last executing test programs: 8m42.906149266s ago: executing program 2 (id=501): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x8, 0x0, 0x7fffffffffffffff, 0x0) write$auto(r1, &(0x7f0000000400)='/Eev/a\xc3dio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@\a5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xceWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xcc;\xfd\xc4\xd0\xf3\f\x8c\xf0\xb0\xd9pL!\xee/p\x88\xed\xc2p\x8d\x11-\xe2J\x93\xc9\"\xdfZJ\xe1\x92N\r\x93}5\xd1\x93\x95\x10\x16\t\x97C\xd4D`\x81\x949\x9b\xd2KR0\x82\x16\xdaJS\xf2G\xb2\xf8`\xcd\xef4\xe6X\x90\x9a\xe2\xc6\xe6\xf7\xb1\x8a!\x06\x85Sc\xef\x93\x06F\xa7~\xe1\x8b\xcf$>\xf1\t\xa7d\xe6\xd7\x1e. \xdc\xc1uM5\xb2\x84.%b-x,\r\xdf\xc0\x8f \x02\xdaJ\xd1c\xa7+\xe0\xf0\x80/\xde4\t`$\xb7Q\xa0:\x83PV\xa9\xbb\xdd\xad\x97b\xf5nJ`\xdcz\xa2cPp\r\x88o\xd6D\x1b\xdb\xc7D:\x88\v\xdf\xdf\xbcJ\xf2e\x81\xba27yj\x84lf\xa1\x02!\xd1\xdc\xd3\x93\x9d\'\x90\xa6It\xb5&\xfcO{K\\!\xde\xb0Y\xe0:\xca\xc20\xcb5\xdaU\xd6\xae\xc7\xf2\x81\x82\xd2q\x89\xcam)\xbd\xf0', 0x100000a3d8) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r3, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty36\x00', 0x0, 0x0) r7 = getpid() process_vm_readv$auto(r7, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000100), 0x1ffffffff}, 0x6, 0x0) read$auto(r6, 0x0, 0x80) ioctl$auto_TIOCSTI2(r6, 0x5412, &(0x7f0000000000)='\n') ioctl$auto(r4, 0x541c, r5) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mlockall$auto(0x800000000000005) 8m39.281842042s ago: executing program 2 (id=513): ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f00000000c0)={0x2, 0x3, 0x8000000000000001, 0x8000000000, 0x0, 0x0}) pidfd_open$auto(r0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/cpuid/cpu0/uevent\x00', 0x20400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x1, 0x4000000000df, 0x210, 0x401, 0x8000) (async) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) sendfile$auto(r1, r1, 0x0, 0x7fffffffffffffff) (async, rerun: 32) timerfd_create$auto_CLOCK_MONOTONIC(0x1, 0x7) (async, rerun: 32) mmap$auto(0x0, 0x6, 0xffffffffffffffff, 0xeb1, 0xfffffffffffffffa, 0x7ffc) sysfs$auto(0x2, 0x100000000000035, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002780)={0x40, r3, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_KEY={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "89803500"}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x5, 0x17, 0x0, 0x1, [@generic="1f"]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x1, &(0x7f0000000000)='4\x93\x03\x00\x04\x00\x00', &(0x7f00000001c0), 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000300)=""/102, 0x66) (async) mremap$auto(0x0, 0x1, 0x3fd6, 0x0, 0x28) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 64) r5 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cec8\x00', 0x2200, 0x0) (rerun: 64) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000180)={"728a5b19", 0xcda9, 0x1, 0x4, 0xfffffc01, 0x0, "ee559b01a2be66e0b2f792598d4abb", "c0922a66", '\x00', "6f9c27f0", ["ec17fa01a291dbb63a9ee037", "4413e201f492874251aadecd", "8cf15288af6312cfefae1e3f", "11c1c59ec35c0aa3e26f8fbe"]}) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.7/usb8/power/level\x00', 0x2c81, 0x0) r6 = socket(0x10, 0x80002, 0x8) close_range$auto(r6, r6, 0x0) (async) pipe$auto(0x0) (async) splice$auto(r6, 0x0, 0x2, 0x0, 0x3fb, 0x9) (async) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc) 8m39.031778275s ago: executing program 2 (id=515): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x450b01, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) pwritev$auto(r1, &(0x7f0000000100)={&(0x7f0000000000), 0x2}, 0x3, 0x11, 0x5) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000540)={0xfff, &(0x7f0000000180)="f2e37aa851f172bd24308737938225756749a2cd058f981d81224e731c1514b4fd0290f2fb02e666a68c1d72ad5615b16c73b5c0cedf17801dfece4a243f6e3a47ecc1c5db92b3500cefe0e7c269c25cd32701679442d287388dedeedd83d20b9d079d0a971a993bfa4a4499f8631caa1722a7a93bf39c2535ea752a9b05e21efeebdeaa71269153bdd6ba4fac9b230a6653e8cbaf66e11ea7c105"}) rseq$auto(0x0, 0x80000002, 0x8, 0xfd) r2 = socket(0x1f, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0xf42, 0xcf, 0x9b74, r2, 0x200081) write$auto(0xca, 0x0, 0x2d9) mbind$auto(0x2200000000, 0x2091d2, 0x4, 0x0, 0x6, 0x2) fcntl$auto_F_SETOWN(r2, 0x8, 0xffffffffffffffff) r3 = prctl$auto(0xfff, 0x1, 0x0, 0x0, 0x7) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) semctl$auto_SETVAL(0x2, 0x5, 0x10, 0x82) mmap$auto(0x0, 0x2020006, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, r3, 0x7ff) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x112) rt_sigsuspend$auto(0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r4, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x50a81, 0x0) 8m37.256100623s ago: executing program 2 (id=522): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2a00, 0x0) socket(0x2, 0x1, 0x106) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x79) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x2, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x8, 0x9, 0x6, 0x4]}, 0x0) write$auto(r0, &(0x7f0000000400)=' \x00\x00\x00\xf7\xff\xff\xff\xff\xff\xff\xff', 0x100000a3d9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) write$auto(r1, &(0x7f00000000c0)='\x01', 0x10000000004) fanotify_init$auto(0x5, 0x2000000000002) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000080)='\xff\xff\x9a\xb9\xd1\xf5\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) syz_open_procfs$namespace(0x0, &(0x7f00000004c0)='ns/time_for_children\x00') madvise$auto(0x200, 0x100000001, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x6, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0xa7) select$auto(0x12, 0x0, 0x0, &(0x7f00000002c0)={[0x1fa, 0xfffffffffffffffe, 0x8f, 0x3, 0x9487, 0x8, 0x15f4da09, 0x0, 0xfffffffffffffff7, 0x20000000000005e, 0x6, 0x1040000000000007, 0x6d41, 0x3, 0x7, 0x7]}, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x180, 0x0) 8m36.100180054s ago: executing program 2 (id=527): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r1 = socket(0xa, 0x2, 0x0) cachestat$auto(r1, &(0x7f0000000000)={0x800000000002, 0x7fc}, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x3}, 0x4) futex_wake$auto(&(0x7f0000000140)="adf3e16812f6e5", 0x8, 0x6, 0x6) mmap$auto(0x0, 0x5, 0xdf, 0xeb1, 0x40000000000a5, 0x1000000008000) r2 = socket(0xa, 0x3, 0x3a) r3 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r2, 0x8, 0x0, 0x0) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/027/001\x00', 0x4a901, 0x0) ioctl$auto_USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f00000001c0)={0x0, 0x5516, 0x0}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r5 = open(0x0, 0x0, 0x408) socket(0x28, 0x1, 0x0) mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000) ioctl$auto(r2, 0xfffeffff, r3) getsockopt$auto(0x3, 0x200000000001, 0x45, 0x0, 0x0) getdents$auto(r5, 0x0, 0x400018) mmap$auto(0x0, 0x4020009, 0xdf, 0x40000eb1, 0x401, 0x8000) clone$auto(0x100000008, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4000006) clone$auto(0x6, 0x1, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x200007, 0x19) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r6) mmap$auto(0x0, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x400) r7 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000100)='/dev/usbmon39\x00', 0x8d80, 0x0) readv$auto(r7, &(0x7f0000000380)={0x0, 0x8}, 0x8) 8m34.777983727s ago: executing program 2 (id=533): r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x283c2, 0x0) ioctl$auto_IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2800, 0x0) ioctl$auto(r1, 0x4bfa, 0x9) r2 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x40080, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r3, 0x0, 0x9a28) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) read$auto_ptdump_fops_(r2, &(0x7f0000000040)=""/90, 0x5a) 8m19.233494218s ago: executing program 32 (id=533): r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x283c2, 0x0) ioctl$auto_IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2800, 0x0) ioctl$auto(r1, 0x4bfa, 0x9) r2 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x40080, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r3, 0x0, 0x9a28) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) read$auto_ptdump_fops_(r2, &(0x7f0000000040)=""/90, 0x5a) 3m32.078409889s ago: executing program 1 (id=1488): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/cifsFYI\x00', 0x40c01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/net/bond0/queues/tx-6/tx_timeout\x00', 0x2440, 0x0) fanotify_init$auto(0x5, 0x2000000000002) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x88680, 0x0) socket(0x2d, 0x2, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x900, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/current_tracer\x00', 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xce2c0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, 0x0, 0xe0282, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x180780, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffe, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 3m31.379799359s ago: executing program 1 (id=1490): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xffffeffe, 0x2) fanotify_init$auto(0x6, 0x3) pipe$auto(0x0) sysfs$auto(0x2, 0x2e, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) read$auto(r0, &(0x7f00000000c0)=',\x00', 0x3) recvfrom$auto(0x3, 0x0, 0x80000000002, 0x6, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = pipe$auto(0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r1, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xf0, r2, 0xdf4988e339c61ee8, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_SAE_PWE={0x5, 0x12a, 0xab}, @NL80211_ATTR_MLO_TTLM_DLINK={0xd3, 0x148, "76a102c60610d5d1823bc222e8c3b9ff8303823d8cc2847ee34cf8f4a8dbc1986e3b90a28e37a5ffd2c301895532106f545b9d0f91ac2f1ca4cdfd4918e4970285ec0dcacfe8bdaaadb5b55273623358254eeb706abb6a99b170f00db37fcb65943b9f45967a80f144e0a28232ccbfd19092af8f3a2eaba7e2701bbb892e49c0e0c670862a656f57a105c9eb6d91e2a3b1f21eef9ad857832140d363ec1ba8569a05a4bc5d854eb4447d5d1716cf7daea78ce27d9b5f3379fd33d64a1f677887c483b7bb1094c0273a797ccee005ee"}]}, 0xf0}, 0x1, 0x0, 0x0, 0x40000}, 0x10) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xffeb}, 0x1, 0x0, 0x5, 0x7}, 0x8}, 0xffffffff, 0xb00) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) 3m29.237827023s ago: executing program 1 (id=1496): mmap$auto(0x0, 0x4000a, 0xdf, 0x9b72, 0x7, 0x28000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000000)='.\x00', 0x1) r0 = ioctl$auto_NS_GET_PID_FROM_PIDNS(0xffffffffffffffff, 0x8004b706, &(0x7f0000000000)=0x7ff) preadv2$auto(r0, &(0x7f0000000080)={&(0x7f0000000040), 0x5}, 0x6, 0x8, 0x3, 0x1) io_uring_setup$auto(0x9, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) r1 = ioctl$auto_TUNGETFILTER(r0, 0x801054db, &(0x7f0000000100)={0x3, &(0x7f0000000040)={0x7, 0x7, 0xbf, @inferred=r0}}) close$auto(r1) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0) 3m28.953774718s ago: executing program 1 (id=1497): r0 = timerfd_create$auto(0x8, 0x8) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x40001, 0x8000000000000000, 0x0) r1 = socket(0xa, 0x1, 0x84) getsockopt$auto(r1, 0x84, 0x11, 0x0, &(0x7f0000000000)=0x28000000) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r2, 0x80e85411, 0x0) setsockopt$auto_SO_RCVBUF(r0, 0x5b, 0x8, &(0x7f0000000000)='\x00', 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) 3m28.736311012s ago: executing program 1 (id=1499): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x27, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x37, 0x2440000000000, 0x4, 0x8000000b0, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) (async) madvise$auto(0x0, 0x2003f2, 0x15) socket(0x23, 0x80805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2, 0x0) socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) (async) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x10, 0x2, 0x6) (async) socket(0x10, 0x2, 0x6) socketpair$auto(0x1d, 0x8, 0x80, 0x0) (async) socketpair$auto(0x1d, 0x8, 0x80, 0x0) socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x208) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x4e27}, 0x55) write$auto(0x3, 0x0, 0x5b4) (async) write$auto(0x3, 0x0, 0x5b4) socket$nl_generic(0x10, 0x3, 0x10) 3m28.175812701s ago: executing program 1 (id=1500): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x2) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000001200)='/proc/thread-self/mounts\x00', 0x28000, 0x0) epoll_create$auto(0x3e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0xb2c, 0x2, 0x20000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r1 = socket(0x11, 0x3, 0x9) bind$auto(0xffffffffffffffff, &(0x7f0000000180)=@hci={0x1f, 0x3, 0x2}, 0x62) sendmmsg$auto(r1, &(0x7f0000000100)={{&(0x7f0000000000), 0x5aa, 0x0, 0x1, &(0x7f0000000200), 0x5, 0x3}, 0x4}, 0x2, 0x100) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) mmap$auto(0x0, 0x400007, 0xde, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0xa) write$auto(0x3, 0x0, 0x100085) madvise$auto(0x5, 0x4, 0x9) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) set_tid_address$auto(0x0) mmap$auto(0x0, 0x24, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto(0x3, 0x0, 0x100082) 3m12.865443583s ago: executing program 33 (id=1500): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x2) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000001200)='/proc/thread-self/mounts\x00', 0x28000, 0x0) epoll_create$auto(0x3e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0xb2c, 0x2, 0x20000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r1 = socket(0x11, 0x3, 0x9) bind$auto(0xffffffffffffffff, &(0x7f0000000180)=@hci={0x1f, 0x3, 0x2}, 0x62) sendmmsg$auto(r1, &(0x7f0000000100)={{&(0x7f0000000000), 0x5aa, 0x0, 0x1, &(0x7f0000000200), 0x5, 0x3}, 0x4}, 0x2, 0x100) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) mmap$auto(0x0, 0x400007, 0xde, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0xa) write$auto(0x3, 0x0, 0x100085) madvise$auto(0x5, 0x4, 0x9) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) set_tid_address$auto(0x0) mmap$auto(0x0, 0x24, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto(0x3, 0x0, 0x100082) 13.18313264s ago: executing program 5 (id=2169): bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0xae30, 0x8, 0x8000fff, 0xffffffffffffffff, 0x2e, 0x7ff}, 0x6f4) (fail_nth: 35) 12.951863734s ago: executing program 5 (id=2170): mmap$auto(0x0, 0x4020009, 0xfffffffffffffff9, 0xeb1, 0x401, 0x12) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) write$auto(r0, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) prctl$auto(0x2, 0x7, 0x0, 0x2, 0x1) mremap$auto(0x200001000000, 0x400000000004, 0x2, 0x3, 0x100000000) 12.555945667s ago: executing program 0 (id=2173): prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/hugepages-1024kB/stats/anon_fault_fallback\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000003800)=""/168, 0xa8) landlock_create_ruleset$auto(&(0x7f0000000140)={0x7, 0xdd4, 0x9}, 0x8000000000000002, 0x0) mprotect$auto(0x110c238000, 0x1, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r1, 0x2, 0x0, 0x0) statmount$auto(0x0, &(0x7f0000000040)={0x0, 0x2, 0x5ae, 0x5, 0x7, 0x6, 0x10000, 0x1, 0xa, 0x8, 0x6, 0x6, 0x200005, 0x4, 0x1ff, 0x2, 0x8, 0x10000, 0x0, 0x6, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x3, [0x80, 0x0, 0x0, 0x400000000, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc]}, 0x6, 0x1000000) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) madvise$auto(0x110c230000, 0x8031ca, 0x9) 9.964832583s ago: executing program 0 (id=2175): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r0 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2a00, 0x0) socket(0x2, 0x1, 0x106) fcntl$auto_F_GETSIG(r0, 0xb, 0xab8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x79) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x2, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x8, 0x9, 0x6, 0x4]}, 0x0) write$auto(r1, &(0x7f0000000400)=' \x00\x00\x00\xf7\xff\xff\xff\xff\xff\xff\xff', 0x100000a3d9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000080)='\xff\xff\x9a\xb9\xd1\xf5\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) syz_open_procfs$namespace(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x6, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0xa7) select$auto(0x12, 0x0, 0x0, &(0x7f00000002c0)={[0x1fa, 0xfffffffffffffffe, 0x8f, 0x3, 0x9487, 0x8, 0x15f4da09, 0x0, 0xfffffffffffffff7, 0x20000000000005e, 0x6, 0x1040000000000007, 0x6d41, 0x3, 0x7, 0x7]}, 0x0) 9.674377046s ago: executing program 5 (id=2177): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r0 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2a00, 0x0) socket(0x2, 0x1, 0x106) fcntl$auto_F_GETSIG(r0, 0xb, 0xab8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) keyctl$auto(0x11, 0xfffffffffffffffa, 0x0, 0x4, 0x3) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x79) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x2, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x8, 0x9, 0x6, 0x4]}, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyq2\x00', 0x20000, 0x0) ioctl$auto_TIOCEXCL2(r3, 0x540c, 0x0) write$auto(r1, &(0x7f0000000400)=' \x00\x00\x00\xf7\xff\xff\xff\xff\xff\xff\xff', 0x100000a3d9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) write$auto(r4, &(0x7f00000000c0)='\x01', 0x10000000004) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r2) fanotify_init$auto(0x5, 0x2000000000002) write$auto(0xffffffffffffffff, &(0x7f0000000080)='\xff\xff\x9a\xb9\xd1\xf5\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) socket$nl_generic(0x10, 0x3, 0x10) fsmount$auto(0x4, 0x0, 0xa7) select$auto(0x12, 0x0, 0x0, &(0x7f00000002c0)={[0x1fa, 0xfffffffffffffffe, 0x8f, 0x3, 0x9487, 0x8, 0x15f4da09, 0x0, 0xfffffffffffffff7, 0x20000000000005e, 0x6, 0x1040000000000007, 0x6d41, 0x3, 0x7, 0x7]}, 0x0) 8.506811067s ago: executing program 0 (id=2181): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x400454ca, 0x38) r0 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r0, 0x0, 0x1) write$auto(0x3, 0x0, 0xfdf3) 8.412152795s ago: executing program 4 (id=2182): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) syncfs$auto(r0) r1 = open(0x0, 0x22240, 0x154) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) bpf$auto(0x0, &(0x7f0000000400)=@link_update={r1, @new_map_fd=r1, 0x4, @old_map_fd=0x3ff}, 0xa3) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)="fbb8f800169dfa32e4472bd1977f767b8d29d4250ea37dca35f25a726d63b9b4e407a64424a850309d1b8cab476e58db2bfd0822a8cb147ef62f9b3ddc8f5ef6eedb4c32708b940a7330eeafab6ad68fbc78849cdf97e82fcd27744ffee381454d6cdad1df5d78a70f53ff92f9708cdcad82cbd2875e7c491ef04739b23ba01a85b42d7742c807b51e711bdc886197b9a61836f8027231edb51b609b64e8906540e0f6ac3f000984c1c8aa71b9110570da7763ea1ac26a515371b7", 0xbb) 8.050783617s ago: executing program 4 (id=2184): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r0 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2a00, 0x0) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x5) fallocate$auto(0x3, 0x3, 0xe, 0x8ec5) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) r1 = socket(0x2, 0x1, 0x106) fcntl$auto_F_GETSIG(r0, 0xb, 0xab8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x79) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x2, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x8, 0x9, 0x6, 0x4]}, 0x0) write$auto(r2, &(0x7f0000000400)=' \x00\x00\x00\xf7\xff\xff\xff\xff\xff\xff\xff', 0x100000a3d9) madvise$auto(0x0, 0xc, 0xa) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) write$auto(r3, &(0x7f00000000c0)='\x01', 0x10000000004) fanotify_init$auto(0x5, 0x2000000000002) write$auto(0xffffffffffffffff, &(0x7f0000000080)='\xff\xff\x9a\xb9\xd1\xf5\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) close_range$auto(0x0, 0x5, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop6\x00', 0x101202, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r4, 0x4c00, 0x0) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000180), r0) r6 = setfsuid$auto(0xee00) r7 = setfsuid$auto(0xee01) setresuid$auto(r6, r7, r6) r8 = waitid$auto(0x7ff, r0, &(0x7f00000001c0)={@_si_pad}, 0x6, &(0x7f0000000340)={{0x7fff, 0x7e}, {0x4, 0x35c}, 0x1, 0xfffffffffffffff8, 0xc000000000000000, 0x3, 0x101, 0x2000400, 0x2, 0x9, 0x7, 0x9, 0x6, 0xffffffffffffff81, 0x9, 0x81}) ioctl$auto_XFS_IOC_SWAPEXT(r0, 0xc0c0586d, &(0x7f0000000440)={0x7c54, @raw=0xe56e, @inferred=r2, 0xd95c, 0x5, '\x00', {0x3, 0x7f92, 0x0, 0x0, 0xee01, 0x69, 0x2, 0x100000001, {0x2, 0x1}, {0xaa, 0xf}, {0x7, 0xf8000000}, 0x8000, 0x4, 0xfffffff7, 0xfffffffe, 0x3, 0x0, 0x7f, 0xfffc, 0x8000, 0xc11, '\x00', 0xad, 0x8, 0x8, 0x5}}) sendmsg$auto_IPVS_CMD_GET_CONFIG(r1, &(0x7f0000002040)={&(0x7f0000000100), 0xc, &(0x7f0000002000)={&(0x7f0000000500)=ANY=[@ANYBLOB="f00b0000", @ANYRES16=r5, @ANYBLOB="00042abd7000fbdbdf250d000000ec0503802500a08008004100", @ANYRES32=0xee01, @ANYBLOB="14003a00fe8000000000000000000000000000aa603058d2ac0000002c004e8008009500000000000a49adc16955495ca404daeb2dcab4b3d94ff140bca2fe27f15790f5a7b91132080050000a0101027302798004004c80d64dd71d5ef7f1e16b270cb31ca268e1f0563b79900864cbe3a3744df00a2e12b7f399d97c65308d9f52304254d581f289bf36fb545d8bd9f8afa3ec99a9956f6968a41b0877b98e39639a9a85ccee74d106181732d1ee82eb64fb0ddb871123af5100cf9513a9478f14fd12e083a363af7c5730840f3dfbf5b003c998b192e6c75d7f3500f7ebbcded8cdb00f5fd1355747f701da7e61883e68b4c607dbedd3c3c58d3228db0b9bebee9bd37745b618e9972c85cea0461d07db208b99f5c3004d859c25409f0400348004002780472d0ce4c30ad61f1b463155ad7b6bfa6849dff6da0873a25344a8fb3fd023842b098d119430c574a2e8399e3b6bbdd660e5a78c38069e443c81022fd0d45bd5696dd92d7a0d0a54f14ada62803beca37bdb630ecebfc254ec882da86ba5162453f17fbb27f43d114fad75ef14da1bdedc59792c88caaffc391c87d228a4d43a626676e5e532e2fc4ee7562c225d74d8adb2c0a2b71fbcb36bbb2c3b428c6f460d9877da5c2caf737e9be3e1817cf276ed41af95051774f1eeec5a51c9042ccccc57e6d68cc0006c3381a6e5cf316ff64bcf6a53249431b7aaa74c54d680bc5580b3f59075e6747d10e4d0148852b86d720370244e3bbdf14543933482e9aedea489a6e04b0551463066a7eddd169097be4d0e97b20e4542dc8fae572f8c2336a7c72cb7c4c49c9c7be401e154520f343c5e4101b4a109ea24269a8bcad25d20baa1189f0ef20e090347848f8ee2748fb19812a644a10d13f1e23d13394bfb97f65ff57af17ef3a284216b56cefdf6d070c1a1b0a2cb93c95b2c6d7661a71f578a858d4c2521b871bf191bf78eae76f42c697a4524b3307c430400008000863d50fff7f06a77a6b14191152dbc64dad915fb50d6ce85489f58ef5254cf0e469bcf4bf396e4eff5c8cb640c04b2ba072df097f8f7957509ea7e1ed3e790bcfddcad531756ac71c3a59410c257faef19db8dec1a17a12f13b370532cc467c70d899bcd3326c4cb013e2ff20eb461fdb720173eeb6ed87dc11f4eec84646c0b6b51856bf8ef4203b7d7580434d2611406b776a82ba0e7519a5633e21fc9169e40c9026cba2999994aaa7d6bf2968357f452b3a245d60e692dfd4234e3f33d5546b7bf06c20b32924bbd8154ea2d968e1eca00c537669aeb78385a3edc2e2d63e0f85bea33ae376ebc567ccf29021580c4c27d238cb4c72e8f2484011caab3778aaa0765b16ffbeb368437d036c6556fa0779e9cfe70edfa6d733aab4b5398ced060c701e12dbb0896152288a20eb9241617d0d46750fba086314ce308818f231b44a9319c26af081c56f3a0ada09cf2d1b162e1961211692abb664a987582a8a2e81eafb4f07f04003b800800ee00", @ANYRES32=r6, @ANYBLOB="0c00240001004000000000000c001e007f000000000000003a324bbe078f3e48d7cd08022d93fd14c15e539eb4a1d66f309e3618ce6e98cdcf3e0f931148ca270bab51a6e04e17c913c6d80dd0ecbc681c241bd16a372b262d48425a817d2cb2e56be8f3ebb1edf9d61ea0a072c7a3369c391c88e3361b07a2aaae49118116b4b63181dbef439feddc7cb63dc487315a95debed693cabf06907270b994247514e421bb30afb0fbecce510d570f8ea9e525a99a5a6727ec6ca68fbcfd66cd0a7d5483dcc340137aca5b71c6f805eab7b04ea1cca861a021e3e80465aabd0a46658f2c8684d8317ebc4158982fe364de0265a6b44645a510845eb3b8a8e53ae0f3739ba09e5f3d794eb9a8df0400c080ac928c570f38d866e8f259e8da55523238160daf998e4b6098e0175bc10b154061eb608c647ba67440846990e359edde50b866a1fa3ad48e7b53ec298113962f9288c840561bee5e1b2c0eb89df8a7b3fd598522841d4a59bfe89f977ca39bd5ef38621740c59ba80969a7989ad6e5f19d9229d4a58c55ed75bfa281d3c7b8d1fc3390c5cb49e8a7257d88cc2842476a34dcf8000000200303800500560000000015010a8008004c000815b5ac0f0777e1411ac8b7df56f88971140b2cd159b20b3e28763d6d5934e6eb70091d3621a5871f6616843136357e403dd0471fe7bcc152a686322ad75e4310a89404286d120e6e8a20333294c0bdb8008f47ac5e92fa96cb3e440563988078204543676092234893116ca4b281d32a08d35439d604488548a93ea6b814bdd502282f9afa1bca3d4406cc3c540e2f4617de01911bef0e991acac750be89b41008d0b8d0889296013b3df159de32070459c5ddbd0e295e4c8e346c7fc5c5d41fbfb3aa818e6553ea6a5c9a0499bf9f14497d5b438aa92958e2347a9ff6208c106177a4cf6e9700c745b9a9e8ff5c385cc386a5e220e62afb3517e1fbc92a1177e66d39213262ba4a29e5bbaa70d87c344a41d45176adc270e23d7221891cde5bd78555832130640b0506b63a73e39c118187aff57b0b3fa920948179435fb8e0467eb01343be0823b8b391cda364d9cfe4ce70c7bf6a9a5e02f58112767c32eecfff3817728070a3d46a6b1fa6e79c7fc6c36f757b72724327169101fda47c1a6dd93928f9ceac52ce25af9e1eaed536a81a9d7ff8c51ebe2c803366d3b9bfc449fb8141ac35f16bb15ff026e4f3e6066eaeedfd9310", @ANYRES32=r2, @ANYBLOB="040001800400518008005b00", @ANYRES32=r8, @ANYBLOB="583dac5e69014d59940940d739e6a72ee72ebbc49dd4254c6da3685ae097a48e644fb5e09cb31fd34caad10e82c3c596e7c264fc8f4969578fe901e0f9473bb53e1db861e344e5ced54d0b9b112d2d136bf9a20d3519a5efb2417e6b3b205b09cc6e1adb0027a181ea1990622db215dbcfe97b5c115cadfd5c04c0221655d5b4e636798ab0432ce1e0e27af326c37328047b1318d56d33201b7c7bcc077ab436c498ae0bd1e27c796cf7e563733c48e0ad9e0113fe4d3e31e3f4d906a596fe215c2c54e4af850ec9967ad0a4310918a63bea4aea816f849161fa3c0be9cd3ebe803254d2336548a0d6e9a29bd504004b8008004100ac1414bb00000003016e808eaa671d3f940c3de62265980efadae8f7f167547cf10f2a2d56a5a5d1cffacf4ce20448c9b636c01f1c09468146e80951f62766a57cce377418555d7dfc8c4e4e756de7e18102cbc03c3f9f2f62228f6491331445240c1d8e9a913963c3a84d1e0ab642d2aa98e6f2d4e384d9147bf1c0e09c5ca596285c56332b92db396311d742cda996a0227ab5998fd53e7926319921d17ad7a0dfec8d73e0c242e293c605975f6b0354d9f74d3a4d7fad1100bd73a0f8b31f4db0960e7def82ee7736fec9571cfa055a5da7c6afd66b3341df4aed9163a68becb5dbb59581056f9f645674d97e0b7aa900c70e6a44ce3914341a0080fd460700c3e13ea93b04000d80000800af00ac1e000108003a00", @ANYRES32=0x0, @ANYBLOB="04006e00e2002f80885b1415c8afbe8f5d1065eb9c0528cd37fa8ef5ddc99b82de4f72d617e27c99c9dbc5c5967038df13237ed381aae27c55ecd2dd9a73ec8c75201e31e7244d69bac4ce35e6ae3c9c0a571e16e4da9f3cb5f8fbe9b8fb8dbbc3698415b01e28c299b669b5c736b6aa9109bffe1a77601bc97422657d45f7793332a318dfabd21020c9ce86ab42c3ee41a075ff666a0c30adc0ad5e4f8464e78678fe7fdc9649b9e716c7eb274701db0db882ff1d090e20a616fb68642c17c6ed2e4ac2cf324f3235ca81a6ed55dcee7b0fe577308c8e73810edc7362fac58af34e04004b8000000800060004000000ac00038008005000", @ANYRES32=r9, @ANYBLOB="9e005400c8293eb05b0cf9be2839294edf068c50a3ea7e221b7bdfd59fc55b2175b9a33902fd073ac48ba2ee686239112667128e23758b7b4af87d5378e6e026e6395d04ce0798b5df6195c3756006e0d85c23a27b5d9c17f15af9436ae283a5b56e69225de0b90bc9874b3a0acabfba9185b29eba231092887c90cf95f5036922f79a7b1fec838b39070555b4baa2a5e4c22a5d9769d3bc0c0961e84f6c00000a010280b33ce07d2ac13329f384cf6cec85354cf2d2c92b9fa8160f2e7e782a325bd82259867eb6e9c0749adccc7665365feb0a104d30ef223ffd9b037776d54bdc1f58b9ab0c906e003287a290bc2a4fdccde338e03c0cbeecfc4d1d5b181d8a19b302b0a55ac03e16c3e1941b07ea4d8d2536d30a799abe83e336f5cd7878ebec592fd3fedff3a8d37cc88bb40c9e2f15ce28f3d664bd9bb16b46f0e8b87c795179f75addf583057454a8f515d166c9cd23a92eea6a964f658e61ad560e598f0dd4288de589858bd73f02e770a44959fb092fe71730bdce6d3d95263ccda8290c632547239b9e1144fe305b15e2a2eb008b026fea461925eacb204fbfedf4fedef09046ed7ea0a92100001001028008004c007f00000161407180acd701cdbe0deb517fc7d750400926ced8a6d55cf156faaf6b506a75c6f05057833a6acca1d30080076cde65b42beb474207e479730955d326af817a7c5b97ba1356ac9062de3858a21b1b7bf723fa946f4156d91a9434ee51120d90d6c0d1f1f603e29eedb29b463e49f47f096500ea1f39bff1f2de1b0b4c20e97ea9c806f8d962310e403a61a952b5b1fe173949c1518fdefba479292fa2ed13a4c09e4495eefefaf9d8b2284f0863844fe1ac4cf8a62172a25193c095566ea09120285624e0fb610bb2b718a0a660db0c284a81d76f49cc38f4cbc20381c3016375ca1e75488c467eecd7df4ef7215a72ca92330e1244454c654ed605fc06e9d76ae0cbcd"], 0xbf0}, 0x1, 0x0, 0x0, 0x20008000}, 0x4008880) 7.729213469s ago: executing program 0 (id=2185): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000080)={0xbc, "7d2ef4eacc8719c5acebafe17f2051dde3a8a86d6c5de565475c9ba52a1dff6a", @inferred=r0}) r3 = socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) r4 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) ioctl$auto_tracing_buffers_fops_trace(0xffffffffffffffff, 0x80, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) sendfile$auto(r5, r5, 0x0, 0x2) shmctl$auto_IPC_STAT(0x3ff, 0x2, &(0x7f0000000500)={{0x100, 0xee01, 0xee00, 0x9, 0x2, 0x4, 0x4}, 0xf96b, 0x2, 0x3, 0x7, @raw=0x2, @raw=0x2, 0x800, 0x0, &(0x7f00000000c0)="2d842c37b4c8b28b7b5369abe02fd2fb49ed3ec499bef3dc097320628a9c7d3ad937a95bac83b90270ed8372b5dabd545e7177b41c33d9dbedd2c25efc1a1ca7b0b88e5e79", &(0x7f00000004c0)="f0d45688d1277610b66658b8e7274f5e6bcbf38fc684e489188f71132c6baf397e13424b67c9b77738"}) fstat$auto(r3, &(0x7f0000000580)={0x6, 0x7fffffff, 0x8, 0x800, r6, 0xee00, 0x0, 0x1, 0x3, 0x86, 0x5, 0x7, 0x3, 0x0, 0x4, 0x1ff, 0x16a}) ioctl$auto_SNAPSHOT_FREE(r4, 0x3314, 0x0) r7 = setfsuid$auto(0xee00) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000180)={0x2ac, r1, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x26f, 0x6e, 0x0, 0x1, [@typed={0x8, 0xf0, 0x0, 0x0, @u32=0x8}, @nested={0x10, 0x85, 0x0, 0x1, [@typed={0x8, 0xa0, 0x0, 0x0, @fd=r2}, @nested={0x4, 0x51}, @generic]}, @nested={0x132, 0x7f, 0x0, 0x1, [@generic="da5e5a2a63a74decf09343de40e1ca3cb624ff74e0c36d11d0d1d8245def8463a5e9ca563b68c51cdecb0b9f1789173dac", @typed={0x36, 0x101, 0x0, 0x0, @binary="1b4a73134ccc7fcec60daad6386cc702d99fd1bd18b40e77578322d6853bd9d40011f3ea06f4c82b64c9b2489b90aaa7a1eb"}, @generic="22dd441b1c9b69e1fa2c2b9670a5e988fb3c37b7be5f0367f71646f490ea16acb236003bf196bd7872584c6e21bd0a4f25c58271d2779a3948223e7df877d134eb4ac4d7117d1f4e2cbaa9bdab3d36bf9b4895c0cc3c27ac49c98ae9e529a9b1aab33a96661ddf2ad000d1f13c0e4889edd1f5247ff3534dd02169f46ae78cc17582431c9e5ccfb39ff0fbd295f29def768c28d388cf896b3c43e600c0955724dce3", @nested={0x4, 0x6a}, @nested={0x4, 0x129}, @nested={0x4, 0xe3}, @generic="cd6a479cfaa60f79ebda5037292eed0be9bdc4", @nested={0x4, 0x113}]}, @typed={0x8, 0xf, 0x0, 0x0, @uid=r7}, @nested={0x44, 0x71, 0x0, 0x1, [@typed={0x14, 0x56, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @nested={0x4, 0xe3}, @nested={0x4, 0x40}, @generic="ffeb0bacf1f02f0494fe075803b37f60e7c7386efbb725f0212def3ea2ea8f0b", @nested={0x4, 0x135}]}, @typed={0x4, 0x18}, @typed={0xc, 0x8c, 0x0, 0x0, @u64=0x8001}, @generic="dba61353c3ea331584bc87040f2a850504e3a6123e15af57f550b6c37437c35cacadab4538a4fc34d19bcb2285d1d2159acfc4d1955c4df95212974d08424f0f258e1bf6aa9a3a4ab85f575c58282c0ed15755cdc062c2344e34fa17ec841f340eee08a74843fba5387316de3a7657c79c0b17bd44db65b2b27e47ebd3d749f2184ad7a088127e70eb97295089cca561d2790d3a4e852f28ef1e29aa0c80e76fd088d0643612f6268d949edf8c70d18451e76bb6734679d94bbd50992010dff6b3e5b9"]}, @NL80211_ATTR_SUPPORTED_SELECTORS={0x1f, 0x14e, "5e2601d2fb1221db83c712fe720a5a3d537005fece53033d33f8c2"}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x5}]}, 0x2ac}}, 0x80) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0) 7.093164989s ago: executing program 3 (id=2186): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/force_tx_status\x00', 0x82, 0x0) rseq$auto(0x0, 0x8002, 0x8, 0x6) pwritev$auto(r0, 0x0, 0x3, 0x9, 0x5) (async) pwritev$auto(r0, 0x0, 0x3, 0x9, 0x5) mmap$auto(0x6, 0x400008, 0xdf, 0x9b72, 0x2, 0x6) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mtrr\x00', 0xc0000, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000040), r1) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x24, r3, 0x4, 0x70bd27, 0x25dfdbfb, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_HASH={0xc, 0xb, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x20028080}, 0x4000000) ioctl$auto(0x3, 0x40104d05, r2) (async) ioctl$auto(0x3, 0x40104d05, r2) 6.959672043s ago: executing program 5 (id=2187): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) write$auto(0x3, 0x0, 0xfdf3) 6.783935319s ago: executing program 3 (id=2188): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x4, 0x12) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) unshare$auto(0x40000080) write$auto(0xca, 0x0, 0x7f) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x282, 0x0) socketpair$auto(0x2, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x64842, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x4, 0x0, 0x0) socket(0x18, 0xa, 0x1) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00'}) syz_genetlink_get_family_id$auto_batadv(0x0, r1) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x100000d, 0x5e7, 0x948b, 0x3, 0x1, 0x4, 0x3, 0x62, 0x80000002, 0x7, 0x1, 0x9, 0x3, 0xfffffffffefffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd40, 0x1a000, 0x948f, 0x5, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0xa, 0x8, 0x6]}, 0x0) 6.440411478s ago: executing program 5 (id=2189): unshare$auto(0x40000080) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x100, 0x0) ioctl$auto_SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000040)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000480)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_BEACON_HEAD={0x6, 0xe, "1c36"}]}, 0x1c}, 0x1, 0x0, 0x0, 0x6040000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, r2, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x7}, @NL80211_ATTR_COLOR_CHANGE_COLOR={0x5, 0x130, 0x9}, @NL80211_ATTR_WIPHY_NAME={0x8, 0x2, '#(}\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x1) r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/reset\x00', 0x82, 0x0) clone$auto(0x4, 0x9, &(0x7f0000000040)=0x3, &(0x7f0000000080), 0x8) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x800, 0x0) ioctl$auto_SNDCTL_MIDI_PRETIME(r4, 0xc0046d00, &(0x7f0000000280)="3c56e86300") openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), r5) r7 = semctl$auto(0x9, 0x318d, 0x7ff, 0xf) sendmsg$auto_NL80211_CMD_SET_KEY(r5, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2d00000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x64, r6, 0x200, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_CSA_IES={0x4c, 0xb9, 0x0, 0x1, [@nested={0x4, 0x3f}, @generic="39e80c1e4f905d0dfd2e4c548e6c1bda7ea66db334e306b04569c63fd74a1ca30573f36a233ed196d86e143837f0e7ee8b3b1ca9c2e0d3532d6672ae", @typed={0x8, 0x13a, 0x0, 0x0, @pid=r7}]}, @NL80211_ATTR_ASSOC_SPP_AMSDU={0x4}]}, 0x64}}, 0x4) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r8, 0xae01, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mprotect$auto(0xc000, 0x8, 0x8) pwritev$auto(r3, &(0x7f0000000180)={0x0, 0x765}, 0x3, 0x5, 0x5) 6.021189722s ago: executing program 4 (id=2190): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r0 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2a00, 0x0) socket(0x2, 0x1, 0x106) fcntl$auto_F_GETSIG(r0, 0xb, 0xab8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x79) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x2, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x8, 0x9, 0x6, 0x4]}, 0x0) write$auto(r1, &(0x7f0000000400)=' \x00\x00\x00\xf7\xff\xff\xff\xff\xff\xff\xff', 0x100000a3d9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000080)='\xff\xff\x9a\xb9\xd1\xf5\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) syz_open_procfs$namespace(0x0, &(0x7f00000004c0)='ns/time_for_children\x00') socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x6, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0xa7) select$auto(0x12, 0x0, 0x0, 0x0, 0x0) 5.421842496s ago: executing program 0 (id=2191): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) (async) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) munlock$auto(0x9191, 0x5) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bdi/43:352/strict_limit\x00', 0x100b02, 0x0) write$auto(r0, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:352/strict_limit\x00', 0x5) (async) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000) (async) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) (async) stat$auto(&(0x7f0000000040)='./file0\x00', 0x0) 4.436603268s ago: executing program 4 (id=2192): socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(r1, 0x4020ae76, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x204b00, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket(0x26, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) socket(0x10, 0x2, 0x4) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r2 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x103002, 0x0) write$auto(r2, 0x0, 0xc3) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x20000084) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0xffffffffffffffff, 0x300000000000) getsockopt$auto_SO_DONTROUTE(r0, 0x9, 0x5, &(0x7f0000000000)='\x00', &(0x7f0000000040)=0xad) close_range$auto(0x2, 0x8, 0x0) socket(0x1, 0x80000, 0x0) socket(0xa, 0x3, 0x3a) epoll_create$auto(0x2) r3 = epoll_create$auto(0x2) epoll_pwait2$auto(r3, 0x0, 0x8, &(0x7f0000002780)={0x10000000000, 0x5}, 0x0, 0x8) 3.708222945s ago: executing program 3 (id=2193): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x400454ca, 0x38) r0 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r0, 0x0, 0x1) write$auto(0x3, 0x0, 0xfdf3) 3.491925771s ago: executing program 3 (id=2194): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) syncfs$auto(r0) r1 = open(0x0, 0x22240, 0x154) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) bpf$auto(0x0, &(0x7f0000000400)=@link_update={r1, @new_map_fd=r1, 0x4, @old_map_fd=0x3ff}, 0xa3) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)="fbb8f800169dfa32e4472bd1977f767b8d29d4250ea37dca35f25a726d63b9b4e407a64424a850309d1b8cab476e58db2bfd0822a8cb147ef62f9b3ddc8f5ef6eedb4c32708b940a7330eeafab6ad68fbc78849cdf97e82fcd27744ffee381454d6cdad1df5d78a70f53ff92f9708cdcad82cbd2875e7c491ef04739b23ba01a85b42d7742c807b51e711bdc886197b9a61836f8027231edb51b609b64e8906540e0f6ac3f000984c1c8aa71b9110570da7763ea1ac26a515371b7", 0xbb) 3.282902404s ago: executing program 3 (id=2195): mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) close_range$auto(0xffffffffffffffff, 0x8, 0x0) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000001, 0x0, 0x2000000000000003, 0x0, 0x24, 0x1}, 0x401}, 0x800, 0xa0000000) r1 = socket(0xa, 0x5, 0x84) fsopen$auto(&(0x7f0000000100)='/\x1f\x00', 0xd) (async) sendto$auto(r1, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000080)={0x5, 0xfffffffb, [0xffffffff, 0x3ff, 0xc7, 0x80000001, 0x7]}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) r3 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000001100), 0xa8000, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_READ(r3, 0xc0085504, &(0x7f0000000040)={0x9, 0x1, 0x5}) (async) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000003d40), 0xffffffffffffffff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) madvise$auto(0x4, 0x6, 0x12a0) (async) madvise$auto(0x0, 0x200007, 0x19) (async) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video7\x00', 0x8200, 0x0) read$auto_v4l2_fops_v4l2_dev(r4, &(0x7f0000000000)=""/133, 0x85) (async) msgrcv$auto(0x0, 0x0, 0x4, 0x9, 0x3) (async) msgctl$auto(0x0, 0x1, 0x0) (async) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000040), r2) 3.274556623s ago: executing program 4 (id=2196): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/usb/drivers/cdc_mbim/uevent\x00', 0xdf802, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) pwritev$auto(r1, &(0x7f00000001c0)={&(0x7f0000000300)="ad400000002146420e5c9f75a06206c77962cf88c98aaf29063336c05992ee795a152f6c4f62f2ed"}, 0x2000000003, 0x11, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, &(0x7f0000000040)=0x7fffffff) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.stat.local\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000002c0)=""/251, 0xfb) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00\x00 \x00'/21, 0x100000002, 0x100000001) close_range$auto(0x0, 0xfffffffffffff000, 0x9) 1.887710704s ago: executing program 5 (id=2197): mmap$auto(0x3, 0x2020009, 0x3, 0x209000000ebe, 0xffffffffffffffff, 0x8004) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(r0, 0x0, 0x2) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0) r1 = prctl$auto(0xff, 0x0, 0x0, 0xfffffffffffffffd, 0x4000000000003) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="837d4000", @ANYRES16=r2, @ANYBLOB="13002ebd7000dddbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4c0d4}, 0x20040894) r3 = set_tid_address$auto(0x0) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, r3) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_SET(0xffffffffffffffff, 0x0, 0x4800) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r4, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sigaltstack$auto(&(0x7f0000000200)={&(0x7f00000001c0)="d5d03e15fe947470356f4ef5096f86937ad80b360ee48fd2d7", 0x2}, 0x0) keyctl$auto(0x1d, 0xfffffffffffffffd, 0x2, 0x628, 0xfffffffffffffffd) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, r4, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x2, 0x2000000080000001, 0x200003) getsockopt$auto(r1, 0x1, 0x1, &(0x7f0000000180)='[$*)@^[\x88\x00', &(0x7f00000001c0)=0xffff) 564.018907ms ago: executing program 0 (id=2198): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) write$auto(0x3, 0x0, 0xfdf3) 187.287761ms ago: executing program 3 (id=2199): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) (async) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1ed", 0x24) (async) write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1ed", 0x24) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x8, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x8, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) waitid$auto_P_ALL(0x0, 0xe, &(0x7f0000000340)={@siginfo_0_0={0xe, 0x2, 0x1, @_sigsys={&(0x7f0000000240)="42b0c89670754d7c136b96b4a66c46a06b2ae30d2dc311827926354870ae18e520c9942cbb727ad9d1004e7ceee0f6528c08e4a11a907dedfe0538dbebd0a46638745a821ec33e749a9a2aefe289a8627446ad2bec1f96856715ac9d7759f01cb6f2daa5a180150a28620b407b9969", 0x2, 0x3}}}, 0x3e, &(0x7f00000003c0)={{0x9, 0xefd}, {0x4, 0x7}, 0x0, 0xfffffffffffffffb, 0x3ff, 0x8101, 0xc, 0xf3, 0x1, 0xd, 0x4, 0x5, 0xfffc, 0x8001, 0xc}) io_uring_setup$auto(0x6, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) (async) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x2, 0x9, 0x43, 0x0) (async) socketpair$auto(0x2, 0x9, 0x43, 0x0) dup2$auto(0x0, 0x4) (async) dup2$auto(0x0, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x0, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x121041, 0x0) (async) r1 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x121041, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) write$auto(r1, &(0x7f0000000080)='/sys/kernel/security\xf9\x1cntegrity/evm/evm_xat\x99rs\x00B\b\xbd\x9f\x15\x81\x15\xb6h\xae', 0x1000000006) (async) write$auto(r1, &(0x7f0000000080)='/sys/kernel/security\xf9\x1cntegrity/evm/evm_xat\x99rs\x00B\b\xbd\x9f\x15\x81\x15\xb6h\xae', 0x1000000006) fsopen$auto(0x0, 0x1) 0s ago: executing program 4 (id=2200): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r0 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2a00, 0x0) socket(0x2, 0x1, 0x106) fcntl$auto_F_GETSIG(r0, 0xb, 0xab8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x79) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x2, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x8, 0x9, 0x6, 0x4]}, 0x0) write$auto(r1, &(0x7f0000000400)=' \x00\x00\x00\xf7\xff\xff\xff\xff\xff\xff\xff', 0x100000a3d9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000080)='\xff\xff\x9a\xb9\xd1\xf5\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) syz_open_procfs$namespace(0x0, &(0x7f00000004c0)='ns/time_for_children\x00') socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x6, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0xa7) select$auto(0x12, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): fx_do_sys_openat2+0x10/0x10 [ 365.483508][T10859] __x64_sys_openat+0x12d/0x210 [ 365.483558][T10859] ? __pfx___x64_sys_openat+0x10/0x10 [ 365.483604][T10859] ? ksys_write+0x1ac/0x250 [ 365.483661][T10859] do_syscall_64+0x106/0xf80 [ 365.483695][T10859] ? clear_bhb_loop+0x40/0x90 [ 365.483736][T10859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.483771][T10859] RIP: 0033:0x7f6b2ed9c819 [ 365.483799][T10859] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 365.483833][T10859] RSP: 002b:00007f6b2fbfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 365.483866][T10859] RAX: ffffffffffffffda RBX: 00007f6b2f015fa0 RCX: 00007f6b2ed9c819 [ 365.483888][T10859] RDX: 0000000000022001 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 365.483909][T10859] RBP: 00007f6b2ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 365.483930][T10859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 365.483949][T10859] R13: 00007f6b2f016038 R14: 00007f6b2f015fa0 R15: 00007ffe194746f8 [ 365.483994][T10859] [ 366.779080][T10888] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1001'. [ 366.859520][T10891] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1001'. [ 367.709470][T10913] mmap: syz.1.1004 (10913): VmData 37855232 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 370.603677][T10956] program syz.3.1012 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 370.959744][T10987] bridge_slave_1: left allmulticast mode [ 370.965543][T10987] bridge_slave_1: left promiscuous mode [ 370.971509][T10987] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.060748][T10992] forcing mempool usage for bio_alloc_bioset+0x392/0x850 [ 372.811638][T11024] tc_dump_action: action bad kind [ 373.626853][T11038] Invalid ELF header magic: != ELF [ 373.951543][T11037] program syz.4.1028 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 374.459517][T11051] bridge_slave_1: left allmulticast mode [ 374.465212][T11051] bridge_slave_1: left promiscuous mode [ 374.497667][T11051] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.976908][T11062] capability: warning: `syz.4.1032' uses 32-bit capabilities (legacy support in use) [ 375.111945][ T5929] Process accounting resumed [ 376.052985][T11089] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1040'. [ 376.843235][T11083] FAULT_INJECTION: forcing a failure. [ 376.843235][T11083] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 376.903251][T11083] CPU: 1 UID: 0 PID: 11083 Comm: syz.0.1035 Tainted: G L syzkaller #0 PREEMPT(full) [ 376.903306][T11083] Tainted: [L]=SOFTLOCKUP [ 376.903318][T11083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 376.903338][T11083] Call Trace: [ 376.903347][T11083] [ 376.903359][T11083] dump_stack_lvl+0x100/0x190 [ 376.903418][T11083] should_fail_ex.cold+0x5/0xa [ 376.903453][T11083] ? prepare_alloc_pages+0x16d/0x5f0 [ 376.903498][T11083] should_fail_alloc_page+0xeb/0x140 [ 376.903538][T11083] prepare_alloc_pages+0x1f0/0x5f0 [ 376.903578][T11083] ? xa_load+0x149/0x2c0 [ 376.903620][T11083] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 376.903679][T11083] ? xa_load+0x153/0x2c0 [ 376.903718][T11083] ? __pfx_xa_load+0x10/0x10 [ 376.903767][T11083] ? __lock_acquire+0x4a5/0x2630 [ 376.903815][T11083] ? workingset_refault+0x477/0xf60 [ 376.903848][T11083] ? workingset_refault+0x477/0xf60 [ 376.903893][T11083] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 376.903952][T11083] ? __lock_acquire+0x4a5/0x2630 [ 376.904001][T11083] ? __lock_acquire+0x4a5/0x2630 [ 376.904060][T11083] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 376.904097][T11083] ? policy_nodemask+0xed/0x4f0 [ 376.904137][T11083] alloc_pages_mpol+0x1fb/0x550 [ 376.904175][T11083] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 376.904214][T11083] ? swap_entry_swapped+0x1ff/0x2b0 [ 376.904252][T11083] ? __pfx_swap_entry_swapped+0x10/0x10 [ 376.904296][T11083] folio_alloc_mpol_noprof+0x36/0x340 [ 376.904345][T11083] swap_cache_alloc_folio+0x1a8/0x300 [ 376.904399][T11083] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 376.904450][T11083] ? __pfx_get_swap_device+0x10/0x10 [ 376.904483][T11083] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 376.904542][T11083] read_swap_cache_async+0xd9/0x480 [ 376.904597][T11083] ? __pfx_read_swap_cache_async+0x10/0x10 [ 376.904647][T11083] ? find_held_lock+0x2b/0x80 [ 376.904678][T11083] ? find_held_lock+0x2b/0x80 [ 376.904708][T11083] ? swapin_walk_pmd_entry+0x2d9/0x640 [ 376.904748][T11083] ? swapin_walk_pmd_entry+0x2d9/0x640 [ 376.904799][T11083] swapin_walk_pmd_entry+0x2fd/0x640 [ 376.904848][T11083] ? __pfx_swapin_walk_pmd_entry+0x10/0x10 [ 376.904907][T11083] ? kfree_skbmem+0x19a/0x210 [ 376.904950][T11083] ? stack_trace_save+0x8e/0xc0 [ 376.904990][T11083] ? __pfx_swapin_walk_pmd_entry+0x10/0x10 [ 376.905031][T11083] walk_pgd_range+0xc1a/0x1dd0 [ 376.905073][T11083] ? __kasan_slab_free+0x5f/0x80 [ 376.905106][T11083] ? kmem_cache_free+0x124/0x6a0 [ 376.905169][T11083] ? __pfx_walk_pgd_range+0x10/0x10 [ 376.905225][T11083] ? css_rstat_updated+0x1ce/0x5a0 [ 376.905270][T11083] __walk_page_range+0x163/0x820 [ 376.905320][T11083] walk_page_range_vma_unsafe+0x209/0x8f0 [ 376.905361][T11083] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 376.905398][T11083] ? kvm_sched_clock_read+0x11/0x20 [ 376.905438][T11083] ? lock_acquire+0x1cf/0x380 [ 376.905483][T11083] ? find_held_lock+0x2b/0x80 [ 376.905521][T11083] walk_page_range_vma+0x63/0x90 [ 376.905559][T11083] madvise_vma_behavior+0x1e14/0x3050 [ 376.905609][T11083] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 376.905653][T11083] ? mas_prev_setup.constprop.0+0xb6/0x9c0 [ 376.905696][T11083] ? mas_prev+0x9b/0xf0 [ 376.905733][T11083] ? __pfx_mas_prev+0x10/0x10 [ 376.905779][T11083] ? find_vma_prev+0xd8/0x150 [ 376.905819][T11083] ? __pfx_find_vma_prev+0x10/0x10 [ 376.905858][T11083] ? __pfx___schedule+0x10/0x10 [ 376.905941][T11083] madvise_walk_vmas+0x2fe/0xa90 [ 376.905989][T11083] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 376.906044][T11083] madvise_do_behavior+0x1ea/0x510 [ 376.906086][T11083] ? futex_private_hash_put+0x107/0x1c0 [ 376.906133][T11083] ? __pfx_madvise_do_behavior+0x10/0x10 [ 376.906178][T11083] ? down_read+0x13b/0x460 [ 376.906238][T11083] do_madvise+0x195/0x240 [ 376.906280][T11083] ? __pfx_do_madvise+0x10/0x10 [ 376.906323][T11083] ? do_futex+0x192/0x350 [ 376.906376][T11083] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 376.906458][T11083] __x64_sys_madvise+0xa9/0x110 [ 376.906501][T11083] ? lockdep_hardirqs_on+0x78/0x100 [ 376.906535][T11083] do_syscall_64+0x106/0xf80 [ 376.906593][T11083] ? clear_bhb_loop+0x40/0x90 [ 376.906635][T11083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.906669][T11083] RIP: 0033:0x7f6473b9c819 [ 376.906696][T11083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 376.906728][T11083] RSP: 002b:00007f64749ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 376.906760][T11083] RAX: ffffffffffffffda RBX: 00007f6473e16090 RCX: 00007f6473b9c819 [ 376.906783][T11083] RDX: 0000000000000003 RSI: 2000000080000001 RDI: 0000000000000000 [ 376.906804][T11083] RBP: 00007f6473c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 376.906825][T11083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 376.906845][T11083] R13: 00007f6473e16128 R14: 00007f6473e16090 R15: 00007fff407a11b8 [ 376.906897][T11083] [ 377.647598][T11101] program syz.1.1043 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 378.179564][T11114] bridge_slave_1: left allmulticast mode [ 378.197127][T11114] bridge_slave_1: left promiscuous mode [ 378.237892][T11114] bridge0: port 2(bridge_slave_1) entered disabled state [ 378.918918][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.925301][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.303800][T11169] nvme_fcloop: unknown parameter or missing value '7' [ 381.830355][T11176] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 382.128137][T11187] Invalid ELF header magic: != ELF [ 385.069119][T11233] FAULT_INJECTION: forcing a failure. [ 385.069119][T11233] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 385.100463][T11233] CPU: 1 UID: 0 PID: 11233 Comm: syz.3.1074 Tainted: G L syzkaller #0 PREEMPT(full) [ 385.100517][T11233] Tainted: [L]=SOFTLOCKUP [ 385.100527][T11233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 385.100547][T11233] Call Trace: [ 385.100557][T11233] [ 385.100568][T11233] dump_stack_lvl+0x100/0x190 [ 385.100622][T11233] should_fail_ex.cold+0x5/0xa [ 385.100657][T11233] _copy_from_user+0x2e/0xd0 [ 385.100688][T11233] core_sys_select+0x472/0xbb0 [ 385.100718][T11233] ? __pfx_core_sys_select+0x10/0x10 [ 385.100741][T11233] ? get_pid_task+0xfc/0x250 [ 385.100777][T11233] ? get_pid_task+0x106/0x250 [ 385.100826][T11233] ? __mutex_unlock_slowpath+0x15c/0x790 [ 385.100853][T11233] ? __fget_files+0x215/0x3d0 [ 385.100880][T11233] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 385.100911][T11233] kern_select+0x20c/0x270 [ 385.100935][T11233] ? __pfx_kern_select+0x10/0x10 [ 385.100962][T11233] ? __pfx_ksys_write+0x10/0x10 [ 385.100990][T11233] __x64_sys_select+0xbd/0x160 [ 385.101011][T11233] ? do_syscall_64+0x95/0xf80 [ 385.101034][T11233] ? lockdep_hardirqs_on+0x78/0x100 [ 385.101057][T11233] do_syscall_64+0x106/0xf80 [ 385.101080][T11233] ? clear_bhb_loop+0x40/0x90 [ 385.101109][T11233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.101139][T11233] RIP: 0033:0x7f6b2ed9c819 [ 385.101157][T11233] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 385.101180][T11233] RSP: 002b:00007f6b2fbfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 385.101202][T11233] RAX: ffffffffffffffda RBX: 00007f6b2f015fa0 RCX: 00007f6b2ed9c819 [ 385.101217][T11233] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 385.101231][T11233] RBP: 00007f6b2fbfa090 R08: 0000000000000000 R09: 0000000000000000 [ 385.101245][T11233] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 385.101258][T11233] R13: 00007f6b2f016038 R14: 00007f6b2f015fa0 R15: 00007ffe194746f8 [ 385.101288][T11233] [ 388.304394][T11284] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 391.355258][T11325] nvme_fcloop: unknown parameter or missing value '7' [ 395.741102][T11410] FAULT_INJECTION: forcing a failure. [ 395.741102][T11410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 395.754669][T11410] CPU: 0 UID: 0 PID: 11410 Comm: syz.1.1105 Tainted: G L syzkaller #0 PREEMPT(full) [ 395.754721][T11410] Tainted: [L]=SOFTLOCKUP [ 395.754732][T11410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 395.754751][T11410] Call Trace: [ 395.754761][T11410] [ 395.754773][T11410] dump_stack_lvl+0x100/0x190 [ 395.754828][T11410] should_fail_ex.cold+0x5/0xa [ 395.754869][T11410] core_sys_select+0x5d1/0xbb0 [ 395.754911][T11410] ? __pfx_core_sys_select+0x10/0x10 [ 395.754943][T11410] ? get_pid_task+0xfc/0x250 [ 395.755017][T11410] ? get_pid_task+0x106/0x250 [ 395.755088][T11410] ? __mutex_unlock_slowpath+0x15c/0x790 [ 395.755127][T11410] ? __fget_files+0x215/0x3d0 [ 395.755163][T11410] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 395.755206][T11410] kern_select+0x20c/0x270 [ 395.755244][T11410] ? __pfx_kern_select+0x10/0x10 [ 395.755282][T11410] ? __pfx_ksys_write+0x10/0x10 [ 395.755322][T11410] __x64_sys_select+0xbd/0x160 [ 395.755354][T11410] ? do_syscall_64+0x95/0xf80 [ 395.755388][T11410] ? lockdep_hardirqs_on+0x78/0x100 [ 395.755422][T11410] do_syscall_64+0x106/0xf80 [ 395.755454][T11410] ? clear_bhb_loop+0x40/0x90 [ 395.755495][T11410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.755530][T11410] RIP: 0033:0x7f707f99c819 [ 395.755556][T11410] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 395.755588][T11410] RSP: 002b:00007f70808f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 395.755619][T11410] RAX: ffffffffffffffda RBX: 00007f707fc15fa0 RCX: 00007f707f99c819 [ 395.755641][T11410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 395.755660][T11410] RBP: 00007f70808f8090 R08: 0000000000000000 R09: 0000000000000000 [ 395.755680][T11410] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 395.755700][T11410] R13: 00007f707fc16038 R14: 00007f707fc15fa0 R15: 00007ffc8038e3c8 [ 395.755743][T11410] [ 396.749202][ T51] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 396.852330][T11430] nvme_fcloop: unknown parameter or missing value '7' [ 398.784304][T11451] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1113'. [ 399.569481][T11464] FAULT_INJECTION: forcing a failure. [ 399.569481][T11464] name failslab, interval 1, probability 0, space 0, times 0 [ 399.632229][T11464] CPU: 1 UID: 0 PID: 11464 Comm: syz.4.1116 Tainted: G L syzkaller #0 PREEMPT(full) [ 399.632279][T11464] Tainted: [L]=SOFTLOCKUP [ 399.632291][T11464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 399.632309][T11464] Call Trace: [ 399.632319][T11464] [ 399.632331][T11464] dump_stack_lvl+0x100/0x190 [ 399.632388][T11464] should_fail_ex.cold+0x5/0xa [ 399.632427][T11464] ? tomoyo_realpath_from_path+0xb6/0x690 [ 399.632476][T11464] should_failslab+0xc2/0x120 [ 399.632513][T11464] __kmalloc_noprof+0xe0/0x850 [ 399.632572][T11464] tomoyo_realpath_from_path+0xb6/0x690 [ 399.632638][T11464] tomoyo_path_number_perm+0x23c/0x580 [ 399.632678][T11464] ? tomoyo_path_number_perm+0x22e/0x580 [ 399.632722][T11464] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 399.632805][T11464] ? find_held_lock+0x2b/0x80 [ 399.632835][T11464] ? __fget_files+0x215/0x3d0 [ 399.632866][T11464] ? hook_file_ioctl_common+0x146/0x410 [ 399.632920][T11464] ? __fget_files+0x21f/0x3d0 [ 399.632960][T11464] security_file_ioctl+0xd3/0x230 [ 399.633003][T11464] __x64_sys_ioctl+0xb7/0x210 [ 399.633055][T11464] do_syscall_64+0x106/0xf80 [ 399.633089][T11464] ? clear_bhb_loop+0x40/0x90 [ 399.633130][T11464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.633163][T11464] RIP: 0033:0x7f2d4619c819 [ 399.633189][T11464] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 399.633221][T11464] RSP: 002b:00007f2d46f99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 399.633250][T11464] RAX: ffffffffffffffda RBX: 00007f2d46416090 RCX: 00007f2d4619c819 [ 399.633272][T11464] RDX: 0000000000000001 RSI: 000000000000541b RDI: 0000000000000003 [ 399.633291][T11464] RBP: 00007f2d46f99090 R08: 0000000000000000 R09: 0000000000000000 [ 399.633311][T11464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 399.633329][T11464] R13: 00007f2d46416128 R14: 00007f2d46416090 R15: 00007fff3c658408 [ 399.633372][T11464] [ 399.633385][T11464] ERROR: Out of memory at tomoyo_realpath_from_path. [ 400.402011][T11483] FAULT_INJECTION: forcing a failure. [ 400.402011][T11483] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 400.473444][T11483] CPU: 0 UID: 0 PID: 11483 Comm: syz.3.1121 Tainted: G L syzkaller #0 PREEMPT(full) [ 400.473496][T11483] Tainted: [L]=SOFTLOCKUP [ 400.473507][T11483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 400.473526][T11483] Call Trace: [ 400.473538][T11483] [ 400.473549][T11483] dump_stack_lvl+0x100/0x190 [ 400.473608][T11483] should_fail_ex.cold+0x5/0xa [ 400.473648][T11483] _copy_from_iter+0x1f4/0x1690 [ 400.473702][T11483] ? __pfx__copy_from_iter+0x10/0x10 [ 400.473743][T11483] ? rcu_is_watching+0x12/0xc0 [ 400.473813][T11483] ? trace_kmalloc+0x101/0x130 [ 400.473850][T11483] ? __kasan_kmalloc+0xaa/0xb0 [ 400.473883][T11483] ? __kmalloc_noprof+0x320/0x850 [ 400.473943][T11483] kernfs_fop_write_iter+0x186/0x5f0 [ 400.473988][T11483] vfs_write+0x6ac/0x1070 [ 400.474022][T11483] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 400.474065][T11483] ? __pfx_vfs_write+0x10/0x10 [ 400.474126][T11483] ksys_write+0x12a/0x250 [ 400.474159][T11483] ? __pfx_ksys_write+0x10/0x10 [ 400.474206][T11483] do_syscall_64+0x106/0xf80 [ 400.474238][T11483] ? clear_bhb_loop+0x40/0x90 [ 400.474286][T11483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.474320][T11483] RIP: 0033:0x7f6b2ed9c819 [ 400.474347][T11483] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 400.474379][T11483] RSP: 002b:00007f6b2fbfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 400.474410][T11483] RAX: ffffffffffffffda RBX: 00007f6b2f015fa0 RCX: 00007f6b2ed9c819 [ 400.474432][T11483] RDX: 00000000000000ff RSI: 0000200000000000 RDI: 0000000000000003 [ 400.474452][T11483] RBP: 00007f6b2fbfa090 R08: 0000000000000000 R09: 0000000000000000 [ 400.474471][T11483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 400.474491][T11483] R13: 00007f6b2f016038 R14: 00007f6b2f015fa0 R15: 00007ffe194746f8 [ 400.474535][T11483] [ 401.814518][T11486] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1120'. [ 402.721397][T11519] futex_wake_op: syz.0.1126 tries to shift op by -1; fix this program [ 403.987016][T11544] FAULT_INJECTION: forcing a failure. [ 403.987016][T11544] name failslab, interval 1, probability 0, space 0, times 0 [ 404.094732][T11544] CPU: 0 UID: 0 PID: 11544 Comm: syz.3.1130 Tainted: G L syzkaller #0 PREEMPT(full) [ 404.094784][T11544] Tainted: [L]=SOFTLOCKUP [ 404.094796][T11544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 404.094815][T11544] Call Trace: [ 404.094826][T11544] [ 404.094838][T11544] dump_stack_lvl+0x100/0x190 [ 404.094894][T11544] should_fail_ex.cold+0x5/0xa [ 404.094933][T11544] ? tomoyo_encode2+0xfb/0x3c0 [ 404.094979][T11544] should_failslab+0xc2/0x120 [ 404.095016][T11544] __kmalloc_noprof+0xe0/0x850 [ 404.095067][T11544] ? rcu_is_watching+0x12/0xc0 [ 404.095128][T11544] tomoyo_encode2+0xfb/0x3c0 [ 404.095182][T11544] tomoyo_encode+0x29/0x50 [ 404.095228][T11544] tomoyo_realpath_from_path+0x18c/0x690 [ 404.095287][T11544] tomoyo_path_number_perm+0x23c/0x580 [ 404.095328][T11544] ? tomoyo_path_number_perm+0x22e/0x580 [ 404.095373][T11544] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 404.095455][T11544] ? find_held_lock+0x2b/0x80 [ 404.095493][T11544] ? __fget_files+0x215/0x3d0 [ 404.095524][T11544] ? hook_file_ioctl_common+0x146/0x410 [ 404.095559][T11544] ? __fget_files+0x21f/0x3d0 [ 404.095601][T11544] security_file_ioctl+0xd3/0x230 [ 404.095632][T11544] __x64_sys_ioctl+0xb7/0x210 [ 404.095670][T11544] do_syscall_64+0x106/0xf80 [ 404.095694][T11544] ? clear_bhb_loop+0x40/0x90 [ 404.095724][T11544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.095747][T11544] RIP: 0033:0x7f6b2ed9c819 [ 404.095767][T11544] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 404.095791][T11544] RSP: 002b:00007f6b2fbfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 404.095813][T11544] RAX: ffffffffffffffda RBX: 00007f6b2f015fa0 RCX: 00007f6b2ed9c819 [ 404.095828][T11544] RDX: 0000000000000001 RSI: 000000000000541b RDI: 0000000000000003 [ 404.095842][T11544] RBP: 00007f6b2fbfa090 R08: 0000000000000000 R09: 0000000000000000 [ 404.095856][T11544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 404.095869][T11544] R13: 00007f6b2f016038 R14: 00007f6b2f015fa0 R15: 00007ffe194746f8 [ 404.095900][T11544] [ 404.398203][T11544] ERROR: Out of memory at tomoyo_realpath_from_path. [ 404.954518][T11553] FAULT_INJECTION: forcing a failure. [ 404.954518][T11553] name failslab, interval 1, probability 0, space 0, times 0 [ 404.967626][T11553] CPU: 0 UID: 0 PID: 11553 Comm: syz.3.1133 Tainted: G L syzkaller #0 PREEMPT(full) [ 404.967665][T11553] Tainted: [L]=SOFTLOCKUP [ 404.967673][T11553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 404.967687][T11553] Call Trace: [ 404.967695][T11553] [ 404.967704][T11553] dump_stack_lvl+0x100/0x190 [ 404.967752][T11553] should_fail_ex.cold+0x5/0xa [ 404.967782][T11553] should_failslab+0xc2/0x120 [ 404.967809][T11553] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 404.967849][T11553] ? __d_alloc+0x34/0xa80 [ 404.967883][T11553] __d_alloc+0x34/0xa80 [ 404.967914][T11553] d_alloc_pseudo+0x1c/0xc0 [ 404.967950][T11553] alloc_file_pseudo+0xcf/0x230 [ 404.967984][T11553] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 404.968025][T11553] __shmem_file_setup+0x221/0x490 [ 404.968060][T11553] ? __pfx___shmem_file_setup+0x10/0x10 [ 404.968172][T11553] ? vm_area_alloc+0x1f/0x160 [ 404.968235][T11553] shmem_zero_setup+0x96/0x1b0 [ 404.968276][T11553] __mmap_region+0x2198/0x29e0 [ 404.968319][T11553] ? __pfx___mmap_region+0x10/0x10 [ 404.968353][T11553] ? process_measurement+0x1f4/0x2350 [ 404.968396][T11553] ? __lock_acquire+0x4a5/0x2630 [ 404.968428][T11553] ? trace_pelt_se_tp+0x159/0x1b0 [ 404.968474][T11553] ? find_held_lock+0x2b/0x80 [ 404.968498][T11553] ? finish_task_switch.isra.0+0x200/0xb80 [ 404.968525][T11553] ? finish_task_switch.isra.0+0x200/0xb80 [ 404.968563][T11553] ? trace_sched_exit_tp+0x13a/0x180 [ 404.968594][T11553] ? __schedule+0x1000/0x6120 [ 404.968670][T11553] ? rcu_is_watching+0x12/0xc0 [ 404.968709][T11553] ? cap_capable+0x107/0x460 [ 404.968738][T11553] mmap_region+0x180/0x3e0 [ 404.968805][T11553] do_mmap+0xc63/0x12f0 [ 404.968852][T11553] ? __pfx_do_mmap+0x10/0x10 [ 404.968891][T11553] ? __pfx_down_write_killable+0x10/0x10 [ 404.968941][T11553] vm_mmap_pgoff+0x29e/0x470 [ 404.968975][T11553] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 404.969006][T11553] ? do_futex+0x192/0x350 [ 404.969040][T11553] ? __pfx_do_futex+0x10/0x10 [ 404.969070][T11553] ? __pfx___do_sys_waitid+0x10/0x10 [ 404.969112][T11553] ksys_mmap_pgoff+0xe1/0x650 [ 404.969140][T11553] ? __x64_sys_futex+0x34f/0x4d0 [ 404.969171][T11553] ? __x64_sys_futex+0x358/0x4d0 [ 404.969211][T11553] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 404.969240][T11553] ? xfd_validate_state+0x129/0x190 [ 404.969282][T11553] __x64_sys_mmap+0x125/0x190 [ 404.969323][T11553] do_syscall_64+0x106/0xf80 [ 404.969346][T11553] ? clear_bhb_loop+0x40/0x90 [ 404.969376][T11553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.969419][T11553] RIP: 0033:0x7f6b2ed9c819 [ 404.969447][T11553] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 404.969480][T11553] RSP: 002b:00007f6b2fbfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 404.969512][T11553] RAX: ffffffffffffffda RBX: 00007f6b2f015fa0 RCX: 00007f6b2ed9c819 [ 404.969539][T11553] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 404.969553][T11553] RBP: 00007f6b2ee32c91 R08: fffffffffffffffa R09: 0000000000008000 [ 404.969569][T11553] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 404.969583][T11553] R13: 00007f6b2f016038 R14: 00007f6b2f015fa0 R15: 00007ffe194746f8 [ 404.969615][T11553] [ 409.258970][T11619] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1148'. [ 412.099574][T11661] FAULT_INJECTION: forcing a failure. [ 412.099574][T11661] name failslab, interval 1, probability 0, space 0, times 0 [ 412.117233][T11661] CPU: 0 UID: 0 PID: 11661 Comm: syz.1.1157 Tainted: G L syzkaller #0 PREEMPT(full) [ 412.117268][T11661] Tainted: [L]=SOFTLOCKUP [ 412.117276][T11661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 412.117290][T11661] Call Trace: [ 412.117304][T11661] [ 412.117313][T11661] dump_stack_lvl+0x100/0x190 [ 412.117353][T11661] should_fail_ex.cold+0x5/0xa [ 412.117388][T11661] should_failslab+0xc2/0x120 [ 412.117415][T11661] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 412.117457][T11661] ? security_inode_alloc+0x3b/0x2c0 [ 412.117484][T11661] ? lockdep_init_map_type+0x5c/0x250 [ 412.117527][T11661] security_inode_alloc+0x3b/0x2c0 [ 412.117555][T11661] inode_init_always_gfp+0xced/0x1040 [ 412.117584][T11661] alloc_inode+0x8e/0x250 [ 412.117627][T11661] sock_alloc+0x44/0x280 [ 412.117650][T11661] ? security_socket_create+0x7f/0x250 [ 412.117676][T11661] __sock_create+0xc2/0x860 [ 412.117710][T11661] __sys_socket+0x14d/0x260 [ 412.117746][T11661] ? __pfx___sys_socket+0x10/0x10 [ 412.117785][T11661] __x64_sys_socket+0x72/0xb0 [ 412.117814][T11661] ? lockdep_hardirqs_on+0x78/0x100 [ 412.117844][T11661] do_syscall_64+0x106/0xf80 [ 412.117870][T11661] ? clear_bhb_loop+0x40/0x90 [ 412.117920][T11661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.117966][T11661] RIP: 0033:0x7f707f99c819 [ 412.117991][T11661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 412.118013][T11661] RSP: 002b:00007f70808f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 412.118055][T11661] RAX: ffffffffffffffda RBX: 00007f707fc15fa0 RCX: 00007f707f99c819 [ 412.118075][T11661] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 412.118095][T11661] RBP: 00007f707fa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 412.118113][T11661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 412.118132][T11661] R13: 00007f707fc16038 R14: 00007f707fc15fa0 R15: 00007ffc8038e3c8 [ 412.118173][T11661] [ 412.324554][T11664] random: crng reseeded on system resumption [ 412.338337][T11661] socket: no more sockets [ 414.302802][T11693] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1163'. [ 415.939062][T11714] random: crng reseeded on system resumption [ 422.404087][T11788] random: crng reseeded on system resumption [ 423.745297][T11809] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 432.528505][T11923] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 433.465093][T11934] zswap: compressor not available [ 435.626056][T11975] FAULT_INJECTION: forcing a failure. [ 435.626056][T11975] name failslab, interval 1, probability 0, space 0, times 0 [ 435.639630][T11975] CPU: 0 UID: 0 PID: 11975 Comm: syz.0.1220 Tainted: G L syzkaller #0 PREEMPT(full) [ 435.639682][T11975] Tainted: [L]=SOFTLOCKUP [ 435.639696][T11975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 435.639716][T11975] Call Trace: [ 435.639727][T11975] [ 435.639739][T11975] dump_stack_lvl+0x100/0x190 [ 435.639802][T11975] should_fail_ex.cold+0x5/0xa [ 435.639843][T11975] should_failslab+0xc2/0x120 [ 435.639885][T11975] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 435.639924][T11975] ? do_getname+0x35/0x390 [ 435.639961][T11975] do_getname+0x35/0x390 [ 435.639996][T11975] user_path_at+0x26/0x60 [ 435.640020][T11975] __x64_sys_mount+0x1fb/0x310 [ 435.640051][T11975] ? __pfx___x64_sys_mount+0x10/0x10 [ 435.640090][T11975] do_syscall_64+0x106/0xf80 [ 435.640114][T11975] ? clear_bhb_loop+0x40/0x90 [ 435.640144][T11975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.640168][T11975] RIP: 0033:0x7f6473b9c819 [ 435.640188][T11975] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 435.640213][T11975] RSP: 002b:00007f64749ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 435.640237][T11975] RAX: ffffffffffffffda RBX: 00007f6473e16090 RCX: 00007f6473b9c819 [ 435.640253][T11975] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 435.640268][T11975] RBP: 00007f6473c32c91 R08: 0000200000000280 R09: 0000000000000000 [ 435.640283][T11975] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 435.640297][T11975] R13: 00007f6473e16128 R14: 00007f6473e16090 R15: 00007fff407a11b8 [ 435.640327][T11975] [ 437.340744][T12004] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1225'. [ 437.360147][T12004] ipvlan0: entered promiscuous mode [ 437.365526][T12004] ipvlan0: entered allmulticast mode [ 437.404108][T12004] veth0_vlan: entered allmulticast mode [ 438.210925][ T29] audit: type=1800 audit(1775405589.777:6): pid=12010 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1227" name="lu_gp_id" dev="configfs" ino=35497 res=0 errno=0 [ 438.232632][T12010] ALUA LU Group already has a valid ID, ignoring request [ 440.343863][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.358231][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.690758][T12044] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1235'. [ 440.722480][T12052] FAULT_INJECTION: forcing a failure. [ 440.722480][T12052] name failslab, interval 1, probability 0, space 0, times 0 [ 440.739963][T12052] CPU: 0 UID: 0 PID: 12052 Comm: syz.3.1237 Tainted: G L syzkaller #0 PREEMPT(full) [ 440.740015][T12052] Tainted: [L]=SOFTLOCKUP [ 440.740027][T12052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 440.740047][T12052] Call Trace: [ 440.740058][T12052] [ 440.740070][T12052] dump_stack_lvl+0x100/0x190 [ 440.740128][T12052] should_fail_ex.cold+0x5/0xa [ 440.740157][T12052] should_failslab+0xc2/0x120 [ 440.740184][T12052] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 440.740222][T12052] ? do_getname+0x35/0x390 [ 440.740259][T12052] do_getname+0x35/0x390 [ 440.740294][T12052] user_path_at+0x26/0x60 [ 440.740323][T12052] __x64_sys_mount+0x1fb/0x310 [ 440.740355][T12052] ? __pfx___x64_sys_mount+0x10/0x10 [ 440.740394][T12052] do_syscall_64+0x106/0xf80 [ 440.740418][T12052] ? clear_bhb_loop+0x40/0x90 [ 440.740446][T12052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.740471][T12052] RIP: 0033:0x7f6b2ed9c819 [ 440.740491][T12052] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 440.740515][T12052] RSP: 002b:00007f6b2fbd9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 440.740540][T12052] RAX: ffffffffffffffda RBX: 00007f6b2f016090 RCX: 00007f6b2ed9c819 [ 440.740556][T12052] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 440.740571][T12052] RBP: 00007f6b2ee32c91 R08: 0000200000000280 R09: 0000000000000000 [ 440.740586][T12052] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 440.740600][T12052] R13: 00007f6b2f016128 R14: 00007f6b2f016090 R15: 00007ffe194746f8 [ 440.740631][T12052] [ 442.141351][T12074] futex_wake_op: syz.3.1242 tries to shift op by -2048; fix this program [ 442.158760][T12074] futex_wake_op: syz.3.1242 tries to shift op by -2048; fix this program [ 442.268736][T12073] 0x000000000001-0x000000020000 : "" [ 442.313439][T12073] ftl_cs: FTL header corrupt! [ 443.185428][ T51] Bluetooth: hci1: Unexpected cc 0x7c89 with no status [ 448.487280][T12163] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1259'. [ 448.504488][T12163] ipvlan0: entered promiscuous mode [ 448.544479][T12163] ipvlan0: entered allmulticast mode [ 448.556495][T12163] veth0_vlan: entered allmulticast mode [ 450.658266][T12188] FAULT_INJECTION: forcing a failure. [ 450.658266][T12188] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 450.710678][T12188] CPU: 1 UID: 0 PID: 12188 Comm: syz.1.1265 Tainted: G L syzkaller #0 PREEMPT(full) [ 450.710729][T12188] Tainted: [L]=SOFTLOCKUP [ 450.710740][T12188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 450.710759][T12188] Call Trace: [ 450.710770][T12188] [ 450.710781][T12188] dump_stack_lvl+0x100/0x190 [ 450.710838][T12188] should_fail_ex.cold+0x5/0xa [ 450.710871][T12188] ? fs_reclaim_acquire+0x70/0x100 [ 450.710914][T12188] should_fail_alloc_page+0xeb/0x140 [ 450.710952][T12188] prepare_alloc_pages+0x1f0/0x5f0 [ 450.710993][T12188] ? bpf_ksym_find+0x124/0x1c0 [ 450.711039][T12188] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 450.711095][T12188] ? __lock_acquire+0x4a5/0x2630 [ 450.711137][T12188] ? arch_stack_walk+0xa6/0xf0 [ 450.711182][T12188] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 450.711252][T12188] ? mark_held_locks+0x40/0x70 [ 450.711301][T12188] ? debug_check_no_obj_freed+0x31f/0x630 [ 450.711347][T12188] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 450.711385][T12188] ? policy_nodemask+0xed/0x4f0 [ 450.711424][T12188] alloc_pages_mpol+0x1fb/0x550 [ 450.711463][T12188] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 450.711499][T12188] ? lock_acquire+0x1cf/0x380 [ 450.711552][T12188] alloc_pages_noprof+0x136/0x390 [ 450.711592][T12188] get_free_pages_noprof+0x10/0xb0 [ 450.711626][T12188] ? __mutex_lock+0x26a/0x1b90 [ 450.711660][T12188] usb_device_dump+0xcf/0x2350 [ 450.711718][T12188] ? usb_device_read+0x1e9/0x320 [ 450.711767][T12188] ? idr_get_next_ul+0x196/0x2e0 [ 450.711804][T12188] ? __pfx___mutex_lock+0x10/0x10 [ 450.711854][T12188] ? idr_get_next+0xec/0x150 [ 450.711886][T12188] ? __pfx_idr_get_next+0x10/0x10 [ 450.711926][T12188] usb_device_read+0x227/0x320 [ 450.711980][T12188] ? __pfx_usb_device_read+0x10/0x10 [ 450.712026][T12188] ? __pfx___might_resched+0x10/0x10 [ 450.712082][T12188] ? __debugfs_file_get+0x1fc/0x860 [ 450.712131][T12188] ? __pfx___debugfs_file_get+0x10/0x10 [ 450.712191][T12188] full_proxy_read+0x135/0x1a0 [ 450.712278][T12188] ? __pfx_full_proxy_read+0x10/0x10 [ 450.712333][T12188] vfs_read+0x1e4/0xb30 [ 450.712373][T12188] ? __pfx_vfs_read+0x10/0x10 [ 450.712402][T12188] ? find_held_lock+0x2b/0x80 [ 450.712434][T12188] ? __fget_files+0x215/0x3d0 [ 450.712467][T12188] ? __fget_files+0x215/0x3d0 [ 450.712509][T12188] ? __fget_files+0x21f/0x3d0 [ 450.712554][T12188] __x64_sys_pread64+0x1eb/0x250 [ 450.712591][T12188] ? __pfx___x64_sys_pread64+0x10/0x10 [ 450.712636][T12188] do_syscall_64+0x106/0xf80 [ 450.712669][T12188] ? clear_bhb_loop+0x40/0x90 [ 450.712711][T12188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.712744][T12188] RIP: 0033:0x7f707f99c819 [ 450.712770][T12188] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 450.712802][T12188] RSP: 002b:00007f70808f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 450.712833][T12188] RAX: ffffffffffffffda RBX: 00007f707fc15fa0 RCX: 00007f707f99c819 [ 450.712854][T12188] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000006 [ 450.712873][T12188] RBP: 00007f707fa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 450.712892][T12188] R10: 0000000400000008 R11: 0000000000000246 R12: 0000000000000000 [ 450.712911][T12188] R13: 00007f707fc16038 R14: 00007f707fc15fa0 R15: 00007ffc8038e3c8 [ 450.712955][T12188] [ 458.941307][T12323] zram: Removed device: zram0 [ 460.869275][T12361] ubi3: attaching mtd1 [ 465.072104][T12431] netlink: 'syz.4.1319': attribute type 1 has an invalid length. [ 465.468132][T12441] smpboot: CPU 1 is now offline [ 468.008539][T12483] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1329'. [ 468.431864][T12469] kexec: Could not allocate control_code_buffer [ 469.219431][T12504] futex_wake_op: syz.1.1333 tries to shift op by -2048; fix this program [ 469.285556][T12504] futex_wake_op: syz.1.1333 tries to shift op by -2048; fix this program [ 469.355356][T12507] 0x000000000001-0x000000020000 : "" [ 469.418998][T12507] ftl_cs: FTL header corrupt! [ 474.380005][T12546] kexec: Could not allocate control_code_buffer [ 479.646143][T12651] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 482.223818][T12691] futex_wake_op: syz.0.1369 tries to shift op by -2048; fix this program [ 482.278530][T12691] futex_wake_op: syz.0.1369 tries to shift op by -2048; fix this program [ 487.166222][T12761] FAULT_INJECTION: forcing a failure. [ 487.166222][T12761] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.256013][T12761] CPU: 0 UID: 0 PID: 12761 Comm: syz.0.1385 Tainted: G L syzkaller #0 PREEMPT(full) [ 487.256049][T12761] Tainted: [L]=SOFTLOCKUP [ 487.256056][T12761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 487.256073][T12761] Call Trace: [ 487.256080][T12761] [ 487.256089][T12761] dump_stack_lvl+0x100/0x190 [ 487.256137][T12761] should_fail_ex.cold+0x5/0xa [ 487.256166][T12761] _copy_to_user+0x32/0xd0 [ 487.256199][T12761] simple_read_from_buffer+0xcb/0x170 [ 487.256240][T12761] proc_fail_nth_read+0x1af/0x230 [ 487.256272][T12761] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 487.256306][T12761] ? rw_verify_area+0xce/0x6d0 [ 487.256341][T12761] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 487.256371][T12761] vfs_read+0x1e4/0xb30 [ 487.256397][T12761] ? __pfx_vfs_read+0x10/0x10 [ 487.256418][T12761] ? __fget_files+0x215/0x3d0 [ 487.256447][T12761] ? __fget_files+0x21f/0x3d0 [ 487.256478][T12761] ksys_read+0x12a/0x250 [ 487.256500][T12761] ? __pfx_ksys_read+0x10/0x10 [ 487.256530][T12761] do_syscall_64+0x106/0xf80 [ 487.256553][T12761] ? clear_bhb_loop+0x40/0x90 [ 487.256582][T12761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.256606][T12761] RIP: 0033:0x7f6473b5d04e [ 487.256625][T12761] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 487.256648][T12761] RSP: 002b:00007f6474a0efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 487.256669][T12761] RAX: ffffffffffffffda RBX: 00007f6474a0f6c0 RCX: 00007f6473b5d04e [ 487.256684][T12761] RDX: 000000000000000f RSI: 00007f6474a0f0a0 RDI: 0000000000000004 [ 487.256698][T12761] RBP: 00007f6474a0f090 R08: 0000000000000000 R09: 0000000000000000 [ 487.256712][T12761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.256726][T12761] R13: 00007f6473e16038 R14: 00007f6473e15fa0 R15: 00007fff407a11b8 [ 487.256755][T12761] [ 488.068525][T12770] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1387'. [ 489.118322][T12783] sp0: Synchronizing with TNC [ 490.598436][T12803] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 491.276659][T12823] FAULT_INJECTION: forcing a failure. [ 491.276659][T12823] name failslab, interval 1, probability 0, space 0, times 0 [ 491.353700][T12823] CPU: 0 UID: 0 PID: 12823 Comm: syz.1.1399 Tainted: G L syzkaller #0 PREEMPT(full) [ 491.353746][T12823] Tainted: [L]=SOFTLOCKUP [ 491.353754][T12823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 491.353769][T12823] Call Trace: [ 491.353776][T12823] [ 491.353785][T12823] dump_stack_lvl+0x100/0x190 [ 491.353827][T12823] should_fail_ex.cold+0x5/0xa [ 491.353856][T12823] should_failslab+0xc2/0x120 [ 491.353884][T12823] __kmalloc_cache_noprof+0x7a/0x6f0 [ 491.353917][T12823] ? kvm_dev_ioctl+0xa8d/0x1a50 [ 491.353952][T12823] kvm_dev_ioctl+0xa8d/0x1a50 [ 491.353987][T12823] ? hook_file_ioctl_common+0x146/0x410 [ 491.354020][T12823] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 491.354054][T12823] ? xfd_validate_state+0x129/0x190 [ 491.354093][T12823] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 491.354123][T12823] __x64_sys_ioctl+0x18e/0x210 [ 491.354164][T12823] do_syscall_64+0x106/0xf80 [ 491.354188][T12823] ? clear_bhb_loop+0x40/0x90 [ 491.354217][T12823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.354243][T12823] RIP: 0033:0x7f707f99c819 [ 491.354262][T12823] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 491.354286][T12823] RSP: 002b:00007f70808f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 491.354309][T12823] RAX: ffffffffffffffda RBX: 00007f707fc15fa0 RCX: 00007f707f99c819 [ 491.354324][T12823] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000002 [ 491.354339][T12823] RBP: 00007f707fa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 491.354353][T12823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 491.354367][T12823] R13: 00007f707fc16038 R14: 00007f707fc15fa0 R15: 00007ffc8038e3c8 [ 491.354398][T12823] [ 492.787870][T12843] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 494.119336][T12874] futex_wake_op: syz.4.1413 tries to shift op by -1; fix this program [ 500.283378][T12969] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1432'. [ 500.397267][T12969] IPv6: NLM_F_CREATE should be specified when creating new route [ 500.557245][T12969] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 500.564844][T12969] IPv6: NLM_F_CREATE should be set when creating new route [ 500.572206][T12969] IPv6: NLM_F_CREATE should be set when creating new route [ 500.927733][T12976] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 501.789421][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.809448][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.831982][ T5897] Process accounting resumed [ 503.944215][T13022] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 506.326880][T13059] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 507.959538][T13069] FAULT_INJECTION: forcing a failure. [ 507.959538][T13069] name failslab, interval 1, probability 0, space 0, times 0 [ 508.133357][T13069] CPU: 0 UID: 0 PID: 13069 Comm: syz.0.1459 Tainted: G L syzkaller #0 PREEMPT(full) [ 508.133398][T13069] Tainted: [L]=SOFTLOCKUP [ 508.133405][T13069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 508.133420][T13069] Call Trace: [ 508.133428][T13069] [ 508.133437][T13069] dump_stack_lvl+0x100/0x190 [ 508.133480][T13069] should_fail_ex.cold+0x5/0xa [ 508.133510][T13069] should_failslab+0xc2/0x120 [ 508.133538][T13069] __kmalloc_cache_noprof+0x7a/0x6f0 [ 508.133582][T13069] ? alloc_netdev_mqs+0xd95/0x14f0 [ 508.133605][T13069] ? __asan_memset+0x23/0x50 [ 508.133646][T13069] alloc_netdev_mqs+0xd95/0x14f0 [ 508.133676][T13069] __ip_tunnel_create+0x398/0x670 [ 508.133704][T13069] ? __pfx___ip_tunnel_create+0x10/0x10 [ 508.133729][T13069] ? net_generic+0xea/0x2a0 [ 508.133762][T13069] ip_tunnel_init_net+0x230/0x780 [ 508.133791][T13069] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 508.133826][T13069] ? __kmalloc_noprof+0x320/0x850 [ 508.133869][T13069] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 508.133906][T13069] ops_init+0x1e2/0x5f0 [ 508.133933][T13069] setup_net+0x118/0x3a0 [ 508.133958][T13069] ? __pfx_setup_net+0x10/0x10 [ 508.133980][T13069] ? lockdep_init_map_type+0x5c/0x250 [ 508.134016][T13069] ? mutex_init_lockep+0x110/0x150 [ 508.134055][T13069] copy_net_ns+0x46f/0x7c0 [ 508.134085][T13069] create_new_namespaces+0x3ea/0xac0 [ 508.134119][T13069] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 508.134150][T13069] ksys_unshare+0x473/0xad0 [ 508.134184][T13069] ? __pfx_ksys_unshare+0x10/0x10 [ 508.134227][T13069] __x64_sys_unshare+0x31/0x40 [ 508.134259][T13069] do_syscall_64+0x106/0xf80 [ 508.134283][T13069] ? clear_bhb_loop+0x40/0x90 [ 508.134313][T13069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.134339][T13069] RIP: 0033:0x7f6473b9c819 [ 508.134359][T13069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 508.134382][T13069] RSP: 002b:00007f6474a0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 508.134405][T13069] RAX: ffffffffffffffda RBX: 00007f6473e15fa0 RCX: 00007f6473b9c819 [ 508.134421][T13069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 508.134436][T13069] RBP: 00007f6473c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 508.134451][T13069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 508.134465][T13069] R13: 00007f6473e16038 R14: 00007f6473e15fa0 R15: 00007fff407a11b8 [ 508.134497][T13069] [ 508.816236][T13099] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 509.985791][T13114] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 511.165123][T13133] netlink: 74 bytes leftover after parsing attributes in process `syz.4.1473'. [ 511.328382][T13127] qrtr: Invalid version 7 [ 511.584237][T13144] FAULT_INJECTION: forcing a failure. [ 511.584237][T13144] name failslab, interval 1, probability 0, space 0, times 0 [ 511.657194][T13144] CPU: 0 UID: 0 PID: 13144 Comm: syz.4.1474 Tainted: G L syzkaller #0 PREEMPT(full) [ 511.657234][T13144] Tainted: [L]=SOFTLOCKUP [ 511.657243][T13144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 511.657257][T13144] Call Trace: [ 511.657265][T13144] [ 511.657274][T13144] dump_stack_lvl+0x100/0x190 [ 511.657317][T13144] should_fail_ex.cold+0x5/0xa [ 511.657346][T13144] ? lsm_blob_alloc+0x68/0x90 [ 511.657383][T13144] should_failslab+0xc2/0x120 [ 511.657411][T13144] __kmalloc_noprof+0xe0/0x850 [ 511.657450][T13144] ? down_write_nested+0x14f/0x200 [ 511.657493][T13144] lsm_blob_alloc+0x68/0x90 [ 511.657531][T13144] security_sb_alloc+0x25/0x240 [ 511.657557][T13144] alloc_super+0x24c/0xd20 [ 511.657604][T13144] ? __pfx_mqueue_fill_super+0x10/0x10 [ 511.657644][T13144] sget_fc+0x117/0xc70 [ 511.657683][T13144] ? __pfx_set_anon_super_fc+0x10/0x10 [ 511.657723][T13144] ? __pfx_mqueue_fill_super+0x10/0x10 [ 511.657762][T13144] get_tree_nodev+0x28/0x190 [ 511.657787][T13144] mqueue_get_tree+0xf1/0x130 [ 511.657826][T13144] vfs_get_tree+0x92/0x320 [ 511.657863][T13144] fc_mount_longterm+0x1a/0x270 [ 511.657902][T13144] mq_init_ns+0x482/0x820 [ 511.657932][T13144] copy_ipcs+0x3dd/0x7e0 [ 511.657962][T13144] create_new_namespaces+0x20a/0xac0 [ 511.657996][T13144] ? security_capable+0x80/0x260 [ 511.658023][T13144] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 511.658055][T13144] ksys_unshare+0x473/0xad0 [ 511.658090][T13144] ? __pfx_ksys_unshare+0x10/0x10 [ 511.658133][T13144] __x64_sys_unshare+0x31/0x40 [ 511.658164][T13144] do_syscall_64+0x106/0xf80 [ 511.658189][T13144] ? clear_bhb_loop+0x40/0x90 [ 511.658218][T13144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.658243][T13144] RIP: 0033:0x7f2d4619c819 [ 511.658263][T13144] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 511.658287][T13144] RSP: 002b:00007f2d46fba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 511.658310][T13144] RAX: ffffffffffffffda RBX: 00007f2d46415fa0 RCX: 00007f2d4619c819 [ 511.658326][T13144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 511.658341][T13144] RBP: 00007f2d46232c91 R08: 0000000000000000 R09: 0000000000000000 [ 511.658356][T13144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.658370][T13144] R13: 00007f2d46416038 R14: 00007f2d46415fa0 R15: 00007fff3c658408 [ 511.658401][T13144] [ 513.073689][T13163] Invalid ELF header magic: != ELF [ 513.187031][T13161] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 514.407336][ T51] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 514.407372][ T51] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 514.426229][ T51] Bluetooth: hci2: Dropping invalid advertising data [ 514.435167][ T51] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 514.435197][ T51] Bluetooth: hci2: Dropping invalid advertising data [ 514.449518][ T51] Bluetooth: hci2: unknown advertising packet type: 0x20 [ 514.449538][ T51] Bluetooth: hci2: Malformed LE Event: 0x02 [ 515.853922][T13207] Invalid ELF header magic: != ELF [ 516.767694][T13227] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 518.681652][ T29] audit: type=1326 audit(1775405670.247:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13264 comm="syz.3.1495" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6b2ed9c819 code=0x0 [ 526.306079][T13349] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 526.708982][T13354] netlink: 'syz.4.1518': attribute type 1 has an invalid length. [ 527.695115][T13362] mkiss: ax0: crc mode is auto. [ 528.632037][T13368] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 536.249148][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 536.264327][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 536.274519][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 536.282663][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 536.290260][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 537.103946][T13434] chnl_net:caif_netlink_parms(): no params data found [ 537.473868][T13453] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 537.691765][T13434] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.714921][T13434] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.746489][T13434] bridge_slave_0: entered allmulticast mode [ 537.779229][T13434] bridge_slave_0: entered promiscuous mode [ 537.847603][T13434] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.875160][T13434] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.909391][T13434] bridge_slave_1: entered allmulticast mode [ 537.944225][T13434] bridge_slave_1: entered promiscuous mode [ 538.343844][ T5831] Bluetooth: hci3: command tx timeout [ 538.575260][T13434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 538.637411][T13434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 538.726928][T13467] mkiss: ax0: crc mode is auto. [ 538.976505][T13434] team0: Port device team_slave_0 added [ 539.044428][T13434] team0: Port device team_slave_1 added [ 539.307829][T13434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.345599][T13434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 539.458845][T13434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.614981][T13434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.647206][T13434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 539.766998][T13434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.002035][T13434] hsr_slave_0: entered promiscuous mode [ 540.040329][T13434] hsr_slave_1: entered promiscuous mode [ 540.422946][ T5831] Bluetooth: hci3: command tx timeout [ 540.829802][T13434] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 540.870538][T13434] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 540.944534][T13434] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 540.990671][T13434] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 541.396939][T13434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.502720][T13434] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.569620][ T8638] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.576797][ T8638] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.649289][ T8638] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.656462][ T8638] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.914390][T13434] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 542.501159][ T5831] Bluetooth: hci3: command tx timeout [ 543.041927][T13434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 543.828753][T13522] mkiss: ax0: crc mode is auto. [ 544.426799][T13434] veth0_vlan: entered promiscuous mode [ 544.493236][T13434] veth1_vlan: entered promiscuous mode [ 544.582975][ T5831] Bluetooth: hci3: command tx timeout [ 544.634530][T13434] veth0_macvtap: entered promiscuous mode [ 544.709916][T13434] veth1_macvtap: entered promiscuous mode [ 544.811826][T13434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 544.885474][T13434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 544.951621][ T8636] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.997519][ T8636] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.006267][ T8636] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.143259][ T8636] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.377134][ T628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 545.418200][ T628] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 545.599208][ T628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 545.650755][ T628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.539774][T13574] mkiss: ax0: crc mode is auto. [ 550.540696][ T8638] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.677314][T13598] warning: `syz.0.1571' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 550.910897][ T8638] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.199315][ T8638] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.400991][ T8638] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.007184][ T8638] bridge_slave_0: left allmulticast mode [ 552.040600][ T8638] bridge_slave_0: left promiscuous mode [ 552.077237][ T8638] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.990754][ T8638] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 553.051087][ T8638] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 553.106815][ T8638] bond0 (unregistering): Released all slaves [ 553.680768][T13646] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 554.065829][T13659] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1582'. [ 554.137449][T13661] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1582'. [ 554.759370][ T8638] hsr_slave_0: left promiscuous mode [ 554.795808][ T8638] hsr_slave_1: left promiscuous mode [ 554.831464][ T8638] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 554.890361][ T8638] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 555.090876][ T8638] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 555.124834][ T8638] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 555.436350][ T8638] veth1_macvtap: left promiscuous mode [ 555.475722][ T8638] veth0_macvtap: left promiscuous mode [ 555.727620][ T8638] veth1_vlan: left promiscuous mode [ 555.732967][ T8638] veth0_vlan: left promiscuous mode [ 557.834116][ T8638] team0 (unregistering): Port device team_slave_1 removed [ 557.902129][ T8638] team0 (unregistering): Port device team_slave_0 removed [ 559.066036][T13745] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 560.657150][T13782] mkiss: ax0: crc mode is auto. [ 563.237791][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.246019][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.389700][T13825] mkiss: ax0: crc mode is auto. [ 565.396245][T13858] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 567.928932][T13908] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 568.554208][T13918] FAULT_INJECTION: forcing a failure. [ 568.554208][T13918] name failslab, interval 1, probability 0, space 0, times 0 [ 568.685390][T13918] CPU: 0 UID: 0 PID: 13918 Comm: syz.5.1636 Tainted: G L syzkaller #0 PREEMPT(full) [ 568.685431][T13918] Tainted: [L]=SOFTLOCKUP [ 568.685439][T13918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 568.685454][T13918] Call Trace: [ 568.685462][T13918] [ 568.685471][T13918] dump_stack_lvl+0x100/0x190 [ 568.685514][T13918] should_fail_ex.cold+0x5/0xa [ 568.685543][T13918] ? tomoyo_realpath_from_path+0xb6/0x690 [ 568.685580][T13918] should_failslab+0xc2/0x120 [ 568.685607][T13918] __kmalloc_noprof+0xe0/0x850 [ 568.685652][T13918] tomoyo_realpath_from_path+0xb6/0x690 [ 568.685695][T13918] tomoyo_check_open_permission+0x2af/0x3c0 [ 568.685728][T13918] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 568.685785][T13918] ? lock_acquire+0x1cf/0x380 [ 568.685817][T13918] ? find_held_lock+0x2b/0x80 [ 568.685848][T13918] tomoyo_file_open+0x6b/0x90 [ 568.685872][T13918] security_file_open+0xb5/0x1e0 [ 568.685906][T13918] do_dentry_open+0x5aa/0x1660 [ 568.685940][T13918] vfs_open+0x82/0x3f0 [ 568.685976][T13918] path_openat+0x208c/0x31a0 [ 568.686012][T13918] ? __pfx_path_openat+0x10/0x10 [ 568.686050][T13918] do_file_open+0x20e/0x430 [ 568.686079][T13918] ? __pfx_do_file_open+0x10/0x10 [ 568.686133][T13918] ? alloc_fd+0x476/0x790 [ 568.686162][T13918] ? do_getname+0x191/0x390 [ 568.686197][T13918] do_sys_openat2+0x10d/0x1e0 [ 568.686232][T13918] ? __pfx_do_sys_openat2+0x10/0x10 [ 568.686268][T13918] ? __fget_files+0x21f/0x3d0 [ 568.686299][T13918] __x64_sys_openat+0x12d/0x210 [ 568.686334][T13918] ? __pfx___x64_sys_openat+0x10/0x10 [ 568.686381][T13918] do_syscall_64+0x106/0xf80 [ 568.686406][T13918] ? clear_bhb_loop+0x40/0x90 [ 568.686440][T13918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.686465][T13918] RIP: 0033:0x7fc86159c819 [ 568.686486][T13918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 568.686510][T13918] RSP: 002b:00007fc8624cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 568.686533][T13918] RAX: ffffffffffffffda RBX: 00007fc861815fa0 RCX: 00007fc86159c819 [ 568.686549][T13918] RDX: 00000000000c0082 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 568.686564][T13918] RBP: 00007fc861632c91 R08: 0000000000000000 R09: 0000000000000000 [ 568.686579][T13918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 568.686593][T13918] R13: 00007fc861816038 R14: 00007fc861815fa0 R15: 00007fff49ec23a8 [ 568.686625][T13918] [ 569.213429][T13918] ERROR: Out of memory at tomoyo_realpath_from_path. [ 572.091209][T13962] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 572.409425][T13964] FAULT_INJECTION: forcing a failure. [ 572.409425][T13964] name failslab, interval 1, probability 0, space 0, times 0 [ 572.489807][T13964] CPU: 0 UID: 0 PID: 13964 Comm: syz.4.1645 Tainted: G L syzkaller #0 PREEMPT(full) [ 572.489848][T13964] Tainted: [L]=SOFTLOCKUP [ 572.489856][T13964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 572.489871][T13964] Call Trace: [ 572.489879][T13964] [ 572.489888][T13964] dump_stack_lvl+0x100/0x190 [ 572.489930][T13964] should_fail_ex.cold+0x5/0xa [ 572.489960][T13964] should_failslab+0xc2/0x120 [ 572.489988][T13964] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 572.490027][T13964] ? __proc_create+0x2cb/0x8c0 [ 572.490056][T13964] __proc_create+0x2cb/0x8c0 [ 572.490081][T13964] ? __pfx___proc_create+0x10/0x10 [ 572.490116][T13964] proc_create_reg+0x75/0x170 [ 572.490145][T13964] proc_create_net_data+0x8e/0x1c0 [ 572.490171][T13964] ? __pfx_proc_create_net_data+0x10/0x10 [ 572.490196][T13964] ? net_generic+0xea/0x2a0 [ 572.490227][T13964] ? __pfx_phonet_init_net+0x10/0x10 [ 572.490252][T13964] phonet_init_net+0x66/0x120 [ 572.490277][T13964] ops_init+0x1e2/0x5f0 [ 572.490305][T13964] setup_net+0x118/0x3a0 [ 572.490330][T13964] ? __pfx_setup_net+0x10/0x10 [ 572.490353][T13964] ? lockdep_init_map_type+0x5c/0x250 [ 572.490389][T13964] ? mutex_init_lockep+0x110/0x150 [ 572.490428][T13964] copy_net_ns+0x46f/0x7c0 [ 572.490459][T13964] create_new_namespaces+0x3ea/0xac0 [ 572.490492][T13964] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 572.490523][T13964] ksys_unshare+0x473/0xad0 [ 572.490557][T13964] ? __pfx_ksys_unshare+0x10/0x10 [ 572.490600][T13964] __x64_sys_unshare+0x31/0x40 [ 572.490631][T13964] do_syscall_64+0x106/0xf80 [ 572.490655][T13964] ? clear_bhb_loop+0x40/0x90 [ 572.490685][T13964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.490710][T13964] RIP: 0033:0x7f2d4619c819 [ 572.490730][T13964] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 572.490754][T13964] RSP: 002b:00007f2d46fba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 572.490782][T13964] RAX: ffffffffffffffda RBX: 00007f2d46415fa0 RCX: 00007f2d4619c819 [ 572.490798][T13964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 572.490812][T13964] RBP: 00007f2d46232c91 R08: 0000000000000000 R09: 0000000000000000 [ 572.490827][T13964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 572.490841][T13964] R13: 00007f2d46416038 R14: 00007f2d46415fa0 R15: 00007fff3c658408 [ 572.490872][T13964] [ 574.508370][T13981] mkiss: ax0: crc mode is auto. [ 574.811059][T13985] netlink: 504 bytes leftover after parsing attributes in process `syz.4.1648'. [ 574.915002][T13986] netlink: 350 bytes leftover after parsing attributes in process `syz.4.1648'. [ 575.624734][T14001] mkiss: ax0: crc mode is auto. [ 577.014063][T14027] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 577.700882][T14045] FAULT_INJECTION: forcing a failure. [ 577.700882][T14045] name failslab, interval 1, probability 0, space 0, times 0 [ 577.884688][T14045] CPU: 0 UID: 0 PID: 14045 Comm: syz.3.1660 Tainted: G L syzkaller #0 PREEMPT(full) [ 577.884727][T14045] Tainted: [L]=SOFTLOCKUP [ 577.884736][T14045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 577.884751][T14045] Call Trace: [ 577.884758][T14045] [ 577.884767][T14045] dump_stack_lvl+0x100/0x190 [ 577.884810][T14045] should_fail_ex.cold+0x5/0xa [ 577.884839][T14045] should_failslab+0xc2/0x120 [ 577.884867][T14045] __kmalloc_cache_node_noprof+0x7d/0x770 [ 577.884892][T14045] ? arch_stack_walk+0xa6/0xf0 [ 577.884916][T14045] ? __get_vm_area_node+0x101/0x330 [ 577.884951][T14045] __get_vm_area_node+0x101/0x330 [ 577.884985][T14045] __vmalloc_node_range_noprof+0x213/0x1530 [ 577.885020][T14045] ? __snd_dma_alloc_pages+0xd2/0x150 [ 577.885049][T14045] ? lock_acquire+0x1cf/0x380 [ 577.885085][T14045] ? __snd_dma_alloc_pages+0xd2/0x150 [ 577.885113][T14045] ? rcu_is_watching+0x12/0xc0 [ 577.885152][T14045] ? trace_contention_end+0x140/0x180 [ 577.885191][T14045] ? exit_to_user_mode_loop+0x100/0x4a0 [ 577.885225][T14045] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 577.885259][T14045] ? do_alloc_pages+0xd1/0x250 [ 577.885293][T14045] ? do_alloc_pages+0xd1/0x250 [ 577.885343][T14045] ? __mutex_unlock_slowpath+0x15c/0x790 [ 577.885375][T14045] ? __snd_dma_alloc_pages+0xd2/0x150 [ 577.885402][T14045] __vmalloc_node_noprof+0xad/0xf0 [ 577.885434][T14045] ? __snd_dma_alloc_pages+0xd2/0x150 [ 577.885462][T14045] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 577.885504][T14045] __snd_dma_alloc_pages+0xd2/0x150 [ 577.885533][T14045] snd_dma_alloc_dir_pages+0x151/0x240 [ 577.885566][T14045] do_alloc_pages+0x113/0x250 [ 577.885607][T14045] snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 577.885651][T14045] snd_pcm_hw_params+0x1729/0x1cb0 [ 577.885695][T14045] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 577.885739][T14045] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 577.885778][T14045] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 577.885818][T14045] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 577.885858][T14045] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 577.885906][T14045] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 577.885940][T14045] ? task_work_add+0x201/0x3b0 [ 577.885978][T14045] ? __pfx___mutex_lock+0x10/0x10 [ 577.886021][T14045] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 577.886057][T14045] snd_pcm_oss_sync+0x265/0x840 [ 577.886095][T14045] snd_pcm_oss_release+0x238/0x300 [ 577.886128][T14045] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 577.886162][T14045] __fput+0x3ff/0xb40 [ 577.886199][T14045] task_work_run+0x150/0x240 [ 577.886236][T14045] ? __pfx_task_work_run+0x10/0x10 [ 577.886282][T14045] exit_to_user_mode_loop+0x100/0x4a0 [ 577.886352][T14045] do_syscall_64+0x668/0xf80 [ 577.886376][T14045] ? clear_bhb_loop+0x40/0x90 [ 577.886406][T14045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.886431][T14045] RIP: 0033:0x7f6b2ed9c819 [ 577.886450][T14045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 577.886475][T14045] RSP: 002b:00007f6b2fbd9028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 577.886498][T14045] RAX: 0000000000000000 RBX: 00007f6b2f016090 RCX: 00007f6b2ed9c819 [ 577.886513][T14045] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 577.886527][T14045] RBP: 00007f6b2ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 577.886542][T14045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 577.886556][T14045] R13: 00007f6b2f016128 R14: 00007f6b2f016090 R15: 00007ffe194746f8 [ 577.886588][T14045] [ 578.624517][T14045] syz.3.1660: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 578.737456][T14045] CPU: 0 UID: 0 PID: 14045 Comm: syz.3.1660 Tainted: G L syzkaller #0 PREEMPT(full) [ 578.737496][T14045] Tainted: [L]=SOFTLOCKUP [ 578.737504][T14045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 578.737520][T14045] Call Trace: [ 578.737528][T14045] [ 578.737536][T14045] dump_stack_lvl+0x100/0x190 [ 578.737579][T14045] warn_alloc.cold+0x95/0x1c1 [ 578.737623][T14045] ? __pfx_warn_alloc+0x10/0x10 [ 578.737660][T14045] ? trace_kmalloc+0x101/0x130 [ 578.737690][T14045] ? __kmalloc_cache_node_noprof+0x2d9/0x770 [ 578.737719][T14045] ? __kasan_kmalloc+0x8a/0xb0 [ 578.737742][T14045] ? __get_vm_area_node+0x208/0x330 [ 578.737779][T14045] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 578.737814][T14045] ? lock_acquire+0x1cf/0x380 [ 578.737851][T14045] ? __snd_dma_alloc_pages+0xd2/0x150 [ 578.737878][T14045] ? rcu_is_watching+0x12/0xc0 [ 578.737918][T14045] ? trace_contention_end+0x140/0x180 [ 578.737954][T14045] ? exit_to_user_mode_loop+0x100/0x4a0 [ 578.737989][T14045] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 578.738022][T14045] ? do_alloc_pages+0xd1/0x250 [ 578.738057][T14045] ? do_alloc_pages+0xd1/0x250 [ 578.738098][T14045] ? __mutex_unlock_slowpath+0x15c/0x790 [ 578.738131][T14045] ? __snd_dma_alloc_pages+0xd2/0x150 [ 578.738159][T14045] __vmalloc_node_noprof+0xad/0xf0 [ 578.738190][T14045] ? __snd_dma_alloc_pages+0xd2/0x150 [ 578.738218][T14045] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 578.738259][T14045] __snd_dma_alloc_pages+0xd2/0x150 [ 578.738295][T14045] snd_dma_alloc_dir_pages+0x151/0x240 [ 578.738326][T14045] do_alloc_pages+0x113/0x250 [ 578.738367][T14045] snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 578.738412][T14045] snd_pcm_hw_params+0x1729/0x1cb0 [ 578.738457][T14045] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 578.738496][T14045] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 578.738535][T14045] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 578.738575][T14045] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 578.738615][T14045] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 578.738663][T14045] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 578.738696][T14045] ? task_work_add+0x201/0x3b0 [ 578.738735][T14045] ? __pfx___mutex_lock+0x10/0x10 [ 578.738778][T14045] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 578.738814][T14045] snd_pcm_oss_sync+0x265/0x840 [ 578.738852][T14045] snd_pcm_oss_release+0x238/0x300 [ 578.738886][T14045] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 578.738920][T14045] __fput+0x3ff/0xb40 [ 578.738956][T14045] task_work_run+0x150/0x240 [ 578.738994][T14045] ? __pfx_task_work_run+0x10/0x10 [ 578.739038][T14045] exit_to_user_mode_loop+0x100/0x4a0 [ 578.739075][T14045] do_syscall_64+0x668/0xf80 [ 578.739098][T14045] ? clear_bhb_loop+0x40/0x90 [ 578.739127][T14045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.739152][T14045] RIP: 0033:0x7f6b2ed9c819 [ 578.739172][T14045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 578.739196][T14045] RSP: 002b:00007f6b2fbd9028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 578.739219][T14045] RAX: 0000000000000000 RBX: 00007f6b2f016090 RCX: 00007f6b2ed9c819 [ 578.739234][T14045] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 578.739249][T14045] RBP: 00007f6b2ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 578.739270][T14045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 578.739284][T14045] R13: 00007f6b2f016128 R14: 00007f6b2f016090 R15: 00007ffe194746f8 [ 578.739315][T14045] [ 578.739325][T14045] Mem-Info: [ 580.057644][T14060] mkiss: ax0: crc mode is auto. [ 582.500200][T14092] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 582.630979][T14045] active_anon:11385 inactive_anon:57133 isolated_anon:0 [ 582.630979][T14045] active_file:23096 inactive_file:38228 isolated_file:0 [ 582.630979][T14045] unevictable:768 dirty:461 writeback:0 [ 582.630979][T14045] slab_reclaimable:12001 slab_unreclaimable:94952 [ 582.630979][T14045] mapped:30286 shmem:55749 pagetables:1793 [ 582.630979][T14045] sec_pagetables:0 bounce:0 [ 582.630979][T14045] kernel_misc_reclaimable:0 [ 582.630979][T14045] free:1128822 free_pcp:40703 free_cma:0 [ 583.191200][T14105] mkiss: ax0: crc mode is auto. [ 583.265846][T14045] Node 0 active_anon:41508kB inactive_anon:208948kB active_file:91984kB inactive_file:152720kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119512kB dirty:1936kB writeback:0kB shmem:201584kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12032kB pagetables:6992kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 583.688777][T14045] Node 1 active_anon:0kB inactive_anon:0kB active_file:400kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:192kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 583.768726][T14093] FAULT_INJECTION: forcing a failure. [ 583.768726][T14093] name failslab, interval 1, probability 0, space 0, times 0 [ 583.782959][T14119] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1673'. [ 583.953084][T14093] CPU: 0 UID: 0 PID: 14093 Comm: syz.0.1668 Tainted: G L syzkaller #0 PREEMPT(full) [ 583.953124][T14093] Tainted: [L]=SOFTLOCKUP [ 583.953132][T14093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 583.953146][T14093] Call Trace: [ 583.953154][T14093] [ 583.953163][T14093] dump_stack_lvl+0x100/0x190 [ 583.953208][T14093] should_fail_ex.cold+0x5/0xa [ 583.953237][T14093] should_failslab+0xc2/0x120 [ 583.953265][T14093] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 583.953290][T14093] ? __addrconf_sysctl_register+0xbb/0x360 [ 583.953321][T14093] kmemdup_noprof+0x29/0x60 [ 583.953345][T14093] __addrconf_sysctl_register+0xbb/0x360 [ 583.953374][T14093] ? __pfx___addrconf_sysctl_register+0x10/0x10 [ 583.953405][T14093] ? __asan_memcpy+0x3c/0x60 [ 583.953445][T14093] addrconf_init_net+0x5dd/0x8e0 [ 583.953471][T14093] ? __pfx_addrconf_init_net+0x10/0x10 [ 583.953495][T14093] ops_init+0x1e2/0x5f0 [ 583.953522][T14093] setup_net+0x118/0x3a0 [ 583.953548][T14093] ? __pfx_setup_net+0x10/0x10 [ 583.953570][T14093] ? lockdep_init_map_type+0x5c/0x250 [ 583.953605][T14093] ? mutex_init_lockep+0x110/0x150 [ 583.953645][T14093] copy_net_ns+0x46f/0x7c0 [ 583.953675][T14093] create_new_namespaces+0x3ea/0xac0 [ 583.953709][T14093] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 583.953740][T14093] ksys_unshare+0x473/0xad0 [ 583.953781][T14093] ? __pfx_ksys_unshare+0x10/0x10 [ 583.953825][T14093] __x64_sys_unshare+0x31/0x40 [ 583.953857][T14093] do_syscall_64+0x106/0xf80 [ 583.953882][T14093] ? clear_bhb_loop+0x40/0x90 [ 583.953912][T14093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.953936][T14093] RIP: 0033:0x7f6473b9c819 [ 583.953957][T14093] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 583.953981][T14093] RSP: 002b:00007f6474a0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 583.954003][T14093] RAX: ffffffffffffffda RBX: 00007f6473e15fa0 RCX: 00007f6473b9c819 [ 583.954019][T14093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 583.954034][T14093] RBP: 00007f6473c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 583.954048][T14093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 583.954063][T14093] R13: 00007f6473e16038 R14: 00007f6473e15fa0 R15: 00007fff407a11b8 [ 583.954094][T14093] [ 584.224667][T14045] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 584.254686][T14045] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 584.261141][T14045] Node 0 DMA32 free:638296kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:41508kB inactive_anon:180636kB active_file:91984kB inactive_file:152720kB unevictable:1536kB writepending:2040kB zspages:436kB present:3129332kB managed:2537268kB mlocked:0kB bounce:0kB free_pcp:142348kB local_pcp:142348kB free_cma:0kB [ 584.296469][T14045] lowmem_reserve[]: 0 0 1 1 1 [ 584.301684][T14045] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1052kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 584.332140][T14045] lowmem_reserve[]: 0 0 0 0 0 [ 584.336947][T14045] Node 1 Normal free:3923196kB boost:0kB min:55584kB low:69480kB high:83376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:400kB inactive_file:128kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:12536kB local_pcp:12536kB free_cma:0kB [ 584.370260][T14045] lowmem_reserve[]: 0 0 0 0 0 [ 584.375463][T14045] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 584.388302][T14045] Node 0 DMA32: 6026*4kB (UME) 4172*8kB (UME) 2960*16kB (UME) 1871*32kB (UME) 908*64kB (UME) 434*128kB (UME) 206*256kB (UM) 128*512kB (UME) 78*1024kB (UME) 25*2048kB (UME) 27*4096kB (UM) = 638312kB [ 584.408640][T14045] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 584.422129][T14045] Node 1 Normal: 17*4kB (UM) 13*8kB (UM) 11*16kB (U) 17*32kB (UM) 14*64kB (UM) 8*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 2*2048kB (UM) 955*4096kB (M) = 3923196kB [ 584.457302][T14045] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 584.487330][T14045] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 584.512164][T14045] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 584.543743][T14045] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 584.575658][T14045] 103875 total pagecache pages [ 584.589552][T14045] 11 pages in swap cache [ 584.627296][T14045] Free swap = 124728kB [ 584.636738][T14045] Total swap = 124996kB [ 584.657431][T14045] 2097051 pages RAM [ 584.669844][T14045] 0 pages HighMem/MovableOnly [ 584.697478][T14045] 430856 pages reserved [ 584.707482][T14045] 0 pages cma reserved [ 585.100681][T14132] netlink: Failed to add  helper -22 [ 589.257511][T14204] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 589.377259][ T5831] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 590.064490][T14203] sd 0:0:1:0: PR command failed: 1026 [ 590.206158][T14203] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 590.285770][T14220] ksmbd: Unknown IPC event: 14, ignore. [ 590.378653][T14203] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 591.458852][T14236] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1694'. [ 594.407337][T14275] binder: 14274:14275 ioctl c0046209 9 returned -22 [ 595.783967][T14296] netlink: 'syz.3.1706': attribute type 19 has an invalid length. [ 595.824898][T14296] netlink: 226 bytes leftover after parsing attributes in process `syz.3.1706'. [ 597.901379][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 597.901413][ T5831] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 597.918545][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 597.918618][ T5831] Bluetooth: hci0: adv larger than maximum supported [ 597.925932][ T5831] Bluetooth: hci0: Malformed LE Event: 0x0d [ 598.585854][T14341] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 600.117684][T14377] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 600.243624][T14377] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 600.324572][T14377] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 600.400174][T14377] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 600.481175][T14377] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 600.825244][T14377] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 602.179479][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 602.259440][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 602.337993][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 602.418867][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 603.621142][T14442] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1737'. [ 604.018734][ T5831] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 604.051569][T14450] FAULT_INJECTION: forcing a failure. [ 604.051569][T14450] name failslab, interval 1, probability 0, space 0, times 0 [ 604.108864][T14450] CPU: 0 UID: 0 PID: 14450 Comm: syz.0.1738 Tainted: G L syzkaller #0 PREEMPT(full) [ 604.108900][T14450] Tainted: [L]=SOFTLOCKUP [ 604.108908][T14450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 604.108923][T14450] Call Trace: [ 604.108930][T14450] [ 604.108939][T14450] dump_stack_lvl+0x100/0x190 [ 604.108979][T14450] should_fail_ex.cold+0x5/0xa [ 604.109008][T14450] ? tomoyo_realpath_from_path+0xb6/0x690 [ 604.109051][T14450] should_failslab+0xc2/0x120 [ 604.109078][T14450] __kmalloc_noprof+0xe0/0x850 [ 604.109121][T14450] tomoyo_realpath_from_path+0xb6/0x690 [ 604.109163][T14450] tomoyo_path_number_perm+0x23c/0x580 [ 604.109191][T14450] ? tomoyo_path_number_perm+0x22e/0x580 [ 604.109222][T14450] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 604.109280][T14450] ? find_held_lock+0x2b/0x80 [ 604.109303][T14450] ? __fget_files+0x215/0x3d0 [ 604.109325][T14450] ? hook_file_ioctl_common+0x146/0x410 [ 604.109360][T14450] ? __fget_files+0x21f/0x3d0 [ 604.109389][T14450] security_file_ioctl+0xd3/0x230 [ 604.109419][T14450] __x64_sys_ioctl+0xb7/0x210 [ 604.109458][T14450] do_syscall_64+0x106/0xf80 [ 604.109482][T14450] ? clear_bhb_loop+0x40/0x90 [ 604.109511][T14450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.109535][T14450] RIP: 0033:0x7f6473b9c819 [ 604.109554][T14450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 604.109576][T14450] RSP: 002b:00007f64749ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 604.109598][T14450] RAX: ffffffffffffffda RBX: 00007f6473e16090 RCX: 00007f6473b9c819 [ 604.109613][T14450] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000002 [ 604.109626][T14450] RBP: 00007f64749ee090 R08: 0000000000000000 R09: 0000000000000000 [ 604.109640][T14450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.109654][T14450] R13: 00007f6473e16128 R14: 00007f6473e16090 R15: 00007fff407a11b8 [ 604.109684][T14450] [ 604.109693][T14450] ERROR: Out of memory at tomoyo_realpath_from_path. [ 604.509022][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 605.896157][T14467] bond0: invalid ARP target specified [ 606.577825][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 607.810472][T14501] Invalid ELF header magic: != ELF [ 609.522388][T14537] FAULT_INJECTION: forcing a failure. [ 609.522388][T14537] name fail_futex, interval 1, probability 0, space 0, times 0 [ 609.610787][T14537] CPU: 0 UID: 0 PID: 14537 Comm: syz.0.1753 Tainted: G L syzkaller #0 PREEMPT(full) [ 609.610835][T14537] Tainted: [L]=SOFTLOCKUP [ 609.610844][T14537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 609.610858][T14537] Call Trace: [ 609.610867][T14537] [ 609.610876][T14537] dump_stack_lvl+0x100/0x190 [ 609.610924][T14537] should_fail_ex.cold+0x5/0xa [ 609.610953][T14537] get_futex_key+0x1d2/0x1620 [ 609.610992][T14537] ? __pfx_get_futex_key+0x10/0x10 [ 609.611030][T14537] ? aa_label_sk_perm+0x194/0x5f0 [ 609.611067][T14537] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 609.611108][T14537] futex_wait_setup+0x83/0x510 [ 609.611160][T14537] __futex_wait+0x19f/0x300 [ 609.611205][T14537] ? __pfx___futex_wait+0x10/0x10 [ 609.611247][T14537] ? __lock_acquire+0x4a5/0x2630 [ 609.611288][T14537] ? __pfx_futex_wake_mark+0x10/0x10 [ 609.611339][T14537] ? futex_hash+0x2c5/0x380 [ 609.611378][T14537] futex_wait+0xed/0x380 [ 609.611417][T14537] ? __pfx_futex_wait+0x10/0x10 [ 609.611465][T14537] ? __sys_sendto+0x2bc/0x4b0 [ 609.611500][T14537] ? __pfx_tipc_sendstream+0x10/0x10 [ 609.611535][T14537] ? __pfx___sys_sendto+0x10/0x10 [ 609.611607][T14537] ? __pfx_sock_write_iter+0x10/0x10 [ 609.611640][T14537] do_futex+0x1ef/0x350 [ 609.611675][T14537] ? __pfx_do_futex+0x10/0x10 [ 609.611716][T14537] __x64_sys_futex+0x34f/0x4d0 [ 609.611755][T14537] ? __pfx___x64_sys_futex+0x10/0x10 [ 609.611800][T14537] do_syscall_64+0x106/0xf80 [ 609.611825][T14537] ? clear_bhb_loop+0x40/0x90 [ 609.611855][T14537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.611880][T14537] RIP: 0033:0x7f6473b9c819 [ 609.611900][T14537] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 609.611924][T14537] RSP: 002b:00007f6474a0f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 609.611947][T14537] RAX: ffffffffffffffda RBX: 00007f6473e15fa8 RCX: 00007f6473b9c819 [ 609.611963][T14537] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6473e15fa8 [ 609.611978][T14537] RBP: 00007f6473e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 609.611993][T14537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 609.612007][T14537] R13: 00007f6473e16038 R14: 00007fff407a10d0 R15: 00007fff407a11b8 [ 609.612038][T14537] [ 613.053077][T14592] ubi0: attaching mtd0 [ 613.079421][T14592] ubi0: scanning is finished [ 613.121355][T14592] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 613.274541][T14601] usbip-vudc usbip-vudc.0: gadget not bound [ 613.529409][T14592] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 616.493270][T14652] FAULT_INJECTION: forcing a failure. [ 616.493270][T14652] name failslab, interval 1, probability 0, space 0, times 0 [ 616.667561][T14652] CPU: 0 UID: 0 PID: 14652 Comm: syz.0.1771 Tainted: G L syzkaller #0 PREEMPT(full) [ 616.667599][T14652] Tainted: [L]=SOFTLOCKUP [ 616.667608][T14652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 616.667622][T14652] Call Trace: [ 616.667630][T14652] [ 616.667638][T14652] dump_stack_lvl+0x100/0x190 [ 616.667680][T14652] should_fail_ex.cold+0x5/0xa [ 616.667709][T14652] ? lsm_blob_alloc+0x68/0x90 [ 616.667747][T14652] should_failslab+0xc2/0x120 [ 616.667775][T14652] __kmalloc_noprof+0xe0/0x850 [ 616.667813][T14652] ? trace_kmem_cache_alloc+0xf3/0x120 [ 616.667846][T14652] lsm_blob_alloc+0x68/0x90 [ 616.667884][T14652] security_prepare_creds+0x2d/0x290 [ 616.667921][T14652] prepare_creds+0x5d6/0x950 [ 616.667974][T14652] copy_creds+0xa7/0xa50 [ 616.668017][T14652] copy_process+0x1087/0x7a40 [ 616.668046][T14652] ? futex_unqueue+0x133/0x2c0 [ 616.668091][T14652] ? __pfx_copy_process+0x10/0x10 [ 616.668128][T14652] ? _copy_from_user+0x59/0xd0 [ 616.668163][T14652] kernel_clone+0xfc/0x9a0 [ 616.668194][T14652] ? __pfx_kernel_clone+0x10/0x10 [ 616.668231][T14652] ? __pfx_futex_wait+0x10/0x10 [ 616.668277][T14652] __do_sys_clone3+0x214/0x290 [ 616.668307][T14652] ? __pfx___do_sys_clone3+0x10/0x10 [ 616.668375][T14652] do_syscall_64+0x106/0xf80 [ 616.668398][T14652] ? clear_bhb_loop+0x40/0x90 [ 616.668428][T14652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.668453][T14652] RIP: 0033:0x7f6473b9c819 [ 616.668472][T14652] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 616.668496][T14652] RSP: 002b:00007f64749edef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 616.668519][T14652] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f6473b9c819 [ 616.668534][T14652] RDX: 00007f64749edf10 RSI: 0000000000000058 RDI: 00007f64749edf10 [ 616.668549][T14652] RBP: 00007f6473c32c91 R08: 0000000000000000 R09: 0000000000000058 [ 616.668564][T14652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 616.668578][T14652] R13: 00007f6473e16128 R14: 00007f6473e16090 R15: 00007fff407a11b8 [ 616.668609][T14652] [ 619.280728][T14713] ubi3: attaching mtd1 [ 620.297928][T14732] i2c i2c-0: new_device: Missing parameters [ 622.944878][T14797] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 624.070500][T14825] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 624.661458][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.668083][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.987342][T14844] FAULT_INJECTION: forcing a failure. [ 624.987342][T14844] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.037112][T14844] CPU: 0 UID: 0 PID: 14844 Comm: syz.5.1805 Tainted: G L syzkaller #0 PREEMPT(full) [ 625.037149][T14844] Tainted: [L]=SOFTLOCKUP [ 625.037157][T14844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 625.037172][T14844] Call Trace: [ 625.037179][T14844] [ 625.037188][T14844] dump_stack_lvl+0x100/0x190 [ 625.037232][T14844] should_fail_ex.cold+0x5/0xa [ 625.037269][T14844] _copy_from_user+0x2e/0xd0 [ 625.037301][T14844] __sys_bpf+0x243/0x4b90 [ 625.037333][T14844] ? __pfx___sys_bpf+0x10/0x10 [ 625.037359][T14844] ? proc_fail_nth_write+0x9f/0x220 [ 625.037390][T14844] ? find_held_lock+0x2b/0x80 [ 625.037418][T14844] ? find_held_lock+0x2b/0x80 [ 625.037441][T14844] ? ksys_write+0x190/0x250 [ 625.037471][T14844] ? __mutex_unlock_slowpath+0x15c/0x790 [ 625.037498][T14844] ? __fget_files+0x215/0x3d0 [ 625.037535][T14844] ? fput+0x79/0x100 [ 625.037562][T14844] ? ksys_write+0x1ac/0x250 [ 625.037584][T14844] ? __pfx_ksys_write+0x10/0x10 [ 625.037612][T14844] __x64_sys_bpf+0x7b/0xc0 [ 625.037639][T14844] ? lockdep_hardirqs_on+0x78/0x100 [ 625.037662][T14844] do_syscall_64+0x106/0xf80 [ 625.037684][T14844] ? clear_bhb_loop+0x40/0x90 [ 625.037713][T14844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.037737][T14844] RIP: 0033:0x7fc86159c819 [ 625.037755][T14844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 625.037778][T14844] RSP: 002b:00007fc8624cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 625.037800][T14844] RAX: ffffffffffffffda RBX: 00007fc861815fa0 RCX: 00007fc86159c819 [ 625.037816][T14844] RDX: 00000000000006f4 RSI: 0000200000000380 RDI: 0000000000000000 [ 625.037831][T14844] RBP: 00007fc8624cf090 R08: 0000000000000000 R09: 0000000000000000 [ 625.037846][T14844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.037859][T14844] R13: 00007fc861816038 R14: 00007fc861815fa0 R15: 00007fff49ec23a8 [ 625.037889][T14844] [ 626.852830][T14883] KVM: debugfs: duplicate directory 14883-3 [ 626.874337][T14884] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 627.467194][T14899] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 629.241728][T14918] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 629.626842][T14927] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 629.670298][T14933] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1824'. [ 631.831935][T14966] [U] 0="/ [ 631.848650][T14966] [U] [ 631.870317][T14966] [U] EeQ@ [ 632.645083][T14965] [U]  [ 633.106752][T14979] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 637.234284][T15059] futex_wake_op: syz.4.1855 tries to shift op by -2048; fix this program [ 641.651140][T15116] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 641.811523][T15120] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 641.844342][T15120] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 641.910781][T15124] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 642.016525][T15120] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 642.081246][T15120] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 642.191545][T15120] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 642.234914][T15120] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 642.287405][T15120] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1866'. [ 644.223906][T15149] futex_wake_op: syz.4.1872 tries to shift op by -2048; fix this program [ 645.433962][T15169] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 646.785475][T15181] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1881'. [ 649.772567][T15230] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 649.875575][T15241] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 650.285640][T15237] zswap: compressor /s not available [ 655.126939][T15329] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 657.747931][T15386] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1926'. [ 657.799012][T15386] mac80211_hwsim hwsim25 wlan1: entered promiscuous mode [ 657.806118][T15386] mac80211_hwsim hwsim25 wlan1: entered allmulticast mode [ 657.948090][T15390] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1928'. [ 658.074776][T15390] team0 (unregistering): Port device team_slave_0 removed [ 658.114638][T15390] team0 (unregistering): Port device team_slave_1 removed [ 659.866189][T15465] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 660.979310][T15485] delete_channel: no stack [ 662.744752][T15597] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 665.399497][T15677] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 667.048118][T15724] futex_wake_op: syz.4.1963 tries to shift op by -2048; fix this program [ 669.166408][T15837] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 670.984947][T15877] FAULT_INJECTION: forcing a failure. [ 670.984947][T15877] name failslab, interval 1, probability 0, space 0, times 0 [ 671.051295][T15877] CPU: 0 UID: 0 PID: 15877 Comm: syz.3.1977 Tainted: G L syzkaller #0 PREEMPT(full) [ 671.051333][T15877] Tainted: [L]=SOFTLOCKUP [ 671.051340][T15877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 671.051354][T15877] Call Trace: [ 671.051362][T15877] [ 671.051371][T15877] dump_stack_lvl+0x100/0x190 [ 671.051412][T15877] should_fail_ex.cold+0x5/0xa [ 671.051440][T15877] ? tomoyo_encode2+0xfb/0x3c0 [ 671.051472][T15877] should_failslab+0xc2/0x120 [ 671.051499][T15877] __kmalloc_noprof+0xe0/0x850 [ 671.051534][T15877] ? d_absolute_path+0x136/0x1b0 [ 671.051573][T15877] tomoyo_encode2+0xfb/0x3c0 [ 671.051611][T15877] tomoyo_encode+0x29/0x50 [ 671.051643][T15877] tomoyo_realpath_from_path+0x18c/0x690 [ 671.051684][T15877] tomoyo_path_number_perm+0x23c/0x580 [ 671.051712][T15877] ? tomoyo_path_number_perm+0x22e/0x580 [ 671.051743][T15877] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 671.051801][T15877] ? find_held_lock+0x2b/0x80 [ 671.051823][T15877] ? __fget_files+0x215/0x3d0 [ 671.051845][T15877] ? hook_file_ioctl_common+0x146/0x410 [ 671.051881][T15877] ? __fget_files+0x21f/0x3d0 [ 671.051909][T15877] security_file_ioctl+0xd3/0x230 [ 671.051940][T15877] __x64_sys_ioctl+0xb7/0x210 [ 671.051978][T15877] do_syscall_64+0x106/0xf80 [ 671.052002][T15877] ? clear_bhb_loop+0x40/0x90 [ 671.052030][T15877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.052055][T15877] RIP: 0033:0x7f6b2ed9c819 [ 671.052073][T15877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 671.052096][T15877] RSP: 002b:00007f6b2fbfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 671.052118][T15877] RAX: ffffffffffffffda RBX: 00007f6b2f015fa0 RCX: 00007f6b2ed9c819 [ 671.052133][T15877] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000003 [ 671.052147][T15877] RBP: 00007f6b2fbfa090 R08: 0000000000000000 R09: 0000000000000000 [ 671.052161][T15877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 671.052174][T15877] R13: 00007f6b2f016038 R14: 00007f6b2f015fa0 R15: 00007ffe194746f8 [ 671.052205][T15877] [ 671.052222][T15877] ERROR: Out of memory at tomoyo_realpath_from_path. [ 673.637346][T15937] FAULT_INJECTION: forcing a failure. [ 673.637346][T15937] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 673.707357][T15937] CPU: 0 UID: 0 PID: 15937 Comm: syz.4.1988 Tainted: G L syzkaller #0 PREEMPT(full) [ 673.707394][T15937] Tainted: [L]=SOFTLOCKUP [ 673.707402][T15937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 673.707416][T15937] Call Trace: [ 673.707424][T15937] [ 673.707433][T15937] dump_stack_lvl+0x100/0x190 [ 673.707473][T15937] should_fail_ex.cold+0x5/0xa [ 673.707496][T15937] ? prepare_alloc_pages+0x16d/0x5f0 [ 673.707527][T15937] should_fail_alloc_page+0xeb/0x140 [ 673.707555][T15937] prepare_alloc_pages+0x1f0/0x5f0 [ 673.707588][T15937] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 673.707639][T15937] ? find_held_lock+0x2b/0x80 [ 673.707662][T15937] ? is_bpf_text_address+0x8a/0x1a0 [ 673.707700][T15937] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 673.707737][T15937] ? bpf_ksym_find+0x124/0x1c0 [ 673.707768][T15937] ? is_bpf_text_address+0x94/0x1a0 [ 673.707806][T15937] ? kernel_text_address+0x8d/0x100 [ 673.707844][T15937] ? arch_stack_walk+0xa6/0xf0 [ 673.707875][T15937] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 673.707901][T15937] ? policy_nodemask+0xed/0x4f0 [ 673.707929][T15937] alloc_pages_mpol+0x1fb/0x550 [ 673.707956][T15937] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 673.707981][T15937] ? tomoyo_path_number_perm+0x46d/0x580 [ 673.708017][T15937] alloc_pages_noprof+0x136/0x390 [ 673.708045][T15937] __pmd_alloc+0x3b/0x950 [ 673.708076][T15937] __handle_mm_fault+0xa9e/0x2b60 [ 673.708120][T15937] ? mt_find+0x45e/0x8e0 [ 673.708147][T15937] ? __pfx___handle_mm_fault+0x10/0x10 [ 673.708179][T15937] ? __pfx_mt_find+0x10/0x10 [ 673.708220][T15937] ? find_vma+0xbf/0x140 [ 673.708243][T15937] ? __pfx_find_vma+0x10/0x10 [ 673.708269][T15937] handle_mm_fault+0x36d/0xa20 [ 673.708309][T15937] do_user_addr_fault+0x74c/0x12f0 [ 673.708341][T15937] exc_page_fault+0x6f/0xd0 [ 673.708369][T15937] asm_exc_page_fault+0x26/0x30 [ 673.708392][T15937] RIP: 0010:__get_user_4+0x14/0x20 [ 673.708426][T15937] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 673.708449][T15937] RSP: 0018:ffffc900033c7db8 EFLAGS: 00050287 [ 673.708470][T15937] RAX: 0000000000000000 RBX: ffff88807bee74a0 RCX: ffffc900033c7d5c [ 673.708485][T15937] RDX: 00007ffffffff000 RSI: ffffffff82563a41 RDI: ffffffff8c1b1da0 [ 673.708500][T15937] RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000000001ca [ 673.708514][T15937] R10: 0000000000000200 R11: 0000000000000000 R12: 1ffff92000678fbf [ 673.708528][T15937] R13: 00000000c0045005 R14: ffff888030ccd340 R15: 0000000000005000 [ 673.708552][T15937] ? __might_fault+0x111/0x140 [ 673.708591][T15937] snd_pcm_oss_ioctl+0x179a/0x3720 [ 673.708625][T15937] ? find_held_lock+0x2b/0x80 [ 673.708647][T15937] ? __fget_files+0x215/0x3d0 [ 673.708669][T15937] ? hook_file_ioctl_common+0x146/0x410 [ 673.708700][T15937] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 673.708735][T15937] ? __fget_files+0x21f/0x3d0 [ 673.708762][T15937] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 673.708796][T15937] __x64_sys_ioctl+0x18e/0x210 [ 673.708834][T15937] do_syscall_64+0x106/0xf80 [ 673.708856][T15937] ? clear_bhb_loop+0x40/0x90 [ 673.708884][T15937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.708907][T15937] RIP: 0033:0x7f2d4619c819 [ 673.708925][T15937] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.708947][T15937] RSP: 002b:00007f2d46fba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 673.708968][T15937] RAX: ffffffffffffffda RBX: 00007f2d46415fa0 RCX: 00007f2d4619c819 [ 673.708983][T15937] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000003 [ 673.708996][T15937] RBP: 00007f2d46fba090 R08: 0000000000000000 R09: 0000000000000000 [ 673.709010][T15937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 673.709024][T15937] R13: 00007f2d46416038 R14: 00007f2d46415fa0 R15: 00007fff3c658408 [ 673.709054][T15937] [ 676.480981][T16062] FAULT_INJECTION: forcing a failure. [ 676.480981][T16062] name failslab, interval 1, probability 0, space 0, times 0 [ 676.617278][T16062] CPU: 0 UID: 0 PID: 16062 Comm: syz.3.1997 Tainted: G L syzkaller #0 PREEMPT(full) [ 676.617316][T16062] Tainted: [L]=SOFTLOCKUP [ 676.617324][T16062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 676.617337][T16062] Call Trace: [ 676.617345][T16062] [ 676.617355][T16062] dump_stack_lvl+0x100/0x190 [ 676.617396][T16062] should_fail_ex.cold+0x5/0xa [ 676.617423][T16062] should_failslab+0xc2/0x120 [ 676.617455][T16062] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 676.617492][T16062] ? __pmd_alloc+0xbf/0x950 [ 676.617526][T16062] __pmd_alloc+0xbf/0x950 [ 676.617558][T16062] __handle_mm_fault+0xa9e/0x2b60 [ 676.617596][T16062] ? mt_find+0x45e/0x8e0 [ 676.617624][T16062] ? __pfx___handle_mm_fault+0x10/0x10 [ 676.617656][T16062] ? __pfx_mt_find+0x10/0x10 [ 676.617697][T16062] ? find_vma+0xbf/0x140 [ 676.617720][T16062] ? __pfx_find_vma+0x10/0x10 [ 676.617747][T16062] handle_mm_fault+0x36d/0xa20 [ 676.617786][T16062] do_user_addr_fault+0x74c/0x12f0 [ 676.617818][T16062] exc_page_fault+0x6f/0xd0 [ 676.617847][T16062] asm_exc_page_fault+0x26/0x30 [ 676.617870][T16062] RIP: 0010:__get_user_4+0x14/0x20 [ 676.617903][T16062] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 676.617926][T16062] RSP: 0018:ffffc90003697db8 EFLAGS: 00050287 [ 676.617944][T16062] RAX: 0000000000000000 RBX: ffff88803566cb60 RCX: ffffc90003697d5c [ 676.617960][T16062] RDX: 00007ffffffff000 RSI: ffffffff82563a41 RDI: ffffffff8c1b1da0 [ 676.617975][T16062] RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000000001ca [ 676.617988][T16062] R10: 0000000000000200 R11: 0000000000000000 R12: 1ffff920006d2fbf [ 676.618003][T16062] R13: 00000000c0045005 R14: ffff888032da36c0 R15: 0000000000005000 [ 676.618026][T16062] ? __might_fault+0x111/0x140 [ 676.618066][T16062] snd_pcm_oss_ioctl+0x179a/0x3720 [ 676.618100][T16062] ? find_held_lock+0x2b/0x80 [ 676.618122][T16062] ? __fget_files+0x215/0x3d0 [ 676.618145][T16062] ? hook_file_ioctl_common+0x146/0x410 [ 676.618176][T16062] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 676.618211][T16062] ? __fget_files+0x21f/0x3d0 [ 676.618238][T16062] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 676.618272][T16062] __x64_sys_ioctl+0x18e/0x210 [ 676.618315][T16062] do_syscall_64+0x106/0xf80 [ 676.618338][T16062] ? clear_bhb_loop+0x40/0x90 [ 676.618366][T16062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.618390][T16062] RIP: 0033:0x7f6b2ed9c819 [ 676.618407][T16062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 676.618430][T16062] RSP: 002b:00007f6b2fbfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 676.618450][T16062] RAX: ffffffffffffffda RBX: 00007f6b2f015fa0 RCX: 00007f6b2ed9c819 [ 676.618466][T16062] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000003 [ 676.618479][T16062] RBP: 00007f6b2fbfa090 R08: 0000000000000000 R09: 0000000000000000 [ 676.618493][T16062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 676.618507][T16062] R13: 00007f6b2f016038 R14: 00007f6b2f015fa0 R15: 00007ffe194746f8 [ 676.618536][T16062] [ 677.381641][T16066] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1999'. [ 678.037292][T16072] mkiss: ax0: crc mode is auto. [ 678.439249][T16117] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 678.762355][T16126] tipc: Started in network mode [ 678.808425][T16126] tipc: Node identity ee00, cluster identity 4711 [ 678.815424][T16126] tipc: Node number set to 60928 [ 679.095762][ T51] Bluetooth: hci3: unexpected event 0x04 length: 64 > 10 [ 679.096057][ T51] Bluetooth: hci3: connection err: -111 [ 679.707844][T16175] FAULT_INJECTION: forcing a failure. [ 679.707844][T16175] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 679.789997][T16175] CPU: 0 UID: 0 PID: 16175 Comm: syz.0.2011 Tainted: G L syzkaller #0 PREEMPT(full) [ 679.790036][T16175] Tainted: [L]=SOFTLOCKUP [ 679.790044][T16175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 679.790057][T16175] Call Trace: [ 679.790066][T16175] [ 679.790075][T16175] dump_stack_lvl+0x100/0x190 [ 679.790116][T16175] should_fail_ex.cold+0x5/0xa [ 679.790139][T16175] ? prepare_alloc_pages+0x16d/0x5f0 [ 679.790170][T16175] should_fail_alloc_page+0xeb/0x140 [ 679.790199][T16175] prepare_alloc_pages+0x1f0/0x5f0 [ 679.790232][T16175] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 679.790273][T16175] ? stack_trace_save+0x8e/0xc0 [ 679.790298][T16175] ? __pfx_stack_trace_save+0x10/0x10 [ 679.790323][T16175] ? stack_depot_save_flags+0x27/0x9d0 [ 679.790361][T16175] ? kasan_save_stack+0x3f/0x50 [ 679.790382][T16175] ? kasan_save_stack+0x30/0x50 [ 679.790403][T16175] ? kasan_save_track+0x14/0x30 [ 679.790424][T16175] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 679.790461][T16175] ? __handle_mm_fault+0xa9e/0x2b60 [ 679.790494][T16175] ? handle_mm_fault+0x36d/0xa20 [ 679.790532][T16175] ? do_user_addr_fault+0x74c/0x12f0 [ 679.790555][T16175] ? asm_exc_page_fault+0x26/0x30 [ 679.790578][T16175] ? snd_pcm_oss_ioctl+0x179a/0x3720 [ 679.790610][T16175] ? __x64_sys_ioctl+0x18e/0x210 [ 679.790644][T16175] ? do_syscall_64+0x106/0xf80 [ 679.790667][T16175] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.790705][T16175] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 679.790732][T16175] ? policy_nodemask+0xed/0x4f0 [ 679.790760][T16175] alloc_pages_mpol+0x1fb/0x550 [ 679.790788][T16175] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 679.790822][T16175] alloc_pages_noprof+0x136/0x390 [ 679.790850][T16175] pte_alloc_one+0x1c/0x3d0 [ 679.790878][T16175] do_fault+0x88e/0x18e0 [ 679.790906][T16175] ? __pmd_alloc+0x3fb/0x950 [ 679.790937][T16175] __handle_mm_fault+0x1815/0x2b60 [ 679.790975][T16175] ? mt_find+0x45e/0x8e0 [ 679.791002][T16175] ? __pfx___handle_mm_fault+0x10/0x10 [ 679.791034][T16175] ? __pfx_mt_find+0x10/0x10 [ 679.791076][T16175] ? find_vma+0xbf/0x140 [ 679.791099][T16175] ? __pfx_find_vma+0x10/0x10 [ 679.791126][T16175] handle_mm_fault+0x36d/0xa20 [ 679.791165][T16175] do_user_addr_fault+0x74c/0x12f0 [ 679.791197][T16175] exc_page_fault+0x6f/0xd0 [ 679.791221][T16175] asm_exc_page_fault+0x26/0x30 [ 679.791245][T16175] RIP: 0010:__get_user_4+0x14/0x20 [ 679.791278][T16175] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 679.791301][T16175] RSP: 0018:ffffc900034d7db8 EFLAGS: 00050287 [ 679.791320][T16175] RAX: 0000000000000000 RBX: ffff888029fadc40 RCX: ffffc900034d7d5c [ 679.791335][T16175] RDX: 00007ffffffff000 RSI: ffffffff82563a41 RDI: ffffffff8c1b1da0 [ 679.791350][T16175] RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000000001ca [ 679.791364][T16175] R10: 0000000000000200 R11: 0000000000000000 R12: 1ffff9200069afbf [ 679.791379][T16175] R13: 00000000c0045005 R14: ffff888037a5b180 R15: 0000000000005000 [ 679.791407][T16175] ? __might_fault+0x111/0x140 [ 679.791447][T16175] snd_pcm_oss_ioctl+0x179a/0x3720 [ 679.791479][T16175] ? find_held_lock+0x2b/0x80 [ 679.791502][T16175] ? __fget_files+0x215/0x3d0 [ 679.791530][T16175] ? hook_file_ioctl_common+0x146/0x410 [ 679.791561][T16175] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 679.791597][T16175] ? __fget_files+0x21f/0x3d0 [ 679.791624][T16175] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 679.791659][T16175] __x64_sys_ioctl+0x18e/0x210 [ 679.791696][T16175] do_syscall_64+0x106/0xf80 [ 679.791718][T16175] ? clear_bhb_loop+0x40/0x90 [ 679.791747][T16175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.791771][T16175] RIP: 0033:0x7f6473b9c819 [ 679.791790][T16175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 679.791812][T16175] RSP: 002b:00007f6474a0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 679.791833][T16175] RAX: ffffffffffffffda RBX: 00007f6473e15fa0 RCX: 00007f6473b9c819 [ 679.791848][T16175] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000003 [ 679.791862][T16175] RBP: 00007f6474a0f090 R08: 0000000000000000 R09: 0000000000000000 [ 679.791875][T16175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 679.791889][T16175] R13: 00007f6473e16038 R14: 00007f6473e15fa0 R15: 00007fff407a11b8 [ 679.791919][T16175] [ 681.874221][T16203] mkiss: ax0: crc mode is auto. [ 682.788791][T16254] Process accounting resumed [ 683.068794][T16271] FAULT_INJECTION: forcing a failure. [ 683.068794][T16271] name failslab, interval 1, probability 0, space 0, times 0 [ 683.143957][T16271] CPU: 0 UID: 0 PID: 16271 Comm: syz.4.2022 Tainted: G L syzkaller #0 PREEMPT(full) [ 683.144002][T16271] Tainted: [L]=SOFTLOCKUP [ 683.144010][T16271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 683.144024][T16271] Call Trace: [ 683.144031][T16271] [ 683.144039][T16271] dump_stack_lvl+0x100/0x190 [ 683.144085][T16271] should_fail_ex.cold+0x5/0xa [ 683.144113][T16271] should_failslab+0xc2/0x120 [ 683.144140][T16271] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 683.144177][T16271] ? ptlock_alloc+0x1f/0x70 [ 683.144221][T16271] ptlock_alloc+0x1f/0x70 [ 683.144253][T16271] pte_alloc_one+0x82/0x3d0 [ 683.144280][T16271] do_fault+0x88e/0x18e0 [ 683.144308][T16271] ? __pmd_alloc+0x3fb/0x950 [ 683.144339][T16271] __handle_mm_fault+0x1815/0x2b60 [ 683.144377][T16271] ? mt_find+0x45e/0x8e0 [ 683.144405][T16271] ? __pfx___handle_mm_fault+0x10/0x10 [ 683.144437][T16271] ? __pfx_mt_find+0x10/0x10 [ 683.144478][T16271] ? find_vma+0xbf/0x140 [ 683.144501][T16271] ? __pfx_find_vma+0x10/0x10 [ 683.144528][T16271] handle_mm_fault+0x36d/0xa20 [ 683.144567][T16271] do_user_addr_fault+0x74c/0x12f0 [ 683.144598][T16271] exc_page_fault+0x6f/0xd0 [ 683.144627][T16271] asm_exc_page_fault+0x26/0x30 [ 683.144650][T16271] RIP: 0010:__get_user_4+0x14/0x20 [ 683.144683][T16271] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 683.144706][T16271] RSP: 0018:ffffc9000344fdb8 EFLAGS: 00050287 [ 683.144725][T16271] RAX: 0000000000000000 RBX: ffff88805d7e2000 RCX: ffffc9000344fd5c [ 683.144740][T16271] RDX: 00007ffffffff000 RSI: ffffffff82563a41 RDI: ffffffff8c1b1da0 [ 683.144755][T16271] RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000000001ca [ 683.144769][T16271] R10: 0000000000000200 R11: 0000000000000000 R12: 1ffff92000689fbf [ 683.144784][T16271] R13: 00000000c0045005 R14: ffff8880351e4700 R15: 0000000000005000 [ 683.144807][T16271] ? __might_fault+0x111/0x140 [ 683.144847][T16271] snd_pcm_oss_ioctl+0x179a/0x3720 [ 683.144894][T16271] ? find_held_lock+0x2b/0x80 [ 683.144915][T16271] ? __fget_files+0x215/0x3d0 [ 683.144936][T16271] ? hook_file_ioctl_common+0x146/0x410 [ 683.144967][T16271] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 683.145000][T16271] ? __fget_files+0x21f/0x3d0 [ 683.145026][T16271] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 683.145059][T16271] __x64_sys_ioctl+0x18e/0x210 [ 683.145095][T16271] do_syscall_64+0x106/0xf80 [ 683.145117][T16271] ? clear_bhb_loop+0x40/0x90 [ 683.145143][T16271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.145170][T16271] RIP: 0033:0x7f2d4619c819 [ 683.145188][T16271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 683.145214][T16271] RSP: 002b:00007f2d46fba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 683.145252][T16271] RAX: ffffffffffffffda RBX: 00007f2d46415fa0 RCX: 00007f2d4619c819 [ 683.145267][T16271] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000003 [ 683.145281][T16271] RBP: 00007f2d46fba090 R08: 0000000000000000 R09: 0000000000000000 [ 683.145295][T16271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 683.145309][T16271] R13: 00007f2d46416038 R14: 00007f2d46415fa0 R15: 00007fff3c658408 [ 683.145339][T16271] [ 684.688450][T16339] futex_wake_op: syz.0.2027 tries to shift op by -2048; fix this program [ 684.734968][T16339] 0x000000000001-0x000000020000 : "" [ 684.807002][T16339] ftl_cs: FTL header corrupt! syzkaller syzkaller login: [ 685.799675][T16378] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 685.833315][T16378] vhci_hcd vhci_hcd.1: Wrong hub descriptor type for USB 3.0 roothub. [ 686.101062][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.107507][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.148716][T16387] futex_wake_op: syz.0.2032 tries to shift op by -2048; fix this program [ 686.182558][T16387] futex_wake_op: syz.0.2032 tries to shift op by -2048; fix this program [ 686.236602][T16387] 0x000000000001-0x000000020000 : "" [ 686.286047][T16387] ftl_cs: FTL header corrupt! [ 686.850948][T16411] sd 0:0:1:0: PR command failed: 1026 [ 686.878180][T16411] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 686.928086][T16411] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 686.936092][T16409] mkiss: ax0: crc mode is auto. [ 687.990146][ T51] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 688.589930][T16482] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 688.862125][T16492] futex_wake_op: syz.5.2043 tries to shift op by -2048; fix this program [ 688.906951][T16492] futex_wake_op: syz.5.2043 tries to shift op by -2048; fix this program [ 688.990631][T16498] 0x000000000001-0x000000020000 : "" [ 689.031828][T16498] ftl_cs: FTL header corrupt! [ 690.946595][T16567] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 691.070275][T16570] netlink: ct_mark mask cannot be 0 [ 691.679783][T16585] futex_wake_op: syz.4.2058 tries to shift op by -2048; fix this program [ 691.759149][T16585] futex_wake_op: syz.4.2058 tries to shift op by -2048; fix this program [ 691.813446][T16591] 0x000000000001-0x000000020000 : "" [ 691.881421][T16591] ftl_cs: FTL header corrupt! [ 692.772526][T16614] sd 0:0:1:0: PR command failed: 1026 [ 692.806833][T16614] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 692.839502][T16614] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 693.265243][T16635] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 693.357251][T16621] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 693.380058][T16621] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 693.409500][T16621] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 693.434708][T16621] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 693.470567][T16621] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 693.990555][T16656] netlink: ct_mark mask cannot be 0 [ 695.377285][T16461] Bluetooth: hci0: command 0x0c1a tx timeout [ 695.458875][T16461] Bluetooth: hci4: command 0x0c1a tx timeout [ 695.466210][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 695.537029][T16461] Bluetooth: hci3: command 0x0c1a tx timeout [ 695.993653][T16730] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2082'. [ 696.446778][T16739] mkiss: ax0: crc mode is auto. [ 697.538041][T16461] Bluetooth: hci4: command 0x0c1a tx timeout [ 698.522751][ T29] audit: type=1800 audit(1775405850.088:8): pid=16817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2094" name="dbroot" dev="configfs" ino=57040 res=0 errno=0 [ 698.631296][T16819] FAULT_INJECTION: forcing a failure. [ 698.631296][T16819] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 698.750175][T16819] CPU: 0 UID: 0 PID: 16819 Comm: syz.0.2095 Tainted: G L syzkaller #0 PREEMPT(full) [ 698.750212][T16819] Tainted: [L]=SOFTLOCKUP [ 698.750220][T16819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 698.750234][T16819] Call Trace: [ 698.750241][T16819] [ 698.750249][T16819] dump_stack_lvl+0x100/0x190 [ 698.750290][T16819] should_fail_ex.cold+0x5/0xa [ 698.750318][T16819] _copy_from_user+0x2e/0xd0 [ 698.750349][T16819] core_sys_select+0x472/0xbb0 [ 698.750379][T16819] ? __pfx_core_sys_select+0x10/0x10 [ 698.750402][T16819] ? get_pid_task+0xfc/0x250 [ 698.750437][T16819] ? get_pid_task+0x106/0x250 [ 698.750486][T16819] ? __mutex_unlock_slowpath+0x15c/0x790 [ 698.750513][T16819] ? __fget_files+0x215/0x3d0 [ 698.750537][T16819] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 698.750567][T16819] kern_select+0x20c/0x270 [ 698.750593][T16819] ? __pfx_kern_select+0x10/0x10 [ 698.750619][T16819] ? __pfx_ksys_write+0x10/0x10 [ 698.750647][T16819] __x64_sys_select+0xbd/0x160 [ 698.750668][T16819] ? do_syscall_64+0x95/0xf80 [ 698.750691][T16819] ? lockdep_hardirqs_on+0x78/0x100 [ 698.750714][T16819] do_syscall_64+0x106/0xf80 [ 698.750736][T16819] ? clear_bhb_loop+0x40/0x90 [ 698.750764][T16819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.750788][T16819] RIP: 0033:0x7f6473b9c819 [ 698.750807][T16819] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 698.750830][T16819] RSP: 002b:00007f64749cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 698.750852][T16819] RAX: ffffffffffffffda RBX: 00007f6473e16180 RCX: 00007f6473b9c819 [ 698.750867][T16819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000012 [ 698.750888][T16819] RBP: 00007f64749cd090 R08: 0000000000000000 R09: 0000000000000000 [ 698.750902][T16819] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 698.750917][T16819] R13: 00007f6473e16218 R14: 00007f6473e16180 R15: 00007fff407a11b8 [ 698.750947][T16819] [ 699.217923][T16821] type: 65536 invalid [ 700.162863][T16461] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 702.205561][T16943] netlink: 'syz.4.2108': attribute type 16 has an invalid length. [ 702.258548][T16943] netlink: 306 bytes leftover after parsing attributes in process `syz.4.2108'. [ 702.368639][ T29] audit: type=1326 audit(1775405853.928:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16942 comm="syz.4.2108" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d4619c819 code=0x0 [ 704.779485][T17031] usbip-vudc usbip-vudc.0: gadget not bound [ 704.947544][T17030] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 705.122199][T17027] zswap: compressor not available [ 706.607528][T17074] FAULT_INJECTION: forcing a failure. [ 706.607528][T17074] name failslab, interval 1, probability 0, space 0, times 0 [ 706.681233][T17074] CPU: 0 UID: 8 PID: 17074 Comm: syz.4.2129 Tainted: G L syzkaller #0 PREEMPT(full) [ 706.681273][T17074] Tainted: [L]=SOFTLOCKUP [ 706.681281][T17074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 706.681296][T17074] Call Trace: [ 706.681304][T17074] [ 706.681313][T17074] dump_stack_lvl+0x100/0x190 [ 706.681354][T17074] should_fail_ex.cold+0x5/0xa [ 706.681384][T17074] should_failslab+0xc2/0x120 [ 706.681412][T17074] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 706.681438][T17074] ? key_alloc+0x423/0x1310 [ 706.681470][T17074] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 706.681514][T17074] kmemdup_noprof+0x29/0x60 [ 706.681538][T17074] key_alloc+0x423/0x1310 [ 706.681581][T17074] ? __pfx_key_alloc+0x10/0x10 [ 706.681613][T17074] ? __pfx_key_default_cmp+0x10/0x10 [ 706.681651][T17074] ? __pfx_keyring_search_iterator+0x10/0x10 [ 706.681692][T17074] keyring_alloc+0x44/0xc0 [ 706.681732][T17074] look_up_user_keyrings+0x508/0x790 [ 706.681767][T17074] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 706.681795][T17074] ? futex_wake+0x1ad/0x530 [ 706.681837][T17074] ? __pfx_futex_wake+0x10/0x10 [ 706.681879][T17074] lookup_user_key+0xbb1/0x1300 [ 706.681911][T17074] ? __pfx_lookup_user_key+0x10/0x10 [ 706.681950][T17074] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 706.681986][T17074] ? __x64_sys_futex+0x34f/0x4d0 [ 706.682018][T17074] ? __x64_sys_futex+0x358/0x4d0 [ 706.682058][T17074] keyctl_session_to_parent+0x28/0xae0 [ 706.682091][T17074] __do_sys_keyctl+0x2b1/0x5a0 [ 706.682120][T17074] do_syscall_64+0x106/0xf80 [ 706.682144][T17074] ? clear_bhb_loop+0x40/0x90 [ 706.682174][T17074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.682199][T17074] RIP: 0033:0x7f2d4619c819 [ 706.682229][T17074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 706.682253][T17074] RSP: 002b:00007f2d46f99028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 706.682276][T17074] RAX: ffffffffffffffda RBX: 00007f2d46416090 RCX: 00007f2d4619c819 [ 706.682292][T17074] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 706.682308][T17074] RBP: 00007f2d46232c91 R08: 0000000000000001 R09: 0000000000000000 [ 706.682322][T17074] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 706.682337][T17074] R13: 00007f2d46416128 R14: 00007f2d46416090 R15: 00007fff3c658408 [ 706.682369][T17074] [ 708.405760][T17201] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 709.839133][T17204] FAULT_INJECTION: forcing a failure. [ 709.839133][T17204] name failslab, interval 1, probability 0, space 0, times 0 [ 709.932464][T17204] CPU: 0 UID: 0 PID: 17204 Comm: syz.5.2137 Tainted: G L syzkaller #0 PREEMPT(full) [ 709.932504][T17204] Tainted: [L]=SOFTLOCKUP [ 709.932512][T17204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 709.932527][T17204] Call Trace: [ 709.932534][T17204] [ 709.932543][T17204] dump_stack_lvl+0x100/0x190 [ 709.932586][T17204] should_fail_ex.cold+0x5/0xa [ 709.932615][T17204] ? sk_prot_alloc+0x10b/0x2a0 [ 709.932642][T17204] should_failslab+0xc2/0x120 [ 709.932669][T17204] __kmalloc_noprof+0xe0/0x850 [ 709.932715][T17204] sk_prot_alloc+0x10b/0x2a0 [ 709.932746][T17204] sk_alloc+0x36/0xe80 [ 709.932783][T17204] __netlink_create+0x5e/0x2c0 [ 709.932818][T17204] ? __wake_up+0x3f/0x60 [ 709.932847][T17204] netlink_create+0x293/0x610 [ 709.932885][T17204] ? __pfx_genl_bind+0x10/0x10 [ 709.932911][T17204] ? __pfx_genl_unbind+0x10/0x10 [ 709.932937][T17204] ? __pfx_genl_release+0x10/0x10 [ 709.932968][T17204] __sock_create+0x339/0x860 [ 709.933013][T17204] __sys_socket+0x14d/0x260 [ 709.933046][T17204] ? __pfx___sys_socket+0x10/0x10 [ 709.933087][T17204] __x64_sys_socket+0x72/0xb0 [ 709.933118][T17204] ? lockdep_hardirqs_on+0x78/0x100 [ 709.933143][T17204] do_syscall_64+0x106/0xf80 [ 709.933167][T17204] ? clear_bhb_loop+0x40/0x90 [ 709.933196][T17204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.933221][T17204] RIP: 0033:0x7fc86159c819 [ 709.933241][T17204] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 709.933265][T17204] RSP: 002b:00007fc8624cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 709.933288][T17204] RAX: ffffffffffffffda RBX: 00007fc861815fa0 RCX: 00007fc86159c819 [ 709.933304][T17204] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 709.933318][T17204] RBP: 00007fc861632c91 R08: 0000000000000000 R09: 0000000000000000 [ 709.933333][T17204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 709.933350][T17204] R13: 00007fc861816038 R14: 00007fc861815fa0 R15: 00007fff49ec23a8 [ 709.933380][T17204] [ 712.554638][T17357] mkiss: ax0: crc mode is auto. [ 713.158538][T17348] Process accounting paused [ 715.997440][T17464] Line length is too long: Should be less than 4094 [ 721.393737][T17536] zero sized request [ 721.434174][T17539] zero sized request [ 721.526093][T17537] random: crng reseeded on system resumption [ 722.060502][T17544] hub 1-0:1.0: USB hub found [ 722.157339][T17544] hub 1-0:1.0: 1 port detected [ 727.193346][T17723] FAULT_INJECTION: forcing a failure. [ 727.193346][T17723] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 727.340850][T17723] CPU: 0 UID: 0 PID: 17723 Comm: syz.5.2197 Tainted: G L syzkaller #0 PREEMPT(full) [ 727.340889][T17723] Tainted: [L]=SOFTLOCKUP [ 727.340897][T17723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 727.340911][T17723] Call Trace: [ 727.340919][T17723] [ 727.340928][T17723] dump_stack_lvl+0x100/0x190 [ 727.340971][T17723] should_fail_ex.cold+0x5/0xa [ 727.341001][T17723] strncpy_from_user+0x3b/0x2d0 [ 727.341036][T17723] do_getname+0x78/0x390 [ 727.341072][T17723] do_sys_openat2+0xc5/0x1e0 [ 727.341106][T17723] ? __pfx_do_sys_openat2+0x10/0x10 [ 727.341151][T17723] __x64_sys_openat+0x12d/0x210 [ 727.341186][T17723] ? __pfx___x64_sys_openat+0x10/0x10 [ 727.341232][T17723] do_syscall_64+0x106/0xf80 [ 727.341256][T17723] ? clear_bhb_loop+0x40/0x90 [ 727.341286][T17723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.341311][T17723] RIP: 0033:0x7fc86159c819 [ 727.341331][T17723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 727.341355][T17723] RSP: 002b:00007fc8624ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 727.341377][T17723] RAX: ffffffffffffffda RBX: 00007fc861816090 RCX: 00007fc86159c819 [ 727.341393][T17723] RDX: 00000000008ea182 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 727.341409][T17723] RBP: 00007fc861632c91 R08: 0000000000000000 R09: 0000000000000000 [ 727.341432][T17723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 727.341446][T17723] R13: 00007fc861816128 R14: 00007fc861816090 R15: 00007fff49ec23a8 [ 727.341477][T17723] [ 727.752104][T17728] Invalid ELF header magic: != ELF [ 728.771860][T17774] ================================================================== [ 728.771889][T17774] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 728.771933][T17774] Write of size 8 at addr ffffc900040a9be0 by task syz.3.2199/17774 [ 728.771953][T17774] [ 728.771966][T17774] CPU: 0 UID: 0 PID: 17774 Comm: syz.3.2199 Tainted: G L syzkaller #0 PREEMPT(full) [ 728.771999][T17774] Tainted: [L]=SOFTLOCKUP [ 728.772007][T17774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 728.772025][T17774] Call Trace: [ 728.772032][T17774] [ 728.772040][T17774] dump_stack_lvl+0x100/0x190 [ 728.772076][T17774] print_report+0x156/0x4c9 [ 728.772109][T17774] ? __virt_addr_valid+0x81/0x620 [ 728.772142][T17774] ? sys_imageblit+0x19fb/0x1d60 [ 728.772177][T17774] kasan_report+0xdf/0x1e0 [ 728.772203][T17774] ? sys_imageblit+0x19fb/0x1d60 [ 728.772242][T17774] sys_imageblit+0x19fb/0x1d60 [ 728.772282][T17774] ? __pfx_sys_imageblit+0x10/0x10 [ 728.772328][T17774] ? drm_fb_helper_damage_area+0xb4/0xe0 [ 728.772365][T17774] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 728.772394][T17774] soft_cursor+0x524/0xa10 [ 728.772426][T17774] ? fb_get_color_depth+0x120/0x250 [ 728.772456][T17774] bit_cursor+0xe58/0x16f0 [ 728.772490][T17774] ? __pfx_bit_cursor+0x10/0x10 [ 728.772524][T17774] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 728.772549][T17774] ? get_color+0x1da/0x450 [ 728.772574][T17774] ? __pfx_bit_cursor+0x10/0x10 [ 728.772603][T17774] fbcon_cursor+0x43c/0x5e0 [ 728.772629][T17774] ? add_softcursor+0x1d0/0x290 [ 728.772663][T17774] set_cursor+0x1db/0x250 [ 728.772695][T17774] vcs_write+0xba9/0xd60 [ 728.772725][T17774] ? __bpf_trace_sched_exit_tp+0x90/0xc0 [ 728.772767][T17774] ? __pfx_vcs_write+0x10/0x10 [ 728.772796][T17774] ? apparmor_file_permission+0x13f/0x1c0 [ 728.772826][T17774] ? bpf_lsm_file_permission+0x9/0x10 [ 728.772849][T17774] ? security_file_permission+0x76/0x210 [ 728.772881][T17774] ? rw_verify_area+0xce/0x6d0 [ 728.772917][T17774] vfs_write+0x2aa/0x1070 [ 728.772940][T17774] ? __pfx_vcs_write+0x10/0x10 [ 728.772971][T17774] ? __pfx_vfs_write+0x10/0x10 [ 728.772992][T17774] ? find_held_lock+0x2b/0x80 [ 728.773014][T17774] ? __fget_files+0x215/0x3d0 [ 728.773036][T17774] ? __fget_files+0x215/0x3d0 [ 728.773061][T17774] ? __fget_files+0x21f/0x3d0 [ 728.773088][T17774] ksys_write+0x12a/0x250 [ 728.773110][T17774] ? __pfx_ksys_write+0x10/0x10 [ 728.773136][T17774] do_syscall_64+0x106/0xf80 [ 728.773160][T17774] ? clear_bhb_loop+0x40/0x90 [ 728.773187][T17774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.773211][T17774] RIP: 0033:0x7f6b2ed9c819 [ 728.773228][T17774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 728.773251][T17774] RSP: 002b:00007f6b2fb76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 728.773273][T17774] RAX: ffffffffffffffda RBX: 00007f6b2f016360 RCX: 00007f6b2ed9c819 [ 728.773289][T17774] RDX: 0000001000000006 RSI: 0000200000000080 RDI: 0000000000000014 [ 728.773303][T17774] RBP: 00007f6b2ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 728.773328][T17774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 728.773342][T17774] R13: 00007f6b2f0163f8 R14: 00007f6b2f016360 R15: 00007ffe194746f8 [ 728.773365][T17774] [ 728.773372][T17774] [ 728.773378][T17774] The buggy address belongs to a vmalloc virtual mapping [ 728.773394][T17774] Memory state around the buggy address: [ 728.773406][T17774] ffffc900040a9a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 728.773422][T17774] ffffc900040a9b00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 728.773438][T17774] >ffffc900040a9b80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 728.773450][T17774] ^ [ 728.773463][T17774] ffffc900040a9c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 728.773479][T17774] ffffc900040a9c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 728.773491][T17774] ================================================================== [ 728.806955][T17774] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 728.806980][T17774] CPU: 0 UID: 0 PID: 17774 Comm: syz.3.2199 Tainted: G L syzkaller #0 PREEMPT(full) [ 728.807014][T17774] Tainted: [L]=SOFTLOCKUP [ 728.807022][T17774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 728.807036][T17774] Call Trace: [ 728.807043][T17774] [ 728.807052][T17774] dump_stack_lvl+0x100/0x190 [ 728.807091][T17774] vpanic+0x552/0x970 [ 728.807113][T17774] ? __pfx_vpanic+0x10/0x10 [ 728.807139][T17774] ? sys_imageblit+0x19fb/0x1d60 [ 728.807175][T17774] panic+0xd1/0xe0 [ 728.807196][T17774] ? __pfx_panic+0x10/0x10 [ 728.807218][T17774] ? sys_imageblit+0x19fb/0x1d60 [ 728.807254][T17774] ? preempt_schedule_common+0x42/0xc0 [ 728.807297][T17774] ? check_panic_on_warn+0x1f/0x90 [ 728.807340][T17774] check_panic_on_warn.cold+0x19/0x34 [ 728.807365][T17774] end_report.part.0+0x3a/0x90 [ 728.807398][T17774] kasan_report.cold+0xe/0x18 [ 728.807431][T17774] ? sys_imageblit+0x19fb/0x1d60 [ 728.807471][T17774] sys_imageblit+0x19fb/0x1d60 [ 728.807511][T17774] ? __pfx_sys_imageblit+0x10/0x10 [ 728.807550][T17774] ? drm_fb_helper_damage_area+0xb4/0xe0 [ 728.807587][T17774] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 728.807616][T17774] soft_cursor+0x524/0xa10 [ 728.807648][T17774] ? fb_get_color_depth+0x120/0x250 [ 728.807678][T17774] bit_cursor+0xe58/0x16f0 [ 728.807711][T17774] ? __pfx_bit_cursor+0x10/0x10 [ 728.807746][T17774] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 728.807771][T17774] ? get_color+0x1da/0x450 [ 728.807796][T17774] ? __pfx_bit_cursor+0x10/0x10 [ 728.807825][T17774] fbcon_cursor+0x43c/0x5e0 [ 728.807851][T17774] ? add_softcursor+0x1d0/0x290 [ 728.807885][T17774] set_cursor+0x1db/0x250 [ 728.807916][T17774] vcs_write+0xba9/0xd60 [ 728.807947][T17774] ? __bpf_trace_sched_exit_tp+0x90/0xc0 [ 728.807988][T17774] ? __pfx_vcs_write+0x10/0x10 [ 728.808017][T17774] ? apparmor_file_permission+0x13f/0x1c0 [ 728.808047][T17774] ? bpf_lsm_file_permission+0x9/0x10 [ 728.808070][T17774] ? security_file_permission+0x76/0x210 [ 728.808103][T17774] ? rw_verify_area+0xce/0x6d0 [ 728.808139][T17774] vfs_write+0x2aa/0x1070 [ 728.808161][T17774] ? __pfx_vcs_write+0x10/0x10 [ 728.808192][T17774] ? __pfx_vfs_write+0x10/0x10 [ 728.808213][T17774] ? find_held_lock+0x2b/0x80 [ 728.808236][T17774] ? __fget_files+0x215/0x3d0 [ 728.808258][T17774] ? __fget_files+0x215/0x3d0 [ 728.808283][T17774] ? __fget_files+0x21f/0x3d0 [ 728.808315][T17774] ksys_write+0x12a/0x250 [ 728.808337][T17774] ? __pfx_ksys_write+0x10/0x10 [ 728.808364][T17774] do_syscall_64+0x106/0xf80 [ 728.808387][T17774] ? clear_bhb_loop+0x40/0x90 [ 728.808413][T17774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.808436][T17774] RIP: 0033:0x7f6b2ed9c819 [ 728.808454][T17774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 728.808478][T17774] RSP: 002b:00007f6b2fb76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 728.808501][T17774] RAX: ffffffffffffffda RBX: 00007f6b2f016360 RCX: 00007f6b2ed9c819 [ 728.808517][T17774] RDX: 0000001000000006 RSI: 0000200000000080 RDI: 0000000000000014 [ 728.808532][T17774] RBP: 00007f6b2ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 728.808547][T17774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 728.808562][T17774] R13: 00007f6b2f0163f8 R14: 00007f6b2f016360 R15: 00007ffe194746f8 [ 728.808585][T17774] [ 728.808647][T17774] Kernel Offset: disabled