last executing test programs: 7m40.339770392s ago: executing program 0 (id=1935): r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) sendmsg$auto_NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x2, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_IFTYPE={0x8, 0x5, 0x3}, @NL802154_ATTR_SEC_ENABLED={0x5}, @NL802154_ATTR_SUPPORTED_CHANNEL={0x8, 0x16, 0x80000000}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20008000) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) (async) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) fcntl$auto(0x3, 0x4, 0xa553) (async) fcntl$auto(0x3, 0x4, 0xa553) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@HWSIM_ATTR_FREQ={0x8, 0x13, 0x7}, @HWSIM_ATTR_FLAGS={0x8, 0x4, 0x4}, @HWSIM_ATTR_REG_HINT_ALPHA2={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x24044095}, 0x4000000) 7m39.984266688s ago: executing program 0 (id=1938): mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-touch4\x00', 0x40000, 0x0) ioctl$auto(r3, 0xc0045627, r3) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kfence/parameters/sample_interval\x00', 0x102, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) ioctl$auto(r1, 0x4008af22, r0) bpf$auto(0x0, 0x0, 0x6f4) socket(0x11, 0x80003, 0x300) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) r5 = socket(0x8, 0x2, 0x3) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x1f00, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0xc0481, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x400, 0x0) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(r5, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x4c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_TX_POWER={0x8, 0xb, 0x6}, @NL802154_ATTR_CCA_ED_LEVEL={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1000}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x49}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x1}, @NL802154_ATTR_SUPPORTED_CHANNEL={0x8, 0x16, 0x9}, @NL802154_ATTR_PID={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4800}, 0x8000) read$auto(r7, 0x0, 0x20) write$auto(r6, 0x0, 0x8001) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv6/conf/default/stable_secret\x00', 0x40d02, 0x0) 7m39.777206408s ago: executing program 0 (id=1939): r0 = prctl$auto_PR_SCHED_CORE_CREATE(0x2c78, 0x1, 0xffffffffffffffff, 0x0, 0x53) ioctl$auto_VHOST_SET_VRING_BASE2(r0, 0x4008af12, 0x0) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vgem/gem_names\x00', 0x62000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003800c000980"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf25020000000800030000"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000200bd7000fedbdf250200000800130001"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="180027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) readv$auto(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x8ac03, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) mmap$auto(0x0, 0x2020001, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/orangefs/dcache_timeout_msecs\x00', 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) lseek$auto(0x3, 0x8fffd, 0x2) 7m39.684844449s ago: executing program 0 (id=1941): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003b40)={'veth0_to_hsr\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x4048800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="7201", @ANYRES16=r2], 0x1ac}}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 7m39.534935737s ago: executing program 0 (id=1943): r0 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(r0, r1, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) mmap$auto(0x81, 0x0, 0xfffffffffffffffa, 0x11, r1, 0x8000) io_uring_setup$auto(0x42, 0x0) set_mempolicy$auto(0x3, &(0x7f0000000040)=0x7, 0x3) r4 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci7/rfkill11\x00', 0x1c8c0, 0x0) read$auto_mon_fops_binary_mon_bin(r4, &(0x7f0000000a80)=""/4096, 0x1000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x1f1d02, 0x0) mbind$auto(0x2000, 0x800000100000004, 0x100000000, 0x0, 0x1003, 0x2) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) ioctl$auto_SNDCTL_SEQ_GETTIME(r5, 0x80045113, &(0x7f0000000140)) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e62, @remote}, 0x6a) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r6, 0xffffffffffdffe00, &(0x7f0000000140)=';') r7 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(0x3, 0xc0086202, r7) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0xc0000080, 0x2000400, 0xfffffffffffffffd}]}) 7m39.182297597s ago: executing program 0 (id=1946): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000080)={0x34, r1, 0x1, 0x70bd27, 0x25dfdc02, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x11, 0x401}]}, 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x80014) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x1, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x2003, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0) ioctl$auto(r3, 0x40026f34, r3) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) read$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20540, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb02, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x402c542c, 0x38) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rxrpc/stats\x00', 0x1c9180, 0x0) read$auto_tracing_stats_fops_trace(r5, &(0x7f0000000000)=""/43, 0xfedf) read$auto(0xffffffffffffffff, 0x0, 0xa) ioctl$auto_TIOCSTI2(r2, 0x5412, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto(0xffffffffffffffff, 0x0, 0x39b8) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) close_range$auto(0x2, 0x8, 0x0) 7m23.66104291s ago: executing program 32 (id=1946): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000080)={0x34, r1, 0x1, 0x70bd27, 0x25dfdc02, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x11, 0x401}]}, 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x80014) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x1, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x2003, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0) ioctl$auto(r3, 0x40026f34, r3) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) read$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20540, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb02, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x402c542c, 0x38) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rxrpc/stats\x00', 0x1c9180, 0x0) read$auto_tracing_stats_fops_trace(r5, &(0x7f0000000000)=""/43, 0xfedf) read$auto(0xffffffffffffffff, 0x0, 0xa) ioctl$auto_TIOCSTI2(r2, 0x5412, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto(0xffffffffffffffff, 0x0, 0x39b8) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) close_range$auto(0x2, 0x8, 0x0) 18.224760682s ago: executing program 1 (id=4874): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp1\x00', 0x84800, 0x0) write$auto_snd_pcm_oss_f_reg_pcm_oss(r1, &(0x7f0000000240), 0x0) write$auto_snd_pcm_oss_f_reg_pcm_oss(r1, &(0x7f0000000080)="ed946b1a802ed0fbe82bdacd0a044c3e18fea59db5c48e7e1d47472d4fb1ed2663a23565ca915e131f4b02d667f738c1f5e8ea780979178c1e37dad3cf6d2a640baf8e957cd4acf28e683d608ac0814e760d34978783dc36660b669d63f4fe4b924c26d5c6b234c03fb294e425b49786212187938099f65da6271e3bd40c23867cf7154fae30d572484721b7d3e289182f4e777b400eb690ef6caac9eea838fa56a753f72142dc3d2eef6522a63a2824", 0xb0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/damon_reclaim/parameters/enabled\x00', 0x1eb842, 0x0) r2 = open(0x0, 0x101840, 0x33903f3ada88772b) read$auto(r2, 0x0, 0x1) write$auto(0x3, 0x0, 0x7f) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/updelay\x00', 0x8242, 0x0) read$auto(r3, 0x0, 0xa) write$auto(r0, 0x0, 0xfdef) 18.098767789s ago: executing program 1 (id=4876): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/devices/system/cpu/vulnerabilities/spectre_v2\x00', 0x40780, 0x0) read$auto(r0, 0x0, 0x400006) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8881}, 0x40) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000300)={0x10120000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x4, 0x8, 0x7fffffffffffffff, 0x13, 0xffffffffffffffff, 0x3ff) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x805, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_NETNS_FD={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) 17.995878208s ago: executing program 1 (id=4879): mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x2, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x109000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) bpf$auto(0x0, &(0x7f0000000000)=@task_fd_query={0x5, 0x21ea, 0x7fff, 0x83, 0x9, 0x7, 0x202e, 0x5, 0x101}, 0x6f4) 17.899266138s ago: executing program 1 (id=4881): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0xfffffffffffffffa, 0x9, 0x19) madvise$auto(0x0, 0x5, 0x15) fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x4, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', &(0x7f0000000280)="97c07a65c2e9f385781befd9bde11b5183df37bc577e54838f153c7bb85d2cce0402561a81deb5a34443890a65117c3f3fa57c9b2c57cf2d3dfbaea2f86e72866260faf888d2b34f1a7a09ab41760e97fa0b4969", 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) mmap$auto(0x2, 0x1, 0x4000000000df, 0x78, r1, 0x300000000000) socket(0x1d, 0x3, 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r5) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_STOP_P2P_DEVICE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000000ac4e6ef21826e26c0d32787ceae7adedf92c2e0", @ANYRES16=r6, @ANYBLOB="01002bbd7000fcdbdf255a00000008000300", @ANYRES32=r8, @ANYRESDEC], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4040004) sendfile$auto(r4, r4, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0xf4, &(0x7f00000001c0)=@test={r3, 0xb, 0xfffff0b6, 0xffff, 0x84, 0x1000000000000ac1, 0x4, 0x2, 0xfffff5b2, 0x3bb, 0x80008000007, 0xffff, 0x6, 0x80, 0x68398}, 0x101) 11.633299916s ago: executing program 4 (id=4943): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) socket(0x1d, 0x3, 0x1) (async) socket(0x1d, 0x3, 0x1) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a) r2 = io_uring_setup$auto(0x1, 0x0) write$auto(r0, 0x0, 0x6) write$auto_fops_init_pkru_pkeys(r2, &(0x7f0000000280), 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) (async) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) (async) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 11.098254016s ago: executing program 4 (id=4948): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r1) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db00", @ANYRES32, @ANYBLOB="096d317fcf3c9a4a2ea94e558a6da1e6760c03d4081e8d90c51ef1076c8e31bb627e3802785761435ef9999dfc"], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0x6, "551e7285968d8e86"}, 0x6, 0x3, 0xff) r3 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000380), r1) sendmsg$auto_IOAM6_CMD_DUMP_SCHEMAS(r1, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r3, 0x1, 0x70bd2a, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44008000}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(r0, r0, &(0x7f0000000100)=0xfffffffffffffffe, 0x1) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x5, 0x105, 0xc, 0xb, 0x800, 0xffffffffffffffff, 0x5, "d81ddef9d4e6d312212bab98f4060bd8", 0x0, 0xffffffffffffffff, 0x7fffffff, 0xa991, 0x7, 0x8001}, 0x7) read$auto(r0, 0x0, 0xe8) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x400008, 0x0, 0x13, 0xffffffffffffffff, 0x8003) sendmsg$auto_NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x48010001}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf253a0000001200f900c9201e78ed327900ff07000000000000"], 0x28}}, 0x20000001) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, 0x0, 0x200, 0x0) rseq$auto(&(0x7f0000000140)={0x3, 0x0, 0x7, 0x7fff, 0x25, 0x7, "68f023d1b17bedc21550dc007884ae05efb55b4b43dfb51ce577a3ca60de4d640aa6c5a89135f380f71118a504411beeb8bb399a10facbb827472551853a4df44e657539d8ad300401eeaac9fbdb353fc57b"}, 0x101, 0x5, 0x4) ioctl$auto_FS_IOC_UNRESVSP64(0xffffffffffffffff, 0x4030581e, 0xffffffffffff0001) r7 = socket(0xa, 0x801, 0x84) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2102, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x2584, 0x0) ioctl$auto(0x3, 0x40045542, 0xb551) connect$auto(r7, 0x0, 0x54) open(&(0x7f0000004080)='./file0\x00', 0x40, 0x23) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 10.234967821s ago: executing program 4 (id=4956): close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) io_uring_setup$auto(0x809, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_FIDEDUPERANGE(r0, 0xc0189436, 0x7) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) 10.003934039s ago: executing program 4 (id=4959): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x400d, 0x0) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x482c0, 0x0) r0 = socket(0x11, 0x2, 0x0) capset$auto(0x0, &(0x7f0000000000)={0xc, 0x40003, 0x6}) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x20, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x4, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xd, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) mmap$auto(0x0, 0xfffffffffffffffc, 0x4000000081, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x109282, 0x0) sendfile$auto(r1, r1, 0x0, 0xfffffffffffffffe) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r3, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) r4 = open(0x0, 0x261c2, 0x84) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r5) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r7) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000b80)='/sys/kernel/debug/dri/vkms/Writeback-1/force\x00', 0x2, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x1c, r8, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x1c}}, 0x4000000) sendmsg$auto_ILA_CMD_ADD(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)={0x50, r6, 0x201, 0x70bd28, 0x25dfdc03, {}, [@ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x6}, @ILA_ATTR_IDENT_TYPE={0x5}, @ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x9}, @ILA_ATTR_IFINDEX={0x8, 0x4, r9}, @ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x9}, @ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x81}, @ILA_ATTR_LOCATOR={0xc, 0x1, 0x6}]}, 0x50}}, 0x38) sendmsg$auto_ILA_CMD_ADD(r4, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES16=r6, @ANYRESDEC=r4, @ANYRES32=r3, @ANYBLOB="0c000100010800006d7c02bb2d764b520104000000000000b4c52bd85f598e1b0c3456cd107c7f60125b12d8e2b6741f4e7549d23b05f18d69f41d4264d8189dfd1c3f33ccd3700c84117d7d7dbed1a12ce5b9de1c6e0429c5110dd62cd07c35c716b1dadf6b80e9a7749544fcdd6bc418bc0912a358d51ebfccf0b23588ae7730a77be43db5977f96"], 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x48014) r10 = setfsuid$auto(0xee00) setreuid$auto(r10, 0x0) msgctl$auto_MSG_INFO(0x0, 0xc, &(0x7f0000000100)={{0xa, 0xee00, 0xee01, 0x8, 0xb, 0xff, 0xa}, &(0x7f0000000080)=0x6, &(0x7f00000000c0), 0x1, 0x3, 0x80000000, 0x7, 0x6, 0x0, 0x8, 0x2, @raw=0x3ff, @inferred=0xffffffffffffffff}) 8.546938089s ago: executing program 4 (id=4968): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/napi_defer_hard_irqs\x00', 0xc2481, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/firmware/memmap/5/start\x00', 0x22000, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0xffd8) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) write$auto(0xca, 0x0, 0x81) add_key$auto_KEY_SPEC_SESSION_KEYRING(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)='&\x00', 0x0, 0x0, 0xfffffffffffffffd) 7.736952166s ago: executing program 3 (id=4977): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0x3ff}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5, 0xb, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x810) 7.718188838s ago: executing program 2 (id=4978): syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r2 = socket(0x2, 0x5, 0x0) getsockopt$auto(r2, 0x84, 0xd, 0x0, 0x0) r3 = syz_clone3(&(0x7f00000003c0)={0x383201180, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) rmdir$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r5 = prctl$auto(0x4003e, 0xfffffffffffffff5, r3, 0x4000001, 0x80000000) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x2, 0x62, 0x80000000, 0x9, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r6 = socket(0xa, 0x1, 0x82) getsockopt$auto(r6, 0x0, 0x486, 0x0, &(0x7f0000000040)=0x83) getpid() close_range$auto(r0, r5, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/loop6\x00', 0x169580, 0x0) mlockall$auto(0x5) rt_sigprocmask$auto(0x20000004, &(0x7f0000000100)={0x6}, 0xffffffffffffffff, 0x8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0xee) 7.608805149s ago: executing program 2 (id=4979): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa2102, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000c0) r0 = io_uring_setup$auto(0xe, 0x0) r1 = bpf$auto(0x12, 0x0, 0x26) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x999, 0x0) ustat$auto(0x801, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) sendmsg$auto_NL80211_CMD_RADAR_DETECT(r1, 0x0, 0x20040000) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r2 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) r3 = socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) socket(0x15, 0x5, 0x0) setsockopt$auto(0x3, 0x114, 0x7, 0x0, 0x4) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NETDEV_CMD_DEV_GET(r3, 0x0, 0x800) close_range$auto(0x2, 0x8, 0x0) read$auto(r1, 0x0, 0x9) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x8282, 0x0) mlock2$auto(0x1, 0x8001, 0x0) 7.560352212s ago: executing program 2 (id=4980): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/dummy_hcd.5/usb6/6-0:1.0/uevent\x00', 0x208a00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000b00)=""/250, 0xfa) (async) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r2 = prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000280), 0x181000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async) r3 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r3, &(0x7f0000000440)="1100000000000000000000000000010000", 0x11) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x1) madvise$auto(0x0, 0x200007, 0x19) (async) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) mmap$auto(0x20000000000, 0x1000000020009, 0x40, 0xeb1, r2, 0x9) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x4) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/tcp_available_congestion_control\x00', 0x0, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000002040)='/dev/snd/pcmC1D1c\x00', 0x80, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/misc/virtual_nci/power/runtime_active_time\x00', 0x82281, 0x0) (async) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 7.476489403s ago: executing program 2 (id=4981): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd4/queue/max_segment_size\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000003f40)=""/156, 0x9c) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000107, 0x402}]}) close_range$auto(0x2, 0xa, 0x0) 7.384717977s ago: executing program 2 (id=4982): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x1, 0x3, 0x36) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = prctl$auto(0x3e, 0x5, 0x0, 0x4, 0x0) statmount$auto(0x0, &(0x7f0000000480)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x6, 0x6, 0x5, 0x7, 0x20003, 0xfffffffffffffffe, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0xffffffff, [0xfffffffffffffffe, 0x0, 0xdc09, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8a0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffe], "135ed0fb0b14bb8e5a5403c3ab25587e8c9e28d36b464363d46af797d4b126eb58e3b2028e8380b9e204c1fb0796eec44a1ccf8fb51887b1b6a3d9ab63e74d61a7557bd1c59e22c73510ab0e77302c921381d41a60a6681a3e2ae4bf4387383fcea3051743f8308dc23034ad33408da1dfcce7b9d84deb8ddd2c6b74a8b4d24647d5ad32898eecc7e83b8e468475a357e500bab018de4c64c51f9fa1d9d82938e963949717f5a6e195a69aac84"}, 0x1fe, 0x200c) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000980)=ANY=[@ANYRES8=r0, @ANYRES32=r1, @ANYBLOB="fedbdf2500000008000300040200100620081f0200"/34, @ANYRES32=0x0, @ANYBLOB="0a00000000000400000a00010000000000000000000600070001000000080002000000000000000000000000fc2891476884e21a7dc65e244e2fc6dc1ad8b6776f484fd348d9de0d7df36f5e2c356d91545dedc3c56cf8dd53409dd67c6c88be0707f8a77a53e383220130c8f0b3de", @ANYRES32=0x0, @ANYBLOB="fab627e536d84095750320f40b6bbeddb2b9e48860dc673006b9d605015e090000000013e0f40a093ec7c35f245bf0fcc71ac174c29999da93df72deb3cc53bf8a40f15b0046beb0bbf7c5e1c9144c6ebf7c1e45da1a2a8f2e1d3e150f4898bb9cfd08fae3ad483f40db5899c2c706b2309b3c18c3c0d1151ad706d0ce468683b31d6878816983ee7cec7760bba74cc7067bd8afb3f48af45c0c130f6a530e62313336601e6c654c69a5c5de95288c0b520b45a9d43fee5c74e76475f893a9b198db60a37155ca31f2fa1492b9818a3b219dc9f94e31767f547a558fe3492513decb148055feed832248fa9f762918fec86946ca18ac547f8c7644b3007bc776eb80cb17de6ea7dac45f0be9db25afadac4e923b7dd14f1fcd683bce04241c019f28374fa418e2211a1233367de8a54d263fe77dc08a03ece4725f28f9be561292bb66f86d42277fd3f2919433507bd02ad89555b55d1bfaa7f08880dd742e63052103815af5807f4954d4f850bacd682f0b2c01fa6912aa29af316e005c7f9390dac71540c7b0beb653164023249bf1d2d212dd2937e17f4ca8be37dd819fd0575ab666cace29f91acfde7950d82ea5c5d207baf0e0b04565f0c5c3f0d0ebe500000000000000"], 0x68}, 0x1, 0x0, 0x0, 0x4008080}, 0x40090) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES64=r2, @ANYRES16=r3], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x40) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/oss/sndstat\x00', 0x40441, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x30, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4008050}, 0xc800) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x6000000, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000002c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb0, 0x8, 0x8000008000) socketpair$auto(0x4, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0xa, &(0x7f00000000c0)=@query={@target_ifindex, 0x4, 0x20, 0x2, 0x3, @prog_cnt=0xc, 0x0, 0xd8, 0x0, 0x56a, 0x1}, 0x91) open(0x0, 0x22240, 0x155) socket(0x25, 0x6, 0x8) uname$auto(0x0) r5 = socket(0x2, 0x801, 0x84) getsockopt$auto(r5, 0x87, 0x2, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x64, 0x0, 0x1c) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0x6, 0x66) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r6 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x500, 0x0) ioctl$auto(r6, 0x9010642e, 0xffffffffffffffff) mmap$auto(0x0, 0x202400d, 0x8000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0xffffffff, 0x0) 7.362725824s ago: executing program 3 (id=4983): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000804}, 0x40000) (async) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80000, 0x0) unshare$auto(0x40000080) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r1 = socket(0x2b, 0x1, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000180), 0x80a040, 0x0) (async) mmap$auto(0x80, 0x20009, 0x4000000000df, 0x810, 0xffffffffffffffff, 0x8000) (async) r2 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x51}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x80009, 0x0, 0x1, 0x0, 0x4, 0x9}, 0x3}, 0x3, 0x9) shutdown$auto(0x200000003, 0x2) recvfrom$auto(r1, 0x0, 0x800000000c, 0x1003, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r3) socketpair$auto(0xa7b5, 0x2, 0x7fff, &(0x7f00000006c0)=0x2) (async) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' .\x00\x00', @ANYRES16=r4, @ANYBLOB="01002ebd5100fbcbdf250100000004000180072e0180102843f771520cf7e308f524df2eb506c947399728c1f6fa7bb3bdb9c624460dd88e38355f328115680b2ecd2736606ed2"], 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r5, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000500)=ANY=[@ANYBLOB="e0000000", @ANYRES16=r6, @ANYBLOB="010029bd7000fedbdf250200000004000180c8000180c4002f8014004200fe8000000000000000000000000000bbab00f7800800e700", @ANYRES32=0x0, @ANYBLOB="3156d23b776ad0c716c8e92a481aaa4586957c1aa0fe8e6b7bfaad2858c63ba8889b3fd6134f15eb0bd6458a4503c01af00ebd2eeef9dda9d683775006c6290ab765bc435df563688bb8502e7711e06381045ccf5ee5373080798944006380080090001ef6b1a0e33181736daaa0e930a1cd561f9b0151b8520b7cac7a550cdfca10e0c053ed03e2a22044b37d21e44c2abc21b2e191b3356e93ba8b824452156c6cb8acab2543d62eb35387b43e8f0473f62686a1a1f1e7dcf6e32dd40c4ea23e2a87e61a6cd7d01b93ad3eb9a16b36328ad0588e164180d2ec909d3e8fb66d96b2fb1ad47eebfd799bb93225dfde2b1f997a83af97c58705e21619e65921e55b0ef8d05d356f3ce86a07ed5b8eaf804d705e99afcf0f3095aa1ae5b3e7d6acda2a719d307c005d04280de59a67fc1b0d5fbfc2fabdde8f", @ANYRES32=0x0, @ANYBLOB="040006000400228030009e802c0037800800fc00", @ANYRES32=r0, @ANYBLOB="04000b8004000a000400278014003700ff02000000000000000000000000000100"], 0xe0}, 0x1, 0x0, 0x0, 0x40c4}, 0x4000) r7 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) sendmsg$auto_NL802154_CMD_SET_SHORT_ADDR(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x24c, r7, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0x228, 0x28, 0x0, 0x1, [@generic="8f521bb520d73e1e6d6ac9a88cbce8dc91449c45eaacdc23387c9b702087526c2501cacc97f5a3ed9404e15e1d67ba9af19bada0c66d334133936a11b94e8f22c870d66878b236d6629f261b22938eadd9a8c9039b73f7f6612835ba88e4c9d6d830202aa40f0e05c576c3feef3b2e7290be46d9", @nested={0x1b0, 0x22, 0x0, 0x1, [@generic="c8cd7f430eda5a19cc6fbdbd7503313811449802d1729e1ac71bbf023e1739eecbf2d5839d551e825ac063ce6ffccdf7137768d1b505343110a15843091e487860ebc587d29c044602731dcd4d853b7fce52465af22d866eda47c3541faebce6cf4d0b3d8a6a16b2c2eeea948ff6d2cc35db6bf0d3d016992d6723ad28d4ed9258d50213905a03cbf80d2cbd948d4af687184c5011ea9ad6a1d9a387c9a493cddfca9734e0a194950adb3b4c943e8f02afbb", @generic="4c779005b49ecd8e00224970037c9992077f240cb05441a089acab2ffb63b2bfa96f11de91f339dc89891ee75b6b1a0a81938cd2d7e9ff9fd2e13d288de98bc872c465da7ac0075c09df061df358f004d94423267c10a25e4cf734c5557500890b3bb7973757bf5e177dfd5a81c2934dcd8120bab6ecec3aa305285d43ed7a004dad3ad65ccb658bdc78bf7d0656d09a6dbdcc036b5b098c093bb8fefc8c0c4109a8302cd34f05532128fa6e275bdb107dee68fcc010abb0b13b15e5e693775fa8f848ec2cad7e37818eaa08753c146918f128d2c9a351f3a3252c771a2af5ccddcdf929172e026994925cfaa3aec80f505b3f24bb5b", @typed={0x4, 0x129}]}]}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x85}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x5}]}, 0x24c}, 0x1, 0x0, 0x0, 0x4001}, 0x8c4) 7.313466427s ago: executing program 2 (id=4984): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim7/health/break_health\x00', 0x20601, 0x0) mmap$auto(0x53, 0x100, 0x81, 0x13, r0, 0x5) mlock$auto(0x1004, 0x6) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) 4.309278567s ago: executing program 1 (id=4891): close_range$auto(0x2, 0x8, 0x0) socket(0x25, 0x5, 0x2) socket(0x848000000015, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000240)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x23}}, 0x6b) r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000440)={0x0, 0xf000, &(0x7f0000000400)={&(0x7f0000000040)={0x14, r2, 0x323, 0x70bd25, 0x25dfdbff}, 0x14}}, 0x20008804) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000280)=0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r6, 0x805, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_NETNS_FD={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0x6}, 0x6, 0x3, 0xff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000480)=@bpf_attr_0={0x5, 0x105, 0xc, 0xb, 0x800, r5, 0x5, "d81ddef9d4e6d312212bab98f4060bd8", 0x0, 0xffffffffffffffff, 0x7fffffff, 0x5, 0x7, 0x8001}, 0x7) read$auto(r4, 0x0, 0xe8) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x20000) r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r7, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x400008, 0x0, 0x13, 0xffffffffffffffff, 0x8003) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r8 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r9 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r9, 0x0, 0x20) writev$auto(r8, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) sendto$auto(r1, &(0x7f0000000180)="b03188399fe6c630a0e6e9b47e7cdf95ed6db3740c77c6e4de1bba028e746f6e53b45fe99e1671935cd1bf714c986cf5e0b12652266aaeb0a487c221e7a3986a1335b52576ce78ed4aac413528c30f05de3e549aa4743b3599b036e373822e6f7d1bd0e621f1d1", 0x8000000000000000, 0x7, &(0x7f0000000300)=@nfc={0x27, r3, 0x0, 0x1}, 0x5) 4.307565632s ago: executing program 4 (id=4992): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x8002, 0x0) ioctl$auto(0x3, 0x4610, 0x10000000000402) socket(0xa, 0x2, 0x3a) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x49402, 0x0) read$auto(r0, 0x0, 0x9a28) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) memfd_secret$auto(0x7a8c66c0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty16\x00', 0x0, 0x0) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88282, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x201, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) write$auto(r2, &(0x7f0000000000)='+%\x00', 0xad) 4.306823667s ago: executing program 3 (id=4993): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/napi_defer_hard_irqs\x00', 0xc2481, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/firmware/memmap/5/start\x00', 0x22000, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0xffd8) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) write$auto(0xca, 0x0, 0x81) add_key$auto_KEY_SPEC_SESSION_KEYRING(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)='&\x00', 0x0, 0x0, 0xfffffffffffffffd) 2.57460338s ago: executing program 1 (id=4985): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r3 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r3, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}}, 0xc000) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) bpf$auto(0xfffffffe, &(0x7f00000001c0)=@query={@target_fd, 0x8, 0x3, 0x5, 0xff, @count=0xe35c, 0x0, 0x5, 0x80000000000006, 0xd9, 0xffffffff}, 0x6f2) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000880}, 0x20008000) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000280), 0xffffffffffffffff) 855.029583ms ago: executing program 3 (id=4986): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x9, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84}, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r1 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(r1, 0x10000000084, 0x23, 0x0, 0x8) 107.264532ms ago: executing program 3 (id=4987): r0 = openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/comm\x00', 0x60001, 0x0) write$auto(r0, &(0x7f0000000040)='^\x00', 0x6) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x41) shmctl$auto_SHM_INFO(0x100, 0xe, &(0x7f0000000180)={{0xffff, 0xee00, 0xffffffffffffffff, 0xffffffff, 0x5, 0xa255, 0x7}, 0x4, 0x81, 0x75, 0xa, @raw=0x10, @inferred=0x0, 0x9, 0x0, &(0x7f0000000100)="7d17c5", &(0x7f0000000140)="7f33de12dfa27f4f049c60c4e50ab49a49abe3d71df0510c960d0daf4d29c397c3705ed00107a0e08b5ad63c770395"}) r4 = getegid() lstat$auto(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)={0x80, 0x7, 0x13, 0x3, r2, r4, 0x0, 0xe4, 0x1ff, 0x1, 0x7, 0x9, 0x74c, 0xff, 0x371d0000000, 0x3, 0x8}) r5 = socket(0xf, 0x1, 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_vdpa(&(0x7f00000002c0), r6) renameat$auto(r1, &(0x7f0000000300)='./file0\x00', r1, &(0x7f0000000340)='./file0\x00') ioctl$auto_SNDRV_PCM_IOCTL_STATUS32(0xffffffffffffffff, 0x806c4120, &(0x7f0000000380)={0x3, 0x1, 0x6, 0x3, 0x2, 0x7, 0x6, 0x0, 0x0, 0x84, 0x6, 0x4, 0x1000, 0x1, 0x6, 0xff, 0x7, 0x1, "0c4046bf241a3547457ad8a40917235ce8551092bdc22f603c64af94eeff131814ea62c2"}) fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(r1, 0x1, &(0x7f0000000400)='^\x00', &(0x7f0000000440), 0x4) mkdirat$auto(r1, &(0x7f0000000480)='./file0\x00', 0x8) shmctl$auto_SHM_UNLOCK(0x3, 0xc, &(0x7f0000000640)={{0x2, r2, r4, 0x4, 0x80000001, 0x4, 0x401}, 0x55e7, 0x9, 0x6, 0x401, @inferred=r3, @raw=0x5, 0xfffb, 0x0, &(0x7f00000004c0)="92f8bdd47df40a87e5151cac117b53de627ef1916bca8a4fab8a668d56f6972aaec69ac112db91988c49d614b03deb4ac5ceafa68f311381c88fa1d801f15b7edae8717e68b1d73dac762392544148275c0f755ff56e", &(0x7f0000000540)="07e4d6c9c2144c937d30af3ac9ec9fde566b923fdeae4061a890227de195d1a2adb1ee21c09038e255b76b6cbb885a10ee7220c6d0634cc7ce0f427afbc95d62997c4ec8f90ef0747bf33164f7b44afcb5ef7be8f039b5fedbcdd796e2e617fc31689fa3dae11e106225aa0bd15b1e010dbe0e655d86d3bb5e49cf817328b520e49e9107d10116552df2edcf012ce5a7fd88ac7b2dedf61c5137e3bdfb5770c163972e9a280b09ef77465fd77b46ae3347d30d6d5e2c16f21a1de65fd87c294f53ddbe93f536235bd3ce1eec052cf31337677572ce08c5d9e83a876264b0"}) r8 = ioctl$auto_UDMABUF_CREATE(r1, 0x40187542, &(0x7f00000006c0)={r1, 0x1, 0x4, 0x9fd}) r10 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000740), r6) sendmsg$auto_IPVS_CMD_GET_CONFIG(r9, &(0x7f0000000c40)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000780)={0x454, r10, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_SERVICE={0xcf, 0x1, 0x0, 0x1, [@generic="749548bc335e0db1dd4db406668a471180cfe6bb83937037fb0920cf24c22d6b115a08f3f0337e37f6aab9f49700e03e91b3fe6139c220bbbde15aebfa7a5f73907084671748e8e37850c502a982f0377eb1b7ffc10493fd63d1a5ceb3d501ac95e6e107774b84f3ec789d21675b1eeec34bc1652769e9e64660925f07d1a9551a02f19a886d346d06f0a3e3ab2b0c53727399a9eb1b9d9f7573fb7727bf0afb72dd86cd73261ddb75b976742fe4509cc0963cbc61c72bc6b7093f85792167433c101cde16c43f34549f0c"]}, @IPVS_CMD_ATTR_SERVICE={0x282, 0x1, 0x0, 0x1, [@nested={0x180, 0xf5, 0x0, 0x1, [@nested={0x4, 0x25}, @generic="d4eefd5b92027b821c314df8fcfd9ab3428d44abb63347efdf614889e1e863daff6fae40d078b519fb28830aa7b1a25ee98fe4328bcf289f93a5fe0096f64c8010165174b30e02706ecdb9ea2a70d2c850d9a45ba81658911820e66a6acdf44b7acbac547ab2caddac3a5f80c6e21212464511cc14cba291e0acfaa4e863b8", @generic="19c021b6a30eb7aa71b3b89e59319bef1ee03cc5413d3dfe25716b70f8c508e8541ea0c464587d11794bc01bfc96e98eea8e34ea7c2c23a99f658678ec47834772fba8f255ac0118c3146a8a6e7d8d9cd850a40e57f05a8b37dc9b94dd0ddaf9ffdd4cf3d74e7e35572d023dee416983a77dca111faf296b9df90cf980efc2b0887fd1bfc8bf7e738e57db9b4adc2c7842fc938ee6088a07ce0cb6f627401fa4b9a773c81ff2083d6ce1591795d164ee41c73d83a91dc6f9a39202ecff47ebde4f87f2ad401ff64c1cd1508432ae349593a3b34ae16ef0b7222753ca31977d5bb7d6b13d76dff03083661c6d8eb7839809d0c84b8696514183"]}, @generic="93f918329e12b412b092b5287cd4f0b3e71ae8e4e4e40e1f11b264a4eb1c902846a912783da57fcef0fd87aa2e90b382e94240191a23d7e8ee95e0620904df0e3954ed38b7dbb4abd4609e268a0beaab54ed40ae7df40142e7facb8bb50f616a0639fab7ff2d46b3a54d9c03057ec4543a8c5ee41d9d2d698027f1b670715b4759278a28f61d73229d0447e528971f6435abffa790c9c3315bfa5cca02b82551e5eeb72b77de83c820438b6e7d22eef829e33f20952f622f19594af71e56c92504fbbff2b68ab8e8f2e8b10dc4ba9c9803399c82a965dac513a055b87c04079c32f125a62ecdfd9f3db01f24ee7d74", @generic="6d09f92d554139", @typed={0x7, 0x155, 0x0, 0x0, @str='e-\x00'}]}, @IPVS_CMD_ATTR_DEST={0xe3, 0x2, 0x0, 0x1, [@nested={0x1c, 0x9a, 0x0, 0x1, [@typed={0x8, 0xb9, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x29}, @nested={0x4, 0x72}, @typed={0x8, 0x93, 0x0, 0x0, @uid=r2}]}, @generic="60a5784802df42e9e4c4140ef7518babacb39bb269e4e7ab5188e676c0f83c6a45d817b80dfcca86aca8592d2248751a3ee2cbe80cb3065bea32e85b74a523401cc1028abfd16f1a67d63154f2fc3ccbdcf56f65e7388046c22a3692c68367380e00fddf1f4c8bfce8f7062f33f8e3ae9886475c88e65fc04dcd81c6d01266b42485ecf5aa8db47c4d20830a5b4a69e44e546a7cf00259307fdf2e84b48c3757056d4a67164c2f9c19df697b3528eb3592ad1b147ce551ac7c68f9", @typed={0x8, 0xfa, 0x0, 0x0, @ipv4=@empty}]}]}, 0x454}, 0x1, 0x0, 0x0, 0x44001}, 0x24040851) r11 = pidfd_open$auto(r7, 0x8) r12 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000c80), r8) r13 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000cc0), r11) removexattrat$auto(r1, &(0x7f0000000d00)='./file1\x00', 0x2, &(0x7f0000000d40)='%\x00') socket$nl_generic(0x10, 0x3, 0x10) r14 = open_tree$auto(r11, &(0x7f0000000d80)='./file1\x00', 0x7) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000e00)={'pimreg\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000e40)={'vlan0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r5, &(0x7f0000000f00)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x28, r13, 0x200, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}]}]}, 0x28}}, 0x40801) sysfs$auto(0xfffffffc, 0xffffffffffff710d, 0x5) sendmsg$auto_NL80211_CMD_VENDOR(r5, &(0x7f00000016c0)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001680)={&(0x7f0000000f80)={0x6dc, r12, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_IE_RIC={0x6bd, 0xb2, "da56401632a5782f86a30e5ab7359ba6d8fc5c0bbb738ec5630957b5a0e083630e315c91aa334e892adf01a1eb723373e5e6cf5d0ef3f514aafdb025bd8890a27833c2eb642ffaa883b1d3552cd902d0cc50df2fa14954b38ca38d5d14efe44d1226d7efea90afae976dffefebd54d005ddc63ca1e00762818057035231fcd2c5282f41424a195487ff99293fc44323ef8fe329bcf090a59be02c64eb555f5fb9b28ca7c5193b30fbb9dd7e264a091f073db753ddb62ce2234736dc295145e4bc5d537f2889d14bc045049caeee62a92c03c1f99779c86abd7fc167244313c5cd7480e79635f4e1ecae43af2366ea33ce57d368e383a8609e4f6c685bc007fe5dd63de42113cda2f8099b75f4cb87cb4b554d18a28c7089baf39dd1b38d66ed4aea38cb777afce2f893ad84d859f8d7c56e992074e094c8e28b1551193e60e91284a5fdab95154b7fb47adfd95ad7003eabf5320f437f2289a9443e8ea6af923e31caaad441eaa7ec8585fa9cc6906c31ef82556a2c151abc98e07e93be8fa3b9350a67ea87a9e770db616506c9876b87a22a74042e4189314793b39ad709cdcfae683baedf8d6dc7701b0df01ae762096bf3765bc9b44e88f64c682f9d238ebec05eb75b6245c87076dae95889233e85c2b605241749527efd7ffc17b670e165fa7e7a3b8dcb0fbbea9654be535711abd6f4b4dc2f62ae89d7dc9fa55a12ef27aca532b11f358ac470972fb7a8d8f2b319a59cf3bbac545279e0b368fc81bc638234f0aaa86883814b3c56cfbdc7a8e67f313752395ccd4454af6ad48b26c325d9f17ce8c07463a457ba534ee2533d2c0ab6e789a70fb09195cf0dc7a44594b592bd585c66c6679cca9eefb1d8611d11f40286520d2e30d871f0dff894fcc14f57a8acf8af04a7c8bcb30f25c6e5bdf2263aeb4719e8f4874bedcd3d8fd3aeeec3d0d0b703c8c9c44e8cf6712af40692cda15250441ab637f045ec4cee5fb88476eaf21f66c4adc558e53b15846d295c84fd00a762c4c748d78a2d1b556be866a503f84f3d7bc1520816bfb06ada506149243b7adc2356ffe84f81ba1db310c4388ec9ce17506e686755f2e9be792a1ceef082e8edf158c1fb4cc070fd8d85401688ce16d4f77ca957169fa1db95adb0258bcc7a7303160352b26099e383851d6756d76d571b496b97f3d2c1cecef51af932d4f0812102b310b0162346d0b10369fee80b4749f7ca3d1bb3c94f7f90f9f2ab6fd4dcf0816b2aac427d18c5abf74acf8a014ee016c485f6d939e17cb22fd8782d8d9d67e722de0dcc3d96a00842a813e6705c5568a9021bc7280490025ad405d02436364273088d0b9d20bd32486d7875943afbf73bbdead2b2dd4a91a816cc552e24717136a5d788f99528166e66fce798514a35a2ba3c80f692b0f39a8129181680c6bd18f5bba186ca28aa0ed974d30af839eac71ae64fac918fbc7cc7aeea838265d954b4cf85900d3d37ea7ba65be53ea671cf9cd4a549943c1347f61bbce55027666a29533e4612bcfba83eafb75a3582cef099a770b3f0f53f5c021c32f6dff5a5113837a93ce4ade691c02bf3e4260be5735a3067befc3993cab8f6f293a79bac71bae074b04afbe3132ef356083d5081dc97816bf034b1ac2b288211b35e0c346b73e0db6460b4928c215550ee01f11c4eed314cae90c3dc12f98f9d8d701cf6fe781fd37b6da95595083c6246faadc31d01f83ee40e3ddf364ae3ca82b26bc4693c9de377afae89e950b3b4f432dc4a2de9a50d4fef531a3c994233f18145d17190777a10ca41afb76b61e01bdf5a8afb95ec2cdc8ad0cb77a02bd51715ae71db1d07332dfc5a042357c9ce4158202b3239efd50a0d3699cce78c4dbeaa05ff4959c9effab58c92b85bee6aea5121896e70d9039920732e44cc6a1a837d9c82b7402b519e7701c967eacbea5a473e6e0c773b1167a60ecac5924314e1e57edde0c01ab1654c8189aa53870dc79b243503984a924045f8bc089efb6dc91b5353e48ef82b4f83b9cf13720fff68de9777cc5f46a29a3355cf8bcef645e21f04b42d0ef354838f41d73611d19ad4d777e7240a3be922eafea3584078113f477c08edb9447547a9aa2519f5c4f51972d9305a5005c7d4e461de62617e41526c2a0f183bb5e293ffe795c2508fc29056e9eee38d57af7ea0dc9c83bd4b96164221cd938891894d99cd1928e015c000031cea2fc5ffba10689df22affbcf7f2c2c966c109b2e97a322394f0b9cf249f08dfb8b975dab082bba91723d16404fba10e3a7f2a226fcdc1ca71f7c99f7512cd68639dad8fc7f31e338e9116d55f7cb0108312cbfcdb2e94edf9467bee284398574e6ab5656455915fd98fc6006c6dff018e5e56c690a4fd4190eaa85645a35bda53fd8bffbc1c44b315d13fb4f6cf6e73b8b00"}]}, 0x6dc}, 0x1, 0x0, 0x0, 0x800}, 0x40000c0) write$auto_fops_x16_ro_(r1, &(0x7f0000001700)="b96705e8fd958a06f2544aa0955c55dac17884315a734b43b2b7a288976edffb7c26c435", 0x24) ioctl$auto_FIOASYNC(r0, 0x5452, 0x75c5) 0s ago: executing program 3 (id=4988): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) write$auto(r0, &(0x7f00000007c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef`\xd8\x9c\xf7?:\x1a\xc62\x911e\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\b};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xff\x7f\xd0UV\x11\xcb\xdd\x81\xbe\xde\f/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2|%\xbf\x02trg\x9a\xe7\x00\x85Z\x06?\x12\x98\x0f)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1;\xe4pd$\xd7\x1b\v\x82\r\f\xd0Hq\xd9\r\x88#\x89\x8d\xcd\x1e\x87N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8HR+\a\xb7R\t\n+\x7f\xd5H\x90G=\x9a\r\xb10\x1b\xf8\v\x11\v\xbb\xc8^\xa4\xe2\x05\x91|\x123\xc3:\xfd\xee\x04a\xc8\x12\xce\xa2\x12\xcb\x8c\x87f\xebGQ\xe9\x96\xd5E\x13a\xb7\x057\x1c&\xe0\x94\xa7\xfb\x9d;\xfa\xb1\x1b4a,\'\xb2Ym\xe1:\xbf\x8cs\x06\xa3u\x8d!\n\x80-\x9a\xbb;\xf4\xf3\xe1\x97\xfc8\xff\xa7\\\x8b\xf9\x95\x10$\xef\x1a #b\xfb\xfe\xe9\x06fK0\xdd\x84T,\xfa\xb5\x00\x83d\xbba\xd7\x7f\x00\x00\x00AN\x9d\xcb\x96\xc7\xe8\xe6\x8bC\xeb\xc7EZ\xc8\x1a\x81.f\tZ-sZ\x13n\xec\xa9\xbf\xd0$\xb9\xd8\x00\x00\x00\x00\x00\x00\x00\x00\x00\xec\xbd_r\xf16\xec\xf3\xbb[.\xf3\xef\xf8\x16x\x9e\xb3*:/L\xa0Kg\xf0\xa2\x84\xa3o\xcc\x9e\xd3\xeb\xd3(\xaa\x93g~\x01\x81\x1eV\xf1L\xfc\xad\xa9#O\xe4\x12\xd3\xbda\xbc\x9a\x9f+9\'\xc4\x13\xf0\xc88\x1d80?\xc2\a\af\xdc?-&\xedAd\x9c\xe5&\xb9\x14\xe1\x85 \xbf\x18\xfc:#\xcf\x7ffT\xefPb\xe1\xfa]\xcc\x8a\xe3\x99\x98u\x9bj>\x9d\xc2\x1fk\x87\x92\xfb(U\xa8\xcd4+\xf6e5],\xec\x84 \x1b\x10d\x1b@\x84X\xa1\xa8\xd7\xccO\xb0Qq\x1a\xa4<\\\x0e\xa4\x7f^\x1a|\xfd\xe6#\x00\x9e\x1d\x00k\x84\x1b\xa3\xb1O\xe0IzJRO\xf4,\xe5\xdb\x03CA\x13Q\x84\xbb\x88\xb4\xe3\xba\xf0/\xd0\x04\ny\a\x8d\x12h\xe22\xcb\"\xce\x00\x00', 0x5) ioctl$auto_USBDEVFS_CLAIMINTERFACE(0xffffffffffffffff, 0x8004550f, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0x80184132, &(0x7f00000000c0)={0x9, 0xe80b, 0x7, 0x400}) read$auto(r1, 0x0, 0x1f40) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) kernel console output (not intermixed with test programs): 8][T17475] tipc_setsockopt+0x611/0xe30 [ 864.892776][T17475] ? __pfx_tipc_setsockopt+0x10/0x10 [ 864.892824][T17475] ? __pfx_tipc_setsockopt+0x10/0x10 [ 864.892862][T17475] do_sock_setsockopt+0xf3/0x1d0 [ 864.892902][T17475] __sys_setsockopt+0x119/0x190 [ 864.892937][T17475] __x64_sys_setsockopt+0xbd/0x160 [ 864.892965][T17475] ? do_syscall_64+0x95/0xf80 [ 864.893001][T17475] ? lockdep_hardirqs_on+0x78/0x100 [ 864.893031][T17475] do_syscall_64+0x106/0xf80 [ 864.893060][T17475] ? clear_bhb_loop+0x40/0x90 [ 864.893092][T17475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.893119][T17475] RIP: 0033:0x7f9286b9c799 [ 864.893140][T17475] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.893194][T17475] RSP: 002b:00007f9287a38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 864.893228][T17475] RAX: ffffffffffffffda RBX: 00007f9286e15fa0 RCX: 00007f9286b9c799 [ 864.893256][T17475] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 864.893284][T17475] RBP: 00007f9286c32bd9 R08: 0000000000000014 R09: 0000000000000000 [ 864.893301][T17475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 864.893317][T17475] R13: 00007f9286e16038 R14: 00007f9286e15fa0 R15: 00007fffada20b18 [ 864.893350][T17475] [ 864.895868][T17475] tipc: Subscription rejected, no memory [ 865.571192][T17485] program syz.4.2642 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 865.632933][T17485] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 865.704870][T17489] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2642'. [ 867.569611][T17523] netlink: 'syz.4.2648': attribute type 1 has an invalid length. [ 868.043842][T17531] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2651'. [ 868.675017][T17536] FAULT_INJECTION: forcing a failure. [ 868.675017][T17536] name failslab, interval 1, probability 0, space 0, times 0 [ 868.720365][T17536] CPU: 0 UID: 0 PID: 17536 Comm: syz.3.2652 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 868.720426][T17536] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 868.720441][T17536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 868.720458][T17536] Call Trace: [ 868.720467][T17536] [ 868.720476][T17536] dump_stack_lvl+0x100/0x190 [ 868.720520][T17536] should_fail_ex.cold+0x5/0xa [ 868.720549][T17536] should_failslab+0xc2/0x120 [ 868.720576][T17536] __kmalloc_cache_noprof+0x7a/0x6f0 [ 868.720609][T17536] ? tipc_sub_subscribe+0x15c/0x730 [ 868.720638][T17536] ? find_held_lock+0x2b/0x80 [ 868.720668][T17536] tipc_sub_subscribe+0x15c/0x730 [ 868.720702][T17536] tipc_conn_rcv_sub+0x21e/0x3d0 [ 868.720731][T17536] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 868.720761][T17536] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 868.720792][T17536] ? net_generic+0xea/0x2a0 [ 868.720824][T17536] tipc_group_create+0x4ab/0x660 [ 868.720857][T17536] tipc_setsockopt+0x611/0xe30 [ 868.720895][T17536] ? __pfx_tipc_setsockopt+0x10/0x10 [ 868.720943][T17536] ? __pfx_tipc_setsockopt+0x10/0x10 [ 868.720979][T17536] do_sock_setsockopt+0xf3/0x1d0 [ 868.721019][T17536] __sys_setsockopt+0x119/0x190 [ 868.721053][T17536] __x64_sys_setsockopt+0xbd/0x160 [ 868.721081][T17536] ? do_syscall_64+0x95/0xf80 [ 868.721112][T17536] ? lockdep_hardirqs_on+0x78/0x100 [ 868.721141][T17536] do_syscall_64+0x106/0xf80 [ 868.721169][T17536] ? clear_bhb_loop+0x40/0x90 [ 868.721201][T17536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.721228][T17536] RIP: 0033:0x7fed8879c799 [ 868.721249][T17536] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 868.721275][T17536] RSP: 002b:00007fed8957e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 868.721299][T17536] RAX: ffffffffffffffda RBX: 00007fed88a15fa0 RCX: 00007fed8879c799 [ 868.721317][T17536] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 868.721333][T17536] RBP: 00007fed88832bd9 R08: 0000000000000014 R09: 0000000000000000 [ 868.721349][T17536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 868.721394][T17536] R13: 00007fed88a16038 R14: 00007fed88a15fa0 R15: 00007ffe61326c48 [ 868.721447][T17536] [ 868.722300][T17536] tipc: Subscription rejected, no memory [ 869.250546][T17545] FAULT_INJECTION: forcing a failure. [ 869.250546][T17545] name failslab, interval 1, probability 0, space 0, times 0 [ 869.284303][T17546] netlink: 'syz.4.2655': attribute type 1 has an invalid length. [ 869.298007][T17545] CPU: 1 UID: 0 PID: 17545 Comm: syz.3.2656 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 869.298084][T17545] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 869.298104][T17545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 869.298125][T17545] Call Trace: [ 869.298137][T17545] [ 869.298150][T17545] dump_stack_lvl+0x100/0x190 [ 869.298213][T17545] should_fail_ex.cold+0x5/0xa [ 869.298254][T17545] should_failslab+0xc2/0x120 [ 869.298293][T17545] __kmalloc_cache_noprof+0x7a/0x6f0 [ 869.298339][T17545] ? tipc_sub_subscribe+0x15c/0x730 [ 869.298393][T17545] ? find_held_lock+0x2b/0x80 [ 869.298433][T17545] tipc_sub_subscribe+0x15c/0x730 [ 869.298480][T17545] tipc_conn_rcv_sub+0x21e/0x3d0 [ 869.298520][T17545] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 869.298562][T17545] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 869.298603][T17545] ? net_generic+0xea/0x2a0 [ 869.298648][T17545] tipc_group_create+0x4ab/0x660 [ 869.298691][T17545] tipc_setsockopt+0x611/0xe30 [ 869.298742][T17545] ? __pfx_tipc_setsockopt+0x10/0x10 [ 869.298810][T17545] ? __pfx_tipc_setsockopt+0x10/0x10 [ 869.298861][T17545] do_sock_setsockopt+0xf3/0x1d0 [ 869.298916][T17545] __sys_setsockopt+0x119/0x190 [ 869.298959][T17545] __x64_sys_setsockopt+0xbd/0x160 [ 869.298994][T17545] ? do_syscall_64+0x95/0xf80 [ 869.299037][T17545] ? lockdep_hardirqs_on+0x78/0x100 [ 869.299076][T17545] do_syscall_64+0x106/0xf80 [ 869.299115][T17545] ? clear_bhb_loop+0x40/0x90 [ 869.299159][T17545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.299196][T17545] RIP: 0033:0x7fed8879c799 [ 869.299226][T17545] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 869.299263][T17545] RSP: 002b:00007fed8957e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 869.299297][T17545] RAX: ffffffffffffffda RBX: 00007fed88a15fa0 RCX: 00007fed8879c799 [ 869.299320][T17545] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 869.299339][T17545] RBP: 00007fed88832bd9 R08: 0000000000000014 R09: 0000000000000000 [ 869.299361][T17545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 869.299391][T17545] R13: 00007fed88a16038 R14: 00007fed88a15fa0 R15: 00007ffe61326c48 [ 869.299439][T17545] [ 869.701417][T17545] tipc: Subscription rejected, no memory [ 870.432956][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.439420][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.017788][T17591] FAULT_INJECTION: forcing a failure. [ 872.017788][T17591] name failslab, interval 1, probability 0, space 0, times 0 [ 872.075725][T17591] CPU: 1 UID: 0 PID: 17591 Comm: syz.1.2666 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 872.075800][T17591] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 872.075822][T17591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 872.075843][T17591] Call Trace: [ 872.075855][T17591] [ 872.075869][T17591] dump_stack_lvl+0x100/0x190 [ 872.075929][T17591] should_fail_ex.cold+0x5/0xa [ 872.075972][T17591] should_failslab+0xc2/0x120 [ 872.076010][T17591] __kmalloc_cache_noprof+0x7a/0x6f0 [ 872.076057][T17591] ? tipc_sub_subscribe+0x15c/0x730 [ 872.076097][T17591] ? find_held_lock+0x2b/0x80 [ 872.076136][T17591] tipc_sub_subscribe+0x15c/0x730 [ 872.076182][T17591] tipc_conn_rcv_sub+0x21e/0x3d0 [ 872.076222][T17591] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 872.076263][T17591] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 872.076305][T17591] ? net_generic+0xea/0x2a0 [ 872.076357][T17591] tipc_group_create+0x4ab/0x660 [ 872.076432][T17591] tipc_setsockopt+0x611/0xe30 [ 872.076486][T17591] ? __pfx_tipc_setsockopt+0x10/0x10 [ 872.076546][T17591] ? __pfx_tipc_setsockopt+0x10/0x10 [ 872.076583][T17591] do_sock_setsockopt+0xf3/0x1d0 [ 872.076624][T17591] __sys_setsockopt+0x119/0x190 [ 872.076658][T17591] __x64_sys_setsockopt+0xbd/0x160 [ 872.076687][T17591] ? do_syscall_64+0x95/0xf80 [ 872.076716][T17591] ? lockdep_hardirqs_on+0x78/0x100 [ 872.076746][T17591] do_syscall_64+0x106/0xf80 [ 872.076774][T17591] ? clear_bhb_loop+0x40/0x90 [ 872.076806][T17591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.076832][T17591] RIP: 0033:0x7fdea9f9c799 [ 872.076853][T17591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 872.076878][T17591] RSP: 002b:00007fdeaae38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 872.076902][T17591] RAX: ffffffffffffffda RBX: 00007fdeaa215fa0 RCX: 00007fdea9f9c799 [ 872.076920][T17591] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 872.076936][T17591] RBP: 00007fdeaa032bd9 R08: 0000000000000014 R09: 0000000000000000 [ 872.076952][T17591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.076968][T17591] R13: 00007fdeaa216038 R14: 00007fdeaa215fa0 R15: 00007ffff2113428 [ 872.077000][T17591] [ 872.077010][T17591] tipc: Subscription rejected, no memory [ 874.575720][T17624] FAULT_INJECTION: forcing a failure. [ 874.575720][T17624] name failslab, interval 1, probability 0, space 0, times 0 [ 874.656264][T17624] CPU: 1 UID: 0 PID: 17624 Comm: syz.1.2681 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 874.656337][T17624] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 874.656359][T17624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 874.656381][T17624] Call Trace: [ 874.656392][T17624] [ 874.656406][T17624] dump_stack_lvl+0x100/0x190 [ 874.656464][T17624] should_fail_ex.cold+0x5/0xa [ 874.656506][T17624] should_failslab+0xc2/0x120 [ 874.656542][T17624] __kmalloc_cache_noprof+0x7a/0x6f0 [ 874.656589][T17624] ? tipc_sub_subscribe+0x15c/0x730 [ 874.656631][T17624] ? find_held_lock+0x2b/0x80 [ 874.656671][T17624] tipc_sub_subscribe+0x15c/0x730 [ 874.656717][T17624] tipc_conn_rcv_sub+0x21e/0x3d0 [ 874.656758][T17624] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 874.656799][T17624] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 874.656871][T17624] ? net_generic+0xea/0x2a0 [ 874.656919][T17624] tipc_group_create+0x4ab/0x660 [ 874.656965][T17624] tipc_setsockopt+0x611/0xe30 [ 874.657017][T17624] ? __pfx_tipc_setsockopt+0x10/0x10 [ 874.657083][T17624] ? __pfx_tipc_setsockopt+0x10/0x10 [ 874.657134][T17624] do_sock_setsockopt+0xf3/0x1d0 [ 874.657196][T17624] __sys_setsockopt+0x119/0x190 [ 874.657259][T17624] __x64_sys_setsockopt+0xbd/0x160 [ 874.657298][T17624] ? do_syscall_64+0x95/0xf80 [ 874.657339][T17624] ? lockdep_hardirqs_on+0x78/0x100 [ 874.657380][T17624] do_syscall_64+0x106/0xf80 [ 874.657420][T17624] ? clear_bhb_loop+0x40/0x90 [ 874.657463][T17624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.657501][T17624] RIP: 0033:0x7fdea9f9c799 [ 874.657530][T17624] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.657565][T17624] RSP: 002b:00007fdeaae38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 874.657599][T17624] RAX: ffffffffffffffda RBX: 00007fdeaa215fa0 RCX: 00007fdea9f9c799 [ 874.657622][T17624] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 874.657645][T17624] RBP: 00007fdeaa032bd9 R08: 0000000000000014 R09: 0000000000000000 [ 874.657667][T17624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 874.657687][T17624] R13: 00007fdeaa216038 R14: 00007fdeaa215fa0 R15: 00007ffff2113428 [ 874.657731][T17624] [ 874.657806][T17624] tipc: Subscription rejected, no memory [ 884.899501][T17751] netlink: 'syz.4.2698': attribute type 1 has an invalid length. [ 885.501939][T17762] FAULT_INJECTION: forcing a failure. [ 885.501939][T17762] name failslab, interval 1, probability 0, space 0, times 0 [ 885.549916][T17762] CPU: 0 UID: 0 PID: 17762 Comm: syz.3.2702 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 885.549990][T17762] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 885.550005][T17762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 885.550021][T17762] Call Trace: [ 885.550030][T17762] [ 885.550040][T17762] dump_stack_lvl+0x100/0x190 [ 885.550115][T17762] should_fail_ex.cold+0x5/0xa [ 885.550161][T17762] should_failslab+0xc2/0x120 [ 885.550190][T17762] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 885.550229][T17762] ? alloc_empty_file+0x55/0x1c0 [ 885.550260][T17762] ? __pfx_stack_trace_save+0x10/0x10 [ 885.550290][T17762] alloc_empty_file+0x55/0x1c0 [ 885.550322][T17762] path_openat+0xe8/0x31a0 [ 885.550346][T17762] ? kasan_save_stack+0x3f/0x50 [ 885.550384][T17762] ? kasan_save_stack+0x30/0x50 [ 885.550421][T17762] ? kasan_save_track+0x14/0x30 [ 885.550459][T17762] ? __kasan_slab_alloc+0x89/0x90 [ 885.550499][T17762] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 885.550536][T17762] ? do_getname+0x35/0x390 [ 885.550565][T17762] ? do_sys_openat2+0xc5/0x1e0 [ 885.550597][T17762] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.550627][T17762] ? __pfx_path_openat+0x10/0x10 [ 885.550663][T17762] do_file_open+0x20e/0x430 [ 885.550691][T17762] ? __pfx_do_file_open+0x10/0x10 [ 885.550736][T17762] ? alloc_fd+0x476/0x790 [ 885.550763][T17762] ? do_getname+0x191/0x390 [ 885.550796][T17762] do_sys_openat2+0x10d/0x1e0 [ 885.550829][T17762] ? __pfx_do_sys_openat2+0x10/0x10 [ 885.550863][T17762] ? find_held_lock+0x2b/0x80 [ 885.550894][T17762] __x64_sys_openat+0x12d/0x210 [ 885.550942][T17762] ? __pfx___x64_sys_openat+0x10/0x10 [ 885.550987][T17762] do_syscall_64+0x106/0xf80 [ 885.551017][T17762] ? clear_bhb_loop+0x40/0x90 [ 885.551048][T17762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.551074][T17762] RIP: 0033:0x7fed8879c799 [ 885.551096][T17762] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 885.551121][T17762] RSP: 002b:00007fed869f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 885.551146][T17762] RAX: ffffffffffffffda RBX: 00007fed88a16090 RCX: 00007fed8879c799 [ 885.551164][T17762] RDX: 000000000014be02 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 885.551182][T17762] RBP: 00007fed88832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 885.551199][T17762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 885.551214][T17762] R13: 00007fed88a16128 R14: 00007fed88a16090 R15: 00007ffe61326c48 [ 885.551246][T17762] [ 886.616922][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b639c00: rx timeout, send abort [ 886.625836][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807b639c00: 0x0ffff: (3) A timeout occurred and this is the connection abort to close the session. [ 890.057466][T17819] FAULT_INJECTION: forcing a failure. [ 890.057466][T17819] name failslab, interval 1, probability 0, space 0, times 0 [ 890.125365][T17819] CPU: 1 UID: 0 PID: 17819 Comm: syz.4.2721 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 890.125443][T17819] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 890.125465][T17819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 890.125481][T17819] Call Trace: [ 890.125490][T17819] [ 890.125518][T17819] dump_stack_lvl+0x100/0x190 [ 890.125562][T17819] should_fail_ex.cold+0x5/0xa [ 890.125607][T17819] should_failslab+0xc2/0x120 [ 890.125634][T17819] __kmalloc_cache_noprof+0x7a/0x6f0 [ 890.125667][T17819] ? tipc_sub_subscribe+0x15c/0x730 [ 890.125696][T17819] ? find_held_lock+0x2b/0x80 [ 890.125724][T17819] tipc_sub_subscribe+0x15c/0x730 [ 890.125757][T17819] tipc_conn_rcv_sub+0x21e/0x3d0 [ 890.125786][T17819] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 890.125816][T17819] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 890.125854][T17819] ? net_generic+0xea/0x2a0 [ 890.125887][T17819] tipc_group_create+0x4ab/0x660 [ 890.125921][T17819] tipc_setsockopt+0x611/0xe30 [ 890.125958][T17819] ? __pfx_tipc_setsockopt+0x10/0x10 [ 890.126006][T17819] ? __pfx_tipc_setsockopt+0x10/0x10 [ 890.126043][T17819] do_sock_setsockopt+0xf3/0x1d0 [ 890.126084][T17819] __sys_setsockopt+0x119/0x190 [ 890.126118][T17819] __x64_sys_setsockopt+0xbd/0x160 [ 890.126146][T17819] ? do_syscall_64+0x95/0xf80 [ 890.126175][T17819] ? lockdep_hardirqs_on+0x78/0x100 [ 890.126205][T17819] do_syscall_64+0x106/0xf80 [ 890.126233][T17819] ? clear_bhb_loop+0x40/0x90 [ 890.126265][T17819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.126291][T17819] RIP: 0033:0x7f9286b9c799 [ 890.126311][T17819] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 890.126337][T17819] RSP: 002b:00007f9287a38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 890.126361][T17819] RAX: ffffffffffffffda RBX: 00007f9286e15fa0 RCX: 00007f9286b9c799 [ 890.126378][T17819] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 890.126394][T17819] RBP: 00007f9286c32bd9 R08: 0000000000000014 R09: 0000000000000000 [ 890.126410][T17819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 890.126425][T17819] R13: 00007f9286e16038 R14: 00007f9286e15fa0 R15: 00007fffada20b18 [ 890.126457][T17819] [ 890.126467][T17819] tipc: Subscription rejected, no memory [ 891.011638][T17824] can: request_module (can-proto-0) failed. [ 891.749190][T17841] mkiss: ax0: crc mode is auto. [ 898.073525][T17928] netlink: 'syz.1.2734': attribute type 1 has an invalid length. [ 898.109217][ T9097] Bluetooth: hci3: command 0x0406 tx timeout [ 903.079491][T17993] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 903.529201][T18004] can: request_module (can-proto-0) failed. [ 904.720025][T18023] mkiss: ax0: crc mode is auto. [ 907.184454][T18066] netlink: 'syz.4.2759': attribute type 1 has an invalid length. [ 910.288449][T18104] FAULT_INJECTION: forcing a failure. [ 910.288449][T18104] name failslab, interval 1, probability 0, space 0, times 0 [ 910.331749][T18104] CPU: 1 UID: 0 PID: 18104 Comm: syz.2.2766 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 910.331807][T18104] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 910.331822][T18104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 910.331838][T18104] Call Trace: [ 910.331847][T18104] [ 910.331858][T18104] dump_stack_lvl+0x100/0x190 [ 910.331902][T18104] should_fail_ex.cold+0x5/0xa [ 910.331941][T18104] should_failslab+0xc2/0x120 [ 910.331969][T18104] __kmalloc_cache_noprof+0x7a/0x6f0 [ 910.332002][T18104] ? tipc_sub_subscribe+0x15c/0x730 [ 910.332032][T18104] ? find_held_lock+0x2b/0x80 [ 910.332060][T18104] tipc_sub_subscribe+0x15c/0x730 [ 910.332094][T18104] tipc_conn_rcv_sub+0x21e/0x3d0 [ 910.332124][T18104] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 910.332153][T18104] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 910.332184][T18104] ? net_generic+0xea/0x2a0 [ 910.332216][T18104] tipc_group_create+0x4ab/0x660 [ 910.332249][T18104] tipc_setsockopt+0x611/0xe30 [ 910.332286][T18104] ? __pfx_tipc_setsockopt+0x10/0x10 [ 910.332333][T18104] ? __pfx_tipc_setsockopt+0x10/0x10 [ 910.332369][T18104] do_sock_setsockopt+0xf3/0x1d0 [ 910.332409][T18104] __sys_setsockopt+0x119/0x190 [ 910.332442][T18104] __x64_sys_setsockopt+0xbd/0x160 [ 910.332469][T18104] ? do_syscall_64+0x95/0xf80 [ 910.332498][T18104] ? lockdep_hardirqs_on+0x78/0x100 [ 910.332527][T18104] do_syscall_64+0x106/0xf80 [ 910.332555][T18104] ? clear_bhb_loop+0x40/0x90 [ 910.332586][T18104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.332613][T18104] RIP: 0033:0x7f96afd9c799 [ 910.332635][T18104] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 910.332660][T18104] RSP: 002b:00007f96b0b95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 910.332684][T18104] RAX: ffffffffffffffda RBX: 00007f96b0015fa0 RCX: 00007f96afd9c799 [ 910.332702][T18104] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 910.332718][T18104] RBP: 00007f96afe32bd9 R08: 0000000000000014 R09: 0000000000000000 [ 910.332734][T18104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 910.332750][T18104] R13: 00007f96b0016038 R14: 00007f96b0015fa0 R15: 00007ffea2932648 [ 910.332782][T18104] [ 910.332793][T18104] tipc: Subscription rejected, no memory [ 911.374579][T18115] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 912.364014][T18135] : Can't lookup blockdev [ 913.467419][ T9097] Bluetooth: hci1: command 0x0406 tx timeout [ 914.206971][T18161] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 915.117488][T18184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2782'. [ 915.635983][T18192] netlink: 350 bytes leftover after parsing attributes in process `syz.1.2783'. [ 916.046467][T18196] FAULT_INJECTION: forcing a failure. [ 916.046467][T18196] name failslab, interval 1, probability 0, space 0, times 0 [ 916.059409][T18196] CPU: 1 UID: 0 PID: 18196 Comm: syz.3.2785 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 916.059480][T18196] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 916.059496][T18196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 916.059512][T18196] Call Trace: [ 916.059524][T18196] [ 916.059535][T18196] dump_stack_lvl+0x100/0x190 [ 916.059578][T18196] should_fail_ex.cold+0x5/0xa [ 916.059609][T18196] should_failslab+0xc2/0x120 [ 916.059636][T18196] __kmalloc_cache_noprof+0x7a/0x6f0 [ 916.059670][T18196] ? tipc_service_create+0xb1/0x340 [ 916.059709][T18196] tipc_service_create+0xb1/0x340 [ 916.059741][T18196] ? tipc_service_find+0x161/0x1c0 [ 916.059775][T18196] tipc_nametbl_subscribe+0x892/0xa80 [ 916.059816][T18196] ? __pfx_tipc_nametbl_subscribe+0x10/0x10 [ 916.059856][T18196] ? lockdep_init_map_type+0x5c/0x250 [ 916.059896][T18196] tipc_sub_subscribe+0x4ba/0x730 [ 916.059929][T18196] tipc_conn_rcv_sub+0x21e/0x3d0 [ 916.059959][T18196] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 916.059989][T18196] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 916.060021][T18196] ? net_generic+0xea/0x2a0 [ 916.060053][T18196] tipc_group_create+0x4ab/0x660 [ 916.060087][T18196] tipc_setsockopt+0x611/0xe30 [ 916.060125][T18196] ? __pfx_tipc_setsockopt+0x10/0x10 [ 916.060173][T18196] ? __pfx_tipc_setsockopt+0x10/0x10 [ 916.060210][T18196] do_sock_setsockopt+0xf3/0x1d0 [ 916.060252][T18196] __sys_setsockopt+0x119/0x190 [ 916.060287][T18196] __x64_sys_setsockopt+0xbd/0x160 [ 916.060315][T18196] ? do_syscall_64+0x95/0xf80 [ 916.060345][T18196] ? lockdep_hardirqs_on+0x78/0x100 [ 916.060375][T18196] do_syscall_64+0x106/0xf80 [ 916.060403][T18196] ? clear_bhb_loop+0x40/0x90 [ 916.060448][T18196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.060477][T18196] RIP: 0033:0x7fed8879c799 [ 916.060500][T18196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 916.060526][T18196] RSP: 002b:00007fed8957e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 916.060551][T18196] RAX: ffffffffffffffda RBX: 00007fed88a15fa0 RCX: 00007fed8879c799 [ 916.060568][T18196] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 916.060584][T18196] RBP: 00007fed88832bd9 R08: 0000000000000014 R09: 0000000000000000 [ 916.060599][T18196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 916.060615][T18196] R13: 00007fed88a16038 R14: 00007fed88a15fa0 R15: 00007ffe61326c48 [ 916.060648][T18196] [ 916.060659][T18196] tipc: Service creation failed, no memory [ 916.322025][T18196] tipc: Failed to subscribe for {2304240032,0,4294967295} [ 917.348352][T18193] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2784'. [ 919.448222][T18236] netlink: 'syz.1.2796': attribute type 1 has an invalid length. [ 921.333193][T18270] FAULT_INJECTION: forcing a failure. [ 921.333193][T18270] name failslab, interval 1, probability 0, space 0, times 0 [ 921.350523][T18270] CPU: 1 UID: 0 PID: 18270 Comm: syz.4.2811 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 921.350591][T18270] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 921.350606][T18270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 921.350622][T18270] Call Trace: [ 921.350630][T18270] [ 921.350641][T18270] dump_stack_lvl+0x100/0x190 [ 921.350684][T18270] should_fail_ex.cold+0x5/0xa [ 921.350713][T18270] ? tomoyo_realpath_from_path+0xb6/0x690 [ 921.350742][T18270] should_failslab+0xc2/0x120 [ 921.350768][T18270] __kmalloc_noprof+0xe0/0x850 [ 921.350811][T18270] tomoyo_realpath_from_path+0xb6/0x690 [ 921.350846][T18270] tomoyo_check_open_permission+0x2af/0x3c0 [ 921.350886][T18270] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 921.350951][T18270] ? lock_acquire+0x1cf/0x380 [ 921.350983][T18270] ? find_held_lock+0x2b/0x80 [ 921.351012][T18270] tomoyo_file_open+0x6b/0x90 [ 921.351054][T18270] security_file_open+0xb5/0x1e0 [ 921.351080][T18270] do_dentry_open+0x5aa/0x1660 [ 921.351117][T18270] vfs_open+0x82/0x3f0 [ 921.351158][T18270] path_openat+0x208c/0x31a0 [ 921.351192][T18270] ? __pfx_path_openat+0x10/0x10 [ 921.351227][T18270] do_file_open+0x20e/0x430 [ 921.351253][T18270] ? __pfx_do_file_open+0x10/0x10 [ 921.351287][T18270] ? __pfx_kfree_link+0x10/0x10 [ 921.351329][T18270] ? alloc_fd+0x476/0x790 [ 921.351354][T18270] ? do_getname+0x191/0x390 [ 921.351388][T18270] do_sys_openat2+0x10d/0x1e0 [ 921.351424][T18270] ? __pfx_do_sys_openat2+0x10/0x10 [ 921.351500][T18270] __x64_sys_openat+0x12d/0x210 [ 921.351542][T18270] ? __pfx___x64_sys_openat+0x10/0x10 [ 921.351586][T18270] do_syscall_64+0x106/0xf80 [ 921.351615][T18270] ? clear_bhb_loop+0x40/0x90 [ 921.351645][T18270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 921.351671][T18270] RIP: 0033:0x7f9286b5cfce [ 921.351692][T18270] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 921.351716][T18270] RSP: 002b:00007f9287a37f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 921.351740][T18270] RAX: ffffffffffffffda RBX: 00007f9287a386c0 RCX: 00007f9286b5cfce [ 921.351756][T18270] RDX: 0000000000000002 RSI: 00007f9286c324e0 RDI: ffffffffffffff9c [ 921.351772][T18270] RBP: 00007f9286c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 921.351787][T18270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 921.351802][T18270] R13: 00007f9286e16038 R14: 00007f9286e15fa0 R15: 00007fffada20b18 [ 921.351834][T18270] [ 921.351846][T18270] ERROR: Out of memory at tomoyo_realpath_from_path. [ 921.774051][T18270] FAULT_INJECTION: forcing a failure. [ 921.774051][T18270] name failslab, interval 1, probability 0, space 0, times 0 [ 921.821314][T18270] CPU: 0 UID: 0 PID: 18270 Comm: syz.4.2811 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 921.821388][T18270] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 921.821409][T18270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 921.821436][T18270] Call Trace: [ 921.821449][T18270] [ 921.821462][T18270] dump_stack_lvl+0x100/0x190 [ 921.821528][T18270] should_fail_ex.cold+0x5/0xa [ 921.821570][T18270] should_failslab+0xc2/0x120 [ 921.821607][T18270] __kmalloc_cache_noprof+0x7a/0x6f0 [ 921.821652][T18270] ? tipc_conn_alloc+0x48/0x590 [ 921.821683][T18270] ? net_generic+0xea/0x2a0 [ 921.821713][T18270] ? net_generic+0xea/0x2a0 [ 921.821751][T18270] tipc_conn_alloc+0x48/0x590 [ 921.821793][T18270] tipc_topsrv_kern_subscr+0x11c/0x3c0 [ 921.821840][T18270] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 921.821899][T18270] ? net_generic+0xea/0x2a0 [ 921.821951][T18270] tipc_group_create+0x4ab/0x660 [ 921.821999][T18270] tipc_setsockopt+0x611/0xe30 [ 921.822051][T18270] ? __pfx_tipc_setsockopt+0x10/0x10 [ 921.822116][T18270] ? __pfx_tipc_setsockopt+0x10/0x10 [ 921.822165][T18270] do_sock_setsockopt+0xf3/0x1d0 [ 921.822227][T18270] __sys_setsockopt+0x119/0x190 [ 921.822275][T18270] __x64_sys_setsockopt+0xbd/0x160 [ 921.822313][T18270] ? do_syscall_64+0x95/0xf80 [ 921.822353][T18270] ? lockdep_hardirqs_on+0x78/0x100 [ 921.822393][T18270] do_syscall_64+0x106/0xf80 [ 921.822431][T18270] ? clear_bhb_loop+0x40/0x90 [ 921.822474][T18270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 921.822511][T18270] RIP: 0033:0x7f9286b9c799 [ 921.822541][T18270] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 921.822575][T18270] RSP: 002b:00007f9287a38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 921.822608][T18270] RAX: ffffffffffffffda RBX: 00007f9286e15fa0 RCX: 00007f9286b9c799 [ 921.822632][T18270] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 921.822653][T18270] RBP: 00007f9287a38090 R08: 0000000000000014 R09: 0000000000000000 [ 921.822683][T18270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 921.822705][T18270] R13: 00007f9286e16038 R14: 00007f9286e15fa0 R15: 00007fffada20b18 [ 921.822750][T18270] [ 924.612530][T18294] FAULT_INJECTION: forcing a failure. [ 924.612530][T18294] name failslab, interval 1, probability 0, space 0, times 0 [ 924.844591][T18294] CPU: 0 UID: 0 PID: 18294 Comm: syz.1.2806 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 924.844658][T18294] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 924.844673][T18294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 924.844690][T18294] Call Trace: [ 924.844699][T18294] [ 924.844715][T18294] dump_stack_lvl+0x100/0x190 [ 924.844765][T18294] should_fail_ex.cold+0x5/0xa [ 924.844795][T18294] should_failslab+0xc2/0x120 [ 924.844822][T18294] __kmalloc_cache_noprof+0x7a/0x6f0 [ 924.844855][T18294] ? tipc_sub_subscribe+0x15c/0x730 [ 924.844884][T18294] ? find_held_lock+0x2b/0x80 [ 924.844914][T18294] tipc_sub_subscribe+0x15c/0x730 [ 924.844946][T18294] tipc_conn_rcv_sub+0x21e/0x3d0 [ 924.844976][T18294] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 924.845007][T18294] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 924.845038][T18294] ? net_generic+0xea/0x2a0 [ 924.845071][T18294] tipc_group_create+0x4ab/0x660 [ 924.845104][T18294] tipc_setsockopt+0x611/0xe30 [ 924.845142][T18294] ? __pfx_tipc_setsockopt+0x10/0x10 [ 924.845191][T18294] ? __pfx_tipc_setsockopt+0x10/0x10 [ 924.845230][T18294] do_sock_setsockopt+0xf3/0x1d0 [ 924.845285][T18294] __sys_setsockopt+0x119/0x190 [ 924.845321][T18294] __x64_sys_setsockopt+0xbd/0x160 [ 924.845350][T18294] ? do_syscall_64+0x95/0xf80 [ 924.845381][T18294] ? lockdep_hardirqs_on+0x78/0x100 [ 924.845411][T18294] do_syscall_64+0x106/0xf80 [ 924.845439][T18294] ? clear_bhb_loop+0x40/0x90 [ 924.845472][T18294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 924.845499][T18294] RIP: 0033:0x7fdea9f9c799 [ 924.845522][T18294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 924.845548][T18294] RSP: 002b:00007fdeaae38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 924.845573][T18294] RAX: ffffffffffffffda RBX: 00007fdeaa215fa0 RCX: 00007fdea9f9c799 [ 924.845592][T18294] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 924.845619][T18294] RBP: 00007fdeaa032bd9 R08: 0000000000000014 R09: 0000000000000000 [ 924.845635][T18294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 924.845651][T18294] R13: 00007fdeaa216038 R14: 00007fdeaa215fa0 R15: 00007ffff2113428 [ 924.845685][T18294] [ 925.170872][T18294] tipc: Subscription rejected, no memory [ 927.095741][T18321] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2809'. [ 929.127588][T18351] [U] [ 929.130458][T18351] [U] [ 929.133297][T18351] [U] [ 929.136168][T18351] [U] [ 929.181739][T18351] [U] [ 929.184562][T18351] [U] [ 929.187569][T18351] [U] [ 929.190351][T18351] [U] [ 929.304556][T18351] [U] [ 929.307343][T18351] [U] [ 929.310095][T18351] [U] [ 929.312992][T18351] [U] [ 929.383939][T18351] [U] [ 929.386716][T18351] [U] [ 929.389444][T18351] [U] [ 929.392262][T18351] [U] [ 929.451392][T18351] [U] [ 929.621765][T18359] FAULT_INJECTION: forcing a failure. [ 929.621765][T18359] name failslab, interval 1, probability 0, space 0, times 0 [ 929.634540][T18359] CPU: 0 UID: 0 PID: 18359 Comm: syz.4.2819 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 929.634612][T18359] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 929.634632][T18359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 929.634651][T18359] Call Trace: [ 929.634662][T18359] [ 929.634674][T18359] dump_stack_lvl+0x100/0x190 [ 929.634732][T18359] should_fail_ex.cold+0x5/0xa [ 929.634772][T18359] should_failslab+0xc2/0x120 [ 929.634808][T18359] __kmalloc_cache_noprof+0x7a/0x6f0 [ 929.634852][T18359] ? tipc_service_create+0xb1/0x340 [ 929.634906][T18359] tipc_service_create+0xb1/0x340 [ 929.634950][T18359] ? tipc_service_find+0x161/0x1c0 [ 929.634997][T18359] tipc_nametbl_subscribe+0x892/0xa80 [ 929.635054][T18359] ? __pfx_tipc_nametbl_subscribe+0x10/0x10 [ 929.635108][T18359] ? lockdep_init_map_type+0x5c/0x250 [ 929.635162][T18359] tipc_sub_subscribe+0x4ba/0x730 [ 929.635209][T18359] tipc_conn_rcv_sub+0x21e/0x3d0 [ 929.635248][T18359] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 929.635291][T18359] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 929.635335][T18359] ? net_generic+0xea/0x2a0 [ 929.635382][T18359] tipc_group_create+0x4ab/0x660 [ 929.635428][T18359] tipc_setsockopt+0x611/0xe30 [ 929.635491][T18359] ? __pfx_tipc_setsockopt+0x10/0x10 [ 929.635560][T18359] ? __pfx_tipc_setsockopt+0x10/0x10 [ 929.635614][T18359] do_sock_setsockopt+0xf3/0x1d0 [ 929.635670][T18359] __sys_setsockopt+0x119/0x190 [ 929.635720][T18359] __x64_sys_setsockopt+0xbd/0x160 [ 929.635759][T18359] ? do_syscall_64+0x95/0xf80 [ 929.635801][T18359] ? lockdep_hardirqs_on+0x78/0x100 [ 929.635843][T18359] do_syscall_64+0x106/0xf80 [ 929.635883][T18359] ? clear_bhb_loop+0x40/0x90 [ 929.635928][T18359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.635965][T18359] RIP: 0033:0x7f9286b9c799 [ 929.636000][T18359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 929.636033][T18359] RSP: 002b:00007f9287a38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 929.636065][T18359] RAX: ffffffffffffffda RBX: 00007f9286e15fa0 RCX: 00007f9286b9c799 [ 929.636089][T18359] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 929.636111][T18359] RBP: 00007f9286c32bd9 R08: 0000000000000014 R09: 0000000000000000 [ 929.636133][T18359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 929.636156][T18359] R13: 00007f9286e16038 R14: 00007f9286e15fa0 R15: 00007fffada20b18 [ 929.636199][T18359] [ 929.892887][T18359] tipc: Service creation failed, no memory [ 929.898783][T18359] tipc: Failed to subscribe for {2275641760,0,4294967295} [ 930.696501][T18376] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2823'. [ 931.673077][T18391] FAULT_INJECTION: forcing a failure. [ 931.673077][T18391] name fail_futex, interval 1, probability 0, space 0, times 0 [ 931.760972][T18391] CPU: 0 UID: 0 PID: 18391 Comm: syz.4.2830 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 931.761065][T18391] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 931.761109][T18391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 931.761130][T18391] Call Trace: [ 931.761143][T18391] [ 931.761158][T18391] dump_stack_lvl+0x100/0x190 [ 931.761214][T18391] should_fail_ex.cold+0x5/0xa [ 931.761254][T18391] get_futex_key+0x1d2/0x1620 [ 931.761300][T18391] ? __pfx_get_futex_key+0x10/0x10 [ 931.761358][T18391] ? lock_acquire+0x1cf/0x380 [ 931.761420][T18391] futex_wake+0xea/0x530 [ 931.761472][T18391] ? __pfx_futex_wake+0x10/0x10 [ 931.761530][T18391] ? exit_mm_release+0x19/0x30 [ 931.761711][T18391] do_futex+0x32b/0x350 [ 931.761760][T18391] ? __pfx_do_futex+0x10/0x10 [ 931.761799][T18391] ? __might_fault+0xc5/0x140 [ 931.761857][T18391] mm_release+0x24a/0x2f0 [ 931.761891][T18391] do_exit+0x675/0x2aa0 [ 931.761955][T18391] ? __pfx_do_exit+0x10/0x10 [ 931.761999][T18391] ? do_raw_spin_lock+0x128/0x260 [ 931.762047][T18391] ? find_held_lock+0x2b/0x80 [ 931.762076][T18391] ? get_signal+0x7e0/0x21e0 [ 931.762115][T18391] do_group_exit+0xd5/0x2a0 [ 931.762162][T18391] get_signal+0x1ec7/0x21e0 [ 931.762204][T18391] ? __local_bh_enable_ip+0x9e/0x120 [ 931.762240][T18391] ? tipc_setsockopt+0x412/0xe30 [ 931.762366][T18391] ? __pfx_get_signal+0x10/0x10 [ 931.762413][T18391] ? do_futex+0x192/0x350 [ 931.762537][T18391] arch_do_signal_or_restart+0x91/0x770 [ 931.762584][T18391] ? kfree+0x2ec/0x6b0 [ 931.762627][T18391] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 931.762690][T18391] ? __pfx___x64_sys_futex+0x10/0x10 [ 931.762743][T18391] exit_to_user_mode_loop+0x86/0x4a0 [ 931.762792][T18391] do_syscall_64+0x668/0xf80 [ 931.762832][T18391] ? clear_bhb_loop+0x40/0x90 [ 931.762873][T18391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.762909][T18391] RIP: 0033:0x7f9286b9c799 [ 931.762940][T18391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 931.762973][T18391] RSP: 002b:00007f9287a380e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 931.763006][T18391] RAX: fffffffffffffe00 RBX: 00007f9286e15fa8 RCX: 00007f9286b9c799 [ 931.763029][T18391] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9286e15fa8 [ 931.763050][T18391] RBP: 00007f9286e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 931.763072][T18391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 931.763093][T18391] R13: 00007f9286e16038 R14: 00007fffada20a30 R15: 00007fffada20b18 [ 931.763136][T18391] [ 932.059437][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.066944][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.319170][T18419] netlink: 'syz.1.2838': attribute type 1 has an invalid length. [ 935.038841][T18456] FAULT_INJECTION: forcing a failure. [ 935.038841][T18456] name failslab, interval 1, probability 0, space 0, times 0 [ 935.052118][T18456] CPU: 1 UID: 0 PID: 18456 Comm: syz.1.2845 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 935.052195][T18456] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 935.052218][T18456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 935.052240][T18456] Call Trace: [ 935.052252][T18456] [ 935.052267][T18456] dump_stack_lvl+0x100/0x190 [ 935.052329][T18456] should_fail_ex.cold+0x5/0xa [ 935.052373][T18456] should_failslab+0xc2/0x120 [ 935.052410][T18456] __kmalloc_cache_noprof+0x7a/0x6f0 [ 935.052458][T18456] ? tipc_service_create+0xb1/0x340 [ 935.052513][T18456] tipc_service_create+0xb1/0x340 [ 935.052557][T18456] ? tipc_service_find+0x161/0x1c0 [ 935.052604][T18456] tipc_nametbl_subscribe+0x892/0xa80 [ 935.052662][T18456] ? __pfx_tipc_nametbl_subscribe+0x10/0x10 [ 935.052717][T18456] ? lockdep_init_map_type+0x5c/0x250 [ 935.052773][T18456] tipc_sub_subscribe+0x4ba/0x730 [ 935.052821][T18456] tipc_conn_rcv_sub+0x21e/0x3d0 [ 935.052875][T18456] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 935.052919][T18456] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 935.052964][T18456] ? net_generic+0xea/0x2a0 [ 935.053013][T18456] tipc_group_create+0x4ab/0x660 [ 935.053061][T18456] tipc_setsockopt+0x611/0xe30 [ 935.053123][T18456] ? __pfx_tipc_setsockopt+0x10/0x10 [ 935.053194][T18456] ? __pfx_tipc_setsockopt+0x10/0x10 [ 935.053248][T18456] do_sock_setsockopt+0xf3/0x1d0 [ 935.053310][T18456] __sys_setsockopt+0x119/0x190 [ 935.053357][T18456] __x64_sys_setsockopt+0xbd/0x160 [ 935.053394][T18456] ? do_syscall_64+0x95/0xf80 [ 935.053437][T18456] ? lockdep_hardirqs_on+0x78/0x100 [ 935.053480][T18456] do_syscall_64+0x106/0xf80 [ 935.053519][T18456] ? clear_bhb_loop+0x40/0x90 [ 935.053564][T18456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 935.053603][T18456] RIP: 0033:0x7fdea9f9c799 [ 935.053637][T18456] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 935.053674][T18456] RSP: 002b:00007fdeaadf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 935.053710][T18456] RAX: ffffffffffffffda RBX: 00007fdeaa216180 RCX: 00007fdea9f9c799 [ 935.053736][T18456] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 935.053759][T18456] RBP: 00007fdeaa032bd9 R08: 0000000000000014 R09: 0000000000000000 [ 935.053783][T18456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 935.053807][T18456] R13: 00007fdeaa216218 R14: 00007fdeaa216180 R15: 00007ffff2113428 [ 935.053856][T18456] [ 935.307737][T18456] tipc: Service creation failed, no memory [ 935.313583][T18456] tipc: Failed to subscribe for {2866768288,0,4294967295} [ 937.940019][T18500] FAULT_INJECTION: forcing a failure. [ 937.940019][T18500] name failslab, interval 1, probability 0, space 0, times 0 [ 937.996515][T18500] CPU: 0 UID: 0 PID: 18500 Comm: syz.4.2855 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 937.996597][T18500] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 937.996617][T18500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 937.996638][T18500] Call Trace: [ 937.996650][T18500] [ 937.996663][T18500] dump_stack_lvl+0x100/0x190 [ 937.996720][T18500] should_fail_ex.cold+0x5/0xa [ 937.996762][T18500] should_failslab+0xc2/0x120 [ 937.996798][T18500] __kmalloc_cache_noprof+0x7a/0x6f0 [ 937.996842][T18500] ? proc_thread_self_get_link+0x1a6/0x210 [ 937.996901][T18500] proc_thread_self_get_link+0x1a6/0x210 [ 937.996953][T18500] pick_link+0xac2/0x13c0 [ 937.997002][T18500] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 937.997058][T18500] step_into_slowpath+0x9ba/0xf90 [ 937.997118][T18500] ? __pfx_step_into_slowpath+0x10/0x10 [ 937.997176][T18500] ? lookup_fast+0x2da/0x600 [ 937.997221][T18500] ? inode_permission+0x374/0x620 [ 937.997270][T18500] link_path_walk+0xf28/0x1cc0 [ 937.997337][T18500] path_openat+0x1be/0x31a0 [ 937.997368][T18500] ? kasan_save_stack+0x3f/0x50 [ 937.997435][T18500] ? kasan_save_stack+0x30/0x50 [ 937.997484][T18500] ? kasan_save_track+0x14/0x30 [ 937.997534][T18500] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 937.997601][T18500] ? __pfx_path_openat+0x10/0x10 [ 937.997651][T18500] do_file_open+0x20e/0x430 [ 937.997689][T18500] ? __pfx_do_file_open+0x10/0x10 [ 937.997754][T18500] ? alloc_fd+0x476/0x790 [ 937.997791][T18500] ? do_getname+0x191/0x390 [ 937.997838][T18500] do_sys_openat2+0x10d/0x1e0 [ 937.997882][T18500] ? __pfx_do_sys_openat2+0x10/0x10 [ 937.997943][T18500] __x64_sys_openat+0x12d/0x210 [ 937.997988][T18500] ? __pfx___x64_sys_openat+0x10/0x10 [ 937.998050][T18500] do_syscall_64+0x106/0xf80 [ 937.998090][T18500] ? clear_bhb_loop+0x40/0x90 [ 937.998133][T18500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.998168][T18500] RIP: 0033:0x7f9286b5cfce [ 937.998196][T18500] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 937.998229][T18500] RSP: 002b:00007f9287a37f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 937.998261][T18500] RAX: ffffffffffffffda RBX: 00007f9287a386c0 RCX: 00007f9286b5cfce [ 937.998284][T18500] RDX: 0000000000000002 RSI: 00007f9286c324e0 RDI: ffffffffffffff9c [ 937.998306][T18500] RBP: 00007f9286c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 937.998328][T18500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 937.998349][T18500] R13: 00007f9286e16038 R14: 00007f9286e15fa0 R15: 00007fffada20b18 [ 937.998394][T18500] [ 937.998862][T18500] FAULT_INJECTION: forcing a failure. [ 937.998862][T18500] name failslab, interval 1, probability 0, space 0, times 0 [ 938.298850][T18500] CPU: 0 UID: 0 PID: 18500 Comm: syz.4.2855 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 938.298920][T18500] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 938.298939][T18500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 938.298959][T18500] Call Trace: [ 938.298970][T18500] [ 938.298982][T18500] dump_stack_lvl+0x100/0x190 [ 938.299044][T18500] should_fail_ex.cold+0x5/0xa [ 938.299084][T18500] should_failslab+0xc2/0x120 [ 938.299120][T18500] __kmalloc_cache_noprof+0x7a/0x6f0 [ 938.299165][T18500] ? tipc_sub_subscribe+0x15c/0x730 [ 938.299205][T18500] ? find_held_lock+0x2b/0x80 [ 938.299244][T18500] tipc_sub_subscribe+0x15c/0x730 [ 938.299290][T18500] tipc_conn_rcv_sub+0x21e/0x3d0 [ 938.299331][T18500] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 938.299372][T18500] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 938.299414][T18500] ? net_generic+0xea/0x2a0 [ 938.299459][T18500] tipc_group_create+0x4ab/0x660 [ 938.299505][T18500] tipc_setsockopt+0x611/0xe30 [ 938.299556][T18500] ? __pfx_tipc_setsockopt+0x10/0x10 [ 938.299628][T18500] ? __pfx_tipc_setsockopt+0x10/0x10 [ 938.299675][T18500] do_sock_setsockopt+0xf3/0x1d0 [ 938.299731][T18500] __sys_setsockopt+0x119/0x190 [ 938.299779][T18500] __x64_sys_setsockopt+0xbd/0x160 [ 938.299815][T18500] ? do_syscall_64+0x95/0xf80 [ 938.299855][T18500] ? lockdep_hardirqs_on+0x78/0x100 [ 938.299895][T18500] do_syscall_64+0x106/0xf80 [ 938.299932][T18500] ? clear_bhb_loop+0x40/0x90 [ 938.299974][T18500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.300010][T18500] RIP: 0033:0x7f9286b9c799 [ 938.300039][T18500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 938.300072][T18500] RSP: 002b:00007f9287a38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 938.300105][T18500] RAX: ffffffffffffffda RBX: 00007f9286e15fa0 RCX: 00007f9286b9c799 [ 938.300129][T18500] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 938.300148][T18500] RBP: 00007f9287a38090 R08: 0000000000000014 R09: 0000000000000000 [ 938.300170][T18500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 938.300191][T18500] R13: 00007f9286e16038 R14: 00007f9286e15fa0 R15: 00007fffada20b18 [ 938.300237][T18500] [ 938.300251][T18500] tipc: Subscription rejected, no memory [ 938.692871][T15094] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 938.986164][T18510] netlink: 'syz.4.2856': attribute type 1 has an invalid length. [ 939.518260][T18518] vhci_hcd: not connected 4 [ 942.061885][T18540] FAULT_INJECTION: forcing a failure. [ 942.061885][T18540] name fail_futex, interval 1, probability 0, space 0, times 0 [ 942.079339][T18540] CPU: 1 UID: 0 PID: 18540 Comm: syz.2.2864 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 942.079411][T18540] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 942.079431][T18540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 942.079452][T18540] Call Trace: [ 942.079463][T18540] [ 942.079477][T18540] dump_stack_lvl+0x100/0x190 [ 942.079533][T18540] should_fail_ex.cold+0x5/0xa [ 942.079573][T18540] get_futex_key+0x295/0x1620 [ 942.079620][T18540] ? __pfx_get_futex_key+0x10/0x10 [ 942.079658][T18540] ? lock_acquire+0x1cf/0x380 [ 942.079714][T18540] futex_wake+0xea/0x530 [ 942.079771][T18540] ? __pfx_futex_wake+0x10/0x10 [ 942.079818][T18540] ? exit_mm_release+0x19/0x30 [ 942.079868][T18540] do_futex+0x32b/0x350 [ 942.079911][T18540] ? __pfx_do_futex+0x10/0x10 [ 942.079950][T18540] ? __might_fault+0xc5/0x140 [ 942.080008][T18540] mm_release+0x24a/0x2f0 [ 942.080043][T18540] do_exit+0x675/0x2aa0 [ 942.080094][T18540] ? __pfx_do_exit+0x10/0x10 [ 942.080137][T18540] ? do_raw_spin_lock+0x128/0x260 [ 942.080184][T18540] ? find_held_lock+0x2b/0x80 [ 942.080214][T18540] ? get_signal+0x7e0/0x21e0 [ 942.080252][T18540] do_group_exit+0xd5/0x2a0 [ 942.080308][T18540] get_signal+0x1ec7/0x21e0 [ 942.080354][T18540] ? ksys_write+0x190/0x250 [ 942.080409][T18540] ? __pfx_get_signal+0x10/0x10 [ 942.080447][T18540] ? do_futex+0x192/0x350 [ 942.080494][T18540] arch_do_signal_or_restart+0x91/0x770 [ 942.080540][T18540] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 942.080595][T18540] ? __pfx___x64_sys_futex+0x10/0x10 [ 942.080648][T18540] exit_to_user_mode_loop+0x86/0x4a0 [ 942.080697][T18540] do_syscall_64+0x668/0xf80 [ 942.080736][T18540] ? clear_bhb_loop+0x40/0x90 [ 942.080778][T18540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.080812][T18540] RIP: 0033:0x7f96afd9c799 [ 942.080840][T18540] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 942.080874][T18540] RSP: 002b:00007f96b0b950e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 942.080907][T18540] RAX: fffffffffffffe00 RBX: 00007f96b0015fa8 RCX: 00007f96afd9c799 [ 942.080930][T18540] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f96b0015fa8 [ 942.080951][T18540] RBP: 00007f96b0015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 942.080973][T18540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.080994][T18540] R13: 00007f96b0016038 R14: 00007ffea2932560 R15: 00007ffea2932648 [ 942.081038][T18540] [ 942.784458][T18560] FAULT_INJECTION: forcing a failure. [ 942.784458][T18560] name failslab, interval 1, probability 0, space 0, times 0 [ 942.809801][T18560] CPU: 0 UID: 0 PID: 18560 Comm: syz.1.2868 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 942.809869][T18560] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 942.809888][T18560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 942.809907][T18560] Call Trace: [ 942.809936][T18560] [ 942.809949][T18560] dump_stack_lvl+0x100/0x190 [ 942.810005][T18560] should_fail_ex.cold+0x5/0xa [ 942.810044][T18560] should_failslab+0xc2/0x120 [ 942.810079][T18560] __kmalloc_cache_noprof+0x7a/0x6f0 [ 942.810121][T18560] ? proc_thread_self_get_link+0x1a6/0x210 [ 942.810178][T18560] proc_thread_self_get_link+0x1a6/0x210 [ 942.810228][T18560] pick_link+0xac2/0x13c0 [ 942.810274][T18560] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 942.810328][T18560] step_into_slowpath+0x9ba/0xf90 [ 942.810387][T18560] ? __pfx_step_into_slowpath+0x10/0x10 [ 942.810442][T18560] ? lookup_fast+0x2da/0x600 [ 942.810495][T18560] ? inode_permission+0x374/0x620 [ 942.810542][T18560] link_path_walk+0xf28/0x1cc0 [ 942.810604][T18560] path_openat+0x1be/0x31a0 [ 942.810634][T18560] ? kasan_save_stack+0x3f/0x50 [ 942.810682][T18560] ? kasan_save_stack+0x30/0x50 [ 942.810729][T18560] ? kasan_save_track+0x14/0x30 [ 942.810777][T18560] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 942.810837][T18560] ? __pfx_path_openat+0x10/0x10 [ 942.810886][T18560] do_file_open+0x20e/0x430 [ 942.810929][T18560] ? __pfx_do_file_open+0x10/0x10 [ 942.810992][T18560] ? alloc_fd+0x476/0x790 [ 942.811028][T18560] ? do_getname+0x191/0x390 [ 942.811073][T18560] do_sys_openat2+0x10d/0x1e0 [ 942.811140][T18560] ? __pfx_do_sys_openat2+0x10/0x10 [ 942.811199][T18560] __x64_sys_openat+0x12d/0x210 [ 942.811244][T18560] ? __pfx___x64_sys_openat+0x10/0x10 [ 942.811305][T18560] do_syscall_64+0x106/0xf80 [ 942.811344][T18560] ? clear_bhb_loop+0x40/0x90 [ 942.811385][T18560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.811420][T18560] RIP: 0033:0x7fdea9f5cfce [ 942.811448][T18560] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 942.811490][T18560] RSP: 002b:00007fdeaae37f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 942.811523][T18560] RAX: ffffffffffffffda RBX: 00007fdeaae386c0 RCX: 00007fdea9f5cfce [ 942.811545][T18560] RDX: 0000000000000002 RSI: 00007fdeaa0324e0 RDI: ffffffffffffff9c [ 942.811566][T18560] RBP: 00007fdeaa032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 942.811585][T18560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 942.811606][T18560] R13: 00007fdeaa216038 R14: 00007fdeaa215fa0 R15: 00007ffff2113428 [ 942.811650][T18560] [ 942.812606][T18560] FAULT_INJECTION: forcing a failure. [ 942.812606][T18560] name failslab, interval 1, probability 0, space 0, times 0 [ 943.090907][T18560] CPU: 0 UID: 0 PID: 18560 Comm: syz.1.2868 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 943.090960][T18560] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 943.090974][T18560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 943.090989][T18560] Call Trace: [ 943.091000][T18560] [ 943.091010][T18560] dump_stack_lvl+0x100/0x190 [ 943.091052][T18560] should_fail_ex.cold+0x5/0xa [ 943.091080][T18560] should_failslab+0xc2/0x120 [ 943.091128][T18560] __kmalloc_cache_noprof+0x7a/0x6f0 [ 943.091158][T18560] ? tipc_service_create+0xb1/0x340 [ 943.091194][T18560] tipc_service_create+0xb1/0x340 [ 943.091228][T18560] ? tipc_service_find+0x161/0x1c0 [ 943.091259][T18560] tipc_nametbl_subscribe+0x892/0xa80 [ 943.091297][T18560] ? __pfx_tipc_nametbl_subscribe+0x10/0x10 [ 943.091334][T18560] ? lockdep_init_map_type+0x5c/0x250 [ 943.091371][T18560] tipc_sub_subscribe+0x4ba/0x730 [ 943.091402][T18560] tipc_conn_rcv_sub+0x21e/0x3d0 [ 943.091430][T18560] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 943.091458][T18560] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 943.091488][T18560] ? net_generic+0xea/0x2a0 [ 943.091519][T18560] tipc_group_create+0x4ab/0x660 [ 943.091551][T18560] tipc_setsockopt+0x611/0xe30 [ 943.091587][T18560] ? __pfx_tipc_setsockopt+0x10/0x10 [ 943.091633][T18560] ? __pfx_tipc_setsockopt+0x10/0x10 [ 943.091668][T18560] do_sock_setsockopt+0xf3/0x1d0 [ 943.091706][T18560] __sys_setsockopt+0x119/0x190 [ 943.091740][T18560] __x64_sys_setsockopt+0xbd/0x160 [ 943.091766][T18560] ? do_syscall_64+0x95/0xf80 [ 943.091794][T18560] ? lockdep_hardirqs_on+0x78/0x100 [ 943.091822][T18560] do_syscall_64+0x106/0xf80 [ 943.091850][T18560] ? clear_bhb_loop+0x40/0x90 [ 943.091880][T18560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.091906][T18560] RIP: 0033:0x7fdea9f9c799 [ 943.091927][T18560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.091951][T18560] RSP: 002b:00007fdeaae38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 943.091975][T18560] RAX: ffffffffffffffda RBX: 00007fdeaa215fa0 RCX: 00007fdea9f9c799 [ 943.091991][T18560] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 943.092006][T18560] RBP: 00007fdeaae38090 R08: 0000000000000014 R09: 0000000000000000 [ 943.092022][T18560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 943.092036][T18560] R13: 00007fdeaa216038 R14: 00007fdeaa215fa0 R15: 00007ffff2113428 [ 943.092067][T18560] [ 943.092077][T18560] tipc: Service creation failed, no memory [ 943.350953][T18560] tipc: Failed to subscribe for {2867038624,0,4294967295} [ 944.160575][T18581] FAULT_INJECTION: forcing a failure. [ 944.160575][T18581] name failslab, interval 1, probability 0, space 0, times 0 [ 944.212974][T18581] CPU: 1 UID: 0 PID: 18581 Comm: syz.3.2871 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 944.213050][T18581] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 944.213065][T18581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 944.213092][T18581] Call Trace: [ 944.213101][T18581] [ 944.213111][T18581] dump_stack_lvl+0x100/0x190 [ 944.213152][T18581] should_fail_ex.cold+0x5/0xa [ 944.213182][T18581] should_failslab+0xc2/0x120 [ 944.213207][T18581] __kmalloc_cache_noprof+0x7a/0x6f0 [ 944.213250][T18581] ? snd_info_text_entry_write+0x3d3/0x510 [ 944.213291][T18581] ? iovec_from_user+0xda/0x140 [ 944.213320][T18581] snd_info_text_entry_write+0x3d3/0x510 [ 944.213363][T18581] ? __pfx_snd_info_text_entry_write+0x10/0x10 [ 944.213402][T18581] proc_reg_write+0x240/0x330 [ 944.213441][T18581] ? __pfx_proc_reg_write+0x10/0x10 [ 944.213474][T18581] vfs_writev+0x5ea/0xe10 [ 944.213510][T18581] ? rcu_is_watching+0x12/0xc0 [ 944.213555][T18581] ? __pfx_vfs_writev+0x10/0x10 [ 944.213589][T18581] ? fdget_pos+0x2aa/0x380 [ 944.213615][T18581] ? find_held_lock+0x2b/0x80 [ 944.213655][T18581] ? __fget_files+0x21f/0x3d0 [ 944.213701][T18581] ? do_writev+0x13e/0x340 [ 944.213735][T18581] do_writev+0x13e/0x340 [ 944.213772][T18581] ? __pfx_do_writev+0x10/0x10 [ 944.213817][T18581] do_syscall_64+0x106/0xf80 [ 944.213845][T18581] ? clear_bhb_loop+0x40/0x90 [ 944.213875][T18581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.213900][T18581] RIP: 0033:0x7fed8879c799 [ 944.213921][T18581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 944.213945][T18581] RSP: 002b:00007fed8957e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 944.213968][T18581] RAX: ffffffffffffffda RBX: 00007fed88a15fa0 RCX: 00007fed8879c799 [ 944.213984][T18581] RDX: 0000000000000009 RSI: 0000200000000200 RDI: 0000000000000004 [ 944.214000][T18581] RBP: 00007fed8957e090 R08: 0000000000000000 R09: 0000000000000000 [ 944.214015][T18581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 944.214035][T18581] R13: 00007fed88a16038 R14: 00007fed88a15fa0 R15: 00007ffe61326c48 [ 944.214066][T18581] [ 944.999205][T18589] netlink: 'syz.3.2872': attribute type 1 has an invalid length. [ 947.754375][T18609] [U] [ 947.757282][T18609] [U] [ 947.760049][T18609] [U] [ 947.762828][T18609] [U] [ 947.797381][T18609] [U] [ 947.800181][T18609] [U] [ 947.802929][T18609] [U] [ 947.805675][T18609] [U] [ 947.857336][T18609] [U] [ 947.860156][T18609] [U] [ 947.862934][T18609] [U] [ 947.865699][T18609] [U] [ 947.903916][T18609] [U] [ 947.906739][T18609] [U] [ 947.909518][T18609] [U] [ 947.912291][T18609] [U] [ 947.928137][T18609] [U] [ 947.930985][T18609] [U] [ 947.933747][T18609] [U] [ 947.936507][T18609] [U] [ 947.966801][T18609] [U] [ 947.969621][T18609] [U] [ 947.972484][T18609] [U] [ 947.975254][T18609] [U] [ 947.991091][T18609] [U] [ 949.189633][T18646] FAULT_INJECTION: forcing a failure. [ 949.189633][T18646] name failslab, interval 1, probability 0, space 0, times 0 [ 949.239393][T18646] CPU: 0 UID: 0 PID: 18646 Comm: syz.3.2887 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 949.239465][T18646] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 949.239485][T18646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 949.239504][T18646] Call Trace: [ 949.239516][T18646] [ 949.239529][T18646] dump_stack_lvl+0x100/0x190 [ 949.239586][T18646] should_fail_ex.cold+0x5/0xa [ 949.239626][T18646] should_failslab+0xc2/0x120 [ 949.239659][T18646] __kmalloc_cache_noprof+0x7a/0x6f0 [ 949.239715][T18646] ? proc_thread_self_get_link+0x1a6/0x210 [ 949.239773][T18646] proc_thread_self_get_link+0x1a6/0x210 [ 949.239823][T18646] pick_link+0xac2/0x13c0 [ 949.239869][T18646] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 949.239924][T18646] step_into_slowpath+0x9ba/0xf90 [ 949.239983][T18646] ? __pfx_step_into_slowpath+0x10/0x10 [ 949.240041][T18646] ? lookup_fast+0x2da/0x600 [ 949.240083][T18646] ? inode_permission+0x374/0x620 [ 949.240132][T18646] link_path_walk+0xf28/0x1cc0 [ 949.240196][T18646] path_openat+0x1be/0x31a0 [ 949.240245][T18646] ? kasan_save_stack+0x3f/0x50 [ 949.240293][T18646] ? kasan_save_stack+0x30/0x50 [ 949.240340][T18646] ? kasan_save_track+0x14/0x30 [ 949.240387][T18646] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 949.240447][T18646] ? __pfx_path_openat+0x10/0x10 [ 949.240495][T18646] do_file_open+0x20e/0x430 [ 949.240533][T18646] ? __pfx_do_file_open+0x10/0x10 [ 949.240599][T18646] ? alloc_fd+0x476/0x790 [ 949.240634][T18646] ? do_getname+0x191/0x390 [ 949.240680][T18646] do_sys_openat2+0x10d/0x1e0 [ 949.240731][T18646] ? __pfx_do_sys_openat2+0x10/0x10 [ 949.240791][T18646] __x64_sys_openat+0x12d/0x210 [ 949.240834][T18646] ? __pfx___x64_sys_openat+0x10/0x10 [ 949.240894][T18646] do_syscall_64+0x106/0xf80 [ 949.240933][T18646] ? clear_bhb_loop+0x40/0x90 [ 949.240975][T18646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 949.241010][T18646] RIP: 0033:0x7fed8875cfce [ 949.241037][T18646] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 949.241069][T18646] RSP: 002b:00007fed8957df98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 949.241102][T18646] RAX: ffffffffffffffda RBX: 00007fed8957e6c0 RCX: 00007fed8875cfce [ 949.241126][T18646] RDX: 0000000000000002 RSI: 00007fed888324e0 RDI: ffffffffffffff9c [ 949.241148][T18646] RBP: 00007fed88832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 949.241170][T18646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 949.241189][T18646] R13: 00007fed88a16038 R14: 00007fed88a15fa0 R15: 00007ffe61326c48 [ 949.241234][T18646] [ 949.586893][T18646] FAULT_INJECTION: forcing a failure. [ 949.586893][T18646] name failslab, interval 1, probability 0, space 0, times 0 [ 949.599718][T18646] CPU: 1 UID: 0 PID: 18646 Comm: syz.3.2887 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 949.599789][T18646] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 949.599807][T18646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 949.599835][T18646] Call Trace: [ 949.599849][T18646] [ 949.599863][T18646] dump_stack_lvl+0x100/0x190 [ 949.599917][T18646] should_fail_ex.cold+0x5/0xa [ 949.599956][T18646] should_failslab+0xc2/0x120 [ 949.599992][T18646] __kmalloc_cache_noprof+0x7a/0x6f0 [ 949.600035][T18646] ? tipc_nametbl_insert_publ+0x5a/0x1570 [ 949.600088][T18646] tipc_nametbl_insert_publ+0x5a/0x1570 [ 949.600134][T18646] ? do_raw_spin_lock+0x128/0x260 [ 949.600184][T18646] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 949.600245][T18646] tipc_nametbl_publish+0x137/0x260 [ 949.600295][T18646] tipc_sk_publish+0x1d8/0x430 [ 949.600343][T18646] ? __pfx_tipc_sk_publish+0x10/0x10 [ 949.600392][T18646] ? tipc_group_create+0x4c0/0x660 [ 949.600435][T18646] tipc_setsockopt+0x7af/0xe30 [ 949.600484][T18646] ? __pfx_tipc_setsockopt+0x10/0x10 [ 949.600548][T18646] ? __pfx_tipc_setsockopt+0x10/0x10 [ 949.600597][T18646] do_sock_setsockopt+0xf3/0x1d0 [ 949.600651][T18646] __sys_setsockopt+0x119/0x190 [ 949.600697][T18646] __x64_sys_setsockopt+0xbd/0x160 [ 949.600734][T18646] ? do_syscall_64+0x95/0xf80 [ 949.600772][T18646] ? lockdep_hardirqs_on+0x78/0x100 [ 949.600811][T18646] do_syscall_64+0x106/0xf80 [ 949.600855][T18646] ? clear_bhb_loop+0x40/0x90 [ 949.600898][T18646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 949.600934][T18646] RIP: 0033:0x7fed8879c799 [ 949.600964][T18646] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 949.600998][T18646] RSP: 002b:00007fed8957e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 949.601030][T18646] RAX: ffffffffffffffda RBX: 00007fed88a15fa0 RCX: 00007fed8879c799 [ 949.601054][T18646] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 949.601073][T18646] RBP: 00007fed8957e090 R08: 0000000000000014 R09: 0000000000000000 [ 949.601093][T18646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 949.601113][T18646] R13: 00007fed88a16038 R14: 00007fed88a15fa0 R15: 00007ffe61326c48 [ 949.601158][T18646] [ 950.381296][T18657] FAULT_INJECTION: forcing a failure. [ 950.381296][T18657] name failslab, interval 1, probability 0, space 0, times 0 [ 950.435901][T18657] CPU: 0 UID: 0 PID: 18657 Comm: syz.2.2890 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 950.435980][T18657] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 950.436002][T18657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 950.436024][T18657] Call Trace: [ 950.436036][T18657] [ 950.436051][T18657] dump_stack_lvl+0x100/0x190 [ 950.436112][T18657] should_fail_ex.cold+0x5/0xa [ 950.436153][T18657] should_failslab+0xc2/0x120 [ 950.436191][T18657] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 950.436247][T18657] ? __d_alloc+0x34/0xa80 [ 950.436283][T18657] ? lockdep_init_map_type+0x5c/0x250 [ 950.436338][T18657] __d_alloc+0x34/0xa80 [ 950.436380][T18657] d_alloc_pseudo+0x1c/0xc0 [ 950.436429][T18657] alloc_file_pseudo+0xcf/0x230 [ 950.436476][T18657] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 950.436521][T18657] ? alloc_fd+0x476/0x790 [ 950.436561][T18657] sock_alloc_file+0x50/0x210 [ 950.436610][T18657] __sys_socket+0x1c0/0x260 [ 950.436662][T18657] ? fput+0x79/0x100 [ 950.436700][T18657] ? __pfx___sys_socket+0x10/0x10 [ 950.436752][T18657] ? ksys_write+0x1ac/0x250 [ 950.436807][T18657] ? __pfx_ksys_write+0x10/0x10 [ 950.436881][T18657] __x64_sys_socket+0x72/0xb0 [ 950.436932][T18657] ? lockdep_hardirqs_on+0x78/0x100 [ 950.436971][T18657] do_syscall_64+0x106/0xf80 [ 950.437007][T18657] ? clear_bhb_loop+0x40/0x90 [ 950.437049][T18657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.437086][T18657] RIP: 0033:0x7f96afd9c799 [ 950.437117][T18657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 950.437151][T18657] RSP: 002b:00007f96b0b95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 950.437183][T18657] RAX: ffffffffffffffda RBX: 00007f96b0015fa0 RCX: 00007f96afd9c799 [ 950.437206][T18657] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 950.437228][T18657] RBP: 00007f96afe32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 950.437250][T18657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 950.437272][T18657] R13: 00007f96b0016038 R14: 00007f96b0015fa0 R15: 00007ffea2932648 [ 950.437316][T18657] [ 951.358222][T18652] FAULT_INJECTION: forcing a failure. [ 951.358222][T18652] name fail_futex, interval 1, probability 0, space 0, times 0 [ 951.372610][T18652] CPU: 0 UID: 0 PID: 18652 Comm: syz.3.2889 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 951.372685][T18652] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 951.372715][T18652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 951.372736][T18652] Call Trace: [ 951.372748][T18652] [ 951.372762][T18652] dump_stack_lvl+0x100/0x190 [ 951.372822][T18652] should_fail_ex.cold+0x5/0xa [ 951.372864][T18652] get_futex_key+0x295/0x1620 [ 951.372913][T18652] ? __pfx_get_futex_key+0x10/0x10 [ 951.372958][T18652] ? lock_acquire+0x1cf/0x380 [ 951.373019][T18652] futex_wake+0xea/0x530 [ 951.373076][T18652] ? __pfx_futex_wake+0x10/0x10 [ 951.373133][T18652] ? exit_mm_release+0x19/0x30 [ 951.373195][T18652] do_futex+0x32b/0x350 [ 951.373243][T18652] ? __pfx_do_futex+0x10/0x10 [ 951.373289][T18652] ? __might_fault+0xc5/0x140 [ 951.373349][T18652] mm_release+0x24a/0x2f0 [ 951.373387][T18652] do_exit+0x675/0x2aa0 [ 951.373439][T18652] ? __pfx_do_exit+0x10/0x10 [ 951.373486][T18652] ? do_raw_spin_lock+0x128/0x260 [ 951.373536][T18652] ? find_held_lock+0x2b/0x80 [ 951.373567][T18652] ? get_signal+0x7e0/0x21e0 [ 951.373608][T18652] do_group_exit+0xd5/0x2a0 [ 951.373659][T18652] get_signal+0x1ec7/0x21e0 [ 951.373713][T18652] ? ksys_write+0x190/0x250 [ 951.373771][T18652] ? __pfx_get_signal+0x10/0x10 [ 951.373811][T18652] ? do_futex+0x192/0x350 [ 951.373862][T18652] arch_do_signal_or_restart+0x91/0x770 [ 951.373910][T18652] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 951.373966][T18652] ? __pfx___x64_sys_futex+0x10/0x10 [ 951.374023][T18652] exit_to_user_mode_loop+0x86/0x4a0 [ 951.374073][T18652] do_syscall_64+0x668/0xf80 [ 951.374114][T18652] ? clear_bhb_loop+0x40/0x90 [ 951.374157][T18652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 951.374194][T18652] RIP: 0033:0x7fed8879c799 [ 951.374224][T18652] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 951.374259][T18652] RSP: 002b:00007fed8957e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 951.374292][T18652] RAX: fffffffffffffe00 RBX: 00007fed88a15fa8 RCX: 00007fed8879c799 [ 951.374317][T18652] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fed88a15fa8 [ 951.374339][T18652] RBP: 00007fed88a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 951.374361][T18652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 951.374381][T18652] R13: 00007fed88a16038 R14: 00007ffe61326b60 R15: 00007ffe61326c48 [ 951.374427][T18652] [ 958.986511][T18778] FAULT_INJECTION: forcing a failure. [ 958.986511][T18778] name fail_futex, interval 1, probability 0, space 0, times 0 [ 959.007010][T18778] CPU: 0 UID: 0 PID: 18778 Comm: syz.1.2912 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 959.007079][T18778] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 959.007098][T18778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 959.007118][T18778] Call Trace: [ 959.007129][T18778] [ 959.007143][T18778] dump_stack_lvl+0x100/0x190 [ 959.007205][T18778] should_fail_ex.cold+0x5/0xa [ 959.007244][T18778] get_futex_key+0x295/0x1620 [ 959.007288][T18778] ? __pfx_get_futex_key+0x10/0x10 [ 959.007325][T18778] ? lock_acquire+0x1cf/0x380 [ 959.007380][T18778] futex_wake+0xea/0x530 [ 959.007431][T18778] ? __pfx_futex_wake+0x10/0x10 [ 959.007476][T18778] ? exit_mm_release+0x19/0x30 [ 959.007526][T18778] do_futex+0x32b/0x350 [ 959.007567][T18778] ? __pfx_do_futex+0x10/0x10 [ 959.007600][T18778] ? __might_fault+0xc5/0x140 [ 959.007652][T18778] mm_release+0x24a/0x2f0 [ 959.007686][T18778] do_exit+0x675/0x2aa0 [ 959.007742][T18778] ? __pfx_do_exit+0x10/0x10 [ 959.007875][T18778] ? do_raw_spin_lock+0x128/0x260 [ 959.007924][T18778] ? find_held_lock+0x2b/0x80 [ 959.007988][T18778] ? get_signal+0x7e0/0x21e0 [ 959.008026][T18778] do_group_exit+0xd5/0x2a0 [ 959.008082][T18778] get_signal+0x1ec7/0x21e0 [ 959.008123][T18778] ? ksys_write+0x190/0x250 [ 959.008165][T18778] ? __pfx_get_signal+0x10/0x10 [ 959.008193][T18778] ? do_futex+0x192/0x350 [ 959.008228][T18778] arch_do_signal_or_restart+0x91/0x770 [ 959.008262][T18778] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 959.008303][T18778] ? __pfx___x64_sys_futex+0x10/0x10 [ 959.008343][T18778] exit_to_user_mode_loop+0x86/0x4a0 [ 959.008380][T18778] do_syscall_64+0x668/0xf80 [ 959.008411][T18778] ? clear_bhb_loop+0x40/0x90 [ 959.008442][T18778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 959.008469][T18778] RIP: 0033:0x7fdea9f9c799 [ 959.008491][T18778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 959.008516][T18778] RSP: 002b:00007fdeaae380e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 959.008540][T18778] RAX: fffffffffffffe00 RBX: 00007fdeaa215fa8 RCX: 00007fdea9f9c799 [ 959.008558][T18778] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdeaa215fa8 [ 959.008574][T18778] RBP: 00007fdeaa215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 959.008589][T18778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 959.008605][T18778] R13: 00007fdeaa216038 R14: 00007ffff2113340 R15: 00007ffff2113428 [ 959.008637][T18778] [ 960.026449][T18797] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2918'. [ 960.059648][T18797] bridge0: port 3(netdevsim1) entered blocking state [ 960.068829][T18797] bridge0: port 3(netdevsim1) entered disabled state [ 960.076447][T18797] netdevsim netdevsim3 netdevsim1: entered allmulticast mode [ 960.088037][T18797] netdevsim netdevsim3 netdevsim1: entered promiscuous mode [ 960.112642][T18797] bridge0: port 3(netdevsim1) entered blocking state [ 960.119630][T18797] bridge0: port 3(netdevsim1) entered forwarding state [ 960.644069][T18798] [U] [ 960.646978][T18798] [U] [ 960.649758][T18798] [U] [ 960.652529][T18798] [U] [ 960.790869][T18798] [U] [ 960.793697][T18798] [U] [ 960.796466][T18798] [U] [ 960.799228][T18798] [U] [ 960.896309][T18798] [U] [ 960.899131][T18798] [U] [ 960.901912][T18798] [U] [ 960.904694][T18798] [U] [ 961.048352][T18798] [U] [ 962.330538][T18840] FAULT_INJECTION: forcing a failure. [ 962.330538][T18840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 962.386760][T18840] CPU: 1 UID: 0 PID: 18840 Comm: syz.2.2925 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 962.386825][T18840] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 962.386841][T18840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 962.386856][T18840] Call Trace: [ 962.386864][T18840] [ 962.386873][T18840] dump_stack_lvl+0x100/0x190 [ 962.386914][T18840] should_fail_ex.cold+0x5/0xa [ 962.386943][T18840] _copy_from_user+0x2e/0xd0 [ 962.386984][T18840] snd_info_text_entry_write+0x20e/0x510 [ 962.387028][T18840] ? __pfx_snd_info_text_entry_write+0x10/0x10 [ 962.387068][T18840] proc_reg_write+0x240/0x330 [ 962.387107][T18840] ? __pfx_proc_reg_write+0x10/0x10 [ 962.387141][T18840] vfs_writev+0x5ea/0xe10 [ 962.387176][T18840] ? rcu_is_watching+0x12/0xc0 [ 962.387220][T18840] ? __pfx_vfs_writev+0x10/0x10 [ 962.387254][T18840] ? fdget_pos+0x2aa/0x380 [ 962.387287][T18840] ? find_held_lock+0x2b/0x80 [ 962.387331][T18840] ? __fget_files+0x21f/0x3d0 [ 962.387377][T18840] ? do_writev+0x13e/0x340 [ 962.387411][T18840] do_writev+0x13e/0x340 [ 962.387447][T18840] ? __pfx_do_writev+0x10/0x10 [ 962.387495][T18840] do_syscall_64+0x106/0xf80 [ 962.387523][T18840] ? clear_bhb_loop+0x40/0x90 [ 962.387553][T18840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 962.387578][T18840] RIP: 0033:0x7f96afd9c799 [ 962.387606][T18840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 962.387630][T18840] RSP: 002b:00007f96b0b95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 962.387653][T18840] RAX: ffffffffffffffda RBX: 00007f96b0015fa0 RCX: 00007f96afd9c799 [ 962.387669][T18840] RDX: 0000000000000009 RSI: 0000200000000200 RDI: 0000000000000004 [ 962.387683][T18840] RBP: 00007f96b0b95090 R08: 0000000000000000 R09: 0000000000000000 [ 962.387698][T18840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 962.387712][T18840] R13: 00007f96b0016038 R14: 00007f96b0015fa0 R15: 00007ffea2932648 [ 962.387743][T18840] [ 965.449609][T18884] netlink: 'syz.3.2934': attribute type 1 has an invalid length. [ 966.001131][T18877] [U] [ 966.004050][T18877] [U] [ 966.006824][T18877] [U] [ 966.009595][T18877] [U] [ 966.079964][T18877] [U] [ 966.082835][T18877] [U] [ 966.085560][T18877] [U] [ 966.088280][T18877] [U] [ 966.110136][T18877] [U] [ 966.112926][T18877] [U] [ 966.115667][T18877] [U] [ 966.118483][T18877] [U] [ 966.184679][T18877] [U] [ 966.187465][T18877] [U] [ 966.190197][T18877] [U] [ 966.192920][T18877] [U] [ 966.209946][T18877] [U] [ 966.212709][T18877] [U] [ 966.215465][T18877] [U] [ 966.218205][T18877] [U] [ 966.232023][T18877] [U] [ 966.234899][T18877] [U] [ 966.237670][T18877] [U] [ 966.240449][T18877] [U] [ 966.280621][T18877] [U] [ 966.283440][T18877] [U] [ 966.286188][T18877] [U] [ 966.289101][T18877] [U] [ 966.320853][T18877] [U] [ 966.323912][T18877] [U] [ 966.326815][T18877] [U] [ 966.329573][T18877] [U] [ 966.419800][T18877] [U] [ 966.422599][T18877] [U] [ 966.425339][T18877] [U] [ 966.428208][T18877] [U] [ 966.513030][T18877] [U] [ 969.050282][T18944] FAULT_INJECTION: forcing a failure. [ 969.050282][T18944] name fail_futex, interval 1, probability 0, space 0, times 0 [ 969.068811][T18944] CPU: 0 UID: 0 PID: 18944 Comm: syz.3.2947 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 969.068898][T18944] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 969.068944][T18944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 969.068966][T18944] Call Trace: [ 969.068977][T18944] [ 969.068991][T18944] dump_stack_lvl+0x100/0x190 [ 969.069057][T18944] should_fail_ex.cold+0x5/0xa [ 969.069098][T18944] get_futex_key+0x295/0x1620 [ 969.069145][T18944] ? __pfx_get_futex_key+0x10/0x10 [ 969.069183][T18944] ? lock_acquire+0x1cf/0x380 [ 969.069241][T18944] futex_wake+0xea/0x530 [ 969.069298][T18944] ? __pfx_futex_wake+0x10/0x10 [ 969.069350][T18944] ? exit_mm_release+0x19/0x30 [ 969.069404][T18944] do_futex+0x32b/0x350 [ 969.069448][T18944] ? __pfx_do_futex+0x10/0x10 [ 969.069488][T18944] ? __might_fault+0xc5/0x140 [ 969.069547][T18944] mm_release+0x24a/0x2f0 [ 969.069584][T18944] do_exit+0x675/0x2aa0 [ 969.069635][T18944] ? __pfx_do_exit+0x10/0x10 [ 969.069680][T18944] ? do_raw_spin_lock+0x128/0x260 [ 969.069729][T18944] ? find_held_lock+0x2b/0x80 [ 969.069760][T18944] ? get_signal+0x7e0/0x21e0 [ 969.069800][T18944] do_group_exit+0xd5/0x2a0 [ 969.069849][T18944] get_signal+0x1ec7/0x21e0 [ 969.069894][T18944] ? ksys_write+0x190/0x250 [ 969.069952][T18944] ? __pfx_get_signal+0x10/0x10 [ 969.069991][T18944] ? do_futex+0x192/0x350 [ 969.070046][T18944] arch_do_signal_or_restart+0x91/0x770 [ 969.070088][T18944] ? kfree+0x2ec/0x6b0 [ 969.070129][T18944] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 969.070183][T18944] ? __pfx___x64_sys_futex+0x10/0x10 [ 969.070238][T18944] exit_to_user_mode_loop+0x86/0x4a0 [ 969.070287][T18944] do_syscall_64+0x668/0xf80 [ 969.070326][T18944] ? clear_bhb_loop+0x40/0x90 [ 969.070368][T18944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 969.070404][T18944] RIP: 0033:0x7fed8879c799 [ 969.070432][T18944] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 969.070466][T18944] RSP: 002b:00007fed8957e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 969.070498][T18944] RAX: fffffffffffffe00 RBX: 00007fed88a15fa8 RCX: 00007fed8879c799 [ 969.070522][T18944] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fed88a15fa8 [ 969.070543][T18944] RBP: 00007fed88a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 969.070564][T18944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 969.070585][T18944] R13: 00007fed88a16038 R14: 00007ffe61326b60 R15: 00007ffe61326c48 [ 969.070630][T18944] [ 970.887076][T18957] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2953'. [ 970.952071][T18957] bridge0: port 4(netdevsim1) entered blocking state [ 970.985695][T18957] bridge0: port 4(netdevsim1) entered disabled state [ 970.992711][T18957] netdevsim netdevsim2 netdevsim1: entered allmulticast mode [ 971.034586][T18957] netdevsim netdevsim2 netdevsim1: entered promiscuous mode [ 971.081249][T18957] bridge0: port 4(netdevsim1) entered blocking state [ 971.088225][T18957] bridge0: port 4(netdevsim1) entered forwarding state [ 972.003553][T18976] FAULT_INJECTION: forcing a failure. [ 972.003553][T18976] name fail_futex, interval 1, probability 0, space 0, times 0 [ 972.018426][T18976] CPU: 0 UID: 0 PID: 18976 Comm: syz.2.2957 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 972.018489][T18976] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 972.018503][T18976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 972.018518][T18976] Call Trace: [ 972.018527][T18976] [ 972.018537][T18976] dump_stack_lvl+0x100/0x190 [ 972.018578][T18976] should_fail_ex.cold+0x5/0xa [ 972.018606][T18976] get_futex_key+0x295/0x1620 [ 972.018640][T18976] ? __pfx_get_futex_key+0x10/0x10 [ 972.018667][T18976] ? lock_acquire+0x1cf/0x380 [ 972.018707][T18976] futex_wake+0xea/0x530 [ 972.018746][T18976] ? __pfx_futex_wake+0x10/0x10 [ 972.018784][T18976] ? exit_mm_release+0x19/0x30 [ 972.018822][T18976] do_futex+0x32b/0x350 [ 972.018853][T18976] ? __pfx_do_futex+0x10/0x10 [ 972.018882][T18976] ? __might_fault+0xc5/0x140 [ 972.018929][T18976] mm_release+0x24a/0x2f0 [ 972.018955][T18976] do_exit+0x675/0x2aa0 [ 972.018991][T18976] ? __pfx_do_exit+0x10/0x10 [ 972.019023][T18976] ? do_raw_spin_lock+0x128/0x260 [ 972.019058][T18976] ? find_held_lock+0x2b/0x80 [ 972.019080][T18976] ? get_signal+0x7e0/0x21e0 [ 972.019107][T18976] do_group_exit+0xd5/0x2a0 [ 972.019142][T18976] get_signal+0x1ec7/0x21e0 [ 972.019175][T18976] ? ksys_write+0x190/0x250 [ 972.019215][T18976] ? __pfx_get_signal+0x10/0x10 [ 972.019241][T18976] ? do_futex+0x192/0x350 [ 972.019275][T18976] arch_do_signal_or_restart+0x91/0x770 [ 972.019305][T18976] ? kfree+0x2ec/0x6b0 [ 972.019335][T18976] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 972.019373][T18976] ? __pfx___x64_sys_futex+0x10/0x10 [ 972.019412][T18976] exit_to_user_mode_loop+0x86/0x4a0 [ 972.019447][T18976] do_syscall_64+0x668/0xf80 [ 972.019476][T18976] ? clear_bhb_loop+0x40/0x90 [ 972.019505][T18976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 972.019531][T18976] RIP: 0033:0x7f96afd9c799 [ 972.019551][T18976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 972.019575][T18976] RSP: 002b:00007f96b0b950e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 972.019598][T18976] RAX: fffffffffffffe00 RBX: 00007f96b0015fa8 RCX: 00007f96afd9c799 [ 972.019614][T18976] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f96b0015fa8 [ 972.019629][T18976] RBP: 00007f96b0015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 972.019644][T18976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 972.019658][T18976] R13: 00007f96b0016038 R14: 00007ffea2932560 R15: 00007ffea2932648 [ 972.019688][T18976] [ 975.987907][T19031] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2966'. [ 993.270040][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.276645][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1003.372068][ T9097] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1003.387126][ T9097] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1003.400841][ T9097] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1003.423551][ T9097] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1003.445224][ T9097] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1003.683019][T14813] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.900811][T14813] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.063833][T14813] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.160714][T14813] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.641102][T14813] bridge_slave_1: left allmulticast mode [ 1004.671368][T14813] bridge_slave_1: left promiscuous mode [ 1004.677372][T14813] bridge0: port 2(bridge_slave_1) entered disabled state [ 1004.715380][T14813] bridge_slave_0: left allmulticast mode [ 1004.742595][T14813] bridge_slave_0: left promiscuous mode [ 1004.751765][T14813] bridge0: port 1(bridge_slave_0) entered disabled state [ 1005.277550][T14813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1005.331623][T14813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1005.364352][T14813] bond0 (unregistering): Released all slaves [ 1005.430540][T20886] chnl_net:caif_netlink_parms(): no params data found [ 1005.508838][ T9097] Bluetooth: hci2: command tx timeout [ 1006.088602][T20886] bridge0: port 1(bridge_slave_0) entered blocking state [ 1006.114195][T20886] bridge0: port 1(bridge_slave_0) entered disabled state [ 1006.138108][T20886] bridge_slave_0: entered allmulticast mode [ 1006.165676][T20886] bridge_slave_0: entered promiscuous mode [ 1006.189521][T20886] bridge0: port 2(bridge_slave_1) entered blocking state [ 1006.196858][T20886] bridge0: port 2(bridge_slave_1) entered disabled state [ 1006.227954][T20886] bridge_slave_1: entered allmulticast mode [ 1006.236721][T20886] bridge_slave_1: entered promiscuous mode [ 1006.417723][T14813] hsr_slave_0: left promiscuous mode [ 1006.460852][T14813] hsr_slave_1: left promiscuous mode [ 1006.478794][T14813] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1006.486291][T14813] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1006.527704][T14813] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1006.554889][T14813] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1006.601079][T14813] veth0_macvtap: left promiscuous mode [ 1007.282279][T14813] team0 (unregistering): Port device team_slave_1 removed [ 1007.328085][T14813] team0 (unregistering): Port device team_slave_0 removed [ 1007.577155][ T9097] Bluetooth: hci2: command tx timeout [ 1007.621429][T20886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1007.679445][T20886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1007.810836][T20886] team0: Port device team_slave_0 added [ 1007.869263][T20886] team0: Port device team_slave_1 added [ 1008.003291][T20886] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1008.026907][T20886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1008.087300][T20886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1008.139265][T20886] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1008.146286][T20886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1008.223837][T20886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1008.414039][T20886] hsr_slave_0: entered promiscuous mode [ 1008.440538][T20886] hsr_slave_1: entered promiscuous mode [ 1008.462360][T20886] debugfs: 'hsr0' already exists in 'hsr' [ 1008.476706][T20886] Cannot create hsr debugfs directory [ 1009.656151][ T9097] Bluetooth: hci2: command tx timeout [ 1010.161286][T20886] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1010.194593][T20886] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1010.217193][T20886] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1010.259249][T20886] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1010.512091][T20886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1010.579773][T20886] 8021q: adding VLAN 0 to HW filter on device team0 [ 1010.611120][T13816] bridge0: port 1(bridge_slave_0) entered blocking state [ 1010.618411][T13816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1010.652238][T13816] bridge0: port 2(bridge_slave_1) entered blocking state [ 1010.659545][T13816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1011.533614][T20886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1011.747796][ T9097] Bluetooth: hci2: command tx timeout [ 1012.297305][T20886] veth0_vlan: entered promiscuous mode [ 1012.351888][T20886] veth1_vlan: entered promiscuous mode [ 1012.464086][T20886] veth0_macvtap: entered promiscuous mode [ 1012.500710][T20886] veth1_macvtap: entered promiscuous mode [ 1012.579393][T20886] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1012.610643][T20886] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1012.644823][T13816] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.656150][T13816] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.686360][T13816] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1012.709262][T13816] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1013.040098][ T9120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1013.060759][ T9120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1013.162963][T13816] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1013.184721][T13816] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1013.447499][T21442] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4415'. [ 1013.799582][T21453] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4804'. [ 1013.843700][T15094] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1013.874259][T15094] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1013.887450][T15094] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1013.912220][T15094] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1013.944186][T15094] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1014.760371][T13810] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1014.948698][T13810] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1015.083940][T21460] chnl_net:caif_netlink_parms(): no params data found [ 1015.140867][T13810] bridge0: port 3(netdevsim1) entered disabled state [ 1015.198965][T13810] netdevsim netdevsim3 netdevsim1 (unregistering): left allmulticast mode [ 1015.214862][T13810] netdevsim netdevsim3 netdevsim1 (unregistering): left promiscuous mode [ 1015.228900][T13810] bridge0: port 3(netdevsim1) entered disabled state [ 1015.242357][T13810] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1015.408452][T21460] bridge0: port 1(bridge_slave_0) entered blocking state [ 1015.420029][T21460] bridge0: port 1(bridge_slave_0) entered disabled state [ 1015.429349][T21460] bridge_slave_0: entered allmulticast mode [ 1015.440537][T21460] bridge_slave_0: entered promiscuous mode [ 1015.478257][T13810] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1015.498628][T21460] bridge0: port 2(bridge_slave_1) entered blocking state [ 1015.510447][T21460] bridge0: port 2(bridge_slave_1) entered disabled state [ 1015.523310][T21460] bridge_slave_1: entered allmulticast mode [ 1015.531126][T21460] bridge_slave_1: entered promiscuous mode [ 1015.636545][T21460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1015.665700][T21460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1015.796974][T21460] team0: Port device team_slave_0 added [ 1015.836978][T21460] team0: Port device team_slave_1 added [ 1015.888915][T21512] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4831'. [ 1015.920174][T13810] bridge_slave_1: left allmulticast mode [ 1015.935294][T13810] bridge_slave_1: left promiscuous mode [ 1015.941193][T13810] bridge0: port 2(bridge_slave_1) entered disabled state [ 1015.972619][T13810] bridge_slave_0: left allmulticast mode [ 1015.981282][T13810] bridge_slave_0: left promiscuous mode [ 1016.006805][T13810] bridge0: port 1(bridge_slave_0) entered disabled state [ 1016.062702][T15094] Bluetooth: hci4: command tx timeout [ 1016.401529][T13810] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1016.423673][T13810] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1016.435686][T13810] bond0 (unregistering): Released all slaves [ 1016.473715][T21460] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1016.480751][T21460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1016.543582][T21460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1016.565056][T21460] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1016.572154][T21460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1016.608599][T21460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1016.838202][T21460] hsr_slave_0: entered promiscuous mode [ 1016.855093][T21460] hsr_slave_1: entered promiscuous mode [ 1016.861924][T21460] debugfs: 'hsr0' already exists in 'hsr' [ 1016.887777][T21460] Cannot create hsr debugfs directory [ 1017.079229][T13810] hsr_slave_0: left promiscuous mode [ 1017.086991][T13810] hsr_slave_1: left promiscuous mode [ 1017.097376][T13810] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1017.105060][T13810] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1017.114296][T13810] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1017.121753][T13810] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1017.163393][T13810] veth0_macvtap: left promiscuous mode [ 1017.169057][T13810] veth1_vlan: left promiscuous mode [ 1017.177901][T13810] veth0_vlan: left promiscuous mode [ 1017.571757][T13810] team0 (unregistering): Port device team_slave_1 removed [ 1017.607119][T13810] team0 (unregistering): Port device team_slave_0 removed [ 1017.875112][T21534] vhci_hcd vhci_hcd.2: SetHubDepth req not supported for USB 2.0 roothub [ 1018.133246][T15094] Bluetooth: hci4: command tx timeout [ 1019.520557][T21460] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1019.545752][T21460] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1019.569028][T21460] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1019.615873][T21460] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1019.779408][T21612] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4875'. [ 1019.834252][T21612] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4875'. [ 1019.865054][T21612] hsr_slave_0: left promiscuous mode [ 1019.882218][T21612] hsr_slave_1: left promiscuous mode [ 1020.005866][T21460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1020.053211][T21460] 8021q: adding VLAN 0 to HW filter on device team0 [ 1020.092380][T14812] bridge0: port 1(bridge_slave_0) entered blocking state [ 1020.099622][T14812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1020.139869][T14812] bridge0: port 2(bridge_slave_1) entered blocking state [ 1020.147147][T14812] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1020.211980][T15094] Bluetooth: hci4: command tx timeout [ 1020.485922][T21460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1020.567962][T21460] veth0_vlan: entered promiscuous mode [ 1020.590298][T21460] veth1_vlan: entered promiscuous mode [ 1020.643044][T21460] veth0_macvtap: entered promiscuous mode [ 1020.659453][T21460] veth1_macvtap: entered promiscuous mode [ 1020.689564][T21460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1020.713228][T21460] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1020.736427][T14813] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1020.759670][T14813] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1020.786149][T14813] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1020.796813][T14813] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1020.911683][T14812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1020.919592][T14812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1020.977635][T14813] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1020.987393][T14813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1021.598209][ T9097] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1021.636601][ T9097] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1021.653129][ T9097] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1021.666044][ T9097] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1021.680440][ T9097] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1021.879608][T21669] vhci_hcd vhci_hcd.2: SetHubDepth req not supported for USB 2.0 roothub [ 1022.296338][ T9097] Bluetooth: hci4: command tx timeout [ 1022.938052][T14812] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.325653][T14812] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.398667][T21663] chnl_net:caif_netlink_parms(): no params data found [ 1023.711554][T14812] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.806174][T21713] random: crng reseeded on system resumption [ 1023.809535][ T9097] Bluetooth: hci1: command tx timeout [ 1024.051322][T14812] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1024.184073][T21663] bridge0: port 1(bridge_slave_0) entered blocking state [ 1024.195483][T21663] bridge0: port 1(bridge_slave_0) entered disabled state [ 1024.205385][T21663] bridge_slave_0: entered allmulticast mode [ 1024.227137][T21663] bridge_slave_0: entered promiscuous mode [ 1024.244499][T21663] bridge0: port 2(bridge_slave_1) entered blocking state [ 1024.252860][T21663] bridge0: port 2(bridge_slave_1) entered disabled state [ 1024.264728][T21663] bridge_slave_1: entered allmulticast mode [ 1024.274786][T21663] bridge_slave_1: entered promiscuous mode [ 1024.358565][T21663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1024.402440][T21663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1024.571778][T21663] team0: Port device team_slave_0 added [ 1024.634083][T21663] team0: Port device team_slave_1 added [ 1024.762903][T21663] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1024.788545][T21663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1024.875320][T21663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1024.900315][T14812] bridge_slave_0: left allmulticast mode [ 1024.906093][T14812] bridge_slave_0: left promiscuous mode [ 1024.924877][T14812] bridge0: port 1(bridge_slave_0) entered disabled state [ 1025.102938][T21750] netlink: 'syz.4.4928': attribute type 1 has an invalid length. [ 1025.546668][T14812] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1025.573159][T14812] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1025.595277][T14812] bond0 (unregistering): Released all slaves [ 1025.614028][T21663] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1025.621591][T21663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1025.692546][T21663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1025.895687][ T9097] Bluetooth: hci1: command tx timeout [ 1026.735638][T21663] hsr_slave_0: entered promiscuous mode [ 1026.769782][T21663] hsr_slave_1: entered promiscuous mode [ 1026.787702][T21663] debugfs: 'hsr0' already exists in 'hsr' [ 1026.803727][T21663] Cannot create hsr debugfs directory [ 1026.827177][T21796] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1026.846050][T21796] FAULT_INJECTION: forcing a failure. [ 1026.846050][T21796] name failslab, interval 1, probability 0, space 0, times 0 [ 1026.887494][T21796] CPU: 0 UID: 0 PID: 21796 Comm: syz.4.4948 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1026.887575][T21796] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1026.887597][T21796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1026.887620][T21796] Call Trace: [ 1026.887631][T21796] [ 1026.887646][T21796] dump_stack_lvl+0x100/0x190 [ 1026.887706][T21796] should_fail_ex.cold+0x5/0xa [ 1026.887747][T21796] should_failslab+0xc2/0x120 [ 1026.887783][T21796] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1026.887828][T21796] ? virtual_ncidev_open+0x49/0x220 [ 1026.887876][T21796] virtual_ncidev_open+0x49/0x220 [ 1026.887914][T21796] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1026.887952][T21796] misc_open+0x26d/0x450 [ 1026.888006][T21796] ? __pfx_misc_open+0x10/0x10 [ 1026.888060][T21796] chrdev_open+0x234/0x6a0 [ 1026.888093][T21796] ? __pfx_apparmor_file_open+0x10/0x10 [ 1026.888144][T21796] ? __pfx_chrdev_open+0x10/0x10 [ 1026.888182][T21796] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1026.888229][T21796] do_dentry_open+0x6d8/0x1660 [ 1026.888262][T21796] ? __pfx_chrdev_open+0x10/0x10 [ 1026.888307][T21796] vfs_open+0x82/0x3f0 [ 1026.888354][T21796] path_openat+0x208c/0x31a0 [ 1026.888403][T21796] ? __pfx_path_openat+0x10/0x10 [ 1026.888460][T21796] do_file_open+0x20e/0x430 [ 1026.888499][T21796] ? __pfx_do_file_open+0x10/0x10 [ 1026.888565][T21796] ? alloc_fd+0x476/0x790 [ 1026.888603][T21796] ? do_getname+0x191/0x390 [ 1026.888650][T21796] do_sys_openat2+0x10d/0x1e0 [ 1026.888694][T21796] ? __pfx_do_sys_openat2+0x10/0x10 [ 1026.888755][T21796] __x64_sys_openat+0x12d/0x210 [ 1026.888800][T21796] ? __pfx___x64_sys_openat+0x10/0x10 [ 1026.888861][T21796] do_syscall_64+0x106/0xf80 [ 1026.888901][T21796] ? clear_bhb_loop+0x40/0x90 [ 1026.888945][T21796] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.888982][T21796] RIP: 0033:0x7fb85439c799 [ 1026.889012][T21796] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1026.889048][T21796] RSP: 002b:00007fb855286028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1026.889083][T21796] RAX: ffffffffffffffda RBX: 00007fb854616090 RCX: 00007fb85439c799 [ 1026.889107][T21796] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1026.889131][T21796] RBP: 00007fb854432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1026.889153][T21796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1026.889175][T21796] R13: 00007fb854616128 R14: 00007fb854616090 R15: 00007fff72a41cc8 [ 1026.889221][T21796] [ 1027.507538][T14812] hsr_slave_0: left promiscuous mode [ 1027.537543][T14812] hsr_slave_1: left promiscuous mode [ 1027.569798][T14812] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1027.597262][T14812] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1027.614541][T14812] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1027.628801][T14812] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1027.758457][T14812] veth1_macvtap: left promiscuous mode [ 1027.764067][T14812] veth0_macvtap: left promiscuous mode [ 1027.790223][T14812] veth1_vlan: left promiscuous mode [ 1027.795621][T14812] veth0_vlan: left promiscuous mode [ 1027.906074][T21819] random: crng reseeded on system resumption [ 1027.968993][ T9097] Bluetooth: hci1: command tx timeout [ 1028.714246][T14812] team0 (unregistering): Port device team_slave_1 removed [ 1028.744863][T14812] team0 (unregistering): Port device team_slave_0 removed [ 1030.047795][ T9097] Bluetooth: hci1: command tx timeout [ 1030.639660][T21874] netlink: zone id is out of range [ 1030.689206][T21874] netlink: zone id is out of range [ 1030.703041][T21873] netlink: zone id is out of range [ 1030.709342][T21874] netlink: zone id is out of range [ 1030.735383][T21873] netlink: zone id is out of range [ 1030.743153][T21873] netlink: zone id is out of range [ 1030.768560][T21874] netlink: zone id is out of range [ 1030.783476][T21874] netlink: zone id is out of range [ 1030.788814][T21873] netlink: zone id is out of range [ 1030.795252][T21873] netlink: zone id is out of range [ 1031.454999][T21663] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1031.507900][T21663] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1031.557274][T21663] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1031.625291][T21663] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1031.991566][T21663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1032.033918][T21663] 8021q: adding VLAN 0 to HW filter on device team0 [ 1032.065476][T14812] bridge0: port 1(bridge_slave_0) entered blocking state [ 1032.072745][T14812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1032.136072][ T9407] bridge0: port 2(bridge_slave_1) entered blocking state [ 1032.143376][ T9407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1032.730762][T21663] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1032.823205][T21663] veth0_vlan: entered promiscuous mode [ 1032.840708][T21663] veth1_vlan: entered promiscuous mode [ 1032.899381][T21663] veth0_macvtap: entered promiscuous mode [ 1032.913285][T21663] veth1_macvtap: entered promiscuous mode [ 1032.973171][T21663] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1033.011434][T21663] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1033.068605][T14813] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1033.111812][T14813] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1033.162213][T14813] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1033.206156][T14813] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1033.283187][T14813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1033.313121][T14813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1033.362402][T13810] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1033.372006][T13810] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1033.657876][T21927] FAULT_INJECTION: forcing a failure. [ 1033.657876][T21927] name failslab, interval 1, probability 0, space 0, times 0 [ 1033.688249][T21931] FAULT_INJECTION: forcing a failure. [ 1033.688249][T21931] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1033.730083][T21927] CPU: 0 UID: 0 PID: 21927 Comm: syz.1.4891 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1033.730159][T21927] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1033.730180][T21927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1033.730203][T21927] Call Trace: [ 1033.730215][T21927] [ 1033.730228][T21927] dump_stack_lvl+0x100/0x190 [ 1033.730289][T21927] should_fail_ex.cold+0x5/0xa [ 1033.730330][T21927] should_failslab+0xc2/0x120 [ 1033.730368][T21927] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1033.730415][T21927] ? ptp_open+0xe4/0x550 [ 1033.730470][T21927] ptp_open+0xe4/0x550 [ 1033.730522][T21927] ? __pfx_ptp_open+0x10/0x10 [ 1033.730591][T21927] ? __pfx_ptp_open+0x10/0x10 [ 1033.730638][T21927] posix_clock_open+0x17b/0x290 [ 1033.730682][T21927] ? __pfx_posix_clock_open+0x10/0x10 [ 1033.730723][T21927] chrdev_open+0x234/0x6a0 [ 1033.730759][T21927] ? __pfx_apparmor_file_open+0x10/0x10 [ 1033.730812][T21927] ? __pfx_chrdev_open+0x10/0x10 [ 1033.730851][T21927] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1033.730899][T21927] do_dentry_open+0x6d8/0x1660 [ 1033.730935][T21927] ? __pfx_chrdev_open+0x10/0x10 [ 1033.730982][T21927] vfs_open+0x82/0x3f0 [ 1033.731032][T21927] path_openat+0x208c/0x31a0 [ 1033.731088][T21927] ? __pfx_path_openat+0x10/0x10 [ 1033.731141][T21927] do_file_open+0x20e/0x430 [ 1033.731182][T21927] ? __pfx_do_file_open+0x10/0x10 [ 1033.731244][T21927] ? alloc_fd+0x476/0x790 [ 1033.731279][T21927] ? do_getname+0x191/0x390 [ 1033.731327][T21927] do_sys_openat2+0x10d/0x1e0 [ 1033.731370][T21927] ? __pfx_do_sys_openat2+0x10/0x10 [ 1033.731419][T21927] ? __fget_files+0x21f/0x3d0 [ 1033.731487][T21927] __x64_sys_openat+0x12d/0x210 [ 1033.731544][T21927] ? __pfx___x64_sys_openat+0x10/0x10 [ 1033.731610][T21927] do_syscall_64+0x106/0xf80 [ 1033.731652][T21927] ? clear_bhb_loop+0x40/0x90 [ 1033.731699][T21927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1033.731737][T21927] RIP: 0033:0x7f15d539c799 [ 1033.731769][T21927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1033.731806][T21927] RSP: 002b:00007f15d6304028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1033.731842][T21927] RAX: ffffffffffffffda RBX: 00007f15d5615fa0 RCX: 00007f15d539c799 [ 1033.731867][T21927] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1033.731892][T21927] RBP: 00007f15d5432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1033.731916][T21927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1033.731938][T21927] R13: 00007f15d5616038 R14: 00007f15d5615fa0 R15: 00007ffdfe180848 [ 1033.731986][T21927] [ 1033.732517][T21931] CPU: 0 UID: 0 PID: 21931 Comm: syz.4.4992 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1033.732599][T21931] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1033.732622][T21931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1033.732643][T21931] Call Trace: [ 1033.732655][T21931] [ 1033.732668][T21931] dump_stack_lvl+0x100/0x190 [ 1033.732724][T21931] should_fail_ex.cold+0x5/0xa [ 1033.732759][T21931] ? prepare_alloc_pages+0x16d/0x5f0 [ 1033.732803][T21931] should_fail_alloc_page+0xeb/0x140 [ 1033.732843][T21931] prepare_alloc_pages+0x1f0/0x5f0 [ 1033.732890][T21931] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1033.732951][T21931] ? rcu_is_watching+0x12/0xc0 [ 1033.733006][T21931] ? trace_mm_page_alloc+0x17a/0x1d0 [ 1033.733046][T21931] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1033.733107][T21931] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1033.733169][T21931] ? find_held_lock+0x2b/0x80 [ 1033.733202][T21931] ? is_bpf_text_address+0x8a/0x1a0 [ 1033.733255][T21931] ? is_bpf_text_address+0x8a/0x1a0 [ 1033.733313][T21931] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1033.733351][T21931] ? is_bpf_text_address+0x94/0x1a0 [ 1033.733410][T21931] ? kernel_text_address+0x8d/0x100 [ 1033.733463][T21931] ? __kernel_text_address+0xd/0x30 [ 1033.733514][T21931] ? unwind_get_return_address+0x59/0xa0 [ 1033.733571][T21931] alloc_pages_bulk_noprof+0x782/0x1490 [ 1033.733642][T21931] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1033.733699][T21931] ? kasan_save_stack+0x30/0x50 [ 1033.733765][T21931] ? alloc_pages_noprof+0x233/0x390 [ 1033.733807][T21931] __kasan_populate_vmalloc+0xf0/0x210 [ 1033.733870][T21931] alloc_vmap_area+0x95d/0x2bd0 [ 1033.733922][T21931] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1033.733969][T21931] __get_vm_area_node+0x1ca/0x330 [ 1033.734016][T21931] __vmalloc_node_range_noprof+0x213/0x1530 [ 1033.734061][T21931] ? n_tty_open+0x1a/0x170 [ 1033.734112][T21931] ? look_up_lock_class+0x64/0x120 [ 1033.734162][T21931] ? n_tty_open+0x1a/0x170 [ 1033.734226][T21931] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1033.734272][T21931] ? __ldsem_down_write_nested+0xfd/0x830 [ 1033.734324][T21931] ? __ldsem_down_write_nested+0x10e/0x830 [ 1033.734373][T21931] ? is_console_locked+0x9/0x20 [ 1033.734418][T21931] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 1033.734475][T21931] ? n_tty_open+0x1a/0x170 [ 1033.734523][T21931] __vmalloc_node_noprof+0xad/0xf0 [ 1033.734582][T21931] ? n_tty_open+0x1a/0x170 [ 1033.734632][T21931] ? __pfx_n_tty_open+0x10/0x10 [ 1033.734681][T21931] n_tty_open+0x1a/0x170 [ 1033.734731][T21931] tty_ldisc_open+0xa2/0x120 [ 1033.734775][T21931] tty_ldisc_setup+0x40/0xf0 [ 1033.734816][T21931] tty_init_dev.part.0+0x1b5/0x470 [ 1033.734869][T21931] tty_open+0xa63/0xfa0 [ 1033.734924][T21931] ? __pfx_tty_open+0x10/0x10 [ 1033.734969][T21931] ? chrdev_open+0x10b/0x6a0 [ 1033.735002][T21931] ? chrdev_open+0x10b/0x6a0 [ 1033.735043][T21931] ? __pfx_tty_open+0x10/0x10 [ 1033.735089][T21931] chrdev_open+0x234/0x6a0 [ 1033.735123][T21931] ? __pfx_apparmor_file_open+0x10/0x10 [ 1033.735174][T21931] ? __pfx_chrdev_open+0x10/0x10 [ 1033.735212][T21931] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1033.735258][T21931] do_dentry_open+0x6d8/0x1660 [ 1033.735292][T21931] ? __pfx_chrdev_open+0x10/0x10 [ 1033.735337][T21931] vfs_open+0x82/0x3f0 [ 1033.735386][T21931] path_openat+0x208c/0x31a0 [ 1033.735437][T21931] ? __pfx_path_openat+0x10/0x10 [ 1033.735489][T21931] do_file_open+0x20e/0x430 [ 1033.735535][T21931] ? __pfx_do_file_open+0x10/0x10 [ 1033.735603][T21931] ? alloc_fd+0x476/0x790 [ 1033.735642][T21931] ? do_getname+0x191/0x390 [ 1033.735691][T21931] do_sys_openat2+0x10d/0x1e0 [ 1033.735737][T21931] ? __pfx_do_sys_openat2+0x10/0x10 [ 1033.735786][T21931] ? __fget_files+0x21f/0x3d0 [ 1033.735853][T21931] __x64_sys_openat+0x12d/0x210 [ 1033.735901][T21931] ? __pfx___x64_sys_openat+0x10/0x10 [ 1033.735965][T21931] do_syscall_64+0x106/0xf80 [ 1033.736005][T21931] ? clear_bhb_loop+0x40/0x90 [ 1033.736050][T21931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1033.736085][T21931] RIP: 0033:0x7fb85439c799 [ 1033.736115][T21931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1033.736151][T21931] RSP: 002b:00007fb855286028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1033.736187][T21931] RAX: ffffffffffffffda RBX: 00007fb854616090 RCX: 00007fb85439c799 [ 1033.736211][T21931] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1033.736236][T21931] RBP: 00007fb854432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1033.736259][T21931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1033.736282][T21931] R13: 00007fb854616128 R14: 00007fb854616090 R15: 00007fff72a41cc8 [ 1033.736330][T21931] [ 1034.701976][T21931] syz.4.4992: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1034.730291][T15094] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1034.737651][T21931] CPU: 1 UID: 0 PID: 21931 Comm: syz.4.4992 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1034.737724][T21931] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1034.737787][T21931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1034.737865][T21931] Call Trace: [ 1034.737910][T21931] [ 1034.737950][T21931] dump_stack_lvl+0x100/0x190 [ 1034.738110][T21931] warn_alloc.cold+0x95/0x1c1 [ 1034.738261][T21931] ? __pfx_warn_alloc+0x10/0x10 [ 1034.738382][T21931] ? lockdep_hardirqs_on+0x78/0x100 [ 1034.738499][T21931] ? __get_vm_area_node+0x2c5/0x330 [ 1034.738625][T21931] ? __get_vm_area_node+0x208/0x330 [ 1034.738753][T21931] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 1034.738883][T21931] ? look_up_lock_class+0x64/0x120 [ 1034.739008][T21931] ? n_tty_open+0x1a/0x170 [ 1034.739166][T21931] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1034.739322][T21931] ? __ldsem_down_write_nested+0xfd/0x830 [ 1034.739451][T21931] ? __ldsem_down_write_nested+0x10e/0x830 [ 1034.739576][T21931] ? is_console_locked+0x9/0x20 [ 1034.739705][T21931] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 1034.739848][T21931] ? n_tty_open+0x1a/0x170 [ 1034.739969][T21931] __vmalloc_node_noprof+0xad/0xf0 [ 1034.740079][T21931] ? n_tty_open+0x1a/0x170 [ 1034.740207][T21931] ? __pfx_n_tty_open+0x10/0x10 [ 1034.740333][T21931] n_tty_open+0x1a/0x170 [ 1034.740454][T21931] tty_ldisc_open+0xa2/0x120 [ 1034.740543][T21931] tty_ldisc_setup+0x40/0xf0 [ 1034.740671][T21931] tty_init_dev.part.0+0x1b5/0x470 [ 1034.740824][T21931] tty_open+0xa63/0xfa0 [ 1034.740962][T21931] ? __pfx_tty_open+0x10/0x10 [ 1034.741071][T21931] ? chrdev_open+0x10b/0x6a0 [ 1034.741158][T21931] ? chrdev_open+0x10b/0x6a0 [ 1034.741264][T21931] ? __pfx_tty_open+0x10/0x10 [ 1034.741375][T21931] chrdev_open+0x234/0x6a0 [ 1034.741460][T21931] ? __pfx_apparmor_file_open+0x10/0x10 [ 1034.741585][T21931] ? __pfx_chrdev_open+0x10/0x10 [ 1034.741682][T21931] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1034.741811][T21931] do_dentry_open+0x6d8/0x1660 [ 1034.741899][T21931] ? __pfx_chrdev_open+0x10/0x10 [ 1034.742033][T21931] vfs_open+0x82/0x3f0 [ 1034.742188][T21931] path_openat+0x208c/0x31a0 [ 1034.742330][T21931] ? __pfx_path_openat+0x10/0x10 [ 1034.742460][T21931] do_file_open+0x20e/0x430 [ 1034.742536][T21931] ? __pfx_do_file_open+0x10/0x10 [ 1034.742679][T21931] ? alloc_fd+0x476/0x790 [ 1034.742796][T21931] ? do_getname+0x191/0x390 [ 1034.742917][T21931] do_sys_openat2+0x10d/0x1e0 [ 1034.743037][T21931] ? __pfx_do_sys_openat2+0x10/0x10 [ 1034.743166][T21931] ? __fget_files+0x21f/0x3d0 [ 1034.743332][T21931] __x64_sys_openat+0x12d/0x210 [ 1034.743517][T21931] ? __pfx___x64_sys_openat+0x10/0x10 [ 1034.743676][T21931] do_syscall_64+0x106/0xf80 [ 1034.743786][T21931] ? clear_bhb_loop+0x40/0x90 [ 1034.743901][T21931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1034.743998][T21931] RIP: 0033:0x7fb85439c799 [ 1034.744077][T21931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1034.744163][T21931] RSP: 002b:00007fb855286028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1034.744256][T21931] RAX: ffffffffffffffda RBX: 00007fb854616090 RCX: 00007fb85439c799 [ 1034.744312][T21931] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1034.744374][T21931] RBP: 00007fb854432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1034.744436][T21931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1034.744491][T21931] R13: 00007fb854616128 R14: 00007fb854616090 R15: 00007fff72a41cc8 [ 1034.744610][T21931] [ 1034.856400][T21931] Mem-Info: [ 1034.856449][T21931] active_anon:22305 inactive_anon:5 isolated_anon:0 [ 1034.856449][T21931] active_file:14462 inactive_file:41043 isolated_file:0 [ 1034.856449][T21931] unevictable:768 dirty:661 writeback:0 [ 1034.856449][T21931] slab_reclaimable:12096 slab_unreclaimable:93223 [ 1034.856449][T21931] mapped:29426 shmem:7399 pagetables:1262 [ 1034.856449][T21931] sec_pagetables:0 bounce:0 [ 1034.856449][T21931] kernel_misc_reclaimable:0 [ 1034.856449][T21931] free:1303204 free_pcp:15067 free_cma:0 [ 1034.930300][T15094] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1035.179204][T15094] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1035.188090][T15094] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1035.197561][T15094] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1035.208144][T21931] Node 0 active_anon:92444kB inactive_anon:20kB active_file:57848kB inactive_file:164044kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119752kB dirty:2644kB writeback:0kB shmem:31104kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:43008kB kernel_stack:11448kB pagetables:4996kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1035.246607][T21931] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1035.296537][T21931] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.390803][T21931] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1035.400899][T21931] Node 0 DMA32 free:1254416kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:96588kB inactive_anon:20kB active_file:57848kB inactive_file:164044kB unevictable:1536kB writepending:2644kB zspages:32kB present:3129332kB managed:2537416kB mlocked:0kB bounce:0kB free_pcp:55148kB local_pcp:23632kB free_cma:0kB [ 1035.438320][T21931] lowmem_reserve[]: 0 0 1 1 1 [ 1035.443228][T21931] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:12kB free_cma:0kB [ 1035.578868][T21931] lowmem_reserve[]: 0 0 0 0 0 [ 1035.611492][T21931] Node 1 Normal free:3940164kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:128kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.663459][T21931] lowmem_reserve[]: 0 0 0 0 0 [ 1035.668374][T21931] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1035.809912][T21931] Node 0 DMA32: 2909*4kB (UME) 3572*8kB (UE) 3394*16kB (UME) 1202*32kB (UME) 894*64kB (UME) 912*128kB (UME) 643*256kB (UME) 388*512kB (UM) 295*1024kB (UME) 53*2048kB (UM) 39*4096kB (UM) = 1240564kB [ 1035.873268][T21931] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1035.891562][T21931] Node 1 Normal: 9*4kB (UM) 8*8kB (UM) 16*16kB (UME) 7*32kB (UME) 4*64kB (UM) 2*128kB (ME) 3*256kB (UM) 2*512kB (M) 3*1024kB (UME) 3*2048kB (UME) 959*4096kB (UM) = 3940164kB [ 1035.977794][T21931] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1036.016246][T21931] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1036.036211][T21931] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1036.062316][T21931] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1036.108271][T21931] 69657 total pagecache pages [ 1036.118695][T21931] 4 pages in swap cache [ 1036.159519][T21931] Free swap = 108552kB [ 1036.172795][T21931] Total swap = 124996kB [ 1036.246976][T21931] 2097051 pages RAM [ 1036.260032][T21931] 0 pages HighMem/MovableOnly [ 1036.304482][T21931] 430817 pages reserved [ 1036.308685][T21931] 0 pages cma reserved [ 1036.390479][T21931] tty tty16: ldisc open failed (-12), clearing slot 15 [ 1036.699328][ T9407] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1037.159285][ T9407] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1037.406655][T15094] Bluetooth: hci0: command tx timeout [ 1037.433131][ T9407] bridge0: port 4(netdevsim1) entered disabled state [ 1037.455681][ T9407] netdevsim netdevsim2 netdevsim1 (unregistering): left allmulticast mode [ 1037.470324][ T9407] netdevsim netdevsim2 netdevsim1 (unregistering): left promiscuous mode [ 1037.488474][ T9407] bridge0: port 4(netdevsim1) entered disabled state [ 1037.518914][ T9407] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1037.693995][ T9407] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1037.849750][T21972] smpboot: CPU 1 is now offline [ 1038.081337][T21973] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1038.104350][T21931] ------------[ cut here ]------------ [ 1038.105290][T21931] [ 1038.105301][T21931] ====================================================== [ 1038.105310][T21931] WARNING: possible circular locking dependency detected [ 1038.105324][T21931] syzkaller #0 Tainted: G U W L XTNJ [ 1038.105338][T21931] ------------------------------------------------------ [ 1038.105348][T21931] syz.4.4992/21931 is trying to acquire lock: [ 1038.105361][T21931] ffffffff8e6f53c0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x61/0x80 [ 1038.105436][T21931] [ 1038.105436][T21931] but task is already holding lock: [ 1038.105445][T21931] ffff8880b843b2e0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x88/0x140 [ 1038.105497][T21931] [ 1038.105497][T21931] which lock already depends on the new lock. [ 1038.105497][T21931] [ 1038.105511][T21931] [ 1038.105511][T21931] the existing dependency chain (in reverse order) is: [ 1038.105524][T21931] [ 1038.105524][T21931] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 1038.105560][T21931] _raw_spin_lock_nested+0x31/0x40 [ 1038.105584][T21931] raw_spin_rq_lock_nested+0x2c/0x140 [ 1038.105608][T21931] _task_rq_lock+0xcf/0x490 [ 1038.105632][T21931] cgroup_move_task+0x81/0x2b0 [ 1038.105660][T21931] css_set_move_task+0x285/0x600 [ 1038.105683][T21931] cgroup_post_fork+0x202/0x9b0 [ 1038.105706][T21931] copy_process+0x5f26/0x7a10 [ 1038.105733][T21931] kernel_clone+0xfc/0x9a0 [ 1038.105759][T21931] user_mode_thread+0xcc/0x110 [ 1038.105787][T21931] rest_init+0x21/0x260 [ 1038.105826][T21931] start_kernel+0x47f/0x480 [ 1038.105915][T21931] x86_64_start_reservations+0x24/0x30 [ 1038.105998][T21931] x86_64_start_kernel+0x12b/0x130 [ 1038.106031][T21931] common_startup_64+0x13e/0x148 [ 1038.106056][T21931] [ 1038.106056][T21931] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 1038.106088][T21931] _raw_spin_lock_irqsave+0x3a/0x60 [ 1038.106111][T21931] try_to_wake_up+0xb2/0x1a80 [ 1038.106133][T21931] __wake_up_common+0x135/0x1f0 [ 1038.106165][T21931] __wake_up+0x31/0x60 [ 1038.106201][T21931] pty_close+0x298/0x550 [ 1038.106239][T21931] tty_release+0x40e/0x1300 [ 1038.106270][T21931] __fput+0x3ff/0xb40 [ 1038.106294][T21931] task_work_run+0x150/0x240 [ 1038.106326][T21931] exit_to_user_mode_loop+0x100/0x4a0 [ 1038.106355][T21931] do_syscall_64+0x668/0xf80 [ 1038.106380][T21931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.106404][T21931] [ 1038.106404][T21931] -> #2 (&tty->write_wait){-.-.}-{3:3}: [ 1038.106433][T21931] _raw_spin_lock_irqsave+0x3a/0x60 [ 1038.106455][T21931] __wake_up+0x1c/0x60 [ 1038.106477][T21931] tty_port_default_wakeup+0x47/0x60 [ 1038.106508][T21931] serial8250_tx_chars+0x68f/0x860 [ 1038.106537][T21931] serial8250_handle_irq+0x73e/0xcb0 [ 1038.106569][T21931] serial8250_default_handle_irq+0x9e/0x270 [ 1038.106601][T21931] serial8250_interrupt+0xf8/0x1d0 [ 1038.106636][T21931] __handle_irq_event_percpu+0x232/0x8e0 [ 1038.106674][T21931] handle_irq_event+0xab/0x1e0 [ 1038.106709][T21931] handle_edge_irq+0x375/0x970 [ 1038.106742][T21931] __common_interrupt+0xd8/0x2f0 [ 1038.106771][T21931] common_interrupt+0xb9/0xe0 [ 1038.106804][T21931] asm_common_interrupt+0x26/0x40 [ 1038.106827][T21931] pv_native_safe_halt+0xf/0x20 [ 1038.106850][T21931] default_idle+0x9/0x10 [ 1038.106879][T21931] default_idle_call+0x6c/0xb0 [ 1038.106909][T21931] do_idle+0x35b/0x4b0 [ 1038.106927][T21931] cpu_startup_entry+0x4f/0x60 [ 1038.106948][T21931] rest_init+0x251/0x260 [ 1038.106979][T21931] start_kernel+0x47f/0x480 [ 1038.107007][T21931] x86_64_start_reservations+0x24/0x30 [ 1038.107040][T21931] x86_64_start_kernel+0x12b/0x130 [ 1038.107071][T21931] common_startup_64+0x13e/0x148 [ 1038.107093][T21931] [ 1038.107093][T21931] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 1038.107123][T21931] _raw_spin_lock_irqsave+0x3a/0x60 [ 1038.107145][T21931] serial8250_console_write+0x17e/0x1900 [ 1038.107180][T21931] console_flush_one_record+0x790/0xe50 [ 1038.107218][T21931] console_unlock+0x103/0x260 [ 1038.107258][T21931] vprintk_emit+0x407/0x6b0 [ 1038.107294][T21931] _printk+0xcf/0x110 [ 1038.107318][T21931] register_console.cold+0xc0/0x248 [ 1038.107342][T21931] univ8250_console_init+0x6f/0x80 [ 1038.107399][T21931] console_init+0x423/0x620 [ 1038.107454][T21931] start_kernel+0x305/0x480 [ 1038.107482][T21931] x86_64_start_reservations+0x24/0x30 [ 1038.107515][T21931] x86_64_start_kernel+0x12b/0x130 [ 1038.107546][T21931] common_startup_64+0x13e/0x148 [ 1038.107568][T21931] [ 1038.107568][T21931] -> #0 (console_owner){-.-.}-{0:0}: [ 1038.107597][T21931] __lock_acquire+0x14b8/0x2630 [ 1038.107625][T21931] lock_acquire+0x1cf/0x380 [ 1038.107651][T21931] console_lock_spinning_enable+0x72/0x80 [ 1038.107687][T21931] console_flush_one_record+0x739/0xe50 [ 1038.107724][T21931] console_unlock+0x103/0x260 [ 1038.107758][T21931] vprintk_emit+0x407/0x6b0 [ 1038.107794][T21931] _printk+0xcf/0x110 [ 1038.107814][T21931] __report_bug.cold+0x15/0x137 [ 1038.107845][T21931] report_bug+0xb2/0x220 [ 1038.107866][T21931] handle_bug+0x16a/0x2a0 [ 1038.107894][T21931] exc_invalid_op+0x17/0x50 [ 1038.107923][T21931] asm_exc_invalid_op+0x1a/0x20 [ 1038.107945][T21931] update_rq_clock+0x40a/0xd20 [ 1038.107967][T21931] __schedule+0x1b7d/0x6120 [ 1038.107988][T21931] preempt_schedule_common+0x42/0xc0 [ 1038.108012][T21931] preempt_schedule_thunk+0x16/0x30 [ 1038.108040][T21931] _raw_spin_unlock_irqrestore+0x61/0x80 [ 1038.108063][T21931] __rcu_read_unlock+0x27f/0x5e0 [ 1038.108091][T21931] unwind_next_frame+0x3c8/0x1ea0 [ 1038.108113][T21931] arch_stack_walk+0x94/0xf0 [ 1038.108134][T21931] stack_trace_save+0x8e/0xc0 [ 1038.108154][T21931] save_stack+0x162/0x1e0 [ 1038.108188][T21931] __reset_page_owner+0x84/0x190 [ 1038.108224][T21931] free_unref_folios+0xaea/0x1790 [ 1038.108261][T21931] folios_put_refs+0x53c/0x840 [ 1038.108295][T21931] shmem_undo_range+0x5e5/0x1570 [ 1038.108329][T21931] shmem_evict_inode+0x39e/0xbd0 [ 1038.108363][T21931] evict+0x3c2/0xad0 [ 1038.108388][T21931] iput.part.0+0x605/0xf50 [ 1038.108414][T21931] iput+0x35/0x40 [ 1038.108438][T21931] dentry_unlink_inode+0x2a1/0x490 [ 1038.108462][T21931] __dentry_kill+0x1d0/0x600 [ 1038.108488][T21931] finish_dput+0x76/0x480 [ 1038.108516][T21931] dput.part.0+0x456/0x570 [ 1038.108543][T21931] dput+0x1f/0x30 [ 1038.108569][T21931] __fput+0x519/0xb40 [ 1038.108592][T21931] task_work_run+0x150/0x240 [ 1038.108624][T21931] exit_to_user_mode_loop+0x100/0x4a0 [ 1038.108653][T21931] do_syscall_64+0x668/0xf80 [ 1038.108679][T21931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.108702][T21931] [ 1038.108702][T21931] other info that might help us debug this: [ 1038.108702][T21931] [ 1038.108710][T21931] Chain exists of: [ 1038.108710][T21931] console_owner --> &p->pi_lock --> &rq->__lock [ 1038.108710][T21931] [ 1038.108743][T21931] Possible unsafe locking scenario: [ 1038.108743][T21931] [ 1038.108750][T21931] CPU0 CPU1 [ 1038.108757][T21931] ---- ---- [ 1038.108764][T21931] lock(&rq->__lock); [ 1038.108778][T21931] lock(&p->pi_lock); [ 1038.108793][T21931] lock(&rq->__lock); [ 1038.108809][T21931] lock(console_owner); [ 1038.108823][T21931] [ 1038.108823][T21931] *** DEADLOCK *** [ 1038.108823][T21931] [ 1038.108829][T21931] 3 locks held by syz.4.4992/21931: [ 1038.108842][T21931] #0: ffff8880b843b2e0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x88/0x140 [ 1038.108893][T21931] #1: ffffffff8e7d5800 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x110 [ 1038.108943][T21931] #2: ffffffff8e7d5878 (console_srcu){....}-{0:0}, at: console_flush_one_record+0xfd/0xe50 [ 1038.109009][T21931] [ 1038.109009][T21931] stack backtrace: [ 1038.109030][T21931] CPU: 0 UID: 0 PID: 21931 Comm: syz.4.4992 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1038.109078][T21931] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1038.109092][T21931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1038.109107][T21931] Call Trace: [ 1038.109115][T21931] [ 1038.109125][T21931] dump_stack_lvl+0x100/0x190 [ 1038.109159][T21931] print_circular_bug.cold+0x178/0x1c7 [ 1038.109199][T21931] check_noncircular+0x146/0x160 [ 1038.109229][T21931] __lock_acquire+0x14b8/0x2630 [ 1038.109269][T21931] lock_acquire+0x1cf/0x380 [ 1038.109297][T21931] ? console_lock_spinning_enable+0x61/0x80 [ 1038.109335][T21931] ? console_lock_spinning_enable+0x4a/0x80 [ 1038.109375][T21931] console_lock_spinning_enable+0x72/0x80 [ 1038.109412][T21931] ? console_lock_spinning_enable+0x61/0x80 [ 1038.109449][T21931] console_flush_one_record+0x739/0xe50 [ 1038.109490][T21931] ? __pfx_console_flush_one_record+0x10/0x10 [ 1038.109535][T21931] ? is_printk_cpu_sync_owner+0x32/0x40 [ 1038.109562][T21931] console_unlock+0x103/0x260 [ 1038.109599][T21931] ? __pfx_console_unlock+0x10/0x10 [ 1038.109638][T21931] ? do_raw_spin_unlock+0x145/0x1e0 [ 1038.109674][T21931] ? _printk+0xcf/0x110 [ 1038.109697][T21931] vprintk_emit+0x407/0x6b0 [ 1038.109736][T21931] ? __pfx_vprintk_emit+0x10/0x10 [ 1038.109774][T21931] ? do_raw_spin_unlock+0x145/0x1e0 [ 1038.109810][T21931] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1038.109837][T21931] _printk+0xcf/0x110 [ 1038.109859][T21931] ? __pfx__printk+0x10/0x10 [ 1038.109885][T21931] ? __report_bug.cold+0x5/0x137 [ 1038.109919][T21931] __report_bug.cold+0x15/0x137 [ 1038.109951][T21931] ? update_rq_clock+0x40a/0xd20 [ 1038.109976][T21931] ? __pfx___report_bug+0x10/0x10 [ 1038.110000][T21931] ? __lock_acquire+0x4a5/0x2630 [ 1038.110029][T21931] ? find_held_lock+0x2b/0x80 [ 1038.110050][T21931] ? trace_ignore_this_task+0xbc/0x100 [ 1038.110088][T21931] ? update_rq_clock+0x40a/0xd20 [ 1038.110112][T21931] report_bug+0xb2/0x220 [ 1038.110135][T21931] ? update_rq_clock+0x40a/0xd20 [ 1038.110159][T21931] handle_bug+0x16a/0x2a0 [ 1038.110190][T21931] exc_invalid_op+0x17/0x50 [ 1038.110222][T21931] asm_exc_invalid_op+0x1a/0x20 [ 1038.110250][T21931] RIP: 0010:update_rq_clock+0x40a/0xd20 [ 1038.110276][T21931] Code: ab 48 0b 00 00 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f e9 18 9f ba 09 a8 04 0f 84 df fc ff ff 90 0f 0b 90 e9 d6 fc ff ff 90 <0f> 0b 90 e9 92 fc ff ff 4c 8d 83 40 0b 00 00 48 b8 00 00 00 00 00 [ 1038.110300][T21931] RSP: 0018:ffffc90003376fb8 EFLAGS: 00010046 [ 1038.110318][T21931] RAX: 0000000000000000 RBX: ffff8880b853b280 RCX: 0000000000000001 [ 1038.110334][T21931] RDX: 0000000000000046 RSI: ffffffff8de55850 RDI: ffffffff8c1af520 [ 1038.110350][T21931] RBP: ffffc90003377160 R08: 0000000000000001 R09: 0000000000000001 [ 1038.110365][T21931] R10: ffffffff90d9b017 R11: 0000000000000000 R12: ffffffff90d9e3e4 [ 1038.110381][T21931] R13: ffff8880b853c0c0 R14: ffff8880554abd00 R15: ffff8880b853b280 [ 1038.110405][T21931] ? update_rq_clock+0x9c/0xd20 [ 1038.110428][T21931] ? pick_task_fair+0x85/0x350 [ 1038.110451][T21931] __schedule+0x1b7d/0x6120 [ 1038.110473][T21931] ? trace_ignore_this_task+0xc3/0x100 [ 1038.110517][T21931] ? __pfx___schedule+0x10/0x10 [ 1038.110542][T21931] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1038.110577][T21931] ? preempt_schedule_thunk+0x16/0x30 [ 1038.110607][T21931] preempt_schedule_common+0x42/0xc0 [ 1038.110634][T21931] preempt_schedule_thunk+0x16/0x30 [ 1038.110666][T21931] _raw_spin_unlock_irqrestore+0x61/0x80 [ 1038.110691][T21931] __rcu_read_unlock+0x27f/0x5e0 [ 1038.110722][T21931] unwind_next_frame+0x3c8/0x1ea0 [ 1038.110745][T21931] ? exit_to_user_mode_loop+0x100/0x4a0 [ 1038.110777][T21931] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1038.110801][T21931] arch_stack_walk+0x94/0xf0 [ 1038.110825][T21931] ? do_syscall_64+0x668/0xf80 [ 1038.110855][T21931] stack_trace_save+0x8e/0xc0 [ 1038.110877][T21931] ? __pfx_stack_trace_save+0x10/0x10 [ 1038.110900][T21931] ? __lock_acquire+0x4a5/0x2630 [ 1038.110929][T21931] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1038.110954][T21931] ? lockdep_hardirqs_on+0x78/0x100 [ 1038.110981][T21931] save_stack+0x162/0x1e0 [ 1038.111017][T21931] ? __pfx_save_stack+0x10/0x10 [ 1038.111053][T21931] ? free_unref_folios+0xaea/0x1790 [ 1038.111086][T21931] ? folios_put_refs+0x53c/0x840 [ 1038.111120][T21931] ? shmem_undo_range+0x5e5/0x1570 [ 1038.111155][T21931] ? shmem_evict_inode+0x39e/0xbd0 [ 1038.111190][T21931] ? evict+0x3c2/0xad0 [ 1038.111215][T21931] ? iput.part.0+0x605/0xf50 [ 1038.111247][T21931] ? iput+0x35/0x40 [ 1038.111273][T21931] ? dentry_unlink_inode+0x2a1/0x490 [ 1038.111298][T21931] ? __dentry_kill+0x1d0/0x600 [ 1038.111325][T21931] ? finish_dput+0x76/0x480 [ 1038.111353][T21931] ? dput.part.0+0x456/0x570 [ 1038.111381][T21931] ? dput+0x1f/0x30 [ 1038.111408][T21931] ? __fput+0x519/0xb40 [ 1038.111433][T21931] ? task_work_run+0x150/0x240 [ 1038.111466][T21931] ? exit_to_user_mode_loop+0x100/0x4a0 [ 1038.111497][T21931] ? page_ext_put+0x3e/0xd0 [ 1038.111537][T21931] __reset_page_owner+0x84/0x190 [ 1038.111577][T21931] free_unref_folios+0xaea/0x1790 [ 1038.111616][T21931] folios_put_refs+0x53c/0x840 [ 1038.111653][T21931] ? __pfx_folios_put_refs+0x10/0x10 [ 1038.111692][T21931] ? folio_batch_remove_exceptionals+0x115/0x1a0 [ 1038.111719][T21931] shmem_undo_range+0x5e5/0x1570 [ 1038.111759][T21931] ? __pfx_shmem_undo_range+0x10/0x10 [ 1038.111807][T21931] ? finish_task_switch.isra.0+0x200/0xb80 [ 1038.111832][T21931] ? __pfx_madvise_collapse+0x10/0x10 [ 1038.111861][T21931] ? rcu_is_cpu_rrupt_from_idle+0x1f0/0x270 [ 1038.111911][T21931] ? mas_prev+0x9b/0xf0 [ 1038.111941][T21931] ? __pfx_mas_prev+0x10/0x10 [ 1038.111970][T21931] ? percpu_counter_add_batch+0xb9/0x230 [ 1038.112010][T21931] shmem_evict_inode+0x39e/0xbd0 [ 1038.112047][T21931] ? inode_wait_for_writeback+0x171/0x390 [ 1038.112082][T21931] ? __pfx_shmem_evict_inode+0x10/0x10 [ 1038.112119][T21931] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 1038.112154][T21931] ? find_held_lock+0x2b/0x80 [ 1038.112175][T21931] ? evict+0x37e/0xad0 [ 1038.112200][T21931] ? evict+0x37e/0xad0 [ 1038.112228][T21931] ? __pfx_shmem_evict_inode+0x10/0x10 [ 1038.112270][T21931] evict+0x3c2/0xad0 [ 1038.112296][T21931] ? find_held_lock+0x2b/0x80 [ 1038.112318][T21931] ? __pfx_evict+0x10/0x10 [ 1038.112347][T21931] ? iput.part.0+0x5fd/0xf50 [ 1038.112377][T21931] iput.part.0+0x605/0xf50 [ 1038.112404][T21931] ? __pfx_inode_just_drop+0x10/0x10 [ 1038.112442][T21931] iput+0x35/0x40 [ 1038.112468][T21931] dentry_unlink_inode+0x2a1/0x490 [ 1038.112501][T21931] __dentry_kill+0x1d0/0x600 [ 1038.112530][T21931] finish_dput+0x76/0x480 [ 1038.112559][T21931] dput.part.0+0x456/0x570 [ 1038.112589][T21931] dput+0x1f/0x30 [ 1038.112616][T21931] __fput+0x519/0xb40 [ 1038.112643][T21931] ? _raw_spin_unlock_irq+0x23/0x50 [ 1038.112667][T21931] task_work_run+0x150/0x240 [ 1038.112701][T21931] ? __pfx_task_work_run+0x10/0x10 [ 1038.112739][T21931] exit_to_user_mode_loop+0x100/0x4a0 [ 1038.112770][T21931] do_syscall_64+0x668/0xf80 [ 1038.112797][T21931] ? clear_bhb_loop+0x40/0x90 [ 1038.112824][T21931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.112849][T21931] RIP: 0033:0x7fb85439c799 [ 1038.112868][T21931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1038.112892][T21931] RSP: 002b:00007fb855286028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1038.112914][T21931] RAX: ffffffffffffffea RBX: 00007fb854616090 RCX: 00007fb85439c799 [ 1038.112930][T21931] RDX: 0000000000000019 RSI: 0000000000200007 RDI: 0000000000000000 [ 1038.112945][T21931] RBP: 00007fb854432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1038.112961][T21931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1038.112976][T21931] R13: 00007fb854616128 R14: 00007fb854616090 R15: 00007fff72a41cc8 [ 1038.112999][T21931] [ 1039.637053][T21931] debug_locks && !(lock_is_held(&(__rq_lockp(rq))->dep_map) != 0) [ 1039.637071][T21931] WARNING: kernel/sched/sched.h:1600 at update_rq_clock+0x40a/0xd20, CPU#0: syz.4.4992/21931 [ 1039.655048][T21931] Modules linked in: [ 1039.658960][T21931] CPU: 0 UID: 0 PID: 21931 Comm: syz.4.4992 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1039.669933][T21931] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1039.680002][T21931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1039.690072][T21931] RIP: 0010:update_rq_clock+0x40a/0xd20 [ 1039.695644][T21931] Code: ab 48 0b 00 00 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f e9 18 9f ba 09 a8 04 0f 84 df fc ff ff 90 0f 0b 90 e9 d6 fc ff ff 90 <0f> 0b 90 e9 92 fc ff ff 4c 8d 83 40 0b 00 00 48 b8 00 00 00 00 00 [ 1039.715294][T21931] RSP: 0018:ffffc90003376fb8 EFLAGS: 00010046 [ 1039.721387][T21931] RAX: 0000000000000000 RBX: ffff8880b853b280 RCX: 0000000000000001 [ 1039.729368][T21931] RDX: 0000000000000046 RSI: ffffffff8de55850 RDI: ffffffff8c1af520 [ 1039.737373][T21931] RBP: ffffc90003377160 R08: 0000000000000001 R09: 0000000000000001 [ 1039.745354][T21931] R10: ffffffff90d9b017 R11: 0000000000000000 R12: ffffffff90d9e3e4 [ 1039.753338][T21931] R13: ffff8880b853c0c0 R14: ffff8880554abd00 R15: ffff8880b853b280 [ 1039.761328][T21931] FS: 00007fb8552866c0(0000) GS:ffff88812434c000(0000) knlGS:0000000000000000 [ 1039.770371][T21931] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1039.777081][T21931] CR2: 00007f966989e9f9 CR3: 000000007a4ba000 CR4: 00000000003526f0 [ 1039.785094][T21931] Call Trace: [ 1039.788390][T21931] [ 1039.791349][T21931] ? pick_task_fair+0x85/0x350 [ 1039.796153][T21931] __schedule+0x1b7d/0x6120 [ 1039.800693][T21931] ? trace_ignore_this_task+0xc3/0x100 [ 1039.806190][T21931] ? __pfx___schedule+0x10/0x10 [ 1039.811095][T21931] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1039.816841][T21931] ? preempt_schedule_thunk+0x16/0x30 [ 1039.822234][T21931] preempt_schedule_common+0x42/0xc0 [ 1039.827541][T21931] preempt_schedule_thunk+0x16/0x30 [ 1039.832787][T21931] _raw_spin_unlock_irqrestore+0x61/0x80 [ 1039.838436][T21931] __rcu_read_unlock+0x27f/0x5e0 [ 1039.843395][T21931] unwind_next_frame+0x3c8/0x1ea0 [ 1039.848452][T21931] ? exit_to_user_mode_loop+0x100/0x4a0 [ 1039.854038][T21931] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1039.860214][T21931] arch_stack_walk+0x94/0xf0 [ 1039.864823][T21931] ? do_syscall_64+0x668/0xf80 [ 1039.869605][T21931] stack_trace_save+0x8e/0xc0 [ 1039.874296][T21931] ? __pfx_stack_trace_save+0x10/0x10 [ 1039.879682][T21931] ? __lock_acquire+0x4a5/0x2630 [ 1039.884639][T21931] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1039.890460][T21931] ? lockdep_hardirqs_on+0x78/0x100 [ 1039.895675][T21931] save_stack+0x162/0x1e0 [ 1039.900050][T21931] ? __pfx_save_stack+0x10/0x10 [ 1039.904937][T21931] ? free_unref_folios+0xaea/0x1790 [ 1039.910161][T21931] ? folios_put_refs+0x53c/0x840 [ 1039.915126][T21931] ? shmem_undo_range+0x5e5/0x1570 [ 1039.920261][T21931] ? shmem_evict_inode+0x39e/0xbd0 [ 1039.925396][T21931] ? evict+0x3c2/0xad0 [ 1039.929485][T21931] ? iput.part.0+0x605/0xf50 [ 1039.934134][T21931] ? iput+0x35/0x40 [ 1039.937958][T21931] ? dentry_unlink_inode+0x2a1/0x490 [ 1039.943264][T21931] ? __dentry_kill+0x1d0/0x600 [ 1039.948067][T21931] ? finish_dput+0x76/0x480 [ 1039.952592][T21931] ? dput.part.0+0x456/0x570 [ 1039.957288][T21931] ? dput+0x1f/0x30 [ 1039.961117][T21931] ? __fput+0x519/0xb40 [ 1039.965299][T21931] ? task_work_run+0x150/0x240 [ 1039.970089][T21931] ? exit_to_user_mode_loop+0x100/0x4a0 [ 1039.975659][T21931] ? page_ext_put+0x3e/0xd0 [ 1039.980223][T21931] __reset_page_owner+0x84/0x190 [ 1039.985197][T21931] free_unref_folios+0xaea/0x1790 [ 1039.990252][T21931] folios_put_refs+0x53c/0x840 [ 1039.995048][T21931] ? __pfx_folios_put_refs+0x10/0x10 [ 1040.000363][T21931] ? folio_batch_remove_exceptionals+0x115/0x1a0 [ 1040.006738][T21931] shmem_undo_range+0x5e5/0x1570 [ 1040.011711][T21931] ? __pfx_shmem_undo_range+0x10/0x10 [ 1040.017124][T21931] ? finish_task_switch.isra.0+0x200/0xb80 [ 1040.022947][T21931] ? __pfx_madvise_collapse+0x10/0x10 [ 1040.028349][T21931] ? rcu_is_cpu_rrupt_from_idle+0x1f0/0x270 [ 1040.034287][T21931] ? mas_prev+0x9b/0xf0 [ 1040.038474][T21931] ? __pfx_mas_prev+0x10/0x10 [ 1040.043175][T21931] ? percpu_counter_add_batch+0xb9/0x230 [ 1040.048839][T21931] shmem_evict_inode+0x39e/0xbd0 [ 1040.053891][T21931] ? inode_wait_for_writeback+0x171/0x390 [ 1040.059648][T21931] ? __pfx_shmem_evict_inode+0x10/0x10 [ 1040.065160][T21931] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 1040.071289][T21931] ? find_held_lock+0x2b/0x80 [ 1040.076104][T21931] ? evict+0x37e/0xad0 [ 1040.080195][T21931] ? evict+0x37e/0xad0 [ 1040.084285][T21931] ? __pfx_shmem_evict_inode+0x10/0x10 [ 1040.089773][T21931] evict+0x3c2/0xad0 [ 1040.093689][T21931] ? find_held_lock+0x2b/0x80 [ 1040.098380][T21931] ? __pfx_evict+0x10/0x10 [ 1040.102820][T21931] ? iput.part.0+0x5fd/0xf50 [ 1040.107434][T21931] iput.part.0+0x605/0xf50 [ 1040.111872][T21931] ? __pfx_inode_just_drop+0x10/0x10 [ 1040.117197][T21931] iput+0x35/0x40 [ 1040.120852][T21931] dentry_unlink_inode+0x2a1/0x490 [ 1040.125982][T21931] __dentry_kill+0x1d0/0x600 [ 1040.130597][T21931] finish_dput+0x76/0x480 [ 1040.134952][T21931] dput.part.0+0x456/0x570 [ 1040.139423][T21931] dput+0x1f/0x30 [ 1040.143079][T21931] __fput+0x519/0xb40 [ 1040.147098][T21931] ? _raw_spin_unlock_irq+0x23/0x50 [ 1040.152405][T21931] task_work_run+0x150/0x240 [ 1040.157027][T21931] ? __pfx_task_work_run+0x10/0x10 [ 1040.162167][T21931] exit_to_user_mode_loop+0x100/0x4a0 [ 1040.167562][T21931] do_syscall_64+0x668/0xf80 [ 1040.172203][T21931] ? clear_bhb_loop+0x40/0x90 [ 1040.177095][T21931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1040.183004][T21931] RIP: 0033:0x7fb85439c799 [ 1040.187440][T21931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1040.207064][T21931] RSP: 002b:00007fb855286028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1040.215497][T21931] RAX: ffffffffffffffea RBX: 00007fb854616090 RCX: 00007fb85439c799 [ 1040.223479][T21931] RDX: 0000000000000019 RSI: 0000000000200007 RDI: 0000000000000000 [ 1040.231462][T21931] RBP: 00007fb854432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1040.239445][T21931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1040.247431][T21931] R13: 00007fb854616128 R14: 00007fb854616090 R15: 00007fff72a41cc8 [ 1040.255425][T21931] [ 1040.258466][T21931] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1040.265759][T21931] CPU: 0 UID: 0 PID: 21931 Comm: syz.4.4992 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1040.276728][T21931] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1040.286794][T21931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1040.296871][T21931] Call Trace: [ 1040.300226][T21931] [ 1040.303167][T21931] dump_stack_lvl+0x100/0x190 [ 1040.307878][T21931] vpanic+0x552/0x970 [ 1040.311899][T21931] ? __pfx_vpanic+0x10/0x10 [ 1040.316501][T21931] ? lock_release+0x263/0x320 [ 1040.321214][T21931] panic+0xd1/0xe0 [ 1040.324949][T21931] ? __pfx_panic+0x10/0x10 [ 1040.329394][T21931] check_panic_on_warn.cold+0x19/0x34 [ 1040.334794][T21931] ? update_rq_clock+0x40a/0xd20 [ 1040.339837][T21931] __warn.cold+0x191/0x348 [ 1040.344272][T21931] __report_bug+0x296/0x3d0 [ 1040.348794][T21931] ? update_rq_clock+0x40a/0xd20 [ 1040.353751][T21931] ? __pfx___report_bug+0x10/0x10 [ 1040.358815][T21931] ? __lock_acquire+0x4a5/0x2630 [ 1040.363795][T21931] ? find_held_lock+0x2b/0x80 [ 1040.368490][T21931] ? trace_ignore_this_task+0xbc/0x100 [ 1040.373990][T21931] ? update_rq_clock+0x40a/0xd20 [ 1040.378943][T21931] report_bug+0xb2/0x220 [ 1040.383243][T21931] ? update_rq_clock+0x40a/0xd20 [ 1040.388205][T21931] handle_bug+0x16a/0x2a0 [ 1040.392569][T21931] exc_invalid_op+0x17/0x50 [ 1040.397100][T21931] asm_exc_invalid_op+0x1a/0x20 [ 1040.401971][T21931] RIP: 0010:update_rq_clock+0x40a/0xd20 [ 1040.407550][T21931] Code: ab 48 0b 00 00 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f e9 18 9f ba 09 a8 04 0f 84 df fc ff ff 90 0f 0b 90 e9 d6 fc ff ff 90 <0f> 0b 90 e9 92 fc ff ff 4c 8d 83 40 0b 00 00 48 b8 00 00 00 00 00 [ 1040.427273][T21931] RSP: 0018:ffffc90003376fb8 EFLAGS: 00010046 [ 1040.433374][T21931] RAX: 0000000000000000 RBX: ffff8880b853b280 RCX: 0000000000000001 [ 1040.441374][T21931] RDX: 0000000000000046 RSI: ffffffff8de55850 RDI: ffffffff8c1af520 [ 1040.449398][T21931] RBP: ffffc90003377160 R08: 0000000000000001 R09: 0000000000000001 [ 1040.457393][T21931] R10: ffffffff90d9b017 R11: 0000000000000000 R12: ffffffff90d9e3e4 [ 1040.465381][T21931] R13: ffff8880b853c0c0 R14: ffff8880554abd00 R15: ffff8880b853b280 [ 1040.473389][T21931] ? update_rq_clock+0x9c/0xd20 [ 1040.478356][T21931] ? pick_task_fair+0x85/0x350 [ 1040.483157][T21931] __schedule+0x1b7d/0x6120 [ 1040.487675][T21931] ? trace_ignore_this_task+0xc3/0x100 [ 1040.493172][T21931] ? __pfx___schedule+0x10/0x10 [ 1040.498039][T21931] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1040.503450][T21931] ? preempt_schedule_thunk+0x16/0x30 [ 1040.508854][T21931] preempt_schedule_common+0x42/0xc0 [ 1040.514180][T21931] preempt_schedule_thunk+0x16/0x30 [ 1040.519425][T21931] _raw_spin_unlock_irqrestore+0x61/0x80 [ 1040.525093][T21931] __rcu_read_unlock+0x27f/0x5e0 [ 1040.530057][T21931] unwind_next_frame+0x3c8/0x1ea0 [ 1040.535194][T21931] ? exit_to_user_mode_loop+0x100/0x4a0 [ 1040.540806][T21931] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1040.547069][T21931] arch_stack_walk+0x94/0xf0 [ 1040.551681][T21931] ? do_syscall_64+0x668/0xf80 [ 1040.556478][T21931] stack_trace_save+0x8e/0xc0 [ 1040.561178][T21931] ? __pfx_stack_trace_save+0x10/0x10 [ 1040.566567][T21931] ? __lock_acquire+0x4a5/0x2630 [ 1040.571527][T21931] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1040.577347][T21931] ? lockdep_hardirqs_on+0x78/0x100 [ 1040.582566][T21931] save_stack+0x162/0x1e0 [ 1040.586924][T21931] ? __pfx_save_stack+0x10/0x10 [ 1040.591805][T21931] ? free_unref_folios+0xaea/0x1790 [ 1040.597027][T21931] ? folios_put_refs+0x53c/0x840 [ 1040.601997][T21931] ? shmem_undo_range+0x5e5/0x1570 [ 1040.607151][T21931] ? shmem_evict_inode+0x39e/0xbd0 [ 1040.612319][T21931] ? evict+0x3c2/0xad0 [ 1040.616422][T21931] ? iput.part.0+0x605/0xf50 [ 1040.621039][T21931] ? iput+0x35/0x40 [ 1040.624870][T21931] ? dentry_unlink_inode+0x2a1/0x490 [ 1040.630192][T21931] ? __dentry_kill+0x1d0/0x600 [ 1040.634995][T21931] ? finish_dput+0x76/0x480 [ 1040.639534][T21931] ? dput.part.0+0x456/0x570 [ 1040.644144][T21931] ? dput+0x1f/0x30 [ 1040.648002][T21931] ? __fput+0x519/0xb40 [ 1040.652209][T21931] ? task_work_run+0x150/0x240 [ 1040.657038][T21931] ? exit_to_user_mode_loop+0x100/0x4a0 [ 1040.662697][T21931] ? page_ext_put+0x3e/0xd0 [ 1040.667230][T21931] __reset_page_owner+0x84/0x190 [ 1040.672204][T21931] free_unref_folios+0xaea/0x1790 [ 1040.677262][T21931] folios_put_refs+0x53c/0x840 [ 1040.682058][T21931] ? __pfx_folios_put_refs+0x10/0x10 [ 1040.687375][T21931] ? folio_batch_remove_exceptionals+0x115/0x1a0 [ 1040.693721][T21931] shmem_undo_range+0x5e5/0x1570 [ 1040.698715][T21931] ? __pfx_shmem_undo_range+0x10/0x10 [ 1040.704182][T21931] ? finish_task_switch.isra.0+0x200/0xb80 [ 1040.710047][T21931] ? __pfx_madvise_collapse+0x10/0x10 [ 1040.715442][T21931] ? rcu_is_cpu_rrupt_from_idle+0x1f0/0x270 [ 1040.721383][T21931] ? mas_prev+0x9b/0xf0 [ 1040.725563][T21931] ? __pfx_mas_prev+0x10/0x10 [ 1040.730266][T21931] ? percpu_counter_add_batch+0xb9/0x230 [ 1040.735938][T21931] shmem_evict_inode+0x39e/0xbd0 [ 1040.740914][T21931] ? inode_wait_for_writeback+0x171/0x390 [ 1040.746661][T21931] ? __pfx_shmem_evict_inode+0x10/0x10 [ 1040.752171][T21931] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 1040.758269][T21931] ? find_held_lock+0x2b/0x80 [ 1040.762955][T21931] ? evict+0x37e/0xad0 [ 1040.767069][T21931] ? evict+0x37e/0xad0 [ 1040.771181][T21931] ? __pfx_shmem_evict_inode+0x10/0x10 [ 1040.776691][T21931] evict+0x3c2/0xad0 [ 1040.780607][T21931] ? find_held_lock+0x2b/0x80 [ 1040.785298][T21931] ? __pfx_evict+0x10/0x10 [ 1040.789737][T21931] ? iput.part.0+0x5fd/0xf50 [ 1040.794348][T21931] iput.part.0+0x605/0xf50 [ 1040.798783][T21931] ? __pfx_inode_just_drop+0x10/0x10 [ 1040.804096][T21931] iput+0x35/0x40 [ 1040.807750][T21931] dentry_unlink_inode+0x2a1/0x490 [ 1040.812969][T21931] __dentry_kill+0x1d0/0x600 [ 1040.817669][T21931] finish_dput+0x76/0x480 [ 1040.822029][T21931] dput.part.0+0x456/0x570 [ 1040.826466][T21931] dput+0x1f/0x30 [ 1040.830147][T21931] __fput+0x519/0xb40 [ 1040.834147][T21931] ? _raw_spin_unlock_irq+0x23/0x50 [ 1040.839362][T21931] task_work_run+0x150/0x240 [ 1040.843982][T21931] ? __pfx_task_work_run+0x10/0x10 [ 1040.849150][T21931] exit_to_user_mode_loop+0x100/0x4a0 [ 1040.854575][T21931] do_syscall_64+0x668/0xf80 [ 1040.859185][T21931] ? clear_bhb_loop+0x40/0x90 [ 1040.863892][T21931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1040.869803][T21931] RIP: 0033:0x7fb85439c799 [ 1040.874231][T21931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1040.893880][T21931] RSP: 002b:00007fb855286028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1040.902322][T21931] RAX: ffffffffffffffea RBX: 00007fb854616090 RCX: 00007fb85439c799 [ 1040.910308][T21931] RDX: 0000000000000019 RSI: 0000000000200007 RDI: 0000000000000000 [ 1040.918313][T21931] RBP: 00007fb854432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1040.926295][T21931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1040.934281][T21931] R13: 00007fb854616128 R14: 00007fb854616090 R15: 00007fff72a41cc8 [ 1040.942298][T21931] [ 1040.945528][T21931] Kernel Offset: disabled [ 1040.949899][T21931] Rebooting in 86400 seconds..