1L<\xd8\x8c\xd9\x1f\x9e\xfe\xbf\xb2\x95\xb6Y\xba\xaf\'a\xe2\xc3\x9a$c\xad\x82\x13\x1e\xbc\xf3\x1f.\xef\x1es\xb0\xf2I$\x02\x0e\xc8\xf0\x8b\xc7\xd8\x9c\x04\xa6[\xe2Q\xd6\x13\xa8[\xbcP,\xadS\x7f}/>\x13\xbe\\\x8cq(\x06\xdb4', 0x4) sendmsg$auto_NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0xc800}, 0x40000) sendmsg$auto_NL80211_CMD_SET_WOWLAN(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={0x0, 0x8c}, 0x1, 0x0, 0x0, 0x48046}, 0x4000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) 5.274201602s ago: executing program 1 (id=2913): io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77ef907d, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 4.273428102s ago: executing program 1 (id=2914): close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/rpc/nfsd.fh/channel\x00', 0x88400, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77ef907d, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1800", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 4.257336498s ago: executing program 3 (id=2915): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setpgid$auto(0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/snd_aloop.0/driver_override\x00', 0x101901, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_debug_messages\x00', 0xa001, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, 0x0, 0x81) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r3, r4, 0x0, 0x1000200) 4.073775148s ago: executing program 1 (id=2916): unshare$auto(0x8) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), r2) sendmsg$auto_OVS_DP_CMD_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdb7d, {}, [@OVS_DP_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) r4 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r4, 0x65, 0x6, 0xffffffffffffffff, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 3.848372648s ago: executing program 0 (id=2917): setregid$auto(0xffffffffffffffff, 0xfffe) setresgid$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) r0 = socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x401, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) getsockopt$auto(r0, 0x84, 0x1a, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="0100df050400000008000c0002000000a470000000000000"], 0x1c}, 0x1, 0x300000000000000, 0x0, 0x4081}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="01002bbd7000fbdbdf250100000031208be8a5b4f52d83483e5c2d79da46e337d98473588f99774c7eb4868b973c1cef8187525db7b5b4e78678eb59512dbc7b11f4e29c29e3273c870a9555cf469e67e8886341e84d38edd658cf267f92e1e785a50fe500fbc125a65f8a4e5aa458a90f3d87fc71eca6309fc0ee1724cea121a7c96dbba43270448ec20cd22915c1cfa658b316e773d1eff747e371aace10d66450a3666b7be9754bde44d1"], 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x0) sendmsg$auto_ILA_CMD_FLUSH(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x40008c4) 3.488209208s ago: executing program 2 (id=2918): close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/rpc/nfsd.fh/channel\x00', 0x88400, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77ef907d, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, 0x0, 0xfdef) 2.069935861s ago: executing program 1 (id=2919): socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20342, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x1c, 0x0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) readv$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) capget$auto(0x0, 0xfffffffffffffffe) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) 2.06967126s ago: executing program 3 (id=2920): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x4, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, 0x0, &(0x7f0000000200)=0x8, 0x10, 0x7, 0x3, 0x46, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0xffff7fff, @raw=0x64}) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto(r3, &(0x7f0000000240)=',-\t', 0x2000008008) sendmsg$auto_IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40014}, 0x0) getpgid$auto(0x0) sendmsg$auto_IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000ac0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x28014044}, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r4, 0x0, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/dummy0/carrier\x00', 0xc2061, 0x0) write$auto(r5, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xab\b\x00\x00\x00\x00\x00\x00\x00}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2oc!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x83) bpf$auto(0x4, 0x0, 0xb) 2.068229127s ago: executing program 0 (id=2927): setregid$auto(0xffffffffffffffff, 0xfffe) setresgid$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) getsockopt$auto(r0, 0x84, 0x1a, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="0100df050400000008000c0002000000a470000000000000"], 0x1c}, 0x1, 0x300000000000000, 0x0, 0x4081}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="01002bbd7000fbdbdf250100000031208be8a5b4f52d83483e5c2d79da46e337d98473588f99774c7eb4868b973c1cef8187525db7b5b4e78678eb59512dbc7b11f4e29c29e3273c870a9555cf469e67e8886341e84d38edd658cf267f92e1e785a50fe500fbc125a65f8a4e5aa458a90f3d87fc71eca6309fc0ee1724cea121a7c96dbba43270448ec20cd22915c1cfa658b316e773d1eff747e371aace10d66450a3666b7be9754bde44d1"], 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x0) sendmsg$auto_ILA_CMD_FLUSH(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x40008c4) 2.067675863s ago: executing program 2 (id=2921): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r2, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r2) read$auto(r2, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x22, 0x3, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\xd3', 0xfdef) 1.406000563s ago: executing program 2 (id=2922): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, 0x0, 0x20140, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x6051) unshare$auto(0x40000080) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_ehash_entries\x00', 0x40100, 0x0) unshare$auto(0x100000001) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r0, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000100)={0x6a6e, 0x2, 0x0, 0x5f6, 0x1}) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x400001, 0x200948d, 0x3, 0x10015f4da0a, 0xe, 0x7, 0x5, 0x8000001f, 0x8, 0x6d3e, 0x200000002, 0x2, 0xffffffffffffffff]}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$auto(0x3, 0x8905, 0x38) 1.282755493s ago: executing program 0 (id=2923): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0xc0501, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x69) listen$auto(0x3, 0x81) r1 = accept$auto(0x3, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000180)={{@raw=0x8, 0x7, 0x200, 0x481, "3baada912063aa08326de39b458c42c58e5697ae8758eb056ddc4a43c73a8cea18d4b45a80a1f49cedbb00f9", @raw=0x5}, 0x1, @iec958={"453c9e5773573d5a10ca31c4b0deec94b37e3ac12d8d3ee9", "a922ff7a0a491cb4d363dfd32f93c6be915f366dfb5d12993d074ca7f6e4e6060c7715b15719c67748abeb11aff0a9ddde9e6e75827c59dee29d81be296f3ad608a6488eaf1bab8dc5ead1821aacec961c7255a26382d30c73ff5c933f892c863cb840c659bf05a61e7c0397cb515a6daeadda67ce497aa9cb5444c69f6552d49168c6476c3637005321d3d36388af82d66120", 0x0, "9dcfc6e9"}, "a054e9c01cb2c8af6dc4bf831fc4b59231961a4479ad0964856da03461b2acee3c2802d94a3a45389079f564370b881309f1adae03c8ff7b3e98d461173da57cb08cc0e2021395f18adb1b333d8bc7c46c5075780ec2cc971726d532efc3f3f4daaaf56770b9cdcc5c86dc4de9ff00fcddb26b10d68199c9506e3d6ee4f38a62"}) r2 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x6, 0x0, 0x7, 0x1}, 0x3}, 0x4, 0x20000000) 214.605694ms ago: executing program 3 (id=2924): io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77ef907d, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 0s ago: executing program 2 (id=2925): io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) read$auto(r3, &(0x7f0000000000)='\x00', 0x91e2) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77ef907d, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) kernel console output (not intermixed with test programs): ULT_INJECTION: forcing a failure. [ 661.277632][T14063] name failslab, interval 1, probability 0, space 0, times 0 [ 661.371894][T14063] CPU: 0 UID: 0 PID: 14063 Comm: syz.1.1884 Not tainted syzkaller #0 PREEMPT(full) [ 661.371921][T14063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 661.371932][T14063] Call Trace: [ 661.371938][T14063] [ 661.371946][T14063] dump_stack_lvl+0x100/0x190 [ 661.371982][T14063] should_fail_ex.cold+0x5/0xa [ 661.372006][T14063] ? security_inode_init_security+0x113/0x370 [ 661.372037][T14063] should_failslab+0xc2/0x120 [ 661.372057][T14063] __kmalloc_noprof+0xe0/0x850 [ 661.372088][T14063] security_inode_init_security+0x113/0x370 [ 661.372117][T14063] ? __pfx_shmem_initxattrs+0x10/0x10 [ 661.372139][T14063] ? __pfx_security_inode_init_security+0x10/0x10 [ 661.372172][T14063] ? make_vfsgid+0xf1/0x140 [ 661.372199][T14063] shmem_mknod+0x2ce/0x480 [ 661.372225][T14063] ? __pfx_shmem_mknod+0x10/0x10 [ 661.372253][T14063] vfs_create+0x301/0x6c0 [ 661.372281][T14063] filename_mknodat+0x2de/0x7f0 [ 661.372304][T14063] ? __pfx_filename_mknodat+0x10/0x10 [ 661.372323][T14063] ? strncpy_from_user+0x19d/0x2d0 [ 661.372348][T14063] ? do_getname+0x191/0x390 [ 661.372378][T14063] __x64_sys_mknod+0x8f/0xc0 [ 661.372398][T14063] do_syscall_64+0x10b/0xf80 [ 661.372424][T14063] ? clear_bhb_loop+0x40/0x90 [ 661.372447][T14063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.372465][T14063] RIP: 0033:0x7f233599c819 [ 661.372481][T14063] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 661.372499][T14063] RSP: 002b:00007f2336903028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 661.372517][T14063] RAX: ffffffffffffffda RBX: 00007f2335c16090 RCX: 00007f233599c819 [ 661.372529][T14063] RDX: 0000000000000009 RSI: 0000000000000002 RDI: 0000000000000000 [ 661.372539][T14063] RBP: 00007f2335a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 661.372549][T14063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.372559][T14063] R13: 00007f2335c16128 R14: 00007f2335c16090 R15: 00007ffc1c3510f8 [ 661.372582][T14063] [ 663.112708][T14093] netlink: 'syz.1.1890': attribute type 1 has an invalid length. [ 663.144848][T14093] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1890'. [ 663.274016][T14068] QAT: Invalid ioctl 35077 [ 663.286075][T14095] random: crng reseeded on system resumption [ 663.408311][T14099] netlink: zone id is out of range [ 663.437767][T14099] netlink: zone id is out of range [ 663.480326][T14099] netlink: zone id is out of range [ 663.543248][T14099] netlink: zone id is out of range [ 663.595111][T14099] netlink: zone id is out of range [ 663.636969][T14099] netlink: zone id is out of range [ 663.687391][T14099] netlink: zone id is out of range [ 663.727556][T14099] netlink: zone id is out of range [ 663.780294][T14099] netlink: zone id is out of range [ 663.847054][T14099] netlink: zone id is out of range [ 663.928280][T14110] netlink: 'syz.0.1895': attribute type 1 has an invalid length. [ 663.964679][T14110] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1895'. [ 664.425415][T14118] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1897'. [ 665.332642][T11749] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 665.964506][T14143] can0: slcan on pty238. [ 666.083689][T14140] can0 (unregistered): slcan off pty238. [ 669.013797][T14202] hub 1-0:1.0: USB hub found [ 669.060347][T14202] hub 1-0:1.0: 1 port detected [ 669.723264][T14225] random: crng reseeded on system resumption [ 670.871312][T14243] random: crng reseeded on system resumption [ 670.908644][T14245] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1915'. [ 673.928805][T14290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1925'. [ 673.970672][T14290] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1925'. [ 675.215811][T14310] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1930'. [ 675.256437][T14310] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1930'. [ 675.796744][T14325] FAULT_INJECTION: forcing a failure. [ 675.796744][T14325] name fail_futex, interval 1, probability 0, space 0, times 0 [ 675.842600][T14325] CPU: 0 UID: 0 PID: 14325 Comm: syz.0.1934 Not tainted syzkaller #0 PREEMPT(full) [ 675.842626][T14325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 675.842637][T14325] Call Trace: [ 675.842642][T14325] [ 675.842650][T14325] dump_stack_lvl+0x100/0x190 [ 675.842684][T14325] should_fail_ex.cold+0x5/0xa [ 675.842707][T14325] get_futex_key+0x295/0x1510 [ 675.842738][T14325] ? __pfx_get_futex_key+0x10/0x10 [ 675.842765][T14325] ? lock_acquire+0x1b1/0x370 [ 675.842798][T14325] futex_wake+0xea/0x530 [ 675.842821][T14325] ? __pfx_futex_wake+0x10/0x10 [ 675.842843][T14325] ? exit_mm_release+0x19/0x30 [ 675.842873][T14325] do_futex+0x32b/0x350 [ 675.842891][T14325] ? __pfx_do_futex+0x10/0x10 [ 675.842907][T14325] ? __might_fault+0xc5/0x140 [ 675.842938][T14325] mm_release+0x24a/0x2f0 [ 675.842959][T14325] do_exit+0x707/0x2a60 [ 675.842988][T14325] ? __pfx_do_exit+0x10/0x10 [ 675.843013][T14325] ? do_raw_spin_lock+0x128/0x260 [ 675.843031][T14325] ? find_held_lock+0x2b/0x80 [ 675.843052][T14325] ? get_signal+0x7e0/0x21e0 [ 675.843075][T14325] do_group_exit+0xd5/0x2a0 [ 675.843103][T14325] get_signal+0x1ec7/0x21e0 [ 675.843128][T14325] ? do_accept+0x3e3/0x530 [ 675.843154][T14325] ? 0xffffffff81000000 [ 675.843169][T14325] ? __pfx_get_signal+0x10/0x10 [ 675.843191][T14325] ? do_futex+0x192/0x350 [ 675.843211][T14325] arch_do_signal_or_restart+0x91/0x770 [ 675.843237][T14325] ? __sys_accept4+0x1cb/0x200 [ 675.843262][T14325] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 675.843294][T14325] ? __pfx___x64_sys_futex+0x10/0x10 [ 675.843313][T14325] ? rcu_is_watching+0x12/0xc0 [ 675.843342][T14325] exit_to_user_mode_loop+0x86/0x4a0 [ 675.843369][T14325] ? do_syscall_64+0x519/0xf80 [ 675.843397][T14325] do_syscall_64+0x6f2/0xf80 [ 675.843422][T14325] ? clear_bhb_loop+0x40/0x90 [ 675.843443][T14325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.843462][T14325] RIP: 0033:0x7f3bed79c819 [ 675.843482][T14325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 675.843499][T14325] RSP: 002b:00007f3bee6890e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 675.843516][T14325] RAX: fffffffffffffe00 RBX: 00007f3beda15fa8 RCX: 00007f3bed79c819 [ 675.843528][T14325] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3beda15fa8 [ 675.843538][T14325] RBP: 00007f3beda15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 675.843548][T14325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.843558][T14325] R13: 00007f3beda16038 R14: 00007fff570fb330 R15: 00007fff570fb418 [ 675.843602][T14325] [ 676.452032][T14333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1935'. [ 677.576806][T14322] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 678.038953][T14352] FAULT_INJECTION: forcing a failure. [ 678.038953][T14352] name failslab, interval 1, probability 0, space 0, times 0 [ 678.129090][T14352] CPU: 0 UID: 0 PID: 14352 Comm: syz.2.1941 Not tainted syzkaller #0 PREEMPT(full) [ 678.129118][T14352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 678.129129][T14352] Call Trace: [ 678.129136][T14352] [ 678.129143][T14352] dump_stack_lvl+0x100/0x190 [ 678.129178][T14352] should_fail_ex.cold+0x5/0xa [ 678.129202][T14352] should_failslab+0xc2/0x120 [ 678.129222][T14352] __kmalloc_cache_noprof+0x7a/0x6f0 [ 678.129246][T14352] ? kernfs_fop_open+0x23d/0xd50 [ 678.129273][T14352] kernfs_fop_open+0x23d/0xd50 [ 678.129299][T14352] do_dentry_open+0x6d8/0x1660 [ 678.129317][T14352] ? __pfx_kernfs_fop_open+0x10/0x10 [ 678.129344][T14352] vfs_open+0x82/0x3f0 [ 678.129370][T14352] path_openat+0x208c/0x31a0 [ 678.129397][T14352] ? __pfx_path_openat+0x10/0x10 [ 678.129423][T14352] do_file_open+0x20e/0x430 [ 678.129446][T14352] ? __pfx_do_file_open+0x10/0x10 [ 678.129480][T14352] ? alloc_fd+0x476/0x790 [ 678.129500][T14352] ? do_getname+0x191/0x390 [ 678.129525][T14352] do_sys_openat2+0x10d/0x1e0 [ 678.129549][T14352] ? __pfx_do_sys_openat2+0x10/0x10 [ 678.129574][T14352] ? find_held_lock+0x2b/0x80 [ 678.129601][T14352] __x64_sys_openat+0x12d/0x210 [ 678.129626][T14352] ? __pfx___x64_sys_openat+0x10/0x10 [ 678.129654][T14352] ? rcu_is_watching+0x12/0xc0 [ 678.129677][T14352] do_syscall_64+0x10b/0xf80 [ 678.129710][T14352] ? clear_bhb_loop+0x40/0x90 [ 678.129732][T14352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.129751][T14352] RIP: 0033:0x7f28db59c819 [ 678.129767][T14352] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 678.129786][T14352] RSP: 002b:00007f28dc39a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 678.129804][T14352] RAX: ffffffffffffffda RBX: 00007f28db815fa0 RCX: 00007f28db59c819 [ 678.129816][T14352] RDX: 0000000000082002 RSI: 0000200000000480 RDI: ffffffffffffff9c [ 678.129827][T14352] RBP: 00007f28db632c91 R08: 0000000000000000 R09: 0000000000000000 [ 678.129838][T14352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.129848][T14352] R13: 00007f28db816038 R14: 00007f28db815fa0 R15: 00007ffdc16eed98 [ 678.129870][T14352] [ 678.860758][T14368] FAULT_INJECTION: forcing a failure. [ 678.860758][T14368] name fail_futex, interval 1, probability 0, space 0, times 0 [ 678.928755][T14368] CPU: 0 UID: 0 PID: 14368 Comm: syz.2.1944 Not tainted syzkaller #0 PREEMPT(full) [ 678.928782][T14368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 678.928792][T14368] Call Trace: [ 678.928799][T14368] [ 678.928806][T14368] dump_stack_lvl+0x100/0x190 [ 678.928841][T14368] should_fail_ex.cold+0x5/0xa [ 678.928863][T14368] get_futex_key+0x295/0x1510 [ 678.928894][T14368] ? __pfx_get_futex_key+0x10/0x10 [ 678.928922][T14368] ? lock_acquire+0x1b1/0x370 [ 678.928954][T14368] futex_wake+0xea/0x530 [ 678.928978][T14368] ? __pfx_futex_wake+0x10/0x10 [ 678.928999][T14368] ? exit_mm_release+0x19/0x30 [ 678.929029][T14368] do_futex+0x32b/0x350 [ 678.929047][T14368] ? __pfx_do_futex+0x10/0x10 [ 678.929063][T14368] ? __might_fault+0xc5/0x140 [ 678.929093][T14368] mm_release+0x24a/0x2f0 [ 678.929114][T14368] do_exit+0x707/0x2a60 [ 678.929143][T14368] ? __pfx_do_exit+0x10/0x10 [ 678.929168][T14368] ? do_raw_spin_lock+0x128/0x260 [ 678.929186][T14368] ? find_held_lock+0x2b/0x80 [ 678.929207][T14368] ? get_signal+0x7e0/0x21e0 [ 678.929230][T14368] do_group_exit+0xd5/0x2a0 [ 678.929258][T14368] get_signal+0x1ec7/0x21e0 [ 678.929283][T14368] ? do_accept+0x3e3/0x530 [ 678.929308][T14368] ? 0xffffffff81000000 [ 678.929323][T14368] ? __pfx_get_signal+0x10/0x10 [ 678.929345][T14368] ? do_futex+0x192/0x350 [ 678.929365][T14368] arch_do_signal_or_restart+0x91/0x770 [ 678.929391][T14368] ? __sys_accept4+0x1cb/0x200 [ 678.929416][T14368] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 678.929447][T14368] ? __pfx___x64_sys_futex+0x10/0x10 [ 678.929466][T14368] ? rcu_is_watching+0x12/0xc0 [ 678.929542][T14368] exit_to_user_mode_loop+0x86/0x4a0 [ 678.929570][T14368] ? do_syscall_64+0x519/0xf80 [ 678.929597][T14368] do_syscall_64+0x6f2/0xf80 [ 678.929623][T14368] ? clear_bhb_loop+0x40/0x90 [ 678.929644][T14368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.929666][T14368] RIP: 0033:0x7f28db59c819 [ 678.929680][T14368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 678.929698][T14368] RSP: 002b:00007f28dc39a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 678.929715][T14368] RAX: fffffffffffffe00 RBX: 00007f28db815fa8 RCX: 00007f28db59c819 [ 678.929727][T14368] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f28db815fa8 [ 678.929737][T14368] RBP: 00007f28db815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 678.929747][T14368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.929757][T14368] R13: 00007f28db816038 R14: 00007ffdc16eecb0 R15: 00007ffdc16eed98 [ 678.929779][T14368] [ 681.889844][T14385] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 682.900448][T14417] FAULT_INJECTION: forcing a failure. [ 682.900448][T14417] name fail_futex, interval 1, probability 0, space 0, times 0 [ 682.957013][T14417] CPU: 0 UID: 0 PID: 14417 Comm: syz.3.1956 Not tainted syzkaller #0 PREEMPT(full) [ 682.957040][T14417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 682.957050][T14417] Call Trace: [ 682.957056][T14417] [ 682.957063][T14417] dump_stack_lvl+0x100/0x190 [ 682.957101][T14417] should_fail_ex.cold+0x5/0xa [ 682.957124][T14417] get_futex_key+0x295/0x1510 [ 682.957155][T14417] ? __pfx_get_futex_key+0x10/0x10 [ 682.957183][T14417] ? lock_acquire+0x1b1/0x370 [ 682.957215][T14417] futex_wake+0xea/0x530 [ 682.957238][T14417] ? __pfx_futex_wake+0x10/0x10 [ 682.957259][T14417] ? exit_mm_release+0x19/0x30 [ 682.957289][T14417] do_futex+0x32b/0x350 [ 682.957307][T14417] ? __pfx_do_futex+0x10/0x10 [ 682.957324][T14417] ? __might_fault+0xc5/0x140 [ 682.957354][T14417] mm_release+0x24a/0x2f0 [ 682.957375][T14417] do_exit+0x707/0x2a60 [ 682.957404][T14417] ? __pfx_do_exit+0x10/0x10 [ 682.957429][T14417] ? do_raw_spin_lock+0x128/0x260 [ 682.957448][T14417] ? find_held_lock+0x2b/0x80 [ 682.957468][T14417] ? get_signal+0x7e0/0x21e0 [ 682.957491][T14417] do_group_exit+0xd5/0x2a0 [ 682.957519][T14417] get_signal+0x1ec7/0x21e0 [ 682.957544][T14417] ? do_accept+0x3e3/0x530 [ 682.957569][T14417] ? 0xffffffff81000000 [ 682.957584][T14417] ? __pfx_get_signal+0x10/0x10 [ 682.957607][T14417] ? do_futex+0x192/0x350 [ 682.957637][T14417] arch_do_signal_or_restart+0x91/0x770 [ 682.957673][T14417] ? __sys_accept4+0x1cb/0x200 [ 682.957698][T14417] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 682.957730][T14417] ? __pfx___x64_sys_futex+0x10/0x10 [ 682.957748][T14417] ? rcu_is_watching+0x12/0xc0 [ 682.957771][T14417] exit_to_user_mode_loop+0x86/0x4a0 [ 682.957799][T14417] ? do_syscall_64+0x519/0xf80 [ 682.957827][T14417] do_syscall_64+0x6f2/0xf80 [ 682.957856][T14417] ? clear_bhb_loop+0x40/0x90 [ 682.957878][T14417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.957896][T14417] RIP: 0033:0x7fdc1479c819 [ 682.957910][T14417] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 682.957928][T14417] RSP: 002b:00007fdc155900e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 682.957946][T14417] RAX: fffffffffffffe00 RBX: 00007fdc14a15fa8 RCX: 00007fdc1479c819 [ 682.957958][T14417] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdc14a15fa8 [ 682.957968][T14417] RBP: 00007fdc14a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 682.957978][T14417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 682.957988][T14417] R13: 00007fdc14a16038 R14: 00007fff89e0c210 R15: 00007fff89e0c2f8 [ 682.958009][T14417] [ 683.791757][T14421] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1957'. [ 683.847481][T14423] net_ratelimit: 2 callbacks suppressed [ 683.847500][T14423] netlink: zone id is out of range [ 683.859513][T14423] netlink: zone id is out of range [ 683.864999][T14423] netlink: zone id is out of range [ 683.870727][T14423] netlink: zone id is out of range [ 683.876182][T14423] netlink: zone id is out of range [ 683.881760][T14423] netlink: zone id is out of range [ 683.887122][T14423] netlink: zone id is out of range [ 683.894197][T14423] netlink: zone id is out of range [ 683.899590][T14423] netlink: zone id is out of range [ 683.905139][T14423] netlink: zone id is out of range [ 684.689965][T14441] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 685.711163][T14453] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1964'. [ 685.809414][T14453] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1964'. [ 686.222932][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.230862][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.189280][T14452] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 688.198804][T14478] FAULT_INJECTION: forcing a failure. [ 688.198804][T14478] name failslab, interval 1, probability 0, space 0, times 0 [ 688.315808][T14478] CPU: 0 UID: 0 PID: 14478 Comm: syz.0.1968 Not tainted syzkaller #0 PREEMPT(full) [ 688.315835][T14478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 688.315845][T14478] Call Trace: [ 688.315852][T14478] [ 688.315859][T14478] dump_stack_lvl+0x100/0x190 [ 688.315895][T14478] should_fail_ex.cold+0x5/0xa [ 688.315919][T14478] ? security_inode_init_security+0x113/0x370 [ 688.315947][T14478] should_failslab+0xc2/0x120 [ 688.315966][T14478] __kmalloc_noprof+0xe0/0x850 [ 688.315998][T14478] security_inode_init_security+0x113/0x370 [ 688.316029][T14478] ? __pfx_shmem_initxattrs+0x10/0x10 [ 688.316052][T14478] ? __pfx_security_inode_init_security+0x10/0x10 [ 688.316084][T14478] ? make_vfsgid+0xf1/0x140 [ 688.316111][T14478] shmem_mknod+0x2ce/0x480 [ 688.316136][T14478] ? __pfx_shmem_mknod+0x10/0x10 [ 688.316164][T14478] vfs_create+0x301/0x6c0 [ 688.316192][T14478] filename_mknodat+0x2de/0x7f0 [ 688.316216][T14478] ? __pfx_filename_mknodat+0x10/0x10 [ 688.316235][T14478] ? strncpy_from_user+0x19d/0x2d0 [ 688.316260][T14478] ? do_getname+0x191/0x390 [ 688.316285][T14478] __x64_sys_mknod+0x8f/0xc0 [ 688.316305][T14478] do_syscall_64+0x10b/0xf80 [ 688.316331][T14478] ? clear_bhb_loop+0x40/0x90 [ 688.316353][T14478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.316371][T14478] RIP: 0033:0x7f3bed79c819 [ 688.316387][T14478] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 688.316404][T14478] RSP: 002b:00007f3bee668028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 688.316423][T14478] RAX: ffffffffffffffda RBX: 00007f3beda16090 RCX: 00007f3bed79c819 [ 688.316435][T14478] RDX: 0000000000000009 RSI: 0000000000000002 RDI: 0000000000000000 [ 688.316446][T14478] RBP: 00007f3bed832c91 R08: 0000000000000000 R09: 0000000000000000 [ 688.316456][T14478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 688.316466][T14478] R13: 00007f3beda16128 R14: 00007f3beda16090 R15: 00007fff570fb418 [ 688.316488][T14478] [ 688.839574][T11749] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 689.276307][T14490] zswap: compressor not available [ 690.489177][T14513] vivid-007: ================= START STATUS ================= [ 690.525126][T14513] vivid-007: Generate PTS: true [ 690.552049][T14513] vivid-007: Generate SCR: true [ 690.579060][T14513] tpg source WxH: 320x240 (Y'CbCr) [ 690.605721][T14513] tpg field: 1 [ 690.621762][T14513] tpg crop: (0,0)/320x240 [ 690.657633][T14513] tpg compose: (0,0)/320x240 [ 690.681644][T14513] tpg colorspace: 8 [ 690.698114][T14513] tpg transfer function: 0/0 [ 690.731861][T14513] tpg Y'CbCr encoding: 0/0 [ 690.784734][T14513] tpg quantization: 0/0 [ 690.810672][T14513] tpg RGB range: 0/2 [ 690.868376][T14513] vivid-007: ================== END STATUS ================== [ 691.296918][T14525] ptp: physical clock is free running [ 691.639228][T14529] ptp: physical clock is free running [ 692.058561][T14535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1989'. [ 692.152990][T14541] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1989'. [ 694.908839][T14570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1990'. [ 694.961541][T14570] netlink: 'syz.0.1990': attribute type 1 has an invalid length. [ 695.001930][T14570] netlink: 'syz.0.1990': attribute type 6 has an invalid length. [ 695.497035][T14575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1992'. [ 695.545396][T14575] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1992'. [ 695.911333][T14581] FAULT_INJECTION: forcing a failure. [ 695.911333][T14581] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 695.976601][T14581] CPU: 0 UID: 0 PID: 14581 Comm: syz.1.1994 Not tainted syzkaller #0 PREEMPT(full) [ 695.976638][T14581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 695.976650][T14581] Call Trace: [ 695.976656][T14581] [ 695.976664][T14581] dump_stack_lvl+0x100/0x190 [ 695.976700][T14581] should_fail_ex.cold+0x5/0xa [ 695.976721][T14581] ? prepare_alloc_pages+0x16d/0x5f0 [ 695.976744][T14581] should_fail_alloc_page+0xeb/0x140 [ 695.976768][T14581] prepare_alloc_pages+0x1f0/0x5f0 [ 695.976792][T14581] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 695.976820][T14581] ? vhost_dev_set_owner+0x190/0xa30 [ 695.976839][T14581] ? stack_trace_save+0x8e/0xc0 [ 695.976863][T14581] ? __pfx_stack_trace_save+0x10/0x10 [ 695.976887][T14581] ? stack_depot_save_flags+0x27/0x9d0 [ 695.976916][T14581] ? vhost_dev_set_owner+0x190/0xa30 [ 695.976933][T14581] ? kasan_save_stack+0x3f/0x50 [ 695.976960][T14581] ? kasan_save_stack+0x30/0x50 [ 695.976985][T14581] ? kasan_save_track+0x14/0x30 [ 695.977012][T14581] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 695.977038][T14581] ? vhost_net_ioctl+0xfa3/0x1910 [ 695.977056][T14581] ? __x64_sys_ioctl+0x18e/0x210 [ 695.977080][T14581] ? do_syscall_64+0x10b/0xf80 [ 695.977122][T14581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 695.977148][T14581] ? policy_nodemask+0xed/0x4f0 [ 695.977168][T14581] alloc_pages_mpol+0x1fb/0x540 [ 695.977188][T14581] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 695.977216][T14581] ? rcu_is_watching+0x12/0xc0 [ 695.977240][T14581] ___kmalloc_large_node+0xe5/0x120 [ 695.977265][T14581] __kmalloc_large_noprof+0x1c/0x70 [ 695.977288][T14581] vhost_dev_set_owner+0x2b6/0xa30 [ 695.977314][T14581] vhost_net_ioctl+0xfa3/0x1910 [ 695.977332][T14581] ? do_vfs_ioctl+0x226/0x13e0 [ 695.977358][T14581] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 695.977384][T14581] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 695.977408][T14581] ? __sys_sendmsg+0x18f/0x220 [ 695.977425][T14581] ? hook_file_ioctl_common+0x149/0x410 [ 695.977458][T14581] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 695.977479][T14581] __x64_sys_ioctl+0x18e/0x210 [ 695.977507][T14581] do_syscall_64+0x10b/0xf80 [ 695.977532][T14581] ? clear_bhb_loop+0x40/0x90 [ 695.977554][T14581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.977572][T14581] RIP: 0033:0x7f233599c819 [ 695.977588][T14581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 695.977606][T14581] RSP: 002b:00007f2336903028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.977625][T14581] RAX: ffffffffffffffda RBX: 00007f2335c16090 RCX: 00007f233599c819 [ 695.977636][T14581] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000003 [ 695.977646][T14581] RBP: 00007f2335a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 695.977657][T14581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 695.977667][T14581] R13: 00007f2335c16128 R14: 00007f2335c16090 R15: 00007ffc1c3510f8 [ 695.977692][T14581] [ 696.504424][T14585] FAULT_INJECTION: forcing a failure. [ 696.504424][T14585] name failslab, interval 1, probability 0, space 0, times 0 [ 696.517623][T14585] CPU: 0 UID: 0 PID: 14585 Comm: syz.3.1996 Not tainted syzkaller #0 PREEMPT(full) [ 696.517651][T14585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 696.517662][T14585] Call Trace: [ 696.517670][T14585] [ 696.517678][T14585] dump_stack_lvl+0x100/0x190 [ 696.517714][T14585] should_fail_ex.cold+0x5/0xa [ 696.517737][T14585] ? sk_prot_alloc+0x10b/0x2a0 [ 696.517759][T14585] should_failslab+0xc2/0x120 [ 696.517779][T14585] __kmalloc_noprof+0xe0/0x850 [ 696.517809][T14585] sk_prot_alloc+0x10b/0x2a0 [ 696.517833][T14585] sk_alloc+0x36/0xe80 [ 696.517856][T14585] __netlink_create+0x5e/0x2c0 [ 696.517873][T14585] ? __wake_up+0x3f/0x60 [ 696.517898][T14585] netlink_create+0x298/0x610 [ 696.517917][T14585] ? __pfx_genl_bind+0x10/0x10 [ 696.517940][T14585] ? __pfx_genl_unbind+0x10/0x10 [ 696.517961][T14585] ? __pfx_genl_release+0x10/0x10 [ 696.517989][T14585] __sock_create+0x339/0x860 [ 696.518017][T14585] __sys_socket+0x14d/0x260 [ 696.518041][T14585] ? exc_page_fault+0x6f/0xd0 [ 696.518066][T14585] ? __pfx___sys_socket+0x10/0x10 [ 696.518097][T14585] __x64_sys_socket+0x72/0xb0 [ 696.518121][T14585] ? lockdep_hardirqs_on+0x78/0x100 [ 696.518146][T14585] do_syscall_64+0x10b/0xf80 [ 696.518173][T14585] ? clear_bhb_loop+0x40/0x90 [ 696.518195][T14585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.518213][T14585] RIP: 0033:0x7fdc1479e087 [ 696.518238][T14585] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 696.518256][T14585] RSP: 002b:00007fdc1558ef98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 696.518274][T14585] RAX: ffffffffffffffda RBX: 00007fdc14a15fa0 RCX: 00007fdc1479e087 [ 696.518285][T14585] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 696.518296][T14585] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 696.518307][T14585] R10: 0000200000000040 R11: 0000000000000286 R12: 0000000000000000 [ 696.518317][T14585] R13: 00007fdc14a16038 R14: 00007fdc14a15fa0 R15: 00007fff89e0c2f8 [ 696.518340][T14585] [ 697.676818][T14604] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2000'. [ 698.645170][T14616] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 698.915040][T14616] File: /dev/nullb0 PID: 14616 Comm: syz.3.2002 [ 699.479265][T14637] netlink: 'syz.1.2007': attribute type 1 has an invalid length. [ 699.506037][T14637] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2007'. [ 699.878520][T14640] sp0: Synchronizing with TNC [ 703.522113][T14701] sp0: Synchronizing with TNC [ 703.880443][T14712] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 704.621304][T14726] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2029'. [ 705.541656][T14749] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2037'. [ 705.582601][T14749] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2037'. [ 706.485631][T14755] sp0: Synchronizing with TNC [ 707.996920][T14773] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 708.459510][T14784] hub 1-0:1.0: USB hub found [ 708.513927][T14784] hub 1-0:1.0: 1 port detected [ 709.195182][T14799] futex_wake_op: syz.2.2050 tries to shift op by -2048; fix this program [ 709.262856][T14799] 0x000000000001-0x000000020000 : "" [ 709.326878][T14799] ftl_cs: FTL header corrupt! [ 710.546557][T11749] Bluetooth: hci2: unexpected subevent 0x03 length: 253 > 9 [ 711.179324][T14833] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2058'. [ 711.260642][T14833] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2058'. [ 713.191257][T14874] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2068'. [ 713.492678][T11749] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 713.660672][ T29] audit: type=1800 audit(1843104895.210:30): pid=14880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2071" name="version" dev="configfs" ino=53538 res=0 errno=0 [ 713.818654][T14883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2072'. [ 713.890243][T14888] FAULT_INJECTION: forcing a failure. [ 713.890243][T14888] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 713.924002][T14890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2074'. [ 713.962501][T14888] CPU: 0 UID: 0 PID: 14888 Comm: syz.0.2073 Not tainted syzkaller #0 PREEMPT(full) [ 713.962533][T14888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 713.962544][T14888] Call Trace: [ 713.962551][T14888] [ 713.962558][T14888] dump_stack_lvl+0x100/0x190 [ 713.962593][T14888] should_fail_ex.cold+0x5/0xa [ 713.962614][T14888] ? prepare_alloc_pages+0x16d/0x5f0 [ 713.962644][T14888] should_fail_alloc_page+0xeb/0x140 [ 713.962671][T14888] prepare_alloc_pages+0x1f0/0x5f0 [ 713.962695][T14888] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 713.962724][T14888] ? rcu_is_watching+0x12/0xc0 [ 713.962746][T14888] ? trace_mm_page_alloc+0x163/0x1d0 [ 713.962767][T14888] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 713.962795][T14888] ? vhost_dev_set_owner+0x190/0xa30 [ 713.962814][T14888] ? stack_trace_save+0x8e/0xc0 [ 713.962837][T14888] ? __pfx_stack_trace_save+0x10/0x10 [ 713.962861][T14888] ? stack_depot_save_flags+0x27/0x9d0 [ 713.962885][T14888] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 713.962912][T14888] ? look_up_lock_class+0x64/0x120 [ 713.962940][T14888] ? vhost_dev_set_owner+0x190/0xa30 [ 713.962957][T14888] ? kasan_save_stack+0x3f/0x50 [ 713.962983][T14888] ? kasan_save_stack+0x30/0x50 [ 713.963008][T14888] ? kasan_save_track+0x14/0x30 [ 713.963035][T14888] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 713.963063][T14888] ? vhost_net_ioctl+0xfa3/0x1910 [ 713.963081][T14888] ? __x64_sys_ioctl+0x18e/0x210 [ 713.963113][T14888] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 713.963139][T14888] ? policy_nodemask+0xed/0x4f0 [ 713.963159][T14888] alloc_pages_mpol+0x1fb/0x540 [ 713.963179][T14888] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 713.963199][T14888] ? find_held_lock+0x2b/0x80 [ 713.963220][T14888] ? rcu_read_unlock+0x17/0x60 [ 713.963241][T14888] ? vhost_dev_set_owner+0x330/0xa30 [ 713.963259][T14888] ___kmalloc_large_node+0xe5/0x120 [ 713.963285][T14888] __kmalloc_large_node_noprof+0x1c/0x70 [ 713.963320][T14888] __kmalloc_noprof+0x5be/0x850 [ 713.963351][T14888] vhost_dev_set_owner+0x330/0xa30 [ 713.963377][T14888] vhost_net_ioctl+0xfa3/0x1910 [ 713.963396][T14888] ? do_vfs_ioctl+0x226/0x13e0 [ 713.963422][T14888] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 713.963449][T14888] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 713.963473][T14888] ? __sys_sendmsg+0x18f/0x220 [ 713.963491][T14888] ? hook_file_ioctl_common+0x149/0x410 [ 713.963524][T14888] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 713.963545][T14888] __x64_sys_ioctl+0x18e/0x210 [ 713.963572][T14888] do_syscall_64+0x10b/0xf80 [ 713.963598][T14888] ? clear_bhb_loop+0x40/0x90 [ 713.963621][T14888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.963640][T14888] RIP: 0033:0x7f3bed79c819 [ 713.963655][T14888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 713.963672][T14888] RSP: 002b:00007f3bee668028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 713.963691][T14888] RAX: ffffffffffffffda RBX: 00007f3beda16090 RCX: 00007f3bed79c819 [ 713.963702][T14888] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000003 [ 713.963712][T14888] RBP: 00007f3bed832c91 R08: 0000000000000000 R09: 0000000000000000 [ 713.963722][T14888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 713.963732][T14888] R13: 00007f3beda16128 R14: 00007f3beda16090 R15: 00007fff570fb418 [ 713.963754][T14888] [ 715.973264][T14926] FAULT_INJECTION: forcing a failure. [ 715.973264][T14926] name failslab, interval 1, probability 0, space 0, times 0 [ 716.096124][T14926] CPU: 0 UID: 0 PID: 14926 Comm: syz.2.2083 Not tainted syzkaller #0 PREEMPT(full) [ 716.096150][T14926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 716.096161][T14926] Call Trace: [ 716.096167][T14926] [ 716.096174][T14926] dump_stack_lvl+0x100/0x190 [ 716.096209][T14926] should_fail_ex.cold+0x5/0xa [ 716.096233][T14926] should_failslab+0xc2/0x120 [ 716.096253][T14926] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 716.096280][T14926] ? security_file_alloc+0x34/0x2c0 [ 716.096304][T14926] ? trace_kmem_cache_alloc+0xd5/0x100 [ 716.096326][T14926] security_file_alloc+0x34/0x2c0 [ 716.096350][T14926] init_file+0x95/0x480 [ 716.096373][T14926] alloc_empty_file+0x79/0x1c0 [ 716.096397][T14926] path_openat+0xe8/0x31a0 [ 716.096414][T14926] ? kasan_save_stack+0x3f/0x50 [ 716.096440][T14926] ? kasan_save_stack+0x30/0x50 [ 716.096471][T14926] ? kasan_save_track+0x14/0x30 [ 716.096497][T14926] ? __kasan_slab_alloc+0x89/0x90 [ 716.096512][T14926] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 716.096537][T14926] ? do_getname+0x35/0x390 [ 716.096558][T14926] ? do_sys_openat2+0xc5/0x1e0 [ 716.096581][T14926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.096602][T14926] ? __pfx_path_openat+0x10/0x10 [ 716.096629][T14926] do_file_open+0x20e/0x430 [ 716.096649][T14926] ? __pfx_do_file_open+0x10/0x10 [ 716.096684][T14926] ? alloc_fd+0x476/0x790 [ 716.096704][T14926] ? do_getname+0x191/0x390 [ 716.096728][T14926] do_sys_openat2+0x10d/0x1e0 [ 716.096751][T14926] ? __pfx_do_sys_openat2+0x10/0x10 [ 716.096783][T14926] __x64_sys_openat+0x12d/0x210 [ 716.096807][T14926] ? __pfx___x64_sys_openat+0x10/0x10 [ 716.096835][T14926] ? rcu_is_watching+0x12/0xc0 [ 716.096858][T14926] do_syscall_64+0x10b/0xf80 [ 716.096884][T14926] ? clear_bhb_loop+0x40/0x90 [ 716.096905][T14926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.096923][T14926] RIP: 0033:0x7f28db59c819 [ 716.096939][T14926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 716.096956][T14926] RSP: 002b:00007f28dc39a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 716.096974][T14926] RAX: ffffffffffffffda RBX: 00007f28db815fa0 RCX: 00007f28db59c819 [ 716.096985][T14926] RDX: 0000000000000001 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 716.097061][T14926] RBP: 00007f28db632c91 R08: 0000000000000000 R09: 0000000000000000 [ 716.097075][T14926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 716.097085][T14926] R13: 00007f28db816038 R14: 00007f28db815fa0 R15: 00007ffdc16eed98 [ 716.097112][T14926] [ 716.888181][T14935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2085'. [ 717.885077][T14954] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 718.935318][T11749] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 724.371831][T15050] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 724.459663][T15050] CPU: 0 UID: 0 PID: 15050 Comm: syz.2.2118 Not tainted syzkaller #0 PREEMPT(full) [ 724.459691][T15050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 724.459703][T15050] Call Trace: [ 724.459709][T15050] [ 724.459717][T15050] dump_stack_lvl+0x100/0x190 [ 724.459753][T15050] sysfs_warn_dup.cold+0x1c/0x28 [ 724.459780][T15050] sysfs_do_create_link_sd+0x113/0x140 [ 724.459811][T15050] sysfs_create_link+0x61/0xc0 [ 724.459842][T15050] device_add+0x675/0x1920 [ 724.459871][T15050] ? __pfx_device_add+0x10/0x10 [ 724.459897][T15050] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 724.459931][T15050] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 724.459955][T15050] wiphy_register+0x1edd/0x2d90 [ 724.459977][T15050] ? __rtnl_unlock+0xb9/0xf0 [ 724.460006][T15050] ? __pfx_wiphy_register+0x10/0x10 [ 724.460030][T15050] ? __asan_memset+0x23/0x50 [ 724.460056][T15050] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 724.460083][T15050] ieee80211_register_hw+0x3055/0x4570 [ 724.460123][T15050] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 724.460152][T15050] ? __pfx___debug_object_init+0x10/0x10 [ 724.460177][T15050] ? find_held_lock+0x2b/0x80 [ 724.460201][T15050] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 724.460226][T15050] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 724.460249][T15050] ? __hrtimer_setup+0x208/0x330 [ 724.460269][T15050] mac80211_hwsim_new_radio+0x2a01/0x5ae0 [ 724.460310][T15050] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 724.460343][T15050] hwsim_new_radio_nl+0xc5f/0x1370 [ 724.460368][T15050] ? rcu_is_watching+0x12/0xc0 [ 724.460390][T15050] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 724.460421][T15050] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 724.460449][T15050] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 724.460480][T15050] genl_family_rcv_msg_doit+0x214/0x300 [ 724.460509][T15050] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 724.460535][T15050] ? genl_get_cmd+0x3e7/0x760 [ 724.460563][T15050] ? bpf_lsm_capable+0x9/0x10 [ 724.460582][T15050] ? security_capable+0x80/0x260 [ 724.460602][T15050] ? ns_capable+0xd2/0xf0 [ 724.460625][T15050] genl_rcv_msg+0x560/0x800 [ 724.460653][T15050] ? __pfx_genl_rcv_msg+0x10/0x10 [ 724.460679][T15050] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 724.460713][T15050] netlink_rcv_skb+0x159/0x420 [ 724.460736][T15050] ? __pfx_genl_rcv_msg+0x10/0x10 [ 724.460762][T15050] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 724.460795][T15050] ? netlink_deliver_tap+0x1ae/0xcc0 [ 724.460820][T15050] genl_rcv+0x28/0x40 [ 724.460842][T15050] netlink_unicast+0x585/0x850 [ 724.460868][T15050] ? __pfx_netlink_unicast+0x10/0x10 [ 724.460897][T15050] netlink_sendmsg+0x8b0/0xda0 [ 724.460931][T15050] ? __pfx_netlink_sendmsg+0x10/0x10 [ 724.460953][T15050] ? __import_iovec+0x1d2/0x640 [ 724.460977][T15050] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 724.461001][T15050] ____sys_sendmsg+0x9e1/0xb70 [ 724.461023][T15050] ? __pfx_netlink_sendmsg+0x10/0x10 [ 724.461049][T15050] ? __pfx_____sys_sendmsg+0x10/0x10 [ 724.461077][T15050] ? __pfx_futex_wake_mark+0x10/0x10 [ 724.461105][T15050] ___sys_sendmsg+0x190/0x1e0 [ 724.461133][T15050] ? __pfx____sys_sendmsg+0x10/0x10 [ 724.461186][T15050] __sys_sendmsg+0x170/0x220 [ 724.461206][T15050] ? __pfx___sys_sendmsg+0x10/0x10 [ 724.461224][T15050] ? __x64_sys_futex+0x34f/0x4d0 [ 724.461251][T15050] ? rcu_is_watching+0x12/0xc0 [ 724.461274][T15050] do_syscall_64+0x10b/0xf80 [ 724.461302][T15050] ? clear_bhb_loop+0x40/0x90 [ 724.461323][T15050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.461342][T15050] RIP: 0033:0x7f28db59c819 [ 724.461359][T15050] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 724.461377][T15050] RSP: 002b:00007f28d93d3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 724.461395][T15050] RAX: ffffffffffffffda RBX: 00007f28db816270 RCX: 00007f28db59c819 [ 724.461407][T15050] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000002 [ 724.461418][T15050] RBP: 00007f28db632c91 R08: 0000000000000000 R09: 0000000000000000 [ 724.461428][T15050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.461439][T15050] R13: 00007f28db816308 R14: 00007f28db816270 R15: 00007ffdc16eed98 [ 724.461463][T15050] [ 725.630826][T15075] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2117'. [ 725.641572][T15075] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2117'. [ 727.011669][T15091] vivid-007: ================= START STATUS ================= [ 727.036996][T15091] vivid-007: Generate PTS: true [ 727.064431][T15091] vivid-007: Generate SCR: true [ 727.093277][T15091] tpg source WxH: 320x240 (Y'CbCr) [ 727.128670][T15091] tpg field: 1 [ 727.175638][T15091] tpg crop: (0,0)/320x240 [ 727.197541][T15091] tpg compose: (0,0)/320x240 [ 727.218916][T15091] tpg colorspace: 8 [ 727.261569][T15091] tpg transfer function: 0/0 [ 727.324263][T15091] tpg Y'CbCr encoding: 0/0 [ 727.381802][T15094] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 727.396126][T15091] tpg quantization: 0/0 [ 727.435283][T15091] tpg RGB range: 0/2 [ 727.471348][T15091] vivid-007: ================== END STATUS ================== [ 727.523136][T15094] CPU: 0 UID: 0 PID: 15094 Comm: syz.2.2124 Not tainted syzkaller #0 PREEMPT(full) [ 727.523182][T15094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 727.523194][T15094] Call Trace: [ 727.523200][T15094] [ 727.523207][T15094] dump_stack_lvl+0x100/0x190 [ 727.523243][T15094] sysfs_warn_dup.cold+0x1c/0x28 [ 727.523270][T15094] sysfs_do_create_link_sd+0x113/0x140 [ 727.523301][T15094] sysfs_create_link+0x61/0xc0 [ 727.523328][T15094] device_add+0x675/0x1920 [ 727.523358][T15094] ? __pfx_device_add+0x10/0x10 [ 727.523383][T15094] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 727.523410][T15094] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 727.523433][T15094] wiphy_register+0x1edd/0x2d90 [ 727.523456][T15094] ? __rtnl_unlock+0xb9/0xf0 [ 727.523483][T15094] ? __pfx_wiphy_register+0x10/0x10 [ 727.523506][T15094] ? __asan_memset+0x23/0x50 [ 727.523532][T15094] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 727.523559][T15094] ieee80211_register_hw+0x3055/0x4570 [ 727.523599][T15094] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 727.523627][T15094] ? __pfx___debug_object_init+0x10/0x10 [ 727.523651][T15094] ? find_held_lock+0x2b/0x80 [ 727.523674][T15094] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 727.523699][T15094] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 727.523719][T15094] ? __hrtimer_setup+0x208/0x330 [ 727.523739][T15094] mac80211_hwsim_new_radio+0x2a01/0x5ae0 [ 727.523779][T15094] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 727.523812][T15094] hwsim_new_radio_nl+0xc5f/0x1370 [ 727.523837][T15094] ? rcu_is_watching+0x12/0xc0 [ 727.523858][T15094] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 727.523890][T15094] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 727.523917][T15094] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 727.523948][T15094] genl_family_rcv_msg_doit+0x214/0x300 [ 727.523976][T15094] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 727.524002][T15094] ? genl_get_cmd+0x3e7/0x760 [ 727.524031][T15094] ? bpf_lsm_capable+0x9/0x10 [ 727.524050][T15094] ? security_capable+0x80/0x260 [ 727.524070][T15094] ? ns_capable+0xd2/0xf0 [ 727.524092][T15094] genl_rcv_msg+0x560/0x800 [ 727.524121][T15094] ? __pfx_genl_rcv_msg+0x10/0x10 [ 727.524153][T15094] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 727.524189][T15094] netlink_rcv_skb+0x159/0x420 [ 727.524212][T15094] ? __pfx_genl_rcv_msg+0x10/0x10 [ 727.524239][T15094] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 727.524272][T15094] ? netlink_deliver_tap+0x1ae/0xcc0 [ 727.524297][T15094] genl_rcv+0x28/0x40 [ 727.524320][T15094] netlink_unicast+0x585/0x850 [ 727.524347][T15094] ? __pfx_netlink_unicast+0x10/0x10 [ 727.524377][T15094] netlink_sendmsg+0x8b0/0xda0 [ 727.524404][T15094] ? __pfx_netlink_sendmsg+0x10/0x10 [ 727.524426][T15094] ? __import_iovec+0x1d2/0x640 [ 727.524451][T15094] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 727.524476][T15094] ____sys_sendmsg+0x9e1/0xb70 [ 727.524498][T15094] ? __pfx_netlink_sendmsg+0x10/0x10 [ 727.524523][T15094] ? __pfx_____sys_sendmsg+0x10/0x10 [ 727.524551][T15094] ? __pfx_futex_wake_mark+0x10/0x10 [ 727.524578][T15094] ___sys_sendmsg+0x190/0x1e0 [ 727.524604][T15094] ? __pfx____sys_sendmsg+0x10/0x10 [ 727.524656][T15094] __sys_sendmsg+0x170/0x220 [ 727.524676][T15094] ? __pfx___sys_sendmsg+0x10/0x10 [ 727.524693][T15094] ? __x64_sys_futex+0x34f/0x4d0 [ 727.524721][T15094] ? rcu_is_watching+0x12/0xc0 [ 727.524744][T15094] do_syscall_64+0x10b/0xf80 [ 727.524769][T15094] ? clear_bhb_loop+0x40/0x90 [ 727.524791][T15094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.524809][T15094] RIP: 0033:0x7f28db59c819 [ 727.524826][T15094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 727.524844][T15094] RSP: 002b:00007f28d97f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 727.524861][T15094] RAX: ffffffffffffffda RBX: 00007f28db816180 RCX: 00007f28db59c819 [ 727.524872][T15094] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000002 [ 727.524883][T15094] RBP: 00007f28db632c91 R08: 0000000000000000 R09: 0000000000000000 [ 727.524893][T15094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 727.524903][T15094] R13: 00007f28db816218 R14: 00007f28db816180 R15: 00007ffdc16eed98 [ 727.524927][T15094] [ 732.807552][T15171] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2140'. [ 732.839587][T15171] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2140'. [ 732.849907][ T29] audit: type=1807 audit(4294967299.838:31): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 732.905520][ T29] audit: type=1802 audit(4294967299.858:32): pid=15174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.2142" res=0 errno=0 [ 732.928807][T15176] ima: policy update failed [ 732.999356][ T29] audit: type=1802 audit(4294967299.948:33): pid=15176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2142" res=0 errno=0 [ 733.237196][T15180] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2143'. [ 733.278222][T15180] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2143'. [ 735.088121][T15211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2150'. [ 735.119374][T15210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2151'. [ 735.137542][T15211] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2150'. [ 735.178098][T15210] netlink: 'syz.0.2151': attribute type 2 has an invalid length. [ 735.217631][T15210] netlink: 'syz.0.2151': attribute type 3 has an invalid length. [ 735.243886][T15210] netlink: 51465 bytes leftover after parsing attributes in process `syz.0.2151'. [ 735.267853][T15210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2151'. [ 735.511806][T15221] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2154'. [ 739.711268][T15313] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 739.917265][T15313] CPU: 0 UID: 0 PID: 15313 Comm: syz.0.2175 Not tainted syzkaller #0 PREEMPT(full) [ 739.917297][T15313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 739.917308][T15313] Call Trace: [ 739.917314][T15313] [ 739.917321][T15313] dump_stack_lvl+0x100/0x190 [ 739.917356][T15313] sysfs_warn_dup.cold+0x1c/0x28 [ 739.917383][T15313] sysfs_do_create_link_sd+0x113/0x140 [ 739.917414][T15313] sysfs_create_link+0x61/0xc0 [ 739.917441][T15313] device_add+0x675/0x1920 [ 739.917470][T15313] ? __pfx_device_add+0x10/0x10 [ 739.917495][T15313] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 739.917523][T15313] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 739.917546][T15313] wiphy_register+0x1edd/0x2d90 [ 739.917568][T15313] ? __rtnl_unlock+0xb9/0xf0 [ 739.917595][T15313] ? __pfx_wiphy_register+0x10/0x10 [ 739.917618][T15313] ? __asan_memset+0x23/0x50 [ 739.917644][T15313] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 739.917679][T15313] ieee80211_register_hw+0x3055/0x4570 [ 739.917720][T15313] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 739.917748][T15313] ? __pfx___debug_object_init+0x10/0x10 [ 739.917773][T15313] ? find_held_lock+0x2b/0x80 [ 739.917797][T15313] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 739.917823][T15313] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 739.917842][T15313] ? __hrtimer_setup+0x208/0x330 [ 739.917863][T15313] mac80211_hwsim_new_radio+0x2a01/0x5ae0 [ 739.917903][T15313] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 739.917936][T15313] hwsim_new_radio_nl+0xc5f/0x1370 [ 739.917961][T15313] ? rcu_is_watching+0x12/0xc0 [ 739.917983][T15313] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 739.918014][T15313] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 739.918042][T15313] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 739.918073][T15313] genl_family_rcv_msg_doit+0x214/0x300 [ 739.918101][T15313] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 739.918127][T15313] ? genl_get_cmd+0x3e7/0x760 [ 739.918156][T15313] ? bpf_lsm_capable+0x9/0x10 [ 739.918175][T15313] ? security_capable+0x80/0x260 [ 739.918195][T15313] ? ns_capable+0xd2/0xf0 [ 739.918217][T15313] genl_rcv_msg+0x560/0x800 [ 739.918245][T15313] ? __pfx_genl_rcv_msg+0x10/0x10 [ 739.918271][T15313] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 739.918304][T15313] netlink_rcv_skb+0x159/0x420 [ 739.918327][T15313] ? __pfx_genl_rcv_msg+0x10/0x10 [ 739.918354][T15313] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 739.918386][T15313] ? netlink_deliver_tap+0x1ae/0xcc0 [ 739.918411][T15313] genl_rcv+0x28/0x40 [ 739.918434][T15313] netlink_unicast+0x585/0x850 [ 739.918460][T15313] ? __pfx_netlink_unicast+0x10/0x10 [ 739.918489][T15313] netlink_sendmsg+0x8b0/0xda0 [ 739.918515][T15313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 739.918537][T15313] ? __import_iovec+0x1d2/0x640 [ 739.918562][T15313] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 739.918586][T15313] ____sys_sendmsg+0x9e1/0xb70 [ 739.918608][T15313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 739.918632][T15313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 739.918661][T15313] ? preempt_schedule_thunk+0x16/0x30 [ 739.918700][T15313] ? try_to_wake_up+0x5f6/0x1900 [ 739.918727][T15313] ___sys_sendmsg+0x190/0x1e0 [ 739.918754][T15313] ? __pfx____sys_sendmsg+0x10/0x10 [ 739.918779][T15313] ? futex_private_hash_put+0x107/0x1c0 [ 739.918835][T15313] __sys_sendmsg+0x170/0x220 [ 739.918854][T15313] ? __pfx___sys_sendmsg+0x10/0x10 [ 739.918872][T15313] ? __x64_sys_futex+0x34f/0x4d0 [ 739.918900][T15313] ? rcu_is_watching+0x12/0xc0 [ 739.918923][T15313] do_syscall_64+0x10b/0xf80 [ 739.918948][T15313] ? clear_bhb_loop+0x40/0x90 [ 739.918970][T15313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.918989][T15313] RIP: 0033:0x7f3bed79c819 [ 739.919006][T15313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 739.919024][T15313] RSP: 002b:00007f3bee626028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 739.919042][T15313] RAX: ffffffffffffffda RBX: 00007f3beda16270 RCX: 00007f3bed79c819 [ 739.919054][T15313] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000002 [ 739.919065][T15313] RBP: 00007f3bed832c91 R08: 0000000000000000 R09: 0000000000000000 [ 739.919075][T15313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.919085][T15313] R13: 00007f3beda16308 R14: 00007f3beda16270 R15: 00007fff570fb418 [ 739.919108][T15313] [ 740.866884][T15325] __nla_validate_parse: 7 callbacks suppressed [ 740.866902][T15325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2177'. [ 740.886209][T15325] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2177'. [ 742.415776][T15341] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2182'. [ 742.461492][T15341] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2182'. [ 742.869591][T15348] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2184'. [ 742.914768][T15348] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2184'. [ 743.413615][ T29] audit: type=1800 audit(4294967310.403:34): pid=15354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2185" name="sr0" dev="devtmpfs" ino=2919 res=0 errno=0 [ 743.814732][T15359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2188'. [ 743.862877][T15359] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2188'. [ 744.567112][T15368] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2190'. [ 744.610914][T15368] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2190'. [ 746.096592][T15400] QAT: Invalid ioctl 35077 [ 746.525727][T15404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2197'. [ 746.563605][T15404] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2197'. [ 747.667941][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.677274][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.818452][T15427] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 747.990415][T15427] CPU: 0 UID: 0 PID: 15427 Comm: syz.3.2201 Not tainted syzkaller #0 PREEMPT(full) [ 747.990444][T15427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 747.990455][T15427] Call Trace: [ 747.990462][T15427] [ 747.990469][T15427] dump_stack_lvl+0x100/0x190 [ 747.990509][T15427] sysfs_warn_dup.cold+0x1c/0x28 [ 747.990536][T15427] sysfs_do_create_link_sd+0x113/0x140 [ 747.990567][T15427] sysfs_create_link+0x61/0xc0 [ 747.990594][T15427] device_add+0x675/0x1920 [ 747.990623][T15427] ? __pfx_device_add+0x10/0x10 [ 747.990655][T15427] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 747.990682][T15427] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 747.990707][T15427] wiphy_register+0x1edd/0x2d90 [ 747.990729][T15427] ? __rtnl_unlock+0xb9/0xf0 [ 747.990757][T15427] ? __pfx_wiphy_register+0x10/0x10 [ 747.990780][T15427] ? __asan_memset+0x23/0x50 [ 747.990805][T15427] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 747.990831][T15427] ieee80211_register_hw+0x3055/0x4570 [ 747.990871][T15427] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 747.990899][T15427] ? __pfx___debug_object_init+0x10/0x10 [ 747.990922][T15427] ? find_held_lock+0x2b/0x80 [ 747.990946][T15427] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 747.990970][T15427] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 747.990990][T15427] ? __hrtimer_setup+0x208/0x330 [ 747.991010][T15427] mac80211_hwsim_new_radio+0x2a01/0x5ae0 [ 747.991051][T15427] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 747.991083][T15427] hwsim_new_radio_nl+0xc5f/0x1370 [ 747.991109][T15427] ? rcu_is_watching+0x12/0xc0 [ 747.991130][T15427] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 747.991162][T15427] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 747.991189][T15427] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 747.991221][T15427] genl_family_rcv_msg_doit+0x214/0x300 [ 747.991249][T15427] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 747.991275][T15427] ? genl_get_cmd+0x3e7/0x760 [ 747.991304][T15427] ? bpf_lsm_capable+0x9/0x10 [ 747.991322][T15427] ? security_capable+0x80/0x260 [ 747.991342][T15427] ? ns_capable+0xd2/0xf0 [ 747.991365][T15427] genl_rcv_msg+0x560/0x800 [ 747.991392][T15427] ? __pfx_genl_rcv_msg+0x10/0x10 [ 747.991418][T15427] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 747.991452][T15427] netlink_rcv_skb+0x159/0x420 [ 747.991475][T15427] ? __pfx_genl_rcv_msg+0x10/0x10 [ 747.991502][T15427] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 747.991534][T15427] ? netlink_deliver_tap+0x1ae/0xcc0 [ 747.991558][T15427] genl_rcv+0x28/0x40 [ 747.991580][T15427] netlink_unicast+0x585/0x850 [ 747.991606][T15427] ? __pfx_netlink_unicast+0x10/0x10 [ 747.991635][T15427] netlink_sendmsg+0x8b0/0xda0 [ 747.991668][T15427] ? __pfx_netlink_sendmsg+0x10/0x10 [ 747.991689][T15427] ? __import_iovec+0x1d2/0x640 [ 747.991714][T15427] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 747.991737][T15427] ____sys_sendmsg+0x9e1/0xb70 [ 747.991759][T15427] ? __pfx_netlink_sendmsg+0x10/0x10 [ 747.991785][T15427] ? __pfx_____sys_sendmsg+0x10/0x10 [ 747.991814][T15427] ? __pfx_futex_wake_mark+0x10/0x10 [ 747.991840][T15427] ___sys_sendmsg+0x190/0x1e0 [ 747.991867][T15427] ? __pfx____sys_sendmsg+0x10/0x10 [ 747.991920][T15427] __sys_sendmsg+0x170/0x220 [ 747.991939][T15427] ? __pfx___sys_sendmsg+0x10/0x10 [ 747.991957][T15427] ? __x64_sys_futex+0x34f/0x4d0 [ 747.991984][T15427] ? rcu_is_watching+0x12/0xc0 [ 747.992008][T15427] do_syscall_64+0x10b/0xf80 [ 747.992034][T15427] ? clear_bhb_loop+0x40/0x90 [ 747.992056][T15427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.992074][T15427] RIP: 0033:0x7fdc1479c819 [ 747.992090][T15427] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.992107][T15427] RSP: 002b:00007fdc125d3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 747.992126][T15427] RAX: ffffffffffffffda RBX: 00007fdc14a16270 RCX: 00007fdc1479c819 [ 747.992137][T15427] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000002 [ 747.992148][T15427] RBP: 00007fdc14832c91 R08: 0000000000000000 R09: 0000000000000000 [ 747.992159][T15427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.992169][T15427] R13: 00007fdc14a16308 R14: 00007fdc14a16270 R15: 00007fff89e0c2f8 [ 747.992193][T15427] [ 748.673242][T15431] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2204'. [ 748.684127][T15431] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2204'. [ 748.782279][T15434] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2203'. [ 748.792058][T15434] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2203'. [ 748.940104][T15438] random: crng reseeded on system resumption [ 749.011340][T15439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2205'. [ 749.023789][T15438] hub 1-0:1.0: USB hub found [ 749.039112][T15439] netlink: 54021 bytes leftover after parsing attributes in process `syz.2.2205'. [ 749.058504][T15438] hub 1-0:1.0: 1 port detected [ 749.481722][T15449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2207'. [ 749.526851][T15449] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2207'. [ 753.389780][T15500] __nla_validate_parse: 2 callbacks suppressed [ 753.389797][T15500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2221'. [ 753.449016][T15500] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2221'. [ 753.498486][T15495] FAULT_INJECTION: forcing a failure. [ 753.498486][T15495] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 753.514070][T15504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2222'. [ 753.523337][T15495] CPU: 0 UID: 0 PID: 15495 Comm: syz.3.2220 Not tainted syzkaller #0 PREEMPT(full) [ 753.523363][T15495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 753.523373][T15495] Call Trace: [ 753.523382][T15495] [ 753.523389][T15495] dump_stack_lvl+0x100/0x190 [ 753.523429][T15495] should_fail_ex.cold+0x5/0xa [ 753.523449][T15495] ? prepare_alloc_pages+0x16d/0x5f0 [ 753.523472][T15495] should_fail_alloc_page+0xeb/0x140 [ 753.523494][T15495] prepare_alloc_pages+0x1f0/0x5f0 [ 753.523515][T15495] ? __set_next_task_fair.part.0+0x2e1/0x390 [ 753.523544][T15495] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 753.523582][T15495] ? __lock_acquire+0x4a5/0x2630 [ 753.523610][T15495] ? __lock_acquire+0x4a5/0x2630 [ 753.523645][T15495] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 753.523673][T15495] ? find_held_lock+0x2b/0x80 [ 753.523699][T15495] ? mark_held_locks+0x40/0x70 [ 753.523725][T15495] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 753.523751][T15495] ? __lock_acquire+0x4a5/0x2630 [ 753.523780][T15495] ? __lock_acquire+0x4a5/0x2630 [ 753.523807][T15495] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 753.523833][T15495] ? policy_nodemask+0xed/0x4f0 [ 753.523853][T15495] alloc_pages_mpol+0x1fb/0x540 [ 753.523874][T15495] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 753.523899][T15495] alloc_pages_noprof+0x1a/0x160 [ 753.523922][T15495] pte_alloc_one+0x1c/0x3d0 [ 753.523946][T15495] __pte_alloc+0x6d/0x3e0 [ 753.523965][T15495] ? __pfx___pte_alloc+0x10/0x10 [ 753.523982][T15495] ? __pfx___might_resched+0x10/0x10 [ 753.524000][T15495] ? copy_page_range+0x1c2d/0x5b00 [ 753.524028][T15495] copy_page_range+0x3dbb/0x5b00 [ 753.524076][T15495] ? mas_wr_store_entry+0xa1/0x1e80 [ 753.524096][T15495] ? __pfx_copy_page_range+0x10/0x10 [ 753.524128][T15495] ? __pfx___might_resched+0x10/0x10 [ 753.524155][T15495] ? up_write+0x28c/0x4f0 [ 753.524176][T15495] dup_mmap+0xd25/0x2180 [ 753.524206][T15495] ? __pfx_dup_mmap+0x10/0x10 [ 753.524226][T15495] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 753.524256][T15495] ? __lock_acquire+0x4a5/0x2630 [ 753.524284][T15495] ? find_held_lock+0x2b/0x80 [ 753.524305][T15495] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 753.524346][T15495] copy_process+0x7b37/0x7fa0 [ 753.524382][T15495] ? __pfx_copy_process+0x10/0x10 [ 753.524410][T15495] ? futex_hash+0x141/0x370 [ 753.524442][T15495] kernel_clone+0x12e/0x9c0 [ 753.524464][T15495] ? __pfx_futex_wait+0x10/0x10 [ 753.524487][T15495] ? __pfx_kernel_clone+0x10/0x10 [ 753.524524][T15495] __do_sys_clone+0xd9/0x120 [ 753.524548][T15495] ? __pfx___do_sys_clone+0x10/0x10 [ 753.524577][T15495] ? __fget_files+0x21f/0x3d0 [ 753.524609][T15495] ? rcu_is_watching+0x12/0xc0 [ 753.524632][T15495] do_syscall_64+0x10b/0xf80 [ 753.524659][T15495] ? clear_bhb_loop+0x40/0x90 [ 753.524681][T15495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.524701][T15495] RIP: 0033:0x7fdc1479c819 [ 753.524718][T15495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 753.524735][T15495] RSP: 002b:00007fdc1558ffd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 753.524753][T15495] RAX: ffffffffffffffda RBX: 00007fdc14a15fa0 RCX: 00007fdc1479c819 [ 753.524765][T15495] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 753.524775][T15495] RBP: 00007fdc14832c91 R08: 0000000000000000 R09: 0000000000000000 [ 753.524785][T15495] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 753.524796][T15495] R13: 00007fdc14a16038 R14: 00007fdc14a15fa0 R15: 00007fff89e0c2f8 [ 753.524820][T15495] [ 753.886062][T15505] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2222'. [ 757.172656][T15570] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2233'. [ 757.229416][T15570] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2233'. [ 757.692723][T15579] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 758.549517][T15602] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2239'. [ 758.582802][T15602] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2239'. [ 759.392950][T15615] QAT: Invalid ioctl 35077 [ 759.710479][T15620] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2243'. [ 759.751939][T15620] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2243'. [ 761.150780][T15638] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2245'. [ 761.202259][T15638] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2245'. [ 762.749448][T15664] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2253'. [ 762.798210][T15664] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2253'. [ 763.715657][T15675] block2mtd: illegal erase size [ 765.668257][T15704] random: crng reseeded on system resumption [ 765.931134][T15709] hub 1-0:1.0: USB hub found [ 765.996820][T15709] hub 1-0:1.0: 1 port detected [ 766.304875][T15720] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2265'. [ 766.335314][T15720] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2265'. [ 767.566225][T15742] QAT: Invalid ioctl 35077 [ 768.946160][T15766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2274'. [ 768.995471][T15766] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2274'. [ 769.314725][T15775] QAT: Invalid ioctl 35077 [ 769.906614][T15780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2278'. [ 769.959641][T15785] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2278'. [ 770.599730][T15792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2280'. [ 770.654902][T15795] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2280'. [ 770.916737][T15799] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2281'. [ 770.961351][T15791] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2279'. [ 771.009109][T15791] netlink: 'syz.0.2279': attribute type 1 has an invalid length. [ 771.821660][T15820] QAT: Invalid ioctl 35077 [ 773.233399][T15843] block2mtd: illegal erase size [ 773.548766][T15848] __nla_validate_parse: 2 callbacks suppressed [ 773.548784][T15848] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2292'. [ 773.626499][T15850] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2292'. [ 776.093509][T15907] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2300'. [ 776.111941][T15908] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2301'. [ 776.155693][T15911] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2300'. [ 776.177477][T15912] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2301'. [ 776.501218][T15918] random: crng reseeded on system resumption [ 776.628241][T15918] hub 1-0:1.0: USB hub found [ 776.685066][T15918] hub 1-0:1.0: 1 port detected [ 777.109057][T15929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2304'. [ 777.167715][T15930] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2304'. [ 777.551732][T15932] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2305'. [ 777.584166][T15932] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2305'. [ 778.249920][T15951] QAT: Invalid ioctl 35077 [ 778.607012][T15956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2310'. [ 778.806273][T15960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2311'. [ 780.402767][T15987] random: crng reseeded on system resumption [ 780.497229][T15987] hub 1-0:1.0: USB hub found [ 780.530492][T15987] hub 1-0:1.0: 1 port detected [ 781.957321][T16003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2321'. [ 782.249264][T16014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2333'. [ 782.270607][T16015] block2mtd: illegal erase size [ 782.285028][T16014] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2333'. [ 783.215824][T16027] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2327'. [ 783.252433][T16027] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2327'. [ 783.732436][T16024] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.128458][T16043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2334'. [ 784.349304][T16024] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.428886][T16050] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2336'. [ 784.442833][T16051] random: crng reseeded on system resumption [ 784.460202][T16050] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2336'. [ 784.505709][T16024] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.622091][T16024] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 785.021888][T16055] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2338'. [ 785.059012][T16055] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2338'. [ 785.874448][T16083] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2344'. [ 785.919727][T16083] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2344'. [ 785.963921][T16066] QAT: Invalid ioctl 35077 [ 786.070069][T16086] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2345'. [ 786.252429][T16088] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2346'. [ 786.293454][T16088] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2346'. [ 787.260616][ T29] audit: type=1800 audit(4294967354.221:35): pid=16107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2350" name="dummy_udc" dev="gadgetfs" ino=6774 res=0 errno=0 [ 790.298385][ T29] audit: type=1800 audit(4294967357.259:36): pid=16161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2363" name="dummy_udc" dev="gadgetfs" ino=6774 res=0 errno=0 [ 793.440646][T16210] __nla_validate_parse: 1 callbacks suppressed [ 793.440664][T16210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2381'. [ 793.471327][T16209] block2mtd: illegal erase size [ 793.514665][T16213] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2381'. [ 793.688411][T16216] QAT: Invalid ioctl 35077 [ 795.109888][ T29] audit: type=1800 audit(4294967362.057:37): pid=16232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2377" name="dummy_udc" dev="gadgetfs" ino=6774 res=0 errno=0 [ 795.633301][T16242] QAT: Invalid ioctl 35077 [ 797.289766][T16274] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2388'. [ 797.553606][T16280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2389'. [ 797.588828][T16280] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2389'. [ 798.170607][ T29] audit: type=1800 audit(4294967365.135:38): pid=16292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2391" name="dummy_udc" dev="gadgetfs" ino=6774 res=0 errno=0 [ 798.844599][T16308] QAT: Invalid ioctl 35077 [ 799.454539][T16314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2397'. [ 799.838747][T16324] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2398'. [ 801.608387][T11749] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 803.198406][T16375] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2411'. [ 804.214221][T16399] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 804.810423][T16403] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 805.727280][T16422] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2420'. [ 806.150280][T16435] random: crng reseeded on system resumption [ 806.459224][T16445] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2426'. [ 806.930531][T16450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2427'. [ 806.973936][T16450] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2427'. [ 807.276250][T16452] FAULT_INJECTION: forcing a failure. [ 807.276250][T16452] name failslab, interval 1, probability 0, space 0, times 0 [ 807.329224][T16452] CPU: 0 UID: 0 PID: 16452 Comm: syz.0.2428 Not tainted syzkaller #0 PREEMPT(full) [ 807.329250][T16452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 807.329262][T16452] Call Trace: [ 807.329268][T16452] [ 807.329275][T16452] dump_stack_lvl+0x100/0x190 [ 807.329311][T16452] should_fail_ex.cold+0x5/0xa [ 807.329335][T16452] should_failslab+0xc2/0x120 [ 807.329356][T16452] __kmalloc_cache_noprof+0x7a/0x6f0 [ 807.329380][T16452] ? kobject_uevent_env+0x263/0x18b0 [ 807.329404][T16452] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 807.329437][T16452] kobject_uevent_env+0x263/0x18b0 [ 807.329462][T16452] ? bus_to_subsys+0x114/0x150 [ 807.329493][T16452] device_add+0x116e/0x1920 [ 807.329522][T16452] ? __pfx_device_add+0x10/0x10 [ 807.329548][T16452] ? lockdep_init_map_type+0x5c/0x250 [ 807.329577][T16452] ? __init_waitqueue_head+0xca/0x150 [ 807.329603][T16452] rfkill_register+0x1ad/0xb30 [ 807.329627][T16452] nfc_register_device+0x11f/0x3e0 [ 807.329657][T16452] nci_register_device+0x7f1/0xb80 [ 807.329679][T16452] ? __pfx_nci_register_device+0x10/0x10 [ 807.329705][T16452] ? lockdep_init_map_type+0x5c/0x250 [ 807.329740][T16452] virtual_ncidev_open+0x141/0x220 [ 807.329761][T16452] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 807.329779][T16452] misc_open+0x26d/0x450 [ 807.329805][T16452] ? __pfx_misc_open+0x10/0x10 [ 807.329835][T16452] chrdev_open+0x234/0x6a0 [ 807.329855][T16452] ? __pfx_apparmor_file_open+0x10/0x10 [ 807.329883][T16452] ? __pfx_chrdev_open+0x10/0x10 [ 807.329904][T16452] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 807.329929][T16452] do_dentry_open+0x6d8/0x1660 [ 807.329947][T16452] ? __pfx_chrdev_open+0x10/0x10 [ 807.329972][T16452] vfs_open+0x82/0x3f0 [ 807.329997][T16452] path_openat+0x208c/0x31a0 [ 807.330024][T16452] ? __pfx_path_openat+0x10/0x10 [ 807.330052][T16452] do_file_open+0x20e/0x430 [ 807.330073][T16452] ? __pfx_do_file_open+0x10/0x10 [ 807.330108][T16452] ? alloc_fd+0x476/0x790 [ 807.330133][T16452] ? do_getname+0x191/0x390 [ 807.330158][T16452] do_sys_openat2+0x10d/0x1e0 [ 807.330182][T16452] ? __pfx_do_sys_openat2+0x10/0x10 [ 807.330207][T16452] ? __fget_files+0x21f/0x3d0 [ 807.330229][T16452] __x64_sys_openat+0x12d/0x210 [ 807.330254][T16452] ? __pfx___x64_sys_openat+0x10/0x10 [ 807.330282][T16452] ? rcu_is_watching+0x12/0xc0 [ 807.330305][T16452] do_syscall_64+0x10b/0xf80 [ 807.330331][T16452] ? clear_bhb_loop+0x40/0x90 [ 807.330353][T16452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.330372][T16452] RIP: 0033:0x7f3bed79c819 [ 807.330388][T16452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 807.330406][T16452] RSP: 002b:00007f3bee689028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 807.330424][T16452] RAX: ffffffffffffffda RBX: 00007f3beda15fa0 RCX: 00007f3bed79c819 [ 807.330436][T16452] RDX: 0000000000000002 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 807.330447][T16452] RBP: 00007f3bed832c91 R08: 0000000000000000 R09: 0000000000000000 [ 807.330457][T16452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 807.330468][T16452] R13: 00007f3beda16038 R14: 00007f3beda15fa0 R15: 00007fff570fb418 [ 807.330491][T16452] [ 808.231191][T16462] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2430'. [ 808.265836][T16462] netlink: 'syz.3.2430': attribute type 1 has an invalid length. [ 808.288758][T16462] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2430'. [ 808.512465][T16470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2432'. [ 808.544032][T16470] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2432'. [ 808.850511][T16452] futex_wake_op: syz.0.2428 tries to shift op by -2048; fix this program [ 808.912890][T16476] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2433'. [ 808.940502][T16476] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2433'. [ 809.139718][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.146971][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 813.065403][T16552] ubi0: attaching mtd0 [ 813.085289][T16552] ubi0: scanning is finished [ 813.467908][T16552] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 813.573663][T16552] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 813.599040][T16571] __nla_validate_parse: 1 callbacks suppressed [ 813.599057][T16571] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2454'. [ 813.660297][T16552] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 813.685449][T16572] netlink: 'syz.2.2454': attribute type 1 has an invalid length. [ 813.731677][T16572] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2454'. [ 813.742317][T16552] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 813.792611][T16552] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 813.830631][T16552] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 813.879341][T16552] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2861464568 [ 813.923563][T16552] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 813.970182][T16569] ubi0: background thread "ubi_bgt0d" started, PID 16569 [ 815.173591][T11749] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 816.165285][T16606] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2463'. [ 816.209253][T16606] netlink: 'syz.0.2463': attribute type 1 has an invalid length. [ 816.256841][T16606] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2463'. [ 816.439442][ T29] audit: type=1800 audit(4294967383.396:39): pid=16611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2464" name="dummy_udc" dev="gadgetfs" ino=6774 res=0 errno=0 [ 817.236593][T16629] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 818.135464][T16650] QAT: Invalid ioctl 35077 [ 819.630901][T16672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2477'. [ 819.669930][T16672] netlink: 'syz.1.2477': attribute type 1 has an invalid length. [ 819.703668][T16672] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2477'. [ 820.006059][T16679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2478'. [ 820.072711][T16683] netlink: 'syz.0.2478': attribute type 1 has an invalid length. [ 820.099756][T16682] can0: slcan on ttyS2. [ 820.119350][T16683] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2478'. [ 820.240053][T16680] can0 (unregistered): slcan off ttyS2. [ 821.246113][T16708] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2483'. [ 821.364010][T16711] FAULT_INJECTION: forcing a failure. [ 821.364010][T16711] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 821.507673][T16708] FAULT_INJECTION: forcing a failure. [ 821.507673][T16708] name failslab, interval 1, probability 0, space 0, times 0 [ 821.778110][T16715] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2484'. [ 821.788573][T16711] CPU: 0 UID: 0 PID: 16711 Comm: syz.3.2483 Not tainted syzkaller #0 PREEMPT(full) [ 821.788600][T16711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 821.788611][T16711] Call Trace: [ 821.788617][T16711] [ 821.788632][T16711] dump_stack_lvl+0x100/0x190 [ 821.788668][T16711] should_fail_ex.cold+0x5/0xa [ 821.788691][T16711] core_sys_select+0x9b9/0xbb0 [ 821.788713][T16711] ? __pfx_core_sys_select+0x10/0x10 [ 821.788764][T16711] ? ktime_get_ts64+0x306/0x420 [ 821.788793][T16711] ? ktime_get_ts64+0x318/0x420 [ 821.788818][T16711] ? ktime_get_ts64+0x257/0x420 [ 821.788858][T16711] kern_select+0x20c/0x270 [ 821.788880][T16711] ? __pfx_kern_select+0x10/0x10 [ 821.788903][T16711] ? xfd_validate_state+0x129/0x190 [ 821.788929][T16711] __x64_sys_select+0xbd/0x160 [ 821.788945][T16711] ? do_syscall_64+0x90/0xf80 [ 821.788972][T16711] ? lockdep_hardirqs_on+0x78/0x100 [ 821.788999][T16711] do_syscall_64+0x10b/0xf80 [ 821.789025][T16711] ? clear_bhb_loop+0x40/0x90 [ 821.789046][T16711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.789065][T16711] RIP: 0033:0x7fdc1479c819 [ 821.789081][T16711] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 821.789099][T16711] RSP: 002b:00007fdc1556f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 821.789121][T16711] RAX: ffffffffffffffda RBX: 00007fdc14a16090 RCX: 00007fdc1479c819 [ 821.789132][T16711] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 821.789142][T16711] RBP: 00007fdc14832c91 R08: 00002000000001c0 R09: 0000000000000000 [ 821.789153][T16711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.789163][T16711] R13: 00007fdc14a16128 R14: 00007fdc14a16090 R15: 00007fff89e0c2f8 [ 821.789185][T16711] [ 822.093381][T16716] netlink: 'syz.1.2484': attribute type 1 has an invalid length. [ 822.101282][T16716] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2484'. [ 822.260164][T16722] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2486'. [ 822.304076][T16724] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2485'. [ 822.314188][T16726] netlink: 'syz.1.2486': attribute type 1 has an invalid length. [ 822.344420][T16724] netlink: 'syz.0.2485': attribute type 1 has an invalid length. [ 822.352432][T16726] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2486'. [ 822.666401][T16739] QAT: Invalid ioctl 35077 [ 822.756943][T16708] CPU: 0 UID: 0 PID: 16708 Comm: syz.3.2483 Not tainted syzkaller #0 PREEMPT(full) [ 822.756971][T16708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 822.756982][T16708] Call Trace: [ 822.756988][T16708] [ 822.756996][T16708] dump_stack_lvl+0x100/0x190 [ 822.757031][T16708] should_fail_ex.cold+0x5/0xa [ 822.757055][T16708] should_failslab+0xc2/0x120 [ 822.757075][T16708] __kmalloc_cache_noprof+0x7a/0x6f0 [ 822.757099][T16708] ? call_usermodehelper_setup+0xaf/0x360 [ 822.757121][T16708] ? __pfx_free_modprobe_argv+0x10/0x10 [ 822.757140][T16708] call_usermodehelper_setup+0xaf/0x360 [ 822.757163][T16708] __request_module+0x3d3/0x6c0 [ 822.757183][T16708] ? __pfx___request_module+0x10/0x10 [ 822.757207][T16708] ? __get_fs_type+0x12c/0x170 [ 822.757227][T16708] ? __get_fs_type+0x12c/0x170 [ 822.757255][T16708] get_fs_type+0xd7/0x190 [ 822.757277][T16708] __x64_sys_fsopen+0xca/0x220 [ 822.757302][T16708] do_syscall_64+0x10b/0xf80 [ 822.757329][T16708] ? clear_bhb_loop+0x40/0x90 [ 822.757350][T16708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 822.757368][T16708] RIP: 0033:0x7fdc1479c819 [ 822.757384][T16708] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 822.757402][T16708] RSP: 002b:00007fdc15590028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 822.757420][T16708] RAX: ffffffffffffffda RBX: 00007fdc14a15fa0 RCX: 00007fdc1479c819 [ 822.757432][T16708] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 822.757442][T16708] RBP: 00007fdc14832c91 R08: 0000000000000000 R09: 0000000000000000 [ 822.757453][T16708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 822.757463][T16708] R13: 00007fdc14a16038 R14: 00007fdc14a15fa0 R15: 00007fff89e0c2f8 [ 822.757485][T16708] [ 824.847376][T16774] vivid-007: ================= START STATUS ================= [ 824.884344][T16774] vivid-007: Generate PTS: true [ 824.913649][T16774] vivid-007: Generate SCR: true [ 824.936368][T16774] tpg source WxH: 320x240 (Y'CbCr) [ 824.958038][T16774] tpg field: 1 [ 824.980441][T16774] tpg crop: (0,0)/320x240 [ 825.005183][T16774] tpg compose: (0,0)/320x240 [ 825.025918][T16774] tpg colorspace: 8 [ 825.044415][T16774] tpg transfer function: 0/0 [ 825.070741][T16774] tpg Y'CbCr encoding: 0/0 [ 825.108161][T16774] tpg quantization: 0/0 [ 825.148610][T16774] tpg RGB range: 0/2 [ 825.192182][T16774] vivid-007: ================== END STATUS ================== [ 825.452743][T16786] __nla_validate_parse: 3 callbacks suppressed [ 825.452762][T16786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2496'. [ 825.523214][T16787] netlink: 'syz.1.2496': attribute type 1 has an invalid length. [ 825.558843][T16787] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2496'. [ 825.730889][T16791] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2497'. [ 825.796001][T16791] netlink: 'syz.2.2497': attribute type 1 has an invalid length. [ 825.828987][T16791] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2497'. [ 827.564886][T16819] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2503'. [ 827.605197][T16819] netlink: 'syz.0.2503': attribute type 1 has an invalid length. [ 827.617035][T16821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2504'. [ 827.648567][T16819] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2503'. [ 827.660715][T16821] netlink: 'syz.1.2504': attribute type 1 has an invalid length. [ 827.692457][T16821] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2504'. [ 831.029633][T16878] random: crng reseeded on system resumption [ 831.302731][T16869] kexec: Could not allocate control_code_buffer [ 831.649125][T16891] block2mtd: illegal erase size [ 833.259722][T16911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2522'. [ 833.310109][T16912] netlink: 'syz.0.2522': attribute type 1 has an invalid length. [ 833.356549][T16912] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2522'. [ 833.661103][T16918] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2524'. [ 833.721247][T16918] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2524'. [ 834.704312][T16937] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 834.979622][T16946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2532'. [ 835.008214][T16946] netlink: 'syz.2.2532': attribute type 1 has an invalid length. [ 835.048406][T16946] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2532'. [ 835.144602][T16951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2533'. [ 835.182143][T16951] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2533'. [ 835.482347][T16959] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2535'. [ 836.339137][T16974] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2538'. [ 836.349935][T16976] netlink: 'syz.3.2539': attribute type 1 has an invalid length. [ 836.383343][T16974] netlink: 'syz.1.2538': attribute type 1 has an invalid length. [ 837.056105][T16981] QAT: Invalid ioctl 35077 [ 837.177061][T16593] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 837.393342][T16965] kexec: Could not allocate control_code_buffer [ 837.927745][T17004] netlink: 'syz.1.2546': attribute type 1 has an invalid length. [ 838.274807][T17015] __nla_validate_parse: 5 callbacks suppressed [ 838.274826][T17015] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2549'. [ 838.328050][T17016] netlink: 'syz.0.2549': attribute type 1 has an invalid length. [ 838.359955][T17016] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2549'. [ 838.636514][T17022] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2550'. [ 838.694730][T17026] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2550'. [ 838.802206][T17024] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 839.233630][T17032] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2554'. [ 839.276299][T17032] netlink: 'syz.1.2554': attribute type 1 has an invalid length. [ 839.328933][T17032] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2554'. [ 839.589299][T17034] QAT: Invalid ioctl 35077 [ 839.981355][T17048] QAT: Invalid ioctl 35077 [ 840.499311][T17062] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2562'. [ 840.535819][T17062] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2562'. [ 840.762913][T17067] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 840.865797][T17072] QAT: Invalid ioctl 35077 [ 841.999726][T17095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2569'. [ 842.023718][T17095] netlink: 'syz.1.2569': attribute type 1 has an invalid length. [ 842.042466][T17095] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2569'. [ 842.413244][T17109] netlink: 'syz.2.2574': attribute type 1 has an invalid length. [ 842.501806][T17111] QAT: Invalid ioctl 35077 [ 843.815199][T17138] QAT: Invalid ioctl 35077 [ 843.865849][T17137] __nla_validate_parse: 6 callbacks suppressed [ 843.865869][T17137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2580'. [ 843.955007][T17137] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2580'. [ 844.346536][T17147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2582'. [ 844.381835][T17147] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2582'. [ 844.911057][T17154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2584'. [ 844.944979][T17154] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2584'. [ 845.894853][T17167] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2587'. [ 845.934195][T17167] netlink: 'syz.2.2587': attribute type 1 has an invalid length. [ 845.961102][T17167] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2587'. [ 847.063033][ T5846] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 847.141271][T17194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2595'. [ 847.206078][T17196] netlink: 'syz.1.2595': attribute type 1 has an invalid length. [ 847.262261][T17196] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2595'. [ 847.551464][T17198] QAT: Invalid ioctl 35077 [ 849.006366][T17201] kexec: Could not allocate control_code_buffer [ 849.383425][T17223] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2599'. [ 850.112635][ T5846] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 851.167423][T17250] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2604'. [ 851.209318][T17252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2605'. [ 851.231230][T17253] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2604'. [ 851.265693][T17254] netlink: 'syz.1.2605': attribute type 1 has an invalid length. [ 851.317460][T17254] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2605'. [ 854.046697][T17295] type: 1024000000 invalid [ 854.479966][T17306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2617'. [ 854.510953][T17308] program syz.1.2619 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 854.527708][T17306] netlink: 'syz.3.2617': attribute type 1 has an invalid length. [ 854.555549][T17308] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 854.565818][T17306] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2617'. [ 854.953897][T17322] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2620'. [ 854.992714][T17323] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 855.083672][T17324] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2621'. [ 856.392609][T17340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2627'. [ 856.427463][T17340] netlink: 'syz.3.2627': attribute type 1 has an invalid length. [ 856.452678][T17340] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2627'. [ 856.912526][T17350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2630'. [ 856.936602][T17350] netlink: 'syz.0.2630': attribute type 1 has an invalid length. [ 856.953688][T17350] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2630'. [ 857.491293][ T5846] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 857.843348][T17373] QAT: Invalid ioctl 35077 [ 858.310742][T17379] futex_wake_op: syz.3.2636 tries to shift op by -2048; fix this program [ 858.970444][T17394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2641'. [ 859.002437][T17394] netlink: 'syz.2.2641': attribute type 1 has an invalid length. [ 859.028978][T17394] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2641'. [ 859.082354][T17398] QAT: Invalid ioctl 35077 [ 860.627870][T17439] __nla_validate_parse: 2 callbacks suppressed [ 860.627888][T17439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2651'. [ 860.705213][T17439] netlink: 'syz.0.2651': attribute type 1 has an invalid length. [ 860.719300][T17443] random: crng reseeded on system resumption [ 860.742320][T17439] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2651'. [ 861.010579][T17449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2653'. [ 861.061189][T17449] netlink: 'syz.0.2653': attribute type 1 has an invalid length. [ 861.102106][T17449] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2653'. [ 861.520426][T17460] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2656'. [ 861.633837][T17462] QAT: Invalid ioctl 35077 [ 862.670823][ T5846] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 862.678529][ T5846] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 863.327004][T17506] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2665'. [ 863.372957][T17506] netlink: 'syz.0.2665': attribute type 1 has an invalid length. [ 863.411724][T17506] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2665'. [ 864.646807][T17538] QAT: Invalid ioctl 35077 [ 865.924211][ T5846] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 865.932589][ T5846] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 867.725148][T17585] FAULT_INJECTION: forcing a failure. [ 867.725148][T17585] name failslab, interval 1, probability 0, space 0, times 0 [ 867.781549][T17585] CPU: 0 UID: 0 PID: 17585 Comm: syz.0.2682 Not tainted syzkaller #0 PREEMPT(full) [ 867.781577][T17585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 867.781587][T17585] Call Trace: [ 867.781594][T17585] [ 867.781601][T17585] dump_stack_lvl+0x100/0x190 [ 867.781637][T17585] should_fail_ex.cold+0x5/0xa [ 867.781661][T17585] should_failslab+0xc2/0x120 [ 867.781681][T17585] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 867.781708][T17585] ? acpi_ut_create_generic_state+0x61/0xc0 [ 867.781739][T17585] acpi_ut_create_generic_state+0x61/0xc0 [ 867.781764][T17585] acpi_ds_scope_stack_push+0x70/0x790 [ 867.781793][T17585] acpi_ds_init_aml_walk+0x2d8/0x680 [ 867.781822][T17585] acpi_ps_execute_method+0x39d/0xe90 [ 867.781855][T17585] acpi_ns_evaluate+0x640/0x1670 [ 867.781890][T17585] acpi_evaluate_object+0x420/0xe00 [ 867.781913][T17585] ? kasan_save_stack+0x30/0x50 [ 867.781940][T17585] ? kasan_save_track+0x14/0x30 [ 867.781966][T17585] ? __kasan_kmalloc+0xaa/0xb0 [ 867.781991][T17585] ? __kvmalloc_node_noprof+0x360/0xa00 [ 867.782021][T17585] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 867.782044][T17585] ? lock_acquire+0x1b1/0x370 [ 867.782078][T17585] acpi_evaluate_integer+0xdf/0x220 [ 867.782097][T17585] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 867.782125][T17585] ? __pfx_status_show+0x10/0x10 [ 867.782147][T17585] status_show+0xa0/0x120 [ 867.782169][T17585] ? __pfx_status_show+0x10/0x10 [ 867.782196][T17585] dev_attr_show+0x52/0xa0 [ 867.782222][T17585] ? __pfx_dev_attr_show+0x10/0x10 [ 867.782247][T17585] sysfs_kf_seq_show+0x217/0x3a0 [ 867.782284][T17585] seq_read_iter+0x32f/0x1270 [ 867.782311][T17585] ? lock_acquire+0x1b1/0x370 [ 867.782346][T17585] kernfs_fop_read_iter+0x46c/0x610 [ 867.782372][T17585] ? rw_verify_area+0xce/0x6d0 [ 867.782398][T17585] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 867.782422][T17585] vfs_read+0x825/0xb30 [ 867.782441][T17585] ? __pfx_vfs_read+0x10/0x10 [ 867.782471][T17585] ksys_read+0x12a/0x250 [ 867.782487][T17585] ? __pfx_ksys_read+0x10/0x10 [ 867.782506][T17585] ? rcu_is_watching+0x12/0xc0 [ 867.782528][T17585] do_syscall_64+0x10b/0xf80 [ 867.782556][T17585] ? clear_bhb_loop+0x40/0x90 [ 867.782578][T17585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 867.782597][T17585] RIP: 0033:0x7f3bed79c819 [ 867.782612][T17585] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 867.782630][T17585] RSP: 002b:00007f3bee689028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 867.782648][T17585] RAX: ffffffffffffffda RBX: 00007f3beda15fa0 RCX: 00007f3bed79c819 [ 867.782660][T17585] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 867.782671][T17585] RBP: 00007f3bed832c91 R08: 0000000000000000 R09: 0000000000000000 [ 867.782682][T17585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 867.782692][T17585] R13: 00007f3beda16038 R14: 00007f3beda15fa0 R15: 00007fff570fb418 [ 867.782716][T17585] [ 867.782726][T17585] ACPI Error: [ 868.203337][T17597] QAT: Invalid ioctl 35077 [ 868.349522][T17565] kexec: Could not allocate control_code_buffer [ 868.606889][T17603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2687'. [ 868.631555][T17603] netlink: 'syz.3.2687': attribute type 1 has an invalid length. [ 868.655537][T17603] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2687'. [ 869.068521][ T5846] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 869.076070][ T5846] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 869.287639][T17585] ffff888044767000 walk still has a scope list (20251212/dswstate-694) [ 870.605780][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.612289][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.977212][T17638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2695'. [ 871.365155][T17648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2697'. [ 871.423847][T17648] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2697'. [ 872.007417][T17659] vivid-007: ================= START STATUS ================= [ 872.035048][T17659] vivid-007: Generate PTS: true [ 872.051737][T17659] vivid-007: Generate SCR: true [ 872.070844][T17659] tpg source WxH: 320x240 (Y'CbCr) [ 872.106015][T17659] tpg field: 1 [ 872.118889][T17659] tpg crop: (0,0)/320x240 [ 872.145255][T17659] tpg compose: (0,0)/320x240 [ 872.174302][T17659] tpg colorspace: 8 [ 872.200116][T17659] tpg transfer function: 0/0 [ 872.217666][T17659] tpg Y'CbCr encoding: 0/0 [ 872.254822][T17659] tpg quantization: 0/0 [ 872.282373][T17659] tpg RGB range: 0/2 [ 872.330597][T17659] vivid-007: ================== END STATUS ================== [ 873.242935][T17683] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2704'. [ 873.286555][T17683] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2704'. [ 874.809577][T17695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2706'. [ 874.854303][T17695] netlink: 'syz.1.2706': attribute type 1 has an invalid length. [ 874.891828][T17695] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2706'. [ 877.619842][T17713] kexec: Could not allocate control_code_buffer [ 878.113507][T17745] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2718'. [ 878.165612][T17745] netlink: 'syz.3.2718': attribute type 1 has an invalid length. [ 878.222661][T17745] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2718'. [ 878.402719][T17754] QAT: Invalid ioctl 35077 [ 879.600872][T17778] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2725'. [ 879.643277][T17778] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2725'. [ 880.201282][T17789] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 880.242949][T17797] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2730'. [ 880.260587][T17789] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 880.275813][T17797] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2730'. [ 880.365138][T17789] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 880.431437][T17789] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 880.537442][T17789] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 880.578698][T17789] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 880.657147][T17789] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 880.700989][T17789] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 881.103487][T17807] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2732'. [ 881.160671][T17809] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2732'. [ 881.418169][T17811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2733'. [ 881.450565][T17811] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2733'. [ 882.048866][T16593] Bluetooth: hci3: command 0x0c1a tx timeout [ 882.370122][T16593] Bluetooth: hci2: command 0x0c1a tx timeout [ 882.609165][T16593] Bluetooth: hci1: command 0x0c1a tx timeout [ 882.689195][T16593] Bluetooth: hci0: command 0x0c1a tx timeout [ 883.945230][T17863] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2743'. [ 883.981304][T17865] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2744'. [ 884.001919][T17866] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2743'. [ 884.032601][T17865] mac80211_hwsim hwsim19 ›: renamed from wlan0 [ 884.129988][T16593] Bluetooth: hci3: command 0x0c1a tx timeout [ 884.449729][T16593] Bluetooth: hci2: command 0x0c1a tx timeout [ 884.689712][T16593] Bluetooth: hci1: command 0x0c1a tx timeout [ 884.770416][T16593] Bluetooth: hci0: command 0x0c1a tx timeout [ 886.250258][T17925] random: crng reseeded on system resumption [ 886.741434][T17927] FAULT_INJECTION: forcing a failure. [ 886.741434][T17927] name failslab, interval 1, probability 0, space 0, times 0 [ 886.822282][T17927] CPU: 0 UID: 0 PID: 17927 Comm: syz.1.2754 Not tainted syzkaller #0 PREEMPT(full) [ 886.822309][T17927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 886.822321][T17927] Call Trace: [ 886.822327][T17927] [ 886.822335][T17927] dump_stack_lvl+0x100/0x190 [ 886.822371][T17927] should_fail_ex.cold+0x5/0xa [ 886.822395][T17927] should_failslab+0xc2/0x120 [ 886.822415][T17927] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 886.822442][T17927] ? acpi_ut_allocate_object_desc_dbg+0x86/0x240 [ 886.822465][T17927] ? acpi_ut_trace+0x1d7/0x2a0 [ 886.822494][T17927] acpi_ut_allocate_object_desc_dbg+0x86/0x240 [ 886.822519][T17927] acpi_ut_create_internal_object_dbg+0x51/0x260 [ 886.822544][T17927] acpi_ut_create_integer_object+0x46/0xe0 [ 886.822567][T17927] acpi_ps_execute_method+0x582/0xe90 [ 886.822600][T17927] acpi_ns_evaluate+0x640/0x1670 [ 886.822634][T17927] acpi_evaluate_object+0x420/0xe00 [ 886.822657][T17927] ? kasan_save_stack+0x30/0x50 [ 886.822683][T17927] ? kasan_save_track+0x14/0x30 [ 886.822709][T17927] ? __kasan_kmalloc+0xaa/0xb0 [ 886.822734][T17927] ? __kvmalloc_node_noprof+0x360/0xa00 [ 886.822764][T17927] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 886.822786][T17927] ? lock_acquire+0x1b1/0x370 [ 886.822820][T17927] acpi_evaluate_integer+0xdf/0x220 [ 886.822914][T17927] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 886.822944][T17927] ? __pfx_status_show+0x10/0x10 [ 886.822975][T17927] status_show+0xa0/0x120 [ 886.823003][T17927] ? __pfx_status_show+0x10/0x10 [ 886.823033][T17927] dev_attr_show+0x52/0xa0 [ 886.823060][T17927] ? __pfx_dev_attr_show+0x10/0x10 [ 886.823085][T17927] sysfs_kf_seq_show+0x217/0x3a0 [ 886.823116][T17927] seq_read_iter+0x32f/0x1270 [ 886.823143][T17927] ? lock_acquire+0x1b1/0x370 [ 886.823181][T17927] kernfs_fop_read_iter+0x46c/0x610 [ 886.823204][T17927] ? rw_verify_area+0xce/0x6d0 [ 886.823230][T17927] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 886.823254][T17927] vfs_read+0x825/0xb30 [ 886.823273][T17927] ? __pfx_vfs_read+0x10/0x10 [ 886.823304][T17927] ksys_read+0x12a/0x250 [ 886.823321][T17927] ? __pfx_ksys_read+0x10/0x10 [ 886.823339][T17927] ? rcu_is_watching+0x12/0xc0 [ 886.823362][T17927] do_syscall_64+0x10b/0xf80 [ 886.823388][T17927] ? clear_bhb_loop+0x40/0x90 [ 886.823411][T17927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.823430][T17927] RIP: 0033:0x7f233599c819 [ 886.823446][T17927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 886.823464][T17927] RSP: 002b:00007f2336924028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 886.823483][T17927] RAX: ffffffffffffffda RBX: 00007f2335c15fa0 RCX: 00007f233599c819 [ 886.823495][T17927] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 886.823505][T17927] RBP: 00007f2335a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 886.823516][T17927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 886.823526][T17927] R13: 00007f2335c16038 R14: 00007f2335c15fa0 R15: 00007ffc1c3510f8 [ 886.823549][T17927] [ 886.823569][T17927] ACPI Error: [ 887.366362][T17941] QAT: Invalid ioctl 35077 [ 888.389943][T17955] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2757'. [ 888.414299][T17927] Could not allocate an object descriptor (20251212/utobject-180) [ 888.452048][T17958] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2757'. [ 888.722439][T17927] ACPI Error: ffff888036b42000 walk still has a scope list (20251212/dswstate-694) [ 889.588915][T17986] QAT: Invalid ioctl 35077 [ 890.430176][T17995] ubi: mtd0 is already attached to ubi0 [ 890.784893][T18000] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2766'. [ 890.828974][T18000] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2766'. [ 891.632365][T16593] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 892.788359][T18025] random: crng reseeded on system resumption [ 893.320602][T18032] program syz.3.2771 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 893.361814][T18032] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 893.429997][T18032] FAULT_INJECTION: forcing a failure. [ 893.429997][T18032] name fail_futex, interval 1, probability 0, space 0, times 0 [ 893.504440][T18032] CPU: 0 UID: 0 PID: 18032 Comm: syz.3.2771 Tainted: G L syzkaller #0 PREEMPT(full) [ 893.504472][T18032] Tainted: [L]=SOFTLOCKUP [ 893.504479][T18032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 893.504495][T18032] Call Trace: [ 893.504502][T18032] [ 893.504509][T18032] dump_stack_lvl+0x100/0x190 [ 893.504546][T18032] should_fail_ex.cold+0x5/0xa [ 893.504570][T18032] get_futex_key+0x1d2/0x1510 [ 893.504601][T18032] ? __pfx_get_futex_key+0x10/0x10 [ 893.504637][T18032] futex_wait_setup+0x83/0x510 [ 893.504667][T18032] __futex_wait+0x19f/0x300 [ 893.504691][T18032] ? __pfx___futex_wait+0x10/0x10 [ 893.504717][T18032] ? __pfx_futex_wake_mark+0x10/0x10 [ 893.504742][T18032] ? futex_hash+0x2ad/0x370 [ 893.504771][T18032] ? futex_hash+0x141/0x370 [ 893.504800][T18032] futex_wait+0xe6/0x370 [ 893.504822][T18032] ? __pfx_futex_wait+0x10/0x10 [ 893.504849][T18032] ? __might_fault+0xc5/0x140 [ 893.504881][T18032] do_futex+0x1ef/0x350 [ 893.504899][T18032] ? __pfx_do_futex+0x10/0x10 [ 893.504919][T18032] ? __sys_connect+0xe4/0x170 [ 893.504949][T18032] __x64_sys_futex+0x34f/0x4d0 [ 893.504971][T18032] ? __pfx___x64_sys_futex+0x10/0x10 [ 893.504993][T18032] ? rcu_is_watching+0x12/0xc0 [ 893.505016][T18032] do_syscall_64+0x10b/0xf80 [ 893.505050][T18032] ? clear_bhb_loop+0x40/0x90 [ 893.505072][T18032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.505090][T18032] RIP: 0033:0x7fdc1479c819 [ 893.505105][T18032] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 893.505124][T18032] RSP: 002b:00007fdc155900e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 893.505142][T18032] RAX: ffffffffffffffda RBX: 00007fdc14a15fa8 RCX: 00007fdc1479c819 [ 893.505154][T18032] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdc14a15fa8 [ 893.505165][T18032] RBP: 00007fdc14a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 893.505177][T18032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 893.505188][T18032] R13: 00007fdc14a16038 R14: 00007fff89e0c210 R15: 00007fff89e0c2f8 [ 893.505211][T18032] [ 894.192911][T18046] vivid-007: ================= START STATUS ================= [ 894.232800][T18046] vivid-007: Generate PTS: true [ 894.279843][T18046] vivid-007: Generate SCR: true [ 894.329046][T18046] tpg source WxH: 320x240 (Y'CbCr) [ 894.343643][T18046] tpg field: 1 [ 894.355394][T18046] tpg crop: (0,0)/320x240 [ 894.369201][T18046] tpg compose: (0,0)/320x240 [ 894.379106][T18046] tpg colorspace: 8 [ 894.391117][T18046] tpg transfer function: 0/0 [ 894.401092][T18046] tpg Y'CbCr encoding: 0/0 [ 894.411628][T18046] tpg quantization: 0/0 [ 894.423792][T18050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2774'. [ 894.433263][T18046] tpg RGB range: 0/2 [ 894.443260][T18046] vivid-007: ================== END STATUS ================== [ 894.451770][T18050] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2774'. [ 895.409516][T18063] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2777'. [ 895.467944][T18064] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2777'. [ 896.203416][T18069] FAULT_INJECTION: forcing a failure. [ 896.203416][T18069] name failslab, interval 1, probability 0, space 0, times 0 [ 896.278222][T18069] CPU: 0 UID: 0 PID: 18069 Comm: syz.2.2778 Tainted: G L syzkaller #0 PREEMPT(full) [ 896.278256][T18069] Tainted: [L]=SOFTLOCKUP [ 896.278263][T18069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 896.278273][T18069] Call Trace: [ 896.278280][T18069] [ 896.278288][T18069] dump_stack_lvl+0x100/0x190 [ 896.278323][T18069] should_fail_ex.cold+0x5/0xa [ 896.278349][T18069] should_failslab+0xc2/0x120 [ 896.278373][T18069] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 896.278400][T18069] ? acpi_ut_allocate_object_desc_dbg+0x86/0x240 [ 896.278423][T18069] ? acpi_ut_trace+0x1d7/0x2a0 [ 896.278451][T18069] acpi_ut_allocate_object_desc_dbg+0x86/0x240 [ 896.278480][T18069] acpi_ut_create_internal_object_dbg+0x51/0x260 [ 896.278506][T18069] acpi_ut_create_integer_object+0x46/0xe0 [ 896.278529][T18069] acpi_ps_execute_method+0x582/0xe90 [ 896.278562][T18069] acpi_ns_evaluate+0x640/0x1670 [ 896.278598][T18069] acpi_evaluate_object+0x420/0xe00 [ 896.278620][T18069] ? kasan_save_stack+0x30/0x50 [ 896.278646][T18069] ? kasan_save_track+0x14/0x30 [ 896.278681][T18069] ? __kasan_kmalloc+0xaa/0xb0 [ 896.278707][T18069] ? __kvmalloc_node_noprof+0x360/0xa00 [ 896.278740][T18069] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 896.278762][T18069] ? lock_acquire+0x1b1/0x370 [ 896.278796][T18069] acpi_evaluate_integer+0xdf/0x220 [ 896.278824][T18069] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 896.278854][T18069] ? __pfx_status_show+0x10/0x10 [ 896.278876][T18069] status_show+0xa0/0x120 [ 896.278899][T18069] ? __pfx_status_show+0x10/0x10 [ 896.278932][T18069] dev_attr_show+0x52/0xa0 [ 896.278958][T18069] ? __pfx_dev_attr_show+0x10/0x10 [ 896.278983][T18069] sysfs_kf_seq_show+0x217/0x3a0 [ 896.279013][T18069] seq_read_iter+0x32f/0x1270 [ 896.279040][T18069] ? lock_acquire+0x1b1/0x370 [ 896.279078][T18069] kernfs_fop_read_iter+0x46c/0x610 [ 896.279101][T18069] ? rw_verify_area+0xce/0x6d0 [ 896.279126][T18069] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 896.279150][T18069] vfs_read+0x825/0xb30 [ 896.279169][T18069] ? __pfx_vfs_read+0x10/0x10 [ 896.279206][T18069] ksys_read+0x12a/0x250 [ 896.279223][T18069] ? __pfx_ksys_read+0x10/0x10 [ 896.279241][T18069] ? rcu_is_watching+0x12/0xc0 [ 896.279265][T18069] do_syscall_64+0x10b/0xf80 [ 896.279292][T18069] ? clear_bhb_loop+0x40/0x90 [ 896.279314][T18069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.279333][T18069] RIP: 0033:0x7f28db59c819 [ 896.279349][T18069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 896.279366][T18069] RSP: 002b:00007f28dc39a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 896.279384][T18069] RAX: ffffffffffffffda RBX: 00007f28db815fa0 RCX: 00007f28db59c819 [ 896.279407][T18069] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 896.279419][T18069] RBP: 00007f28db632c91 R08: 0000000000000000 R09: 0000000000000000 [ 896.279429][T18069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 896.279440][T18069] R13: 00007f28db816038 R14: 00007f28db815fa0 R15: 00007ffdc16eed98 [ 896.279464][T18069] [ 896.629640][T18069] ACPI Error: Could not allocate an object descriptor (20251212/utobject-180) [ 896.639096][T18069] ACPI Error: ffff8880a9457000 walk still has a scope list (20251212/dswstate-694) [ 898.416770][T18117] QAT: Invalid ioctl 35077 [ 900.531780][T18145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2791'. [ 900.576961][T18145] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2791'. [ 901.420951][T18150] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 901.488836][T18150] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 901.557252][T18150] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 901.677989][T18150] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 901.811753][T18161] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2795'. [ 902.191024][T18167] netlink: 'syz.0.2798': attribute type 1 has an invalid length. [ 902.228095][T18167] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2798'. [ 902.466603][T18176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2799'. [ 902.497459][T18176] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2799'. [ 903.099066][T16593] Bluetooth: hci3: command 0x0c1a tx timeout [ 903.499138][T16593] Bluetooth: hci2: command 0x0c1a tx timeout [ 903.579974][T16593] Bluetooth: hci1: command 0x0c1a tx timeout [ 903.748057][T16593] Bluetooth: hci0: command 0x0c1a tx timeout [ 903.985787][T18184] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 905.470750][T18216] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 905.494099][T18216] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 905.520016][T18216] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 905.557136][T18216] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 907.422248][T16593] Bluetooth: hci3: command 0x0c1a tx timeout [ 907.501303][T16593] Bluetooth: hci2: command 0x0c1a tx timeout [ 907.581206][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout [ 907.587368][T16593] Bluetooth: hci0: command 0x0c1a tx timeout [ 908.505529][T18251] QAT: Invalid ioctl 35077 [ 910.532312][T18285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2821'. [ 910.582118][T18285] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2821'. [ 911.524132][T18307] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2827'. [ 911.565774][T18307] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2827'. [ 911.949086][T18316] random: crng reseeded on system resumption [ 911.971439][T18301] FAULT_INJECTION: forcing a failure. [ 911.971439][T18301] name failslab, interval 1, probability 0, space 0, times 0 [ 912.114836][T18301] CPU: 0 UID: 0 PID: 18301 Comm: syz.1.2826 Tainted: G L syzkaller #0 PREEMPT(full) [ 912.114869][T18301] Tainted: [L]=SOFTLOCKUP [ 912.114876][T18301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 912.114887][T18301] Call Trace: [ 912.114893][T18301] [ 912.114900][T18301] dump_stack_lvl+0x100/0x190 [ 912.114935][T18301] should_fail_ex.cold+0x5/0xa [ 912.114959][T18301] should_failslab+0xc2/0x120 [ 912.114978][T18301] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 912.115004][T18301] ? do_getname+0x35/0x390 [ 912.115034][T18301] do_getname+0x35/0x390 [ 912.115061][T18301] do_sys_openat2+0xc5/0x1e0 [ 912.115092][T18301] ? __pfx_do_sys_openat2+0x10/0x10 [ 912.115131][T18301] __x64_sys_openat+0x12d/0x210 [ 912.115160][T18301] ? __pfx___x64_sys_openat+0x10/0x10 [ 912.115188][T18301] ? rcu_is_watching+0x12/0xc0 [ 912.115211][T18301] do_syscall_64+0x10b/0xf80 [ 912.115237][T18301] ? clear_bhb_loop+0x40/0x90 [ 912.115261][T18301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 912.115295][T18301] RIP: 0033:0x7f233599c819 [ 912.115311][T18301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 912.115330][T18301] RSP: 002b:00007f2336924028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 912.115349][T18301] RAX: ffffffffffffffda RBX: 00007f2335c15fa0 RCX: 00007f233599c819 [ 912.115361][T18301] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 912.115372][T18301] RBP: 00007f2335a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 912.115383][T18301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 912.115394][T18301] R13: 00007f2335c16038 R14: 00007f2335c15fa0 R15: 00007ffc1c3510f8 [ 912.115418][T18301] [ 915.743942][T18368] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2841'. [ 915.790470][T18368] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2841'. [ 916.631464][T16593] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 918.438422][T18392] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 918.506358][T18394] netlink: 'syz.2.2845': attribute type 1 has an invalid length. [ 918.541650][T18394] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2845'. [ 920.452111][T18411] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2855'. [ 920.521198][T18413] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2855'. [ 920.813146][T18407] FAULT_INJECTION: forcing a failure. [ 920.813146][T18407] name fail_futex, interval 1, probability 0, space 0, times 0 [ 920.868608][T18407] CPU: 0 UID: 0 PID: 18407 Comm: syz.2.2849 Tainted: G L syzkaller #0 PREEMPT(full) [ 920.868640][T18407] Tainted: [L]=SOFTLOCKUP [ 920.868647][T18407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 920.868657][T18407] Call Trace: [ 920.868663][T18407] [ 920.868670][T18407] dump_stack_lvl+0x100/0x190 [ 920.868704][T18407] should_fail_ex.cold+0x5/0xa [ 920.868727][T18407] get_futex_key+0x1d2/0x1510 [ 920.868759][T18407] ? __pfx_get_futex_key+0x10/0x10 [ 920.868793][T18407] ? find_held_lock+0x2b/0x80 [ 920.868816][T18407] ? is_bpf_text_address+0x8a/0x1a0 [ 920.868839][T18407] ? is_bpf_text_address+0x8a/0x1a0 [ 920.868861][T18407] ? bpf_ksym_find+0x124/0x1c0 [ 920.868881][T18407] futex_wait_setup+0x83/0x510 [ 920.868910][T18407] __futex_wait+0x19f/0x300 [ 920.868934][T18407] ? __pfx___futex_wait+0x10/0x10 [ 920.868960][T18407] ? __pfx_futex_wake_mark+0x10/0x10 [ 920.868989][T18407] ? futex_hash+0x2ad/0x370 [ 920.869018][T18407] ? futex_hash+0x141/0x370 [ 920.869047][T18407] futex_wait+0xe6/0x370 [ 920.869070][T18407] ? __pfx_futex_wait+0x10/0x10 [ 920.869103][T18407] do_futex+0x1ef/0x350 [ 920.869121][T18407] ? __pfx_do_futex+0x10/0x10 [ 920.869145][T18407] __x64_sys_futex+0x34f/0x4d0 [ 920.869166][T18407] ? __pfx___x64_sys_futex+0x10/0x10 [ 920.869189][T18407] ? rcu_is_watching+0x12/0xc0 [ 920.869212][T18407] do_syscall_64+0x10b/0xf80 [ 920.869238][T18407] ? clear_bhb_loop+0x40/0x90 [ 920.869260][T18407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 920.869278][T18407] RIP: 0033:0x7f28db59c819 [ 920.869295][T18407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 920.869312][T18407] RSP: 002b:00007f28dc39a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 920.869330][T18407] RAX: ffffffffffffffda RBX: 00007f28db815fa8 RCX: 00007f28db59c819 [ 920.869341][T18407] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f28db815fa8 [ 920.869352][T18407] RBP: 00007f28db815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 920.869362][T18407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 920.869372][T18407] R13: 00007f28db816038 R14: 00007ffdc16eecb0 R15: 00007ffdc16eed98 [ 920.869396][T18407] [ 924.572121][T18457] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 926.042177][T18482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2864'. [ 926.082131][T18482] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2864'. [ 926.603179][T18477] FAULT_INJECTION: forcing a failure. [ 926.603179][T18477] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 926.709615][T18477] CPU: 0 UID: 0 PID: 18477 Comm: syz.0.2862 Tainted: G L syzkaller #0 PREEMPT(full) [ 926.709647][T18477] Tainted: [L]=SOFTLOCKUP [ 926.709653][T18477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 926.709664][T18477] Call Trace: [ 926.709670][T18477] [ 926.709677][T18477] dump_stack_lvl+0x100/0x190 [ 926.709711][T18477] should_fail_ex.cold+0x5/0xa [ 926.709735][T18477] strncpy_from_user+0x3b/0x2d0 [ 926.709762][T18477] do_getname+0x78/0x390 [ 926.709787][T18477] do_sys_openat2+0xc5/0x1e0 [ 926.709810][T18477] ? __pfx_do_sys_openat2+0x10/0x10 [ 926.709841][T18477] __x64_sys_openat+0x12d/0x210 [ 926.709865][T18477] ? __pfx___x64_sys_openat+0x10/0x10 [ 926.709894][T18477] ? rcu_is_watching+0x12/0xc0 [ 926.709917][T18477] do_syscall_64+0x10b/0xf80 [ 926.709943][T18477] ? clear_bhb_loop+0x40/0x90 [ 926.709965][T18477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.709983][T18477] RIP: 0033:0x7f3bed79c819 [ 926.709998][T18477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 926.710016][T18477] RSP: 002b:00007f3bee689028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 926.710035][T18477] RAX: ffffffffffffffda RBX: 00007f3beda15fa0 RCX: 00007f3bed79c819 [ 926.710047][T18477] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 926.710058][T18477] RBP: 00007f3bed832c91 R08: 0000000000000000 R09: 0000000000000000 [ 926.710069][T18477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 926.710079][T18477] R13: 00007f3beda16038 R14: 00007f3beda15fa0 R15: 00007fff570fb418 [ 926.710101][T18477] [ 927.350550][T18498] block2mtd: illegal erase size [ 930.126003][T18510] binder: 18506:18510 ioctl c0306201 200000001100 returned -14 [ 930.170119][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 930.180078][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.323101][T18541] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2875'. [ 931.382869][T18541] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2875'. [ 931.674680][T18536] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 932.085665][ T1309] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.094431][ T1309] ieee802154 phy1 wpan1: encryption failed: -22 [ 935.025975][T18578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2891'. [ 936.137945][T18596] netlink: 13 bytes leftover after parsing attributes in process `syz.3.2884'. [ 938.013465][T18616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2888'. [ 938.057057][T18616] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2888'. [ 939.375410][T18629] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2894'. [ 939.399811][T18632] block2mtd: illegal erase size [ 939.429859][T18629] netlink: 'syz.2.2894': attribute type 1 has an invalid length. [ 939.473865][T18629] netlink: 51465 bytes leftover after parsing attributes in process `syz.2.2894'. [ 942.799146][T18646] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 942.805520][T16593] Bluetooth: hci3: command 0x0c1a tx timeout [ 943.422569][T18646] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 943.431143][T18646] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 943.437693][T18646] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 943.891545][T18671] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 944.880338][T16593] Bluetooth: hci2: command 0x0c1a tx timeout [ 944.995253][T18709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2913'. [ 945.039551][T18709] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2913'. [ 945.168651][T18704] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 945.440241][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout [ 945.446313][T16593] Bluetooth: hci0: command 0x0c1a tx timeout [ 946.846164][T18731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2918'. [ 947.199400][T18722] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2916'. [ 948.302059][T18744] block2mtd: illegal erase size [ 948.325995][T18740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2921'. [ 948.374679][T18740] netlink: 'syz.2.2921': attribute type 1 has an invalid length. [ 948.414082][T18740] netlink: 'syz.2.2921': attribute type 6 has an invalid length. [ 948.449794][T18740] netlink: 51465 bytes leftover after parsing attributes in process `syz.2.2921'. [ 948.493803][T18740] netlink: 'syz.2.2921': attribute type 1 has an invalid length. [ 950.117366][T18763] [ 950.119823][T18763] ====================================================== [ 950.127020][T18763] WARNING: possible circular locking dependency detected [ 950.134258][T18763] syzkaller #0 Tainted: G L [ 950.140242][T18763] ------------------------------------------------------ [ 950.147534][T18763] syz.0.2923/18763 is trying to acquire lock: [ 950.153682][T18763] ffff888023a9ee68 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4ca/0xcb0 [ 950.165440][T18763] [ 950.165440][T18763] but task is already holding lock: [ 950.172910][T18763] ffff888023a9d9e0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 950.181905][T18763] [ 950.181905][T18763] which lock already depends on the new lock. [ 950.181905][T18763] [ 950.192310][T18763] [ 950.192310][T18763] the existing dependency chain (in reverse order) is: [ 950.201422][T18763] [ 950.201422][T18763] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 950.209215][T18763] lock_sock_nested+0x41/0xf0 [ 950.214638][T18763] smc_listen_out+0x1f5/0x4b0 [ 950.219879][T18763] smc_listen_work+0x4c2/0x50e0 [ 950.225272][T18763] process_one_work+0xa0e/0x1980 [ 950.230735][T18763] worker_thread+0x5ef/0xe50 [ 950.235848][T18763] kthread+0x370/0x450 [ 950.240446][T18763] ret_from_fork+0x72b/0xd50 [ 950.245571][T18763] ret_from_fork_asm+0x1a/0x30 [ 950.250869][T18763] [ 950.250869][T18763] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 950.261547][T18763] __lock_acquire+0x14b8/0x2630 [ 950.266950][T18763] lock_acquire+0x1b1/0x370 [ 950.271991][T18763] __flush_work+0x4de/0xcb0 [ 950.277027][T18763] cancel_work_sync+0xd1/0xf0 [ 950.282235][T18763] smc_clcsock_release+0x5f/0xe0 [ 950.287805][T18763] __smc_release+0x5c2/0x880 [ 950.293102][T18763] smc_close_non_accepted+0xda/0x200 [ 950.299059][T18763] smc_close_active+0x4ff/0x1070 [ 950.304711][T18763] __smc_release+0x634/0x880 [ 950.309930][T18763] smc_release+0x1fc/0x620 [ 950.314979][T18763] __sock_release+0xb3/0x260 [ 950.320566][T18763] sock_close+0x1c/0x30 [ 950.325348][T18763] __fput+0x3ff/0xb50 [ 950.329865][T18763] task_work_run+0x150/0x240 [ 950.335348][T18763] get_signal+0x1bd/0x21e0 [ 950.340409][T18763] arch_do_signal_or_restart+0x91/0x770 [ 950.346506][T18763] exit_to_user_mode_loop+0x86/0x4a0 [ 950.352428][T18763] do_syscall_64+0x6f2/0xf80 [ 950.357649][T18763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.364284][T18763] [ 950.364284][T18763] other info that might help us debug this: [ 950.364284][T18763] [ 950.374723][T18763] Possible unsafe locking scenario: [ 950.374723][T18763] [ 950.382283][T18763] CPU0 CPU1 [ 950.387762][T18763] ---- ---- [ 950.393305][T18763] lock(sk_lock-AF_SMC/1); [ 950.397825][T18763] lock((work_completion)(&new_smc->smc_listen_work)); [ 950.407545][T18763] lock(sk_lock-AF_SMC/1); [ 950.415150][T18763] lock((work_completion)(&new_smc->smc_listen_work)); [ 950.422192][T18763] [ 950.422192][T18763] *** DEADLOCK *** [ 950.422192][T18763] [ 950.430414][T18763] 3 locks held by syz.0.2923/18763: [ 950.435870][T18763] #0: ffff888076f1dc40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 950.446512][T18763] #1: ffff888023a9d9e0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 950.456057][T18763] #2: ffffffff8e7e5260 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfd/0xcb0 [ 950.465649][T18763] [ 950.465649][T18763] stack backtrace: [ 950.471839][T18763] CPU: 0 UID: 0 PID: 18763 Comm: syz.0.2923 Tainted: G L syzkaller #0 PREEMPT(full) [ 950.471869][T18763] Tainted: [L]=SOFTLOCKUP [ 950.471876][T18763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 950.471886][T18763] Call Trace: [ 950.471895][T18763] [ 950.471901][T18763] dump_stack_lvl+0x100/0x190 [ 950.471935][T18763] print_circular_bug.cold+0x178/0x1c7 [ 950.471964][T18763] check_noncircular+0x146/0x160 [ 950.472034][T18763] __lock_acquire+0x14b8/0x2630 [ 950.472064][T18763] lock_acquire+0x1b1/0x370 [ 950.472090][T18763] ? __flush_work+0x4ca/0xcb0 [ 950.472108][T18763] ? mark_held_locks+0x40/0x70 [ 950.472134][T18763] ? __flush_work+0x4ca/0xcb0 [ 950.472150][T18763] __flush_work+0x4de/0xcb0 [ 950.472165][T18763] ? __flush_work+0x4ca/0xcb0 [ 950.472182][T18763] ? __pfx___flush_work+0x10/0x10 [ 950.472200][T18763] ? __pfx_wq_barrier_func+0x10/0x10 [ 950.472224][T18763] ? __pfx___might_resched+0x10/0x10 [ 950.472244][T18763] ? __smc_release+0x5ba/0x880 [ 950.472267][T18763] cancel_work_sync+0xd1/0xf0 [ 950.472287][T18763] smc_clcsock_release+0x5f/0xe0 [ 950.472310][T18763] __smc_release+0x5c2/0x880 [ 950.472330][T18763] ? __pfx_sock_def_readable+0x10/0x10 [ 950.472358][T18763] smc_close_non_accepted+0xda/0x200 [ 950.472382][T18763] smc_close_active+0x4ff/0x1070 [ 950.472406][T18763] __smc_release+0x634/0x880 [ 950.472426][T18763] smc_release+0x1fc/0x620 [ 950.472447][T18763] __sock_release+0xb3/0x260 [ 950.472465][T18763] ? __pfx_sock_close+0x10/0x10 [ 950.472482][T18763] sock_close+0x1c/0x30 [ 950.472499][T18763] __fput+0x3ff/0xb50 [ 950.472520][T18763] task_work_run+0x150/0x240 [ 950.472536][T18763] ? __pfx_task_work_run+0x10/0x10 [ 950.472554][T18763] get_signal+0x1bd/0x21e0 [ 950.472574][T18763] ? task_work_add+0x201/0x3b0 [ 950.472602][T18763] ? __pfx_task_work_add+0x10/0x10 [ 950.472630][T18763] ? __pfx_get_signal+0x10/0x10 [ 950.472651][T18763] ? __fput_deferred+0x217/0x4a0 [ 950.472672][T18763] arch_do_signal_or_restart+0x91/0x770 [ 950.472697][T18763] ? __sys_accept4+0x1cb/0x200 [ 950.472722][T18763] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 950.472750][T18763] ? __pfx___sys_accept4+0x10/0x10 [ 950.472775][T18763] ? rcu_is_watching+0x12/0xc0 [ 950.472795][T18763] exit_to_user_mode_loop+0x86/0x4a0 [ 950.472823][T18763] ? do_syscall_64+0x519/0xf80 [ 950.472848][T18763] do_syscall_64+0x6f2/0xf80 [ 950.472874][T18763] ? clear_bhb_loop+0x40/0x90 [ 950.472893][T18763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.472911][T18763] RIP: 0033:0x7f3bed79c819 [ 950.472926][T18763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 950.472944][T18763] RSP: 002b:00007f3bee647028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 950.472962][T18763] RAX: fffffffffffffe00 RBX: 00007f3beda16180 RCX: 00007f3bed79c819 [ 950.472973][T18763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 950.472983][T18763] RBP: 00007f3bed832c91 R08: 0000000000000000 R09: 0000000000000000 [ 950.473064][T18763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 950.473085][T18763] R13: 00007f3beda16218 R14: 00007f3beda16180 R15: 00007fff570fb418 [ 950.473102][T18763] [ 950.921912][T18772] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2925'. [ 950.931775][T18772] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2925'. [ 951.027032][T18773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2924'. [ 951.036636][T18773] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2924'. SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 951.586131][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.656103][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.729110][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.786647][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.967636][ T12] netdevsim netdevsim1335 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 952.026952][ T12] bridge_slave_1: left allmulticast mode [ 952.046825][ T12] bridge_slave_1: left promiscuous mode [ 952.064320][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 952.257634][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 952.277406][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 952.304438][ T12] bond0 (unregistering): Released all slaves [ 952.347587][ T12] i: left promiscuous mode [ 952.365224][ T12] HfR: left promiscuous mode [ 952.487250][ T12] hsr_slave_0: left promiscuous mode [ 952.503480][ T12] hsr_slave_1: left promiscuous mode [ 952.516529][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 952.524391][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 952.532368][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 952.540277][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 952.549700][ T12] veth1_macvtap: left promiscuous mode [ 952.555417][ T12] veth0_macvtap: left promiscuous mode [ 952.560927][ T12] veth1_vlan: left promiscuous mode [ 952.665507][ T12] team0 (unregistering): Port device team_slave_1 removed [ 952.680075][ T12] team0 (unregistering): Port device team_slave_0 removed [ 952.727200][ T5494] 8021q: adding VLAN 0 to HW filter on device eth1 [ 952.878882][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 952.938500][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 952.977864][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 953.008843][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 953.106966][ T12] dummy0: left allmulticast mode [ 953.120028][ T12] dummy0: left promiscuous mode [ 953.134335][ T12] bridge0: port 3(dummy0) entered disabled state [ 953.147277][ T12] bridge_slave_1: left allmulticast mode [ 953.159939][ T12] bridge_slave_1: left promiscuous mode [ 953.175033][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 953.291126][ T12] bond0 (unregistering): (slave ›): Releasing backup interface [ 953.301615][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 953.311965][ T12] bond0 (unregistering): Released all slaves [ 953.359422][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 953.374227][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 953.383657][ T12] bond0 (unregistering): Released all slaves [ 953.391977][ T5494] 8021q: adding VLAN 0 to HW filter on device eth2 [ 953.428742][ T12] i: left promiscuous mode [ 953.465440][ T12] HfR: left promiscuous mode [ 953.717893][ T12] hsr_slave_0: left promiscuous mode [ 953.732246][ T12] hsr_slave_1: left promiscuous mode [ 953.745755][ T12] hsr_slave_0: left promiscuous mode [ 953.757253][ T12] hsr_slave_1: left promiscuous mode [ 953.770227][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 953.795080][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 953.802697][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 953.815838][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 953.837939][ T12] veth1_macvtap: left promiscuous mode [ 953.852177][ T12] veth0_macvtap: left promiscuous mode [ 953.868515][ T12] veth1_vlan: left promiscuous mode [ 953.884971][ T12] veth0_vlan: left promiscuous mode [ 953.892084][ T12] veth1_macvtap: left promiscuous mode [ 953.904177][ T12] veth0_macvtap: left promiscuous mode [ 953.915381][ T12] veth1_vlan: left allmulticast mode [ 953.920796][ T12] veth1_vlan: left promiscuous mode [ 953.927423][ T12] veth0_vlan: left promiscuous mode [ 954.043929][ T12] team0 (unregistering): Port device team_slave_1 removed [ 954.056845][ T12] team0 (unregistering): Port device team_slave_0 removed [ 954.140122][ T12] team0 (unregistering): Port device team_slave_1 removed [ 954.158232][ T12] team0 (unregistering): Port device team_slave_0 removed [ 954.214097][ T5494] 8021q: adding VLAN 0 to HW filter on device eth3 [ 954.697648][ T5494] 8021q: adding VLAN 0 to HW filter on device eth4 [ 954.936145][ T5494] 8021q: adding VLAN 0 to HW filter on device eth5 [ 955.178849][ T5494] 8021q: adding VLAN 0 to HW filter on device eth6 [ 955.449003][ T5494] 8021q: adding VLAN 0 to HW filter on device eth7 [ 955.691020][ T5494] 8021q: adding VLAN 0 to HW filter on device eth8 [ 955.932795][ T5494] 8021q: adding VLAN 0 to HW filter on device eth9