last executing test programs: 20.16484836s ago: executing program 2 (id=220): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) fcntl$auto(0x3, 0x4, 0x0) read$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmstat\x00', 0x20000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) adjtimex$auto(0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x141300, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) inotify_init1$auto(0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x121002, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x440, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x42000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x80000001, 0x7, 0x77, 0x0) clock_settime$auto(0x0, 0x0) adjtimex$auto(0x0) adjtimex$auto(0x0) write$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) 17.042330865s ago: executing program 0 (id=225): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x7d, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x2000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) sendmsg$auto_NL80211_CMD_VENDOR(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x5}, 0x4000000) ioctl$auto_TIOCNXCL(0xffffffffffffffff, 0x540d, &(0x7f0000000240)="5d4551490752ce320157a76d779b3f8416626ceaf7e881ee217712422d62b34748a687d8576003861ba7d408a27ab07cb2d4e81ee9c17ed73acb86241dd445f4c54738b6a49976eac9fec5f1abafcb354d9ec762d265465488e05400ebe46d4f694ea1e9d669185f36db0c223fef266bef8d5b814c56d23baab03e16c76970b88a888613aaad4e") writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x80002, 0x73) setsockopt$auto(0x3, 0x0, 0x2b, 0x0, 0x108) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fb\x00', 0x100, 0x0) pread64$auto(r3, 0x0, 0x40000000006, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) unshare$auto(0x40000080) r5 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_GET_TXSC(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0x14, r5, 0x186f202170196f7b, 0x703d26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x200008d0}, 0x40080c4) 14.872414964s ago: executing program 0 (id=228): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) r0 = syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) write$auto(r1, 0x0, 0xfffffdef) fcntl$auto_F_ADD_SEALS(r1, 0x409, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8c42, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x1000, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = set_tid_address$auto(0x0) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0xf, 0x0, 0x6) r5 = setfsuid$auto(0xee00) setresuid$auto(r5, 0x0, r5) msgctl$auto_MSG_INFO(0x8, 0xc, &(0x7f0000000200)={{0x9, 0x0, 0xffffffffffffffff, 0x800, 0x10, 0xad15, 0x7}, &(0x7f0000000180)=0xf, &(0x7f00000003c0)=0x3, 0x3ff, 0x5, 0x200, 0x0, 0x65, 0x7, 0x2, 0x3, @inferred=r0, @inferred=r3}) fstat$auto(r4, &(0x7f0000000300)={0x0, 0xf07, 0xaf4, 0x9, r5, r6, 0x0, 0x0, 0x8000000000, 0x74786f25, 0x1, 0x7, 0x40, 0x2, 0x1, 0xa841, 0x100000000000}) waitid$auto_P_PID(0x1, r0, 0x0, 0x7, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, 0x0) r7 = semctl$auto_GETPID(0x19, 0x5a48, 0xb, 0x6) mmap$auto(0x0, 0x40008, 0x1000000004, 0x9b72, 0x2, 0x8000) userfaultfd$auto(0x1) ioctl$auto(r4, 0x6, r4) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000040)={{@inferred=r3, 0x8, 0x5, 0x4338, "0508ef5c02864dd5c35496fab129fe93e170b30016d0cf0a93b570d8ea6943760ea9119f58f5db6093defac0", @inferred=0xffffffffffffffff}, 0x10, 0x1, 0x3, @inferred=r7, @integer={0x7, 0x3fffc000000, 0x9}, "ece132c65533f6ae0f69aea0f58e0ec1fed8e73a2133901c005333801c23678a8922a550ace2a9c0c2c66c50c9048320382f8e2a87ac9e4a277621056af6f983"}) sendto$auto(0xffffffffffffffff, 0x0, 0x404, 0x0, 0x0, 0x1d) r8 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000280), 0xc02, 0x0) fcntl$auto_F_GETOWN_EX(r1, 0x10, 0x4) ioctl$auto_SW_SYNC_GET_DEADLINE(r8, 0xc0105702, &(0x7f00000002c0)={0x3ff}) 14.409210333s ago: executing program 2 (id=229): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) write$auto(r0, &(0x7f0000000280)='S\x00\x00\x00\xfe\xff\xff\xff\xdf\xac\x9f*~\x9e\xf4\x14\xd2d2i\a*\x93\xda\xec\xfe\xb6HI\x8bMJ}\x8d\xc1\x94D\xdbSt/\xdd\xb5\fnW{\xb0^:\x80\xb5\xdd\x8d\x1e\x96\xdf\xcb\xac\xbfB\xb3\xba\x9a\x02\xeaZ\xb9Rg2\x87\x9e\x9c\xb3\xac\x16\xa3g\xad\xf7<\xc5c\xfa2\x97,O\xb2\xe3\xad\xe0v\x13\x03\x00\x00\x00\xce*\xee\xcdX\x1dM\xe3\x8cT\xc6\x1dj\xe8\xc1\xc0\x85c\xf6\r^\xa2\b\x9c\xb9\xff\x89i\x04\xc8\r\x14p\xad\v,O\xb8\x9b\xd8\xe0\x964/\x8fQ\xaf\x13\xd7\xf14\x85\xe8\x0f\'\xc4\xe3\x1c\x92', 0x808585) select$auto(0x8, &(0x7f00000000c0)={[0xeeda, 0x7, 0x4, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x3, 0x4618ecd2, 0x3, 0x84, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r1, 0x0, 0x400018) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = pipe$auto(0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_KVM_CHECK_EXTENSION(r1, 0xae03, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram13\x00', 0x5efc82, 0x0) mlock$auto(0xfbe8, 0x4) ioctl$auto_BLKFRASET(r3, 0x1264, 0x0) keyctl$auto(0x2000001f, 0x1, 0x6, 0x3, 0x8000) madvise$auto(0x0, 0x240007, 0x1d) ioctl$auto_BLKROSET(r3, 0x125d, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) kill$auto(0x0, 0x21) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth0_to_hsr\x00', 0x0}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/node/node0/cpulist\x00', 0x28000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) bpf$auto(0x1, &(0x7f0000000180)=@query={@target_ifindex=r4, 0x8, 0x7, 0x9, 0x3, @prog_cnt=0x81, 0x0, 0xfffffffffffffff8, 0x7fffffff, 0x2, 0x35}, 0x4) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/fib_trie\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0x8, 0x7fff) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x0, 0x8}, 0x9, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) madvise$auto(0x0, 0x400053, 0x9) 13.503549807s ago: executing program 2 (id=231): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0xffffffffffffffff, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r0 = openat$auto_clk_summary_fops_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/clk/clk_orphan_summary\x00', 0x40, 0x0) close_range$auto(r0, r0, 0x0) socket(0x1e, 0x4, 0x0) r1 = socket(0x1d, 0x2, 0x7) setsockopt$auto(0x3, 0x6b, 0x7, 0x0, 0x4) clone$auto(0x7fff, 0xff, 0x0, 0x0, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r2, 0x4b45, 0x0) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000000), r1) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x800000000007, 0xd3e, 0x1, 0x948f, 0x3, 0xf1f, 0xc0, 0x3, 0x62, 0x80000001, 0x7, 0x8, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) dup2$auto(0x5, 0x4) write$auto(0x6, 0x0, 0x100000001) splice$auto(0x4, 0x0, 0x2, 0x0, 0x10000, 0x9) getpid() io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) 12.245627623s ago: executing program 2 (id=233): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r3 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r3, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x1c}}, 0x4000) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) bpf$auto(0xfffffffe, &(0x7f00000001c0)=@query={@target_fd, 0x8, 0x3, 0x5, 0xff, @count=0xe35c, 0x0, 0x5, 0x80000000000006, 0xd9, 0xffffffff}, 0x6f2) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000880}, 0x20008000) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000280), 0xffffffffffffffff) 12.241275654s ago: executing program 3 (id=234): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) semctl$auto_SEM_STAT(0x0, 0x80000000, 0x12, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r4, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x15}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590822ad9"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) 12.022504556s ago: executing program 0 (id=235): unshare$auto(0x40000080) get_mempolicy$auto(0x0, 0x0, 0x2, 0x400000000000085, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x5, 0x105, 0xc, 0xb, 0x800, 0xffffffffffffffff, 0x5, "d81ddef9d4e6d312212bab98f4060bd8", 0x0, 0xffffffffffffffff, 0x7fffffff, 0xa991, 0x7, 0x8001}, 0x7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = socket(0x25, 0x1, 0x5) recvfrom$auto(r3, 0x0, 0x0, 0x40, 0x0, 0x0) prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x1, 0x4, 0xfffffffffffffffb) r4 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x66c, 0x3, 0xeb1, 0xfffffffffffffffa, 0xc000) mmap$auto(0xfffffffffffffffe, 0x2, 0x100000002, 0xde, 0xffffffffffffffff, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sysfs$auto(0x2, 0x100000000000036, 0x0) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) ioctl$auto(r4, 0x64c4, 0xffffffffffffffff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)=';') 11.263212678s ago: executing program 1 (id=237): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/eql/ifalias\x00', 0xb02, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x94001, 0x0) ioctl$auto_UI_SET_ABSBIT(r1, 0x40045567, &(0x7f0000000300)=0x81) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/226, 0xe2) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}}, 0x20008810) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) open(&(0x7f0000001bc0)='./file0\x00', 0x4142, 0x1) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty57\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r3) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x541b, 0x74) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) r6 = openat$auto_ext4_dir_operations_ext4(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/bluetooth/hci4/power\x00', 0x8a040, 0x0) fcntl$auto_F_DUPFD_QUERY(r6, 0x403, r2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_TUNNEL_INFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x4000000) 10.585908152s ago: executing program 3 (id=238): mmap$auto(0x0, 0x400008, 0xdf, 0x8009b72, 0x2, 0x9000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/acpi/wakeup\x00', 0x48041, 0x0) io_uring_register$auto_IORING_UNREGISTER_RING_FDS(r0, 0x15, &(0x7f0000000000)="0b2b09dd6f6b129be2875e5793360cbc2a02e477886125ce7a37eae9425e8b45f887921e5be23186236c4a367cbdbb74e774885a2582cd11c5040fb8a74b01ebaff0df7f665126d6ba8f", 0x8) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xf, 0x0, 0x94e) r2 = socket(0xa, 0x1, 0x84) r3 = fcntl$auto(0xffffffffffffffff, 0xffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/class/firmware/timeout\x00', 0x1a1942, 0x0) mmap$auto(0x0, 0xfffffffffffffff1, 0x2, 0x17, r3, 0x8000) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x8}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS32(r4, 0x80585414, &(0x7f0000000000)={0x675d529c, 0x9f7d, 0xfffffff1, 0x101, 0x6, 0x4, "1ec4c2336d0d5d8a5db102d8cd84eca696782c75e0cb2d4b8c400f6fdc12a84264800d00000035a29c7c1ebbdcd2fe5c88e17422928a5110f6e9fef8cac28588"}) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/dev/cdrom/info\x00', 0x2000, 0x0) read$auto(r5, &(0x7f0000000140)='\x00\xd8\x1ed.\x0e\x92\x19\xa0\xedP\xaf\xce-\xa9\x86\xc5\x97\xdcLG\xb7\x85L\xd3\x98\x18l\x9d\xddv\xa1\fM\x92\x89\xe71j\x8b\xdf\xcd%\x9fQ\x8f\x91\xd8\b\a\xf3\xe2\xd8<\xe4\x94\xa9\xb3\xff54\xec\x1b>\xce\x95\x9aN\xe3\xe7\xe8', 0xc0ec) socket(0x1e, 0x3, 0x3b) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r6, &(0x7f0000000040)='7\x00\\\xa0\xa5$\x03\xcb\x12\xfa\b\x1c\tk', 0x81) fstatfs$auto(r3, &(0x7f00000000c0)={0x391, 0x1, 0x6, 0x1, 0x4, 0x4, 0x4, {[0x9, 0x3]}, 0x8, 0xfffffffffffffffe, 0x0, [0x1000, 0x6b24002f, 0x7, 0xfffffffffffffffb]}) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x356800, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'veth1_virt_wifi\x00'}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="98000000", @ANYRES32=0x0, @ANYRES16=r5, @ANYRESDEC, @ANYBLOB="08000100", @ANYRES32=r4, @ANYBLOB="080003000100008054000180080003000300000008000100", @ANYRESOCT, @ANYBLOB="1400020073797a6b616c6c6572310000000000001400020076657468315f746f5f626f6e64000000080003000010000008000300020000000800030007000000"], 0x98}, 0x1, 0x0, 0x0, 0x400c4}, 0x4000090) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'wg0\x00'}) 9.045541546s ago: executing program 3 (id=239): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x5, 0x801, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r2 = socket(0x23, 0x2, 0x0) sendto$auto(r2, 0x0, 0x8000000008000, 0x0, &(0x7f0000000100)=@in={0x23, 0x0, @local}, 0x80) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "00800000ffefffffff0200000001"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0x1f4) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYRES64=r4, @ANYRES16=r0, @ANYRESHEX, @ANYBLOB="c1f050d04069eb9993cdc376dcc54877ec379609e393ecac66db8bc8575d51c6a087088b393bb4e27155a3fdb5773276e29da116d38bd6c7133ed3efba8bdfa2a7d3c63b45fcd9496cf3b4442be4fd157b8581e82f0dd10c53234bd1df968e1173f3861fe6c9a4000accb79c917831e0a8ef574b", @ANYBLOB="e9aecc05c92d95c71ca66ff0b89f549f9b807c80f3126c359522fe88b560a897cce0af7cc71958a15bd81c4f82847e57f3d834c7d522f89ed1dcb63c0723ab7fe580a89807c9b564fc5e326f918eb14402bcbb5eb8fc39264ec069776a0308a7816b8c9822e3ca7e85e957f93eb819872b2858", @ANYBLOB="2be9d2de2535c2c15bc1b12403f6e3d8412934e56668bad57ada43ce6e24dbe607eb53931e95a7a75a72ea81bb95292f93ddddad03cd575ace38f3be6de2a858128aa5ce35da6a7cb30174709b6873f668455716b66b93c234ccaa84beaae3c0f9f103770db44a0098c82026f26149ab4dd0aed9a19eca", @ANYRES32=r1, @ANYRES64], 0x14}}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 8.935495364s ago: executing program 1 (id=240): mmap$auto(0x0, 0x20008, 0x4000000000df, 0x2000eb1, 0xffffffffffffffff, 0x3) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0x1d, 0x1, 0x7fff) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x10000000084, 0x4, 0x0, 0x4) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r1, &(0x7f0000000080)={0x0, 0x1000}, 0x3) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)="fb", 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x88302, 0x0) sendfile$auto(r3, r3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) semget$auto(0x7eb, 0xc7, 0xfffffffd) readlinkat$auto(0x1, 0x0, 0x0, 0x16a) 5.713091693s ago: executing program 0 (id=241): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x7d, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x2000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) sendmsg$auto_NL80211_CMD_VENDOR(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x5}, 0x4000000) ioctl$auto_TIOCNXCL(0xffffffffffffffff, 0x540d, &(0x7f0000000240)="5d4551490752ce320157a76d779b3f8416626ceaf7e881ee217712422d62b34748a687d8576003861ba7d408a27ab07cb2d4e81ee9c17ed73acb86241dd445f4c54738b6a49976eac9fec5f1abafcb354d9ec762d265465488e05400ebe46d4f694ea1e9d669185f36db0c223fef266bef8d5b814c56d23baab03e16c76970b88a888613aaad4e") writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x80002, 0x73) setsockopt$auto(0x3, 0x0, 0x2b, 0x0, 0x108) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fb\x00', 0x100, 0x0) pread64$auto(r3, 0x0, 0x40000000006, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) unshare$auto(0x40000080) r5 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_GET_TXSC(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0x14, r5, 0x186f202170196f7b, 0x703d26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x200008d0}, 0x40080c4) 5.51231128s ago: executing program 1 (id=242): sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20044011}, 0x80) r0 = socket(0x28, 0x5, 0x0) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x40, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000002c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1d\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"P\x8a\xbbY8@Z5`\xa2\x9aSVd\x1d\xac\xe8\x90e\x9d\x03tm\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7.\xbe\x01\x98\xd7l\x00\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\xf0\xd9\xc0K\x8b\xa3c\x00'/160, 0xa9) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_smc_pnetid(0x0, r0) sendmsg$auto_SMC_PNETID_DEL(r2, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="a70300"], 0x14}, 0x1, 0x0, 0x0, 0x40091}, 0x20000000) getgroups$auto(0x1a1, 0xfffffffffffffffd) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4c2080, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20004000) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001a40), r6) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r6, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000002f00)={&(0x7f0000000000)={0x34, r7, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_CABLE_TEST_TDR_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x10001}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24040000}, 0x700000000000000) ioctl$auto(0x3, 0x6f50, 0xffffffffffffffff) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r5, 0x8000) ioctl$auto_NS_GET_TGID_IN_PIDNS(r1, 0x8004b709, 0x0) shmctl$auto_SHM_STAT(0x1, 0xd, 0x0) ioctl$auto_BLKRRPART(r5, 0x125f, 0x0) lseek$auto(r4, 0x7fff, 0x40001000) connect$auto(r0, &(0x7f0000000080)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x56) read$auto(r0, &(0x7f0000000100)='(\x00', 0x1) 3.658859874s ago: executing program 1 (id=243): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) semctl$auto_SEM_STAT(0x0, 0x80000000, 0x12, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r5, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x15}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590822ad9"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/105, 0x69) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) 3.105026869s ago: executing program 3 (id=244): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) r0 = syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) write$auto(r1, 0x0, 0xfffffdef) fcntl$auto_F_ADD_SEALS(r1, 0x409, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8c42, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x1000, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = set_tid_address$auto(0x0) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0xf, 0x0, 0x6) r5 = setfsuid$auto(0xee00) setresuid$auto(r5, 0x0, r5) msgctl$auto_MSG_INFO(0x8, 0xc, &(0x7f0000000200)={{0x9, 0x0, 0xffffffffffffffff, 0x800, 0x10, 0xad15, 0x7}, &(0x7f0000000180)=0xf, &(0x7f00000003c0)=0x3, 0x3ff, 0x5, 0x200, 0x0, 0x65, 0x7, 0x2, 0x3, @inferred=r0, @inferred=r3}) fstat$auto(r4, &(0x7f0000000300)={0x0, 0xf07, 0xaf4, 0x9, r5, r6, 0x0, 0x0, 0x8000000000, 0x74786f25, 0x1, 0x7, 0x40, 0x2, 0x1, 0xa841, 0x100000000000}) waitid$auto_P_PID(0x1, r0, 0x0, 0x7, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, 0x0) r7 = semctl$auto_GETPID(0x19, 0x5a48, 0xb, 0x6) mmap$auto(0x0, 0x40008, 0x1000000004, 0x9b72, 0x2, 0x8000) userfaultfd$auto(0x1) ioctl$auto(r4, 0x6, r4) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000040)={{@inferred=r3, 0x8, 0x5, 0x4338, "0508ef5c02864dd5c35496fab129fe93e170b30016d0cf0a93b570d8ea6943760ea9119f58f5db6093defac0", @inferred=0xffffffffffffffff}, 0x10, 0x1, 0x3, @inferred=r7, @integer={0x7, 0x3fffc000000, 0x9}, "ece132c65533f6ae0f69aea0f58e0ec1fed8e73a2133901c005333801c23678a8922a550ace2a9c0c2c66c50c9048320382f8e2a87ac9e4a277621056af6f983"}) sendto$auto(0xffffffffffffffff, 0x0, 0x404, 0x0, 0x0, 0x1d) r8 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000280), 0xc02, 0x0) fcntl$auto_F_GETOWN_EX(r1, 0x10, 0x4) ioctl$auto_SW_SYNC_GET_DEADLINE(r8, 0xc0105702, &(0x7f00000002c0)={0x3ff}) 2.677514143s ago: executing program 2 (id=245): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x1, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x181040, 0x0) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x48400, 0x0) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) pipe$auto(0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.0/udc/dummy_udc.0/maximum_speed\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/card0/pcm0p/sub3/xrun_injection\x00', 0x8a180, 0x0) socketpair$auto(0x800001, 0x2, 0x615e, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 2.469133975s ago: executing program 1 (id=246): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) semctl$auto_SEM_STAT(0x0, 0x80000000, 0x12, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r4, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x15}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590822ad9"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) 2.400895177s ago: executing program 0 (id=247): r0 = ioctl$auto_TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) ioctl$auto_BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x4) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) setgroups$auto(0xa1, &(0x7f0000000000)=0xc) write$auto(r1, 0x0, 0x3) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x5, 0xa, 0xdb, 0x1000355, 0x5, 0x8000) io_uring_setup$auto(0x6, 0x0) open(0x0, 0x22240, 0x155) io_uring_setup$auto(0x5ded, 0x0) r2 = socket(0x28, 0x805, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bind$auto(r2, &(0x7f0000000080)=@in={0x28, 0x0, @rand_addr=0xffffffff}, 0x68) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x20, 0x8000, 0x3}, 0x1, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) socket(0x2, 0x1, 0x106) write$auto(0x3, 0x0, 0xffd8) r3 = getpid() r4 = gettid() rt_tgsigqueueinfo$auto(r3, r4, 0x16, &(0x7f0000000400)={@siginfo_0_0={0xfffeffff, 0x0, 0x2, @_sigpoll={0x8}}}) tgkill$auto_SIGCONT(r3, r3, 0x12) setsockopt$auto_SO_KEEPALIVE(0xffffffffffffffff, 0x1, 0x9, &(0x7f0000000080)='%&+#*%-\xfc\x00', 0x9) rt_sigqueueinfo$auto(r3, 0x9, &(0x7f00000000c0)={@_si_pad}) request_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000000140)='.$\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='\x00', 0xfffffffffffffffc) shmget$auto(0x8, 0x10565, 0x7ff) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 2.013877234s ago: executing program 3 (id=248): r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0xffffffffffffffff, 0x20009, 0x200009, 0x40000000000eb1, r0, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x9, 0x8, 0x800000003, 0xeb1, 0xfffffffffffffffa, 0x4000000) socket(0xa, 0x1, 0x84) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) write$auto(r1, 0x0, 0x101) ioctl$auto_SG_GET_NUM_WAITING(r1, 0x227d, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) socket(0x18, 0x3, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x7, 0x2, 0x10, 0x0, 0xf2a7214) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) fcntl$auto(0x0, 0x408, 0x100000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 1.63269751s ago: executing program 0 (id=249): select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x2480, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) syz_clone(0x4000, &(0x7f00000002c0)="f03f0b0be4f2597d8b11ed14dfa636bad65cae9c0d21", 0x16, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/lapb5/broadcast\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/16, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x2a02c0, 0x0) sendfile$auto(r1, r1, &(0x7f0000000000)=0x3, 0xad6) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r5 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x0, 0x80000001, r5}, 0x6f4) read$auto(r4, 0x0, 0x20) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x48043, 0x0) write$auto(r6, 0x0, 0x6) unshare$auto(0x40000080) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000000)="b2", 0x1) r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r2, r8, 0x0, 0x1) 1.280351501s ago: executing program 2 (id=250): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) unshare$auto(0x40000080) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) sendmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x1a, 0x0, 0xfffffffffffffffc, 0x5}, 0x6}, 0x1, 0x401) r1 = socket(0xa, 0x5, 0x84) sendto$auto(r1, 0x0, 0x401, 0x6358c0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) mmap$auto(0xfff, 0x9, 0xfffffffffffffffb, 0x200000eb0, 0x401, 0x701cf82a) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x22b42, 0x0) read$auto_ptdump_fops_(0xffffffffffffffff, &(0x7f00000000c0)=""/32, 0x20) sendfile$auto(r2, r2, 0x0, 0x6) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x5, 0x0, 0x0, &(0x7f00000001c0)={[0x1ff, 0x0, 0x7, 0xfff, 0x948b, 0x0, 0x15f4da0a, 0x3, 0x402, 0x62, 0x4, 0x4, 0x6d41, 0x4, 0xa, 0xfffffffffffffdfa]}, 0x0) write$auto(r3, &(0x7f0000000400), 0x100000a3d9) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="010027bd7000fbdbdf2504000000080017000800000004001e"], 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) setpriority$auto(0x2, 0x0, 0x80000) ioctl$auto_EXT4_IOC_SETVERSION_OLD(0xffffffffffffffff, 0x40087602, &(0x7f0000000280)="d5fe11b10faac2e41beb8dce6fbe442c9d14469b57d6defbfdd6bcc877acd73557fc74c6ed7ff4f02afe5f85291baf877400934d252b0a23e5976afbb730a822777f4881fd11b05ad1ad49f68bb850924b8ef83296fe46b500e2119f9b15a4cc94a12bfde33f0c64be955bb26593cea7761df9ab62ea97fed47f810822eb17edd4f514e9fdcfd5b8babef4b60883d3b877f263c2eddf7158082f51eb8e7afc2157e930bdf6a1ad6948f6457e1365437ec549e149d1d29eae85325e54e7878a9ecdd87fbac17f93a7800339026b46ba71a3c545b3d17012b32386152970eb3f967fd6a1ae7243cc184a81a16bc277362bfe43df") close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xec8, 0x2, 0x100000000009b72, 0xffffffffffffffff, 0x28000) madvise$auto(0x0, 0xffffffffffff0003, 0x15) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/dev_snmp6/syz_tun\x00', 0x1cb422, 0x0) pread64$auto(r4, 0x0, 0x800003, 0x270) madvise$auto_MADV_SEQUENTIAL(0x8, 0x2, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0xa, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x8, 0x7f, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x5, 0x2, 0x1a7b870a, 0x76c4, 0x8, 0x100000000}}) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2002dde, 0x2, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) 1.126692949s ago: executing program 1 (id=251): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0x3) fdatasync$auto(r2) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb) ioctl$auto_SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000000240)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(r1, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/graphics/fbcon/rotate_all\x00', 0xa001, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000480)={{&(0x7f0000000200)="fb08879254c1c24169fb1eb914e3b7f221f2841c3d38cd87d0", 0x1, &(0x7f0000000380)={&(0x7f0000000280)="8346937e12ba00e330311a19e48a0a9a2e91b6de44b66b63f1596b3f9d5c9f510298d5522b2f135e98b99e6fac9035b3e0469f8d1a694f4c16c64bb3c27c1179a6c16599a273abe7a3569be3", 0x4}, 0x54, &(0x7f00000003c0)="58a887ce482f9847847a27203ddba921d454a6c86fce97592078366c4f6c8fee6e7fd116b574b538e1bad18ef1da26cba8642753abd3f8a96926c38339c11b133eef5aa66e23c098ba119eb39971e64edb18441af8d68649f32ada49d82cc34fcb6e9bdf708ee7abcdfb1c5b915d39c0be5f029d67b53f7afb0a133600981508423b6fa88476b25248297c7d3426dff1c875d16de47691fc61aafcae44ff57e63b2b25a7", 0xd8, 0x7fffffff}, 0x5fb}, 0x101, 0xc2d2, 0x0) write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000000)=' ', 0x1) write$auto(r3, &(0x7f0000000000)='3\xc7\xff\xff\xff\xdd\x00\b(Ks\x0f\x87|P\x11\xd1li0\x89\x85\x90QM\xf6wfF\xf1x\xb3;c\tP\x03\x84\x97\x99\x83\x97\x81:\xf3\xa3o5\xc5\x86\xed~\x1b\xf1\x84\xc9\x0f\xff\xdak\xb0m\xe1U\xb3\xa2\xee\xdcTJQO\x98\xc8w\x8c\xe7\x00\x00\x00\x1dj\x1e\xebQT\xdd\x9b\x00'/101, 0x9) r4 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f00000000c0), 0x24002, 0x0) writev$auto(r4, &(0x7f0000000300)={0x0, 0x10001}, 0xc) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000100)=""/114, 0x72) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0x1000eb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x5) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) 0s ago: executing program 3 (id=252): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x5, 0x801, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r2 = socket(0x23, 0x2, 0x0) sendto$auto(r2, 0x0, 0x8000000008000, 0x0, &(0x7f0000000100)=@in={0x23, 0x0, @local}, 0x80) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "00800000ffefffffff0200000001"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0x1f4) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYRES64=r4, @ANYRES16=r0, @ANYRESHEX, @ANYBLOB="c1f050d04069eb9993cdc376dcc54877ec379609e393ecac66db8bc8575d51c6a087088b393bb4e27155a3fdb5773276e29da116d38bd6c7133ed3efba8bdfa2a7d3c63b45fcd9496cf3b4442be4fd157b8581e82f0dd10c53234bd1df968e1173f3861fe6c9a4000accb79c917831e0a8ef574b", @ANYBLOB="e9aecc05c92d95c71ca66ff0b89f549f9b807c80f3126c359522fe88b560a897cce0af7cc71958a15bd81c4f82847e57f3d834c7d522f89ed1dcb63c0723ab7fe580a89807c9b564fc5e326f918eb14402bcbb5eb8fc39264ec069776a0308a7816b8c9822e3ca7e85e957f93eb819872b2858", @ANYBLOB="2be9d2de2535c2c15bc1b12403f6e3d8412934e56668bad57ada43ce6e24dbe607eb53931e95a7a75a72ea81bb95292f93ddddad03cd575ace38f3be6de2a858128aa5ce35da6a7cb30174709b6873f668455716b66b93c234ccaa84beaae3c0f9f103770db44a0098c82026f26149ab4dd0aed9a19eca", @ANYRES32=r1, @ANYRES64], 0x14}}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.85' (ED25519) to the list of known hosts. [ 89.121386][ T5812] cgroup: Unknown subsys name 'net' [ 89.217845][ T5812] cgroup: Unknown subsys name 'cpuset' [ 89.227904][ T5812] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.079263][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.251585][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.262005][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.272276][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.282410][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.300365][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.311810][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.321745][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.330105][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.332694][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.343277][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.353186][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.362951][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.370999][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.384238][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.395704][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.404068][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.406670][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.414123][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.426285][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.447402][ T5145] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.109495][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 94.139001][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 94.157495][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 94.201909][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 94.472196][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.480432][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.488580][ T5823] bridge_slave_0: entered allmulticast mode [ 94.496450][ T5823] bridge_slave_0: entered promiscuous mode [ 94.530312][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.538056][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.545381][ T5824] bridge_slave_0: entered allmulticast mode [ 94.553215][ T5824] bridge_slave_0: entered promiscuous mode [ 94.562297][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.570899][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.579035][ T5823] bridge_slave_1: entered allmulticast mode [ 94.588514][ T5823] bridge_slave_1: entered promiscuous mode [ 94.597023][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.605060][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.612549][ T5832] bridge_slave_0: entered allmulticast mode [ 94.620724][ T5832] bridge_slave_0: entered promiscuous mode [ 94.641032][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.648315][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.656072][ T5824] bridge_slave_1: entered allmulticast mode [ 94.664152][ T5824] bridge_slave_1: entered promiscuous mode [ 94.683366][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.691792][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.699644][ T5832] bridge_slave_1: entered allmulticast mode [ 94.707818][ T5832] bridge_slave_1: entered promiscuous mode [ 94.715098][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.722265][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.729723][ T5825] bridge_slave_0: entered allmulticast mode [ 94.737716][ T5825] bridge_slave_0: entered promiscuous mode [ 94.781908][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.789221][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.796614][ T5825] bridge_slave_1: entered allmulticast mode [ 94.804227][ T5825] bridge_slave_1: entered promiscuous mode [ 94.826182][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.865143][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.877921][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.908590][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.935914][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.962222][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.975017][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.000871][ T5823] team0: Port device team_slave_0 added [ 95.021248][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.044404][ T5823] team0: Port device team_slave_1 added [ 95.052268][ T5824] team0: Port device team_slave_0 added [ 95.095368][ T5824] team0: Port device team_slave_1 added [ 95.116749][ T5832] team0: Port device team_slave_0 added [ 95.124059][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.131067][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.158170][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.198307][ T5832] team0: Port device team_slave_1 added [ 95.205164][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.212506][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.239426][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.255893][ T5825] team0: Port device team_slave_0 added [ 95.318488][ T5825] team0: Port device team_slave_1 added [ 95.326539][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.339267][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.365680][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.378849][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.386033][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.412195][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.434486][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.441576][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.468842][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.494505][ T5840] Bluetooth: hci2: command tx timeout [ 95.500419][ T5840] Bluetooth: hci0: command tx timeout [ 95.507077][ T5830] Bluetooth: hci3: command tx timeout [ 95.513190][ T5145] Bluetooth: hci1: command tx timeout [ 95.553195][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.560519][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.587208][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.599269][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.606672][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.633010][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.651303][ T5823] hsr_slave_0: entered promiscuous mode [ 95.658278][ T5823] hsr_slave_1: entered promiscuous mode [ 95.700819][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.708039][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.734688][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.764526][ T5824] hsr_slave_0: entered promiscuous mode [ 95.771179][ T5824] hsr_slave_1: entered promiscuous mode [ 95.777981][ T5824] debugfs: 'hsr0' already exists in 'hsr' [ 95.784110][ T5824] Cannot create hsr debugfs directory [ 95.895196][ T5832] hsr_slave_0: entered promiscuous mode [ 95.901890][ T5832] hsr_slave_1: entered promiscuous mode [ 95.908412][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 95.915044][ T5832] Cannot create hsr debugfs directory [ 95.939238][ T5825] hsr_slave_0: entered promiscuous mode [ 95.946243][ T5825] hsr_slave_1: entered promiscuous mode [ 95.952523][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 95.958899][ T5825] Cannot create hsr debugfs directory [ 96.469647][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.486061][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.497120][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.509112][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.591733][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.611094][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.639962][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.652059][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.750800][ T5824] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.762992][ T5824] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.776658][ T5824] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.787562][ T5824] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.957338][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.981960][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.997960][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.010032][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.047994][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.080028][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.126133][ T164] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.133668][ T164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.151550][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.180810][ T164] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.188331][ T164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.188544][ T9] cfg80211: failed to load regulatory.db [ 97.274695][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.299502][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.307012][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.339594][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.363095][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.370567][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.415847][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.441589][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.448883][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.462352][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.469538][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.578122][ T5145] Bluetooth: hci1: command tx timeout [ 97.583866][ T5840] Bluetooth: hci0: command tx timeout [ 97.589319][ T5840] Bluetooth: hci3: command tx timeout [ 97.595091][ T5834] Bluetooth: hci2: command tx timeout [ 97.607982][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.677338][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.719554][ T164] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.726795][ T164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.790678][ T164] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.798425][ T164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.128094][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.293146][ T5823] veth0_vlan: entered promiscuous mode [ 98.310229][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.359840][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.372174][ T5823] veth1_vlan: entered promiscuous mode [ 98.476477][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.520274][ T5832] veth0_vlan: entered promiscuous mode [ 98.541268][ T5823] veth0_macvtap: entered promiscuous mode [ 98.555992][ T5824] veth0_vlan: entered promiscuous mode [ 98.589649][ T5832] veth1_vlan: entered promiscuous mode [ 98.600030][ T5823] veth1_macvtap: entered promiscuous mode [ 98.621428][ T5824] veth1_vlan: entered promiscuous mode [ 98.663234][ T5825] veth0_vlan: entered promiscuous mode [ 98.683159][ T5825] veth1_vlan: entered promiscuous mode [ 98.715014][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.740877][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.781279][ T145] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.790839][ T145] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.808905][ T5824] veth0_macvtap: entered promiscuous mode [ 98.820242][ T145] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.829739][ T145] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.845980][ T5832] veth0_macvtap: entered promiscuous mode [ 98.868639][ T5824] veth1_macvtap: entered promiscuous mode [ 98.892620][ T5825] veth0_macvtap: entered promiscuous mode [ 98.900867][ T5832] veth1_macvtap: entered promiscuous mode [ 98.932909][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.948941][ T5825] veth1_macvtap: entered promiscuous mode [ 98.992624][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.008191][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.052625][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.061469][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.072941][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.090190][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.123715][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.150577][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.166361][ T3488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.185871][ T3488] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.205397][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.215392][ T164] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.249376][ T164] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.262454][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.291409][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.307094][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.318398][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.329513][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.359405][ T3488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.368616][ T3488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.383686][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.477928][ T5823] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.537747][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.560783][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.654002][ T5834] Bluetooth: hci1: command tx timeout [ 99.660115][ T5830] Bluetooth: hci3: command tx timeout [ 99.660124][ T5840] Bluetooth: hci0: command tx timeout [ 99.667946][ T5834] Bluetooth: hci2: command tx timeout [ 99.803969][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.814069][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.822307][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.838267][ T164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.849090][ T164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.910000][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.934940][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.005741][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.022293][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.121727][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.142095][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.333396][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 100.727089][ T5931] process 'syz.2.3' launched './file0' with NULL argv: empty string added [ 100.835540][ T5930] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 100.944278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.953875][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.962397][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.050874][ T5921] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2'. [ 101.262754][ T5921] : renamed from ip6tnl0 (while UP) [ 101.344311][ T5932] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.735240][ T5834] Bluetooth: hci0: command tx timeout [ 101.740809][ T5834] Bluetooth: hci1: command tx timeout [ 101.746684][ T5830] Bluetooth: hci2: command tx timeout [ 101.746709][ T5840] Bluetooth: hci3: command tx timeout [ 102.023293][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.374925][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 102.874368][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.144069][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.149840][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.699795][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 104.767675][ T5951] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 104.819471][ T5969] FAULT_INJECTION: forcing a failure. [ 104.819471][ T5969] name fail_futex, interval 1, probability 0, space 0, times 1 [ 104.841778][ T5969] CPU: 0 UID: 0 PID: 5969 Comm: syz.2.10 Not tainted syzkaller #0 PREEMPT(full) [ 104.841820][ T5969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 104.841859][ T5969] Call Trace: [ 104.841869][ T5969] [ 104.841886][ T5969] dump_stack_lvl+0x100/0x190 [ 104.841949][ T5969] should_fail_ex.cold+0x5/0xa [ 104.841989][ T5969] get_futex_key+0x1d2/0x1620 [ 104.842031][ T5969] ? __pfx_get_futex_key+0x10/0x10 [ 104.842072][ T5969] ? update_se+0x94/0x760 [ 104.842120][ T5969] futex_wait_setup+0x81/0x500 [ 104.842179][ T5969] __futex_wait+0x19f/0x300 [ 104.842232][ T5969] ? __pfx___futex_wait+0x10/0x10 [ 104.842279][ T5969] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 104.842321][ T5969] ? lockdep_hardirqs_on+0x78/0x100 [ 104.842356][ T5969] ? __pfx_futex_wake_mark+0x10/0x10 [ 104.842399][ T5969] ? find_held_lock+0x2b/0x80 [ 104.842446][ T5969] ? futex_wake+0x456/0x530 [ 104.842503][ T5969] futex_wait+0xed/0x380 [ 104.842553][ T5969] ? __pfx_futex_wait+0x10/0x10 [ 104.842595][ T5969] ? __sys_recvfrom+0x266/0x300 [ 104.842622][ T5969] ? __pfx___sys_recvfrom+0x10/0x10 [ 104.842651][ T5969] do_futex+0x1ef/0x350 [ 104.842682][ T5969] ? __pfx_do_futex+0x10/0x10 [ 104.842711][ T5969] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 104.842752][ T5969] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 104.842798][ T5969] __x64_sys_futex+0x34f/0x4d0 [ 104.842840][ T5969] ? __pfx___x64_sys_futex+0x10/0x10 [ 104.842883][ T5969] do_syscall_64+0x106/0xf80 [ 104.842911][ T5969] ? clear_bhb_loop+0x40/0x90 [ 104.842941][ T5969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.842965][ T5969] RIP: 0033:0x7fd3f319c799 [ 104.842985][ T5969] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.843007][ T5969] RSP: 002b:00007fd3f40b20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 104.843030][ T5969] RAX: ffffffffffffffda RBX: 00007fd3f3415fa8 RCX: 00007fd3f319c799 [ 104.843045][ T5969] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd3f3415fa8 [ 104.843060][ T5969] RBP: 00007fd3f3415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 104.843074][ T5969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.843087][ T5969] R13: 00007fd3f3416038 R14: 00007ffdb595de10 R15: 00007ffdb595def8 [ 104.843117][ T5969] [ 104.985158][ T5969] netlink: 'syz.2.10': attribute type 2 has an invalid length. [ 105.108703][ T5969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10'. [ 105.268416][ T5951] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 105.286305][ T5951] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 105.306889][ T5951] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 105.336730][ T5951] Bluetooth: hci1: Opcode 0x0406 failed: -4 syzkaller syzkaller login: [ 105.405514][ T5951] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 105.430284][ T5951] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 105.443727][ T5951] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 105.465446][ T5951] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 105.484445][ T5951] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 105.503535][ T5951] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 105.524306][ T5951] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 105.792202][ T5975] FAULT_INJECTION: forcing a failure. [ 105.792202][ T5975] name failslab, interval 1, probability 0, space 0, times 1 [ 105.820812][ T5975] CPU: 1 UID: 0 PID: 5975 Comm: syz.2.11 Not tainted syzkaller #0 PREEMPT(full) [ 105.820857][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 105.820875][ T5975] Call Trace: [ 105.820887][ T5975] [ 105.820899][ T5975] dump_stack_lvl+0x100/0x190 [ 105.820956][ T5975] should_fail_ex.cold+0x5/0xa [ 105.820995][ T5975] ? ops_init+0x77/0x5f0 [ 105.821031][ T5975] should_failslab+0xc2/0x120 [ 105.821065][ T5975] __kmalloc_noprof+0xe0/0x850 [ 105.821123][ T5975] ops_init+0x77/0x5f0 [ 105.821168][ T5975] setup_net+0x118/0x3a0 [ 105.821211][ T5975] ? __pfx_setup_net+0x10/0x10 [ 105.821250][ T5975] ? lockdep_init_map_type+0x5c/0x250 [ 105.821295][ T5975] ? mutex_init_lockep+0x110/0x150 [ 105.821346][ T5975] copy_net_ns+0x46f/0x7c0 [ 105.821395][ T5975] create_new_namespaces+0x3ea/0xac0 [ 105.821440][ T5975] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 105.821480][ T5975] ksys_unshare+0x473/0xad0 [ 105.821525][ T5975] ? __pfx_ksys_unshare+0x10/0x10 [ 105.821583][ T5975] __x64_sys_unshare+0x31/0x40 [ 105.821623][ T5975] do_syscall_64+0x106/0xf80 [ 105.821660][ T5975] ? clear_bhb_loop+0x40/0x90 [ 105.821701][ T5975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.821744][ T5975] RIP: 0033:0x7fd3f319c799 [ 105.821782][ T5975] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.821813][ T5975] RSP: 002b:00007fd3f40b2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 105.821844][ T5975] RAX: ffffffffffffffda RBX: 00007fd3f3415fa0 RCX: 00007fd3f319c799 [ 105.821864][ T5975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 105.821883][ T5975] RBP: 00007fd3f3232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 105.821923][ T5975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.821943][ T5975] R13: 00007fd3f3416038 R14: 00007fd3f3415fa0 R15: 00007ffdb595def8 [ 105.821988][ T5975] [ 106.863471][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.350347][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 107.493556][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 107.493564][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 107.643349][ T6006] Zero length message leads to an empty skb [ 108.299139][ T6010] ima: policy update failed [ 108.332905][ T29] audit: type=1802 audit(1772457492.208:2): pid=6010 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.18" res=0 errno=0 [ 108.943588][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 109.427482][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 109.573435][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 109.573444][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 110.165166][ T6037] bridge0: port 3(gretap0) entered blocking state [ 110.171817][ T6037] bridge0: port 3(gretap0) entered disabled state [ 110.178789][ T6037] gretap0: entered allmulticast mode [ 110.186417][ T6037] gretap0: entered promiscuous mode [ 110.195284][ T6037] FAULT_INJECTION: forcing a failure. [ 110.195284][ T6037] name failslab, interval 1, probability 0, space 0, times 0 [ 110.236572][ T6037] CPU: 0 UID: 0 PID: 6037 Comm: syz.1.24 Not tainted syzkaller #0 PREEMPT(full) [ 110.236617][ T6037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 110.236637][ T6037] Call Trace: [ 110.236649][ T6037] [ 110.236663][ T6037] dump_stack_lvl+0x100/0x190 [ 110.236722][ T6037] should_fail_ex.cold+0x5/0xa [ 110.236769][ T6037] should_failslab+0xc2/0x120 [ 110.236803][ T6037] __kvmalloc_node_noprof+0xfa/0xa00 [ 110.236854][ T6037] ? bucket_table_alloc.isra.0+0x88/0x460 [ 110.236915][ T6037] bucket_table_alloc.isra.0+0x88/0x460 [ 110.236970][ T6037] rhashtable_init_noprof+0x43b/0x7d0 [ 110.237026][ T6037] nbp_vlan_init+0x238/0x500 [ 110.237062][ T6037] ? __pfx_nbp_vlan_init+0x10/0x10 [ 110.237103][ T6037] ? __local_bh_enable_ip+0x9e/0x120 [ 110.237140][ T6037] ? lockdep_hardirqs_on+0x78/0x100 [ 110.237179][ T6037] ? br_fdb_add_local+0x43/0x60 [ 110.237228][ T6037] ? __local_bh_enable_ip+0x9e/0x120 [ 110.237270][ T6037] br_add_if+0xf79/0x1b40 [ 110.237305][ T6037] ? veth_get_iflink+0x263/0x2c0 [ 110.237353][ T6037] add_del_if+0x114/0x160 [ 110.237393][ T6037] br_dev_siocdevprivate+0x8ac/0x1650 [ 110.237432][ T6037] ? __lock_acquire+0x4a5/0x2630 [ 110.237476][ T6037] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 110.237530][ T6037] ? do_raw_spin_lock+0x128/0x260 [ 110.237587][ T6037] ? mark_held_locks+0x40/0x70 [ 110.237635][ T6037] ? netdev_name_node_lookup+0x107/0x150 [ 110.237668][ T6037] ? __mutex_lock+0x26a/0x1b90 [ 110.237715][ T6037] dev_ifsioc+0xc1e/0x1e90 [ 110.237763][ T6037] ? __pfx_dev_ifsioc+0x10/0x10 [ 110.237796][ T6037] ? __pfx___mutex_lock+0x10/0x10 [ 110.237854][ T6037] ? dev_load+0x8e/0x240 [ 110.237884][ T6037] ? dev_load+0x8e/0x240 [ 110.237926][ T6037] dev_ioctl+0x70e/0x1070 [ 110.237967][ T6037] sock_ioctl+0x494/0x6b0 [ 110.238019][ T6037] ? __pfx_sock_ioctl+0x10/0x10 [ 110.238068][ T6037] ? hook_file_ioctl_common+0x146/0x410 [ 110.238130][ T6037] ? __fget_files+0x21f/0x3d0 [ 110.238189][ T6037] ? __pfx_sock_ioctl+0x10/0x10 [ 110.238242][ T6037] __x64_sys_ioctl+0x18e/0x210 [ 110.238293][ T6037] do_syscall_64+0x106/0xf80 [ 110.238329][ T6037] ? clear_bhb_loop+0x40/0x90 [ 110.238370][ T6037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.238405][ T6037] RIP: 0033:0x7f51d779c799 [ 110.238432][ T6037] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 110.238463][ T6037] RSP: 002b:00007f51d85ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 110.238494][ T6037] RAX: ffffffffffffffda RBX: 00007f51d7a16090 RCX: 00007f51d779c799 [ 110.238515][ T6037] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 110.238536][ T6037] RBP: 00007f51d7832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 110.238555][ T6037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.238575][ T6037] R13: 00007f51d7a16128 R14: 00007f51d7a16090 R15: 00007fff47cb41d8 [ 110.238618][ T6037] [ 110.539195][ T6037] bridge0: port 3(gretap0) entered blocking state [ 110.545954][ T6037] bridge0: port 3(gretap0) entered forwarding state [ 111.493470][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 111.653412][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 111.663870][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 111.928415][ T6024] syz.0.22 (6024) used greatest stack depth: 19368 bytes left [ 112.039051][ T5145] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 112.132045][ T6058] FAULT_INJECTION: forcing a failure. [ 112.132045][ T6058] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 112.197101][ T6058] CPU: 1 UID: 0 PID: 6058 Comm: syz.0.29 Not tainted syzkaller #0 PREEMPT(full) [ 112.197147][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.197166][ T6058] Call Trace: [ 112.197177][ T6058] [ 112.197190][ T6058] dump_stack_lvl+0x100/0x190 [ 112.197247][ T6058] should_fail_ex.cold+0x5/0xa [ 112.197280][ T6058] ? prepare_alloc_pages+0x16d/0x5f0 [ 112.197322][ T6058] should_fail_alloc_page+0xeb/0x140 [ 112.197359][ T6058] prepare_alloc_pages+0x1f0/0x5f0 [ 112.197405][ T6058] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 112.197460][ T6058] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 112.197497][ T6058] ? lockdep_hardirqs_on+0x78/0x100 [ 112.197547][ T6058] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 112.197585][ T6058] ? stack_depot_save_flags+0x479/0x9d0 [ 112.197629][ T6058] ? kasan_save_stack+0x3f/0x50 [ 112.197680][ T6058] ? kasan_save_stack+0x30/0x50 [ 112.197728][ T6058] ? kasan_save_track+0x14/0x30 [ 112.197778][ T6058] ? __kasan_slab_alloc+0x89/0x90 [ 112.197832][ T6058] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 112.197876][ T6058] ? get_locked_pte+0x25/0xc0 [ 112.197907][ T6058] ? insert_page+0xcc/0x220 [ 112.197936][ T6058] ? vm_insert_page+0x2c0/0x400 [ 112.197968][ T6058] ? __mmap_region+0x1443/0x29e0 [ 112.198005][ T6058] ? do_mmap+0xc63/0x12f0 [ 112.198032][ T6058] ? vm_mmap_pgoff+0x29e/0x470 [ 112.198061][ T6058] ? ksys_mmap_pgoff+0x3c8/0x650 [ 112.198088][ T6058] ? __x64_sys_mmap+0x125/0x190 [ 112.198128][ T6058] ? do_syscall_64+0x106/0xf80 [ 112.198160][ T6058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.198207][ T6058] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 112.198257][ T6058] ? policy_nodemask+0xed/0x4f0 [ 112.198289][ T6058] alloc_pages_mpol+0x1fb/0x550 [ 112.198320][ T6058] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 112.198360][ T6058] alloc_pages_noprof+0x131/0x390 [ 112.198415][ T6058] pte_alloc_one+0x1e/0x3e0 [ 112.198450][ T6058] __pte_alloc+0x6d/0x3f0 [ 112.198479][ T6058] ? __pfx___pte_alloc+0x10/0x10 [ 112.198509][ T6058] ? walk_to_pmd+0x302/0x4c0 [ 112.198553][ T6058] get_locked_pte+0xa1/0xc0 [ 112.198589][ T6058] insert_page+0xcc/0x220 [ 112.198623][ T6058] ? __pfx_insert_page+0x10/0x10 [ 112.198655][ T6058] ? __pfx_down_read_trylock+0x10/0x10 [ 112.198709][ T6058] vm_insert_page+0x2c0/0x400 [ 112.198747][ T6058] kcov_mmap+0xca/0x130 [ 112.198810][ T6058] __mmap_region+0x1443/0x29e0 [ 112.198860][ T6058] ? __pfx___mmap_region+0x10/0x10 [ 112.198905][ T6058] ? find_held_lock+0x2b/0x80 [ 112.198931][ T6058] ? ima_match_policy+0x8c4/0x2350 [ 112.198977][ T6058] ? ima_match_policy+0x8c4/0x2350 [ 112.199057][ T6058] ? find_held_lock+0x2b/0x80 [ 112.199083][ T6058] ? process_measurement+0x4c8/0x2350 [ 112.199119][ T6058] ? process_measurement+0x4c8/0x2350 [ 112.199171][ T6058] ? process_measurement+0x1f4/0x2350 [ 112.199273][ T6058] mmap_region+0x30a/0x3e0 [ 112.199322][ T6058] do_mmap+0xc63/0x12f0 [ 112.199361][ T6058] ? __pfx_do_mmap+0x10/0x10 [ 112.199392][ T6058] ? __pfx_down_write_killable+0x10/0x10 [ 112.199440][ T6058] vm_mmap_pgoff+0x29e/0x470 [ 112.199479][ T6058] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 112.199507][ T6058] ? __fget_files+0x215/0x3d0 [ 112.199568][ T6058] ? __fget_files+0x21f/0x3d0 [ 112.199621][ T6058] ksys_mmap_pgoff+0x3c8/0x650 [ 112.199652][ T6058] ? __x64_sys_futex+0x34f/0x4d0 [ 112.199688][ T6058] ? __x64_sys_futex+0x358/0x4d0 [ 112.199726][ T6058] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 112.199756][ T6058] ? xfd_validate_state+0x129/0x190 [ 112.199804][ T6058] __x64_sys_mmap+0x125/0x190 [ 112.199850][ T6058] do_syscall_64+0x106/0xf80 [ 112.199883][ T6058] ? clear_bhb_loop+0x40/0x90 [ 112.199918][ T6058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.199948][ T6058] RIP: 0033:0x7fd2d7b9c799 [ 112.199973][ T6058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 112.200001][ T6058] RSP: 002b:00007fd2d8a8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 112.200028][ T6058] RAX: ffffffffffffffda RBX: 00007fd2d7e15fa0 RCX: 00007fd2d7b9c799 [ 112.200047][ T6058] RDX: 0000000000000007 RSI: 00000000003fffff RDI: 0000000000012000 [ 112.200064][ T6058] RBP: 00007fd2d7c32bd9 R08: 00000000000000dd R09: 0000000000000000 [ 112.200081][ T6058] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 112.200098][ T6058] R13: 00007fd2d7e16038 R14: 00007fd2d7e15fa0 R15: 00007fff425564f8 [ 112.200136][ T6058] [ 112.214927][ T6058] kcov: kcov: vm_insert_page() failed [ 113.643752][ T29] audit: type=1807 audit(1772457497.508:3): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 113.665082][ T29] audit: type=1802 audit(1772457497.528:4): pid=6074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.30" res=0 errno=0 [ 114.718857][ T6073] ima: policy update failed [ 114.729446][ T29] audit: type=1802 audit(4294967327.440:5): pid=6073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.30" res=0 errno=0 [ 115.679535][ T6089] Invalid ELF header magic: != ELF [ 118.243819][ T6119] zswap: compressor not available [ 119.762815][ T6137] __vm_enough_memory: pid: 6137, comm: syz.1.41, bytes: 4398046511104 not enough memory for the allocation [ 121.063630][ T6151] zswap: compressor not available [ 122.997301][ T6182] netlink: 326 bytes leftover after parsing attributes in process `syz.1.48'. [ 123.757628][ T6191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.49'. [ 123.781813][ T6191] netlink: 'syz.1.49': attribute type 1 has an invalid length. [ 123.800326][ T6191] netlink: 5 bytes leftover after parsing attributes in process `syz.1.49'. [ 124.654533][ T6197] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.100105][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.2.52'. [ 126.123725][ T6221] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 126.130348][ T6221] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.137832][ T6221] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.202682][ T6221] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 126.715087][ T6232] FAULT_INJECTION: forcing a failure. [ 126.715087][ T6232] name failslab, interval 1, probability 0, space 0, times 0 [ 126.963221][ T6232] CPU: 1 UID: 0 PID: 6232 Comm: syz.1.55 Not tainted syzkaller #0 PREEMPT(full) [ 126.963267][ T6232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 126.963288][ T6232] Call Trace: [ 126.963302][ T6232] [ 126.963314][ T6232] dump_stack_lvl+0x100/0x190 [ 126.963402][ T6232] should_fail_ex.cold+0x5/0xa [ 126.963442][ T6232] should_failslab+0xc2/0x120 [ 126.963479][ T6232] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 126.963528][ T6232] ? acpi_ps_alloc_op+0x29d/0x360 [ 126.963571][ T6232] acpi_ps_alloc_op+0x29d/0x360 [ 126.963602][ T6232] ? acpi_ut_status_exit+0x111/0x1c0 [ 126.963640][ T6232] acpi_ps_create_op+0x4b3/0xd10 [ 126.963699][ T6232] ? __pfx_acpi_ps_create_op+0x10/0x10 [ 126.963756][ T6232] ? acpi_ut_status_exit+0x111/0x1c0 [ 126.963800][ T6232] acpi_ps_parse_loop+0xa65/0x24a0 [ 126.963868][ T6232] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 126.963922][ T6232] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 126.963970][ T6232] ? acpi_ut_create_thread_state+0x6d/0x170 [ 126.964049][ T6232] acpi_ps_parse_aml+0x81e/0x1120 [ 126.964114][ T6232] acpi_ps_execute_method+0x5c4/0xe90 [ 126.964156][ T6232] acpi_ns_evaluate+0x640/0x1670 [ 126.964197][ T6232] acpi_evaluate_object+0x420/0xe00 [ 126.964238][ T6232] ? kasan_save_stack+0x30/0x50 [ 126.964280][ T6232] ? kasan_save_track+0x14/0x30 [ 126.964329][ T6232] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 126.964383][ T6232] acpi_evaluate_integer+0xdf/0x220 [ 126.964419][ T6232] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 126.964469][ T6232] ? __pfx_status_show+0x10/0x10 [ 126.964511][ T6232] status_show+0xa0/0x120 [ 126.964552][ T6232] ? __pfx_status_show+0x10/0x10 [ 126.964603][ T6232] dev_attr_show+0x52/0xa0 [ 126.964650][ T6232] ? __pfx_dev_attr_show+0x10/0x10 [ 126.964695][ T6232] sysfs_kf_seq_show+0x217/0x3a0 [ 126.964738][ T6232] seq_read_iter+0x32f/0x1270 [ 126.964799][ T6232] kernfs_fop_read_iter+0x46c/0x610 [ 126.964830][ T6232] ? rw_verify_area+0xce/0x6d0 [ 126.964870][ T6232] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 126.964903][ T6232] vfs_read+0x825/0xb30 [ 126.964952][ T6232] ? __pfx_vfs_read+0x10/0x10 [ 126.965029][ T6232] ksys_read+0x12a/0x250 [ 126.965074][ T6232] ? __pfx_ksys_read+0x10/0x10 [ 126.965130][ T6232] do_syscall_64+0x106/0xf80 [ 126.965163][ T6232] ? clear_bhb_loop+0x40/0x90 [ 126.965199][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.965229][ T6232] RIP: 0033:0x7f51d779c799 [ 126.965266][ T6232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.965294][ T6232] RSP: 002b:00007f51d85a9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 126.965323][ T6232] RAX: ffffffffffffffda RBX: 00007f51d7a16180 RCX: 00007f51d779c799 [ 126.965343][ T6232] RDX: 000000000000007a RSI: 0000200000000240 RDI: 000000000000000a [ 126.965360][ T6232] RBP: 00007f51d7832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 126.965377][ T6232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.965393][ T6232] R13: 00007f51d7a16218 R14: 00007f51d7a16180 R15: 00007fff47cb41d8 [ 126.965433][ T6232] [ 127.483576][ T6232] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 128.004295][ T6241] block nbd8: shutting down sockets [ 128.213916][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.220872][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 128.220891][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 128.228009][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.783640][ T6247] Invalid ELF header magic: != ELF [ 131.305265][ T6277] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 131.548412][ T6274] Invalid ELF header magic: != ELF [ 131.607268][ T6280] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 133.019446][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.026553][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.089493][ T29] audit: type=1800 audit(4294967345.800:6): pid=6303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=10576 res=0 errno=0 [ 133.705525][ T6303] could not allocate digest TFM handle [ 133.989962][ T6326] Invalid ELF header magic: != ELF [ 134.767245][ T29] audit: type=1807 audit(4294967347.470:7): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 134.803005][ T29] audit: type=1802 audit(4294967347.470:8): pid=6342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.73" res=0 errno=0 [ 135.638738][ T6341] ima: policy update failed [ 135.666567][ T29] audit: type=1802 audit(4294967348.380:9): pid=6341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.73" res=0 errno=0 [ 137.231806][ T6373] input: jJǸ-9%vJ86 as /devices/virtual/input/input5 [ 139.324569][ T6405] Console: switching to colour VGA+ 80x25 [ 140.694459][ T6423] zswap: compressor not available [ 141.077508][ T6430] zswap: compressor not available [ 141.404164][ T6438] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 141.715749][ T6430] FAULT_INJECTION: forcing a failure. [ 141.715749][ T6430] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 141.756777][ T6430] CPU: 0 UID: 0 PID: 6430 Comm: syz.2.84 Not tainted syzkaller #0 PREEMPT(full) [ 141.756820][ T6430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 141.756840][ T6430] Call Trace: [ 141.756850][ T6430] [ 141.756862][ T6430] dump_stack_lvl+0x100/0x190 [ 141.756919][ T6430] should_fail_ex.cold+0x5/0xa [ 141.756959][ T6430] ? prepare_alloc_pages+0x16d/0x5f0 [ 141.757000][ T6430] should_fail_alloc_page+0xeb/0x140 [ 141.757036][ T6430] prepare_alloc_pages+0x1f0/0x5f0 [ 141.757080][ T6430] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 141.757131][ T6430] ? rcu_is_watching+0x12/0xc0 [ 141.757188][ T6430] ? __lock_acquire+0x4a5/0x2630 [ 141.757242][ T6430] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 141.757299][ T6430] ? do_raw_spin_lock+0x128/0x260 [ 141.757335][ T6430] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 141.757370][ T6430] ? find_held_lock+0x2b/0x80 [ 141.757400][ T6430] ? __lock_acquire+0x4a5/0x2630 [ 141.757433][ T6430] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 141.757476][ T6430] ? policy_nodemask+0xed/0x4f0 [ 141.757503][ T6430] alloc_pages_mpol+0x1fb/0x550 [ 141.757528][ T6430] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 141.757553][ T6430] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 141.757590][ T6430] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 141.757633][ T6430] folio_alloc_mpol_noprof+0x36/0x340 [ 141.757663][ T6430] shmem_alloc_folio+0x135/0x160 [ 141.757693][ T6430] shmem_alloc_and_add_folio+0x371/0xd40 [ 141.757735][ T6430] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 141.757774][ T6430] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 141.757816][ T6430] shmem_get_folio_gfp+0x6ab/0x1900 [ 141.757856][ T6430] ? find_held_lock+0x2b/0x80 [ 141.757877][ T6430] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 141.757915][ T6430] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 141.757952][ T6430] ? lockdep_hardirqs_on+0x78/0x100 [ 141.757983][ T6430] shmem_fault+0x1f9/0xa20 [ 141.758018][ T6430] ? __lock_acquire+0x4a5/0x2630 [ 141.758047][ T6430] ? __pfx_shmem_fault+0x10/0x10 [ 141.758084][ T6430] ? __up_read+0x2c5/0x700 [ 141.758129][ T6430] ? __pfx_filemap_map_pages+0x10/0x10 [ 141.758163][ T6430] __do_fault+0x10d/0x550 [ 141.758205][ T6430] ? __pfx_filemap_map_pages+0x10/0x10 [ 141.758267][ T6430] do_fault+0x2db/0x1950 [ 141.758310][ T6430] __handle_mm_fault+0x180f/0x2b60 [ 141.758368][ T6430] ? __pfx___handle_mm_fault+0x10/0x10 [ 141.758419][ T6430] ? pte_offset_map_lock+0x174/0x320 [ 141.758445][ T6430] ? find_held_lock+0x2b/0x80 [ 141.758501][ T6430] ? follow_page_pte+0x5b3/0x1400 [ 141.758545][ T6430] handle_mm_fault+0x36d/0xa20 [ 141.758595][ T6430] __get_user_pages+0xf9c/0x34d0 [ 141.758628][ T6430] ? down_read_killable+0x30e/0x4c0 [ 141.758663][ T6430] ? __pfx___get_user_pages+0x10/0x10 [ 141.758697][ T6430] faultin_page_range+0x1f1/0x9e0 [ 141.758731][ T6430] madvise_do_behavior+0x354/0x510 [ 141.758762][ T6430] ? __pfx_madvise_do_behavior+0x10/0x10 [ 141.758806][ T6430] do_madvise+0x195/0x240 [ 141.758832][ T6430] ? __pfx_do_madvise+0x10/0x10 [ 141.758859][ T6430] ? do_futex+0x192/0x350 [ 141.758916][ T6430] __x64_sys_madvise+0xa9/0x110 [ 141.758948][ T6430] ? lockdep_hardirqs_on+0x78/0x100 [ 141.758976][ T6430] do_syscall_64+0x106/0xf80 [ 141.759003][ T6430] ? clear_bhb_loop+0x40/0x90 [ 141.759033][ T6430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.759057][ T6430] RIP: 0033:0x7fd3f319c799 [ 141.759077][ T6430] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 141.759100][ T6430] RSP: 002b:00007fd3f40b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 141.759123][ T6430] RAX: ffffffffffffffda RBX: 00007fd3f3415fa0 RCX: 00007fd3f319c799 [ 141.759138][ T6430] RDX: 0000000000000017 RSI: 000000000000ca3d RDI: 0000000000000000 [ 141.759152][ T6430] RBP: 00007fd3f3232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 141.759167][ T6430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.759181][ T6430] R13: 00007fd3f3416038 R14: 00007fd3f3415fa0 R15: 00007ffdb595def8 [ 141.759211][ T6430] [ 142.795332][ T6444] netlink: 28 bytes leftover after parsing attributes in process `syz.0.86'. [ 146.613574][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 146.620036][ T6472] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 146.805473][ T6472] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 146.826235][ T6472] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 146.842547][ T6472] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 147.245585][ T6503] device-mapper: ioctl: Unable to rename non-existent device,  to [ 147.450528][ T6508] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 147.505727][ T6508] netlink: 28 bytes leftover after parsing attributes in process `syz.2.98'. [ 147.546220][ T6508] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 147.572362][ T6508] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 147.585036][ T6508] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 147.604346][ T6508] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.142814][ T29] audit: type=1326 audit(4294967360.850:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.2.99" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd3f319c799 code=0x0 [ 148.325071][ T6513] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 148.325071][ T6513] The task syz.2.99 (6513) triggered the difference, watch for misbehavior. [ 148.694350][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 148.744748][ T6522] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 148.826405][ T6522] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 148.854344][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 148.854361][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 148.893680][ T6522] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 148.945474][ T6522] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 149.181563][ T29] audit: type=1400 audit(4294967361.890:11): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=6529 comm="syz.2.103" [ 149.685609][ T6536] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 149.694406][ T6536] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 150.039729][ T6527] vivid-007: ================= START STATUS ================= [ 150.075076][ T6527] vivid-007: Generate PTS: true [ 150.085796][ T6527] vivid-007: Generate SCR: true [ 150.156319][ T6527] tpg source WxH: 320x240 (Y'CbCr) [ 150.172386][ T6527] tpg field: 1 [ 150.176997][ T6527] tpg crop: (0,0)/320x240 [ 150.312189][ T6527] tpg compose: (0,0)/320x240 [ 150.343453][ T6527] tpg colorspace: 8 [ 150.347330][ T6527] tpg transfer function: 0/0 [ 150.362499][ T6527] tpg Y'CbCr encoding: 0/0 [ 150.386323][ T6527] tpg quantization: 0/0 [ 150.398268][ T6527] tpg RGB range: 0/2 [ 150.403114][ T6527] vivid-007: ================== END STATUS ================== [ 150.773818][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 150.853491][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 150.933932][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 151.016007][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 151.220222][ T5834] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 151.484049][ T6554] FAULT_INJECTION: forcing a failure. [ 151.484049][ T6554] name failslab, interval 1, probability 0, space 0, times 0 [ 151.535409][ T6554] CPU: 0 UID: 0 PID: 6554 Comm: syz.2.106 Not tainted syzkaller #0 PREEMPT(full) [ 151.535453][ T6554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 151.535480][ T6554] Call Trace: [ 151.535490][ T6554] [ 151.535503][ T6554] dump_stack_lvl+0x100/0x190 [ 151.535559][ T6554] should_fail_ex.cold+0x5/0xa [ 151.535598][ T6554] should_failslab+0xc2/0x120 [ 151.535632][ T6554] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 151.535681][ T6554] ? alloc_empty_file+0x55/0x1c0 [ 151.535729][ T6554] alloc_empty_file+0x55/0x1c0 [ 151.535771][ T6554] alloc_file_pseudo+0x13a/0x230 [ 151.535814][ T6554] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 151.535856][ T6554] ? tipc_sk_finish_conn+0x600/0x7a0 [ 151.535920][ T6554] sock_alloc_file+0x50/0x210 [ 151.535969][ T6554] __sys_socketpair+0x353/0x5b0 [ 151.536026][ T6554] ? __pfx___sys_socketpair+0x10/0x10 [ 151.536082][ T6554] ? xfd_validate_state+0x129/0x190 [ 151.536140][ T6554] __x64_sys_socketpair+0x96/0x100 [ 151.536189][ T6554] ? lockdep_hardirqs_on+0x78/0x100 [ 151.536226][ T6554] do_syscall_64+0x106/0xf80 [ 151.536264][ T6554] ? clear_bhb_loop+0x40/0x90 [ 151.536307][ T6554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.536341][ T6554] RIP: 0033:0x7fd3f319c799 [ 151.536367][ T6554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 151.536400][ T6554] RSP: 002b:00007fd3f4091028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 151.536430][ T6554] RAX: ffffffffffffffda RBX: 00007fd3f3416090 RCX: 00007fd3f319c799 [ 151.536452][ T6554] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 151.536479][ T6554] RBP: 00007fd3f3232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 151.536499][ T6554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 151.536519][ T6554] R13: 00007fd3f3416128 R14: 00007fd3f3416090 R15: 00007ffdb595def8 [ 151.536562][ T6554] [ 152.022403][ T6567] input: f as /devices/virtual/input/input7 [ 152.158754][ T6567] zram: Removed device: zram0 [ 154.696275][ T5834] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 154.704166][ T5834] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 156.644479][ T6607] syz.1.116 uses obsolete (PF_INET,SOCK_PACKET) [ 160.509887][ T6646] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 160.517764][ T6646] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 160.548235][ T6646] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 160.568492][ T6646] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 160.774016][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 161.387583][ T6686] blktrace: Concurrent blktraces are not allowed on loop2 [ 161.892113][ T6691] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 162.533832][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 162.615020][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 162.621186][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 163.326269][ T6702] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 163.332963][ T6702] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 163.346460][ T6702] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 163.384870][ T6702] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 165.333448][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 165.413475][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.419722][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 165.454224][ T6721] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 165.478770][ T6721] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 165.501412][ T6721] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 165.534223][ T6721] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 166.134506][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 166.198412][ T6751] usb usb15: usbfs: interface 0 claimed by hub while 'syz.3.142' sets config #0 [ 167.011696][ T6762] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 167.166830][ T6762] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 167.182630][ T6762] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 167.191976][ T6762] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 167.214927][ T6762] raw: 0000000000000000 0000000000000000 00000008ffffffff 0000000000000000 [ 167.289127][ T6762] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 167.393602][ T6762] head: 0000000000000000 0000000000000000 00000008ffffffff 0000000000000000 [ 167.402417][ T6762] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 167.493490][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 167.523762][ T6762] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 167.559675][ T6762] page dumped because: unmovable page [ 167.575439][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout [ 167.581535][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.589360][ T6762] page_owner tracks the page as allocated [ 167.630328][ T6762] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5685, tgid 5685 (dhcpcd-run-hook), ts 76781254441, free_ts 76776455966 [ 167.715043][ T6762] post_alloc_hook+0x153/0x170 [ 167.720819][ T6762] get_page_from_freelist+0x111d/0x3140 [ 167.759165][ T6762] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 167.776208][ T6762] alloc_pages_mpol+0x1fb/0x550 [ 167.781201][ T6762] alloc_pages_noprof+0x131/0x390 [ 167.866149][ T6762] skb_page_frag_refill+0x365/0x5b0 [ 167.876287][ T6762] try_fill_recv+0x7f1/0x2950 [ 167.881106][ T6762] virtnet_poll+0x1502/0x3a70 [ 167.943931][ T6762] __napi_poll.constprop.0+0xaf/0x450 [ 167.965806][ T6762] net_rx_action+0xa40/0xf20 [ 167.972041][ T6762] handle_softirqs+0x1eb/0x9e0 [ 167.990587][ T6762] __irq_exit_rcu+0xef/0x150 [ 168.010943][ T6762] irq_exit_rcu+0x9/0x30 [ 168.033389][ T6762] common_interrupt+0xbe/0xe0 [ 168.038272][ T6762] asm_common_interrupt+0x26/0x40 [ 168.063818][ T6762] page last free pid 23 tgid 23 stack trace: [ 168.069909][ T6762] __free_frozen_pages+0x7e1/0x10d0 [ 168.093542][ T6762] __folio_put+0x3b4/0x540 [ 168.098078][ T6762] skb_release_data+0x667/0x9d0 [ 168.109599][ T6762] napi_consume_skb+0x1f6/0x320 [ 168.121948][ T6762] skb_defer_free_flush+0x1f1/0x290 [ 168.142309][ T6762] net_rx_action+0x3ca/0xf20 [ 168.152420][ T6762] handle_softirqs+0x1eb/0x9e0 [ 168.173433][ T6762] run_ksoftirqd+0x38/0x60 [ 168.178636][ T6762] smpboot_thread_fn+0x3d3/0xaa0 [ 168.203811][ T6762] kthread+0x370/0x450 [ 168.211186][ T6762] ret_from_fork+0x754/0xd80 [ 168.235946][ T6762] ret_from_fork_asm+0x1a/0x30 [ 169.413697][ T5834] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 169.704595][ T6790] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 169.730055][ T6790] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 169.826597][ T6790] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 169.923170][ T6790] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 171.813453][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 171.813503][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.893747][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.974598][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.555941][ T6825] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 173.579650][ T6825] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 173.596366][ T6825] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 173.613582][ T6825] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 174.054250][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 174.304550][ T6851] mkiss: ax0: crc mode is auto. [ 174.549409][ T6855] Invalid ELF header magic: != ELF [ 175.336519][ T6860] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 175.356387][ T6860] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 175.373530][ T6860] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 175.393814][ T6860] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 177.446092][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 177.452181][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 177.458323][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 177.464399][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 177.537950][ T6881] FAULT_INJECTION: forcing a failure. [ 177.537950][ T6881] name failslab, interval 1, probability 0, space 0, times 0 [ 177.559256][ T6881] CPU: 0 UID: 0 PID: 6881 Comm: syz.3.164 Not tainted syzkaller #0 PREEMPT(full) [ 177.559287][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 177.559302][ T6881] Call Trace: [ 177.559309][ T6881] [ 177.559318][ T6881] dump_stack_lvl+0x100/0x190 [ 177.559359][ T6881] should_fail_ex.cold+0x5/0xa [ 177.559387][ T6881] should_failslab+0xc2/0x120 [ 177.559415][ T6881] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 177.559450][ T6881] ? security_inode_alloc+0x3b/0x2c0 [ 177.559486][ T6881] ? lockdep_init_map_type+0x5c/0x250 [ 177.559530][ T6881] security_inode_alloc+0x3b/0x2c0 [ 177.559567][ T6881] inode_init_always_gfp+0xced/0x1040 [ 177.559612][ T6881] alloc_inode+0x8e/0x250 [ 177.559643][ T6881] new_inode+0x22/0x1c0 [ 177.559676][ T6881] shmem_get_inode+0x212/0x1040 [ 177.559710][ T6881] ? __pfx_shmem_get_inode+0x10/0x10 [ 177.559740][ T6881] ? rcu_is_watching+0x12/0xc0 [ 177.559774][ T6881] ? percpu_counter_add_batch+0xb9/0x230 [ 177.559822][ T6881] __shmem_file_setup+0x3ac/0x490 [ 177.559860][ T6881] ? __pfx___shmem_file_setup+0x10/0x10 [ 177.559898][ T6881] ? vm_area_alloc+0x1f/0x160 [ 177.559933][ T6881] shmem_zero_setup+0x96/0x1b0 [ 177.559972][ T6881] __mmap_region+0x2198/0x29e0 [ 177.560011][ T6881] ? __pfx___mmap_region+0x10/0x10 [ 177.560042][ T6881] ? process_measurement+0x1f4/0x2350 [ 177.560090][ T6881] ? __lock_acquire+0x4a5/0x2630 [ 177.560133][ T6881] ? find_held_lock+0x2b/0x80 [ 177.560153][ T6881] ? finish_task_switch.isra.0+0x200/0xb80 [ 177.560178][ T6881] ? finish_task_switch.isra.0+0x200/0xb80 [ 177.560214][ T6881] ? trace_sched_exit_tp+0x13a/0x180 [ 177.560242][ T6881] ? __schedule+0x1000/0x6120 [ 177.560303][ T6881] ? rcu_is_watching+0x12/0xc0 [ 177.560339][ T6881] ? cap_capable+0x107/0x460 [ 177.560375][ T6881] mmap_region+0x180/0x3e0 [ 177.560415][ T6881] do_mmap+0xc63/0x12f0 [ 177.560446][ T6881] ? __pfx_do_mmap+0x10/0x10 [ 177.560471][ T6881] ? __pfx_down_write_killable+0x10/0x10 [ 177.560515][ T6881] vm_mmap_pgoff+0x29e/0x470 [ 177.560547][ T6881] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 177.560575][ T6881] ? do_futex+0x192/0x350 [ 177.560607][ T6881] ? __pfx_do_futex+0x10/0x10 [ 177.560642][ T6881] ksys_mmap_pgoff+0xe1/0x650 [ 177.560670][ T6881] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 177.560695][ T6881] ? xfd_validate_state+0x129/0x190 [ 177.560735][ T6881] __x64_sys_mmap+0x125/0x190 [ 177.560773][ T6881] do_syscall_64+0x106/0xf80 [ 177.560800][ T6881] ? clear_bhb_loop+0x40/0x90 [ 177.560829][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.560853][ T6881] RIP: 0033:0x7f1a1079c799 [ 177.560873][ T6881] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.560896][ T6881] RSP: 002b:00007f1a11678028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 177.560918][ T6881] RAX: ffffffffffffffda RBX: 00007f1a10a16090 RCX: 00007f1a1079c799 [ 177.560934][ T6881] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 177.560948][ T6881] RBP: 00007f1a10832bd9 R08: fffffffffffffffa R09: 0000000000008000 [ 177.560963][ T6881] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 177.560977][ T6881] R13: 00007f1a10a16128 R14: 00007f1a10a16090 R15: 00007ffd9e17e808 [ 177.561008][ T6881] [ 179.105421][ T6900] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 181.506101][ T6928] smpboot: CPU 1 is now offline [ 181.596302][ T6928] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 182.769265][ T6930] kexec: Could not allocate control_code_buffer [ 184.504682][ T6969] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 185.495456][ T29] audit: type=1800 audit(4294967349.980:12): pid=6981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.187" name="dbroot" dev="configfs" ino=13472 res=0 errno=0 [ 185.856166][ T5834] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 185.908515][ T6981] tipc: Started in network mode [ 185.960523][ T6981] tipc: Node identity ffffffff, cluster identity 4711 [ 186.013768][ T6981] tipc: Node number set to 4294967295 [ 186.136412][ T6960] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 186.660131][ T6964] udc dummy_udc.0: soft-connect without a gadget driver [ 187.803803][ T7009] netlink: 342 bytes leftover after parsing attributes in process `syz.3.190'. [ 188.497409][ T7014] netlink: 4 bytes leftover after parsing attributes in process `syz.2.193'. [ 188.552590][ T7014] netlink: 'syz.2.193': attribute type 1 has an invalid length. [ 188.584303][ T7014] netlink: 'syz.2.193': attribute type 6 has an invalid length. syzkaller syzkaller login: [ 192.988224][ T29] audit: type=1800 audit(4294967357.470:13): pid=7055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.202" name="features" dev="configfs" ino=14108 res=0 errno=0 [ 193.049906][ T7056] Setting dangerous option i915.mitigations - tainting kernel [ 193.819047][ T7087] FAULT_INJECTION: forcing a failure. [ 193.819047][ T7087] name failslab, interval 1, probability 0, space 0, times 0 [ 193.983732][ T7087] CPU: 0 UID: 0 PID: 7087 Comm: syz.0.206 Tainted: G U L syzkaller #0 PREEMPT(full) [ 193.983781][ T7087] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 193.983790][ T7087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 193.983804][ T7087] Call Trace: [ 193.983813][ T7087] [ 193.983822][ T7087] dump_stack_lvl+0x100/0x190 [ 193.983863][ T7087] should_fail_ex.cold+0x5/0xa [ 193.983891][ T7087] should_failslab+0xc2/0x120 [ 193.983915][ T7087] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 193.983950][ T7087] ? __proc_create+0x2cb/0x8c0 [ 193.983993][ T7087] __proc_create+0x2cb/0x8c0 [ 193.984031][ T7087] ? __pfx___proc_create+0x10/0x10 [ 193.984080][ T7087] _proc_mkdir+0xb9/0x210 [ 193.984119][ T7087] ? __pfx__proc_mkdir+0x10/0x10 [ 193.984156][ T7087] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 193.984198][ T7087] ? __pfx_netfilter_net_init+0x10/0x10 [ 193.984227][ T7087] netfilter_net_init+0x37b/0x4a0 [ 193.984254][ T7087] ? sysctl_net_init+0x27/0x30 [ 193.984284][ T7087] ops_init+0x1e2/0x5f0 [ 193.984316][ T7087] setup_net+0x118/0x3a0 [ 193.984346][ T7087] ? __pfx_setup_net+0x10/0x10 [ 193.984373][ T7087] ? lockdep_init_map_type+0x5c/0x250 [ 193.984406][ T7087] ? mutex_init_lockep+0x110/0x150 [ 193.984442][ T7087] copy_net_ns+0x46f/0x7c0 [ 193.984478][ T7087] create_new_namespaces+0x3ea/0xac0 [ 193.984509][ T7087] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 193.984537][ T7087] ksys_unshare+0x473/0xad0 [ 193.984569][ T7087] ? __pfx_ksys_unshare+0x10/0x10 [ 193.984610][ T7087] __x64_sys_unshare+0x31/0x40 [ 193.984639][ T7087] do_syscall_64+0x106/0xf80 [ 193.984685][ T7087] ? clear_bhb_loop+0x40/0x90 [ 193.984715][ T7087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.984739][ T7087] RIP: 0033:0x7fd2d7b9c799 [ 193.984759][ T7087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.984786][ T7087] RSP: 002b:00007fd2d8a8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 193.984808][ T7087] RAX: ffffffffffffffda RBX: 00007fd2d7e15fa0 RCX: 00007fd2d7b9c799 [ 193.984824][ T7087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 193.984838][ T7087] RBP: 00007fd2d7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 193.984852][ T7087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.984866][ T7087] R13: 00007fd2d7e16038 R14: 00007fd2d7e15fa0 R15: 00007fff425564f8 [ 193.984896][ T7087] [ 193.984906][ T7087] cannot create netfilter proc entry [ 194.518500][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.530342][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.492765][ T7105] FAULT_INJECTION: forcing a failure. [ 195.492765][ T7105] name failslab, interval 1, probability 0, space 0, times 0 [ 195.586600][ T7105] CPU: 0 UID: 0 PID: 7105 Comm: syz.1.209 Tainted: G U L syzkaller #0 PREEMPT(full) [ 195.586646][ T7105] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 195.586655][ T7105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 195.586669][ T7105] Call Trace: [ 195.586676][ T7105] [ 195.586685][ T7105] dump_stack_lvl+0x100/0x190 [ 195.586726][ T7105] should_fail_ex.cold+0x5/0xa [ 195.586754][ T7105] should_failslab+0xc2/0x120 [ 195.586778][ T7105] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 195.586814][ T7105] ? alloc_inode+0x68/0x250 [ 195.586846][ T7105] ? simple_start_creating+0xb0/0x110 [ 195.586884][ T7105] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 195.586920][ T7105] alloc_inode+0x68/0x250 [ 195.586951][ T7105] new_inode+0x22/0x1c0 [ 195.586984][ T7105] __debugfs_create_file+0x105/0x4f0 [ 195.587025][ T7105] debugfs_create_file_full+0x41/0x60 [ 195.587065][ T7105] kvm_dev_ioctl+0x1491/0x1a50 [ 195.587103][ T7105] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 195.587140][ T7105] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 195.587169][ T7105] __x64_sys_ioctl+0x18e/0x210 [ 195.587205][ T7105] do_syscall_64+0x106/0xf80 [ 195.587232][ T7105] ? clear_bhb_loop+0x40/0x90 [ 195.587261][ T7105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.587288][ T7105] RIP: 0033:0x7f51d779c799 [ 195.587307][ T7105] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 195.587329][ T7105] RSP: 002b:00007f51d85eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 195.587351][ T7105] RAX: ffffffffffffffda RBX: 00007f51d7a15fa0 RCX: 00007f51d779c799 [ 195.587367][ T7105] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 195.587381][ T7105] RBP: 00007f51d7832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 195.587395][ T7105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.587409][ T7105] R13: 00007f51d7a16038 R14: 00007f51d7a15fa0 R15: 00007fff47cb41d8 [ 195.587440][ T7105] [ 195.587471][ T7105] debugfs: out of free dentries, can not create file 'mmu_shadow_zapped' [ 196.868219][ T7113] [U] [ 196.871275][ T7113] [U] [ 196.874083][ T7113] [U] [ 196.876812][ T7113] [U] [ 196.896335][ T7116] netlink: 4 bytes leftover after parsing attributes in process `syz.0.212'. [ 196.979156][ T7116] netlink: 354 bytes leftover after parsing attributes in process `syz.0.212'. [ 196.989240][ T7113] [U] [ 196.992010][ T7113] [U] [ 196.994825][ T7113] [U] [ 196.997544][ T7113] [U] [ 197.092697][ T7113] [U] [ 197.095444][ T7113] [U] [ 197.098164][ T7113] [U] [ 197.100885][ T7113] [U] [ 197.170134][ T7113] [U] [ 197.172887][ T7113] [U] [ 197.175609][ T7113] [U] [ 197.178317][ T7113] [U] [ 197.224500][ T7113] [U] [ 202.768985][ T7200] FAULT_INJECTION: forcing a failure. [ 202.768985][ T7200] name fail_futex, interval 1, probability 0, space 0, times 0 [ 202.854509][ T10] Process accounting resumed [ 202.999382][ T7200] CPU: 0 UID: 0 PID: 7200 Comm: syz.0.225 Tainted: G U L syzkaller #0 PREEMPT(full) [ 202.999423][ T7200] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 202.999432][ T7200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 202.999446][ T7200] Call Trace: [ 202.999454][ T7200] [ 202.999463][ T7200] dump_stack_lvl+0x100/0x190 [ 202.999505][ T7200] should_fail_ex.cold+0x5/0xa [ 202.999533][ T7200] get_futex_key+0x1d2/0x1620 [ 202.999565][ T7200] ? __pfx_get_futex_key+0x10/0x10 [ 202.999603][ T7200] futex_wake+0xea/0x530 [ 202.999641][ T7200] ? __pfx_futex_wake+0x10/0x10 [ 202.999680][ T7200] ? putname+0xb1/0x110 [ 202.999703][ T7200] ? kmem_cache_free+0x124/0x6a0 [ 202.999733][ T7200] ? do_sys_openat2+0x1b4/0x1e0 [ 202.999768][ T7200] do_futex+0x32b/0x350 [ 202.999804][ T7200] ? __pfx_do_futex+0x10/0x10 [ 202.999833][ T7200] ? __pfx_do_sys_openat2+0x10/0x10 [ 202.999879][ T7200] __x64_sys_futex+0x34f/0x4d0 [ 202.999911][ T7200] ? __x64_sys_openat+0x12d/0x210 [ 202.999943][ T7200] ? __pfx___x64_sys_futex+0x10/0x10 [ 202.999986][ T7200] do_syscall_64+0x106/0xf80 [ 203.000013][ T7200] ? clear_bhb_loop+0x40/0x90 [ 203.000043][ T7200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.000067][ T7200] RIP: 0033:0x7fd2d7b9c799 [ 203.000086][ T7200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 203.000109][ T7200] RSP: 002b:00007fd2d8a8d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 203.000131][ T7200] RAX: ffffffffffffffda RBX: 00007fd2d7e15fa8 RCX: 00007fd2d7b9c799 [ 203.000146][ T7200] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd2d7e15fac [ 203.000160][ T7200] RBP: 00007fd2d7e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 203.000174][ T7200] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 203.000189][ T7200] R13: 00007fd2d7e16038 R14: 00007fff42556410 R15: 00007fff425564f8 [ 203.000218][ T7200] [ 205.190240][ T7224] sg_write: data in/out 220/90 bytes for SCSI command 0x0-- guessing data in; [ 205.190240][ T7224] program syz.2.229 not setting count and/or reply_len properly [ 207.827215][ T7249] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 208.009698][ T7249] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 208.232119][ T7249] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 208.350768][ T7259] overlayfs: missing 'lowerdir' [ 208.448513][ T7249] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 208.489434][ T7249] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 208.685627][ T7261] mmap: syz.2.233 (7261) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 209.893419][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 210.058254][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 210.082192][ T7258] NFSD: Failed to start, no listeners configured. [ 210.454015][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 210.533415][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 212.136462][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 214.200192][ T7291] FAULT_INJECTION: forcing a failure. [ 214.200192][ T7291] name failslab, interval 1, probability 0, space 0, times 0 [ 214.401045][ T7291] CPU: 0 UID: 0 PID: 7291 Comm: syz.0.241 Tainted: G U L syzkaller #0 PREEMPT(full) [ 214.401087][ T7291] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 214.401096][ T7291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 214.401120][ T7291] Call Trace: [ 214.401128][ T7291] [ 214.401137][ T7291] dump_stack_lvl+0x100/0x190 [ 214.401178][ T7291] should_fail_ex.cold+0x5/0xa [ 214.401205][ T7291] should_failslab+0xc2/0x120 [ 214.401229][ T7291] __kmalloc_cache_noprof+0x7a/0x6f0 [ 214.401260][ T7291] ? kvm_dev_ioctl+0xa8d/0x1a50 [ 214.401292][ T7291] kvm_dev_ioctl+0xa8d/0x1a50 [ 214.401324][ T7291] ? find_held_lock+0x2b/0x80 [ 214.401345][ T7291] ? __fget_files+0x215/0x3d0 [ 214.401382][ T7291] ? hook_file_ioctl_common+0x146/0x410 [ 214.401421][ T7291] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 214.401451][ T7291] ? __fget_files+0x21f/0x3d0 [ 214.401493][ T7291] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 214.401521][ T7291] __x64_sys_ioctl+0x18e/0x210 [ 214.401558][ T7291] do_syscall_64+0x106/0xf80 [ 214.401584][ T7291] ? clear_bhb_loop+0x40/0x90 [ 214.401613][ T7291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.401638][ T7291] RIP: 0033:0x7fd2d7b9c799 [ 214.401658][ T7291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 214.401680][ T7291] RSP: 002b:00007fd2d8a8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 214.401702][ T7291] RAX: ffffffffffffffda RBX: 00007fd2d7e15fa0 RCX: 00007fd2d7b9c799 [ 214.401718][ T7291] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 214.401732][ T7291] RBP: 00007fd2d7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 214.401746][ T7291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 214.401760][ T7291] R13: 00007fd2d7e16038 R14: 00007fd2d7e15fa0 R15: 00007fff425564f8 [ 214.401790][ T7291] [ 216.377619][ T7300] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 216.421069][ T7300] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 216.492104][ T7300] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 216.593413][ T7300] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 217.202873][ T7315] sg_write: process 252 (syz.0.247) changed security contexts after opening file descriptor, this is not allowed. [ 217.515957][ T7314] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 217.621284][ T7314] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 217.740822][ T7314] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 217.798742][ T7314] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 219.153573][ T7332] ================================================================== [ 219.153606][ T7332] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 219.153654][ T7332] Read of size 256 at addr ffff88802a7ebf60 by task syz.0.249/7332 [ 219.153674][ T7332] [ 219.153688][ T7332] CPU: 0 UID: 0 PID: 7332 Comm: syz.0.249 Tainted: G U L syzkaller #0 PREEMPT(full) [ 219.153723][ T7332] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 219.153732][ T7332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 219.153746][ T7332] Call Trace: [ 219.153754][ T7332] [ 219.153763][ T7332] dump_stack_lvl+0x100/0x190 [ 219.153798][ T7332] print_report+0x156/0x4c9 [ 219.153833][ T7332] ? __virt_addr_valid+0x81/0x620 [ 219.153863][ T7332] ? __phys_addr+0xe8/0x180 [ 219.153893][ T7332] ? fbcon_prepare_logo+0x94e/0xc60 [ 219.153927][ T7332] kasan_report+0xdf/0x1e0 [ 219.153952][ T7332] ? fbcon_prepare_logo+0x94e/0xc60 [ 219.153991][ T7332] kasan_check_range+0x10f/0x1e0 [ 219.154019][ T7332] __asan_memcpy+0x23/0x60 [ 219.154058][ T7332] fbcon_prepare_logo+0x94e/0xc60 [ 219.154100][ T7332] fbcon_init+0x10a0/0x1820 [ 219.154140][ T7332] visual_init+0x320/0x620 [ 219.154179][ T7332] do_bind_con_driver.isra.0+0x636/0x9c0 [ 219.154210][ T7332] store_bind+0x609/0x730 [ 219.154238][ T7332] ? __pfx_store_bind+0x10/0x10 [ 219.154263][ T7332] dev_attr_store+0x58/0x80 [ 219.154299][ T7332] ? __pfx_dev_attr_store+0x10/0x10 [ 219.154336][ T7332] sysfs_kf_write+0xf2/0x150 [ 219.154365][ T7332] kernfs_fop_write_iter+0x3e0/0x5f0 [ 219.154388][ T7332] ? __pfx_sysfs_kf_write+0x10/0x10 [ 219.154417][ T7332] iter_file_splice_write+0x830/0x10a0 [ 219.154448][ T7332] ? __pfx_iter_file_splice_write+0x10/0x10 [ 219.154491][ T7332] ? __pfx_copy_splice_read+0x10/0x10 [ 219.154538][ T7332] ? __pfx_iter_file_splice_write+0x10/0x10 [ 219.154580][ T7332] direct_splice_actor+0x192/0x6c0 [ 219.154620][ T7332] splice_direct_to_actor+0x345/0xa30 [ 219.154659][ T7332] ? __pfx_direct_splice_actor+0x10/0x10 [ 219.154701][ T7332] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 219.154744][ T7332] do_splice_direct+0x174/0x240 [ 219.154783][ T7332] ? __pfx_do_splice_direct+0x10/0x10 [ 219.154831][ T7332] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 219.154871][ T7332] ? rw_verify_area+0xce/0x6d0 [ 219.154907][ T7332] do_sendfile+0xadc/0xe20 [ 219.154944][ T7332] ? __pfx_do_sendfile+0x10/0x10 [ 219.154982][ T7332] ? __x64_sys_futex+0x34f/0x4d0 [ 219.155012][ T7332] ? __x64_sys_futex+0x358/0x4d0 [ 219.155049][ T7332] __x64_sys_sendfile64+0x1d8/0x220 [ 219.155075][ T7332] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 219.155106][ T7332] do_syscall_64+0x106/0xf80 [ 219.155132][ T7332] ? clear_bhb_loop+0x40/0x90 [ 219.155160][ T7332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.155184][ T7332] RIP: 0033:0x7fd2d7b9c799 [ 219.155203][ T7332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.155226][ T7332] RSP: 002b:00007fd2d8a4b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 219.155248][ T7332] RAX: ffffffffffffffda RBX: 00007fd2d7e16180 RCX: 00007fd2d7b9c799 [ 219.155265][ T7332] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000000007 [ 219.155282][ T7332] RBP: 00007fd2d7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 219.155297][ T7332] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 219.155311][ T7332] R13: 00007fd2d7e16218 R14: 00007fd2d7e16180 R15: 00007fff425564f8 [ 219.155335][ T7332] [ 219.155343][ T7332] [ 219.155349][ T7332] The buggy address belongs to the physical page: [ 219.155359][ T7332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802a7e9f80 pfn:0x2a7e8 [ 219.155381][ T7332] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 219.155400][ T7332] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 219.155420][ T7332] page_type: f8(unknown) [ 219.155440][ T7332] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 219.155461][ T7332] raw: ffff88802a7e9f80 0000000000000000 00000000f8000000 0000000000000000 [ 219.155482][ T7332] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 219.155504][ T7332] head: ffff88802a7e9f80 0000000000000000 00000000f8000000 0000000000000000 [ 219.155525][ T7332] head: 00fff00000000002 ffffea0000a9fa01 00000000ffffffff 00000000ffffffff [ 219.155546][ T7332] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 219.155559][ T7332] page dumped because: kasan: bad access detected [ 219.155570][ T7332] page_owner tracks the page as allocated [ 219.155578][ T7332] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x140dc0(GFP_USER|__GFP_ZERO|__GFP_COMP), pid 7332, tgid 7325 (syz.0.249), ts 219074504233, free_ts 189185244023 [ 219.155615][ T7332] post_alloc_hook+0x153/0x170 [ 219.155645][ T7332] get_page_from_freelist+0x111d/0x3140 [ 219.155678][ T7332] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 219.155711][ T7332] alloc_pages_mpol+0x1fb/0x550 [ 219.155732][ T7332] ___kmalloc_large_node+0x104/0x150 [ 219.155756][ T7332] __kmalloc_large_node_noprof+0x1c/0x70 [ 219.155781][ T7332] __kmalloc_noprof+0x5be/0x850 [ 219.155813][ T7332] vc_do_resize+0x1da/0x10f0 [ 219.155836][ T7332] fbcon_init+0x10ba/0x1820 [ 219.155868][ T7332] visual_init+0x320/0x620 [ 219.155903][ T7332] do_bind_con_driver.isra.0+0x636/0x9c0 [ 219.155927][ T7332] store_bind+0x609/0x730 [ 219.155949][ T7332] dev_attr_store+0x58/0x80 [ 219.155984][ T7332] sysfs_kf_write+0xf2/0x150 [ 219.156009][ T7332] kernfs_fop_write_iter+0x3e0/0x5f0 [ 219.156040][ T7332] iter_file_splice_write+0x830/0x10a0 [ 219.156060][ T7332] page last free pid 5837 tgid 5837 stack trace: [ 219.156073][ T7332] __free_frozen_pages+0x7e1/0x10d0 [ 219.156099][ T7332] qlist_free_all+0x47/0xe0 [ 219.156132][ T7332] kasan_quarantine_reduce+0x1a0/0x1f0 [ 219.156166][ T7332] __kasan_slab_alloc+0x69/0x90 [ 219.156202][ T7332] kmem_cache_alloc_noprof+0x241/0x6e0 [ 219.156235][ T7332] do_getname+0x35/0x390 [ 219.156260][ T7332] __x64_sys_unlink+0x36/0x70 [ 219.156283][ T7332] do_syscall_64+0x106/0xf80 [ 219.156308][ T7332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.156331][ T7332] [ 219.156336][ T7332] Memory state around the buggy address: [ 219.156348][ T7332] ffff88802a7ebe00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 219.156364][ T7332] ffff88802a7ebe80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 219.156380][ T7332] >ffff88802a7ebf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 219.156393][ T7332] ^ [ 219.156406][ T7332] ffff88802a7ebf80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 219.156423][ T7332] ffff88802a7ec000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.156436][ T7332] ================================================================== [ 219.387042][ T7332] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 219.387068][ T7332] CPU: 0 UID: 0 PID: 7332 Comm: syz.0.249 Tainted: G U L syzkaller #0 PREEMPT(full) [ 219.387105][ T7332] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 219.387115][ T7332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 219.387136][ T7332] Call Trace: [ 219.387144][ T7332] [ 219.387153][ T7332] dump_stack_lvl+0x100/0x190 [ 219.387193][ T7332] vpanic+0x552/0x970 [ 219.387216][ T7332] ? __pfx_vpanic+0x10/0x10 [ 219.387255][ T7332] ? fbcon_prepare_logo+0x94e/0xc60 [ 219.387291][ T7332] panic+0xd1/0xe0 [ 219.387313][ T7332] ? __pfx_panic+0x10/0x10 [ 219.387336][ T7332] ? fbcon_prepare_logo+0x94e/0xc60 [ 219.387372][ T7332] ? preempt_schedule_common+0x42/0xc0 [ 219.387403][ T7332] check_panic_on_warn.cold+0x19/0x34 [ 219.387429][ T7332] end_report.part.0+0x3a/0x90 [ 219.387462][ T7332] kasan_report.cold+0xe/0x18 [ 219.387497][ T7332] ? fbcon_prepare_logo+0x94e/0xc60 [ 219.387538][ T7332] kasan_check_range+0x10f/0x1e0 [ 219.387567][ T7332] __asan_memcpy+0x23/0x60 [ 219.387599][ T7332] fbcon_prepare_logo+0x94e/0xc60 [ 219.387644][ T7332] fbcon_init+0x10a0/0x1820 [ 219.387684][ T7332] visual_init+0x320/0x620 [ 219.387723][ T7332] do_bind_con_driver.isra.0+0x636/0x9c0 [ 219.387754][ T7332] store_bind+0x609/0x730 [ 219.387781][ T7332] ? __pfx_store_bind+0x10/0x10 [ 219.387806][ T7332] dev_attr_store+0x58/0x80 [ 219.387842][ T7332] ? __pfx_dev_attr_store+0x10/0x10 [ 219.387878][ T7332] sysfs_kf_write+0xf2/0x150 [ 219.387907][ T7332] kernfs_fop_write_iter+0x3e0/0x5f0 [ 219.387929][ T7332] ? __pfx_sysfs_kf_write+0x10/0x10 [ 219.387958][ T7332] iter_file_splice_write+0x830/0x10a0 [ 219.387988][ T7332] ? __pfx_iter_file_splice_write+0x10/0x10 [ 219.388030][ T7332] ? __pfx_copy_splice_read+0x10/0x10 [ 219.388076][ T7332] ? __pfx_iter_file_splice_write+0x10/0x10 [ 219.388115][ T7332] direct_splice_actor+0x192/0x6c0 [ 219.388160][ T7332] splice_direct_to_actor+0x345/0xa30 [ 219.388199][ T7332] ? __pfx_direct_splice_actor+0x10/0x10 [ 219.388240][ T7332] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 219.388283][ T7332] do_splice_direct+0x174/0x240 [ 219.388321][ T7332] ? __pfx_do_splice_direct+0x10/0x10 [ 219.388360][ T7332] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 219.388399][ T7332] ? rw_verify_area+0xce/0x6d0 [ 219.388433][ T7332] do_sendfile+0xadc/0xe20 [ 219.388470][ T7332] ? __pfx_do_sendfile+0x10/0x10 [ 219.388507][ T7332] ? __x64_sys_futex+0x34f/0x4d0 [ 219.388536][ T7332] ? __x64_sys_futex+0x358/0x4d0 [ 219.388567][ T7332] __x64_sys_sendfile64+0x1d8/0x220 [ 219.388593][ T7332] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 219.388623][ T7332] do_syscall_64+0x106/0xf80 [ 219.388652][ T7332] ? clear_bhb_loop+0x40/0x90 [ 219.388679][ T7332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.388703][ T7332] RIP: 0033:0x7fd2d7b9c799 [ 219.388722][ T7332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.388744][ T7332] RSP: 002b:00007fd2d8a4b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 219.388766][ T7332] RAX: ffffffffffffffda RBX: 00007fd2d7e16180 RCX: 00007fd2d7b9c799 [ 219.388782][ T7332] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000000007 [ 219.388796][ T7332] RBP: 00007fd2d7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 219.388811][ T7332] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 219.388825][ T7332] R13: 00007fd2d7e16218 R14: 00007fd2d7e16180 R15: 00007fff425564f8 [ 219.388848][ T7332] [ 219.388919][ T7332] Kernel Offset: disabled