last executing test programs: 4m9.667658838s ago: executing program 3 (id=2026): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x801, 0x84) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 4m8.309832615s ago: executing program 3 (id=2029): socket(0xa, 0x3, 0x3a) ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x40041, 0x0) open(&(0x7f0000000040)='./file1\x00', 0x165840, 0x151) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0x1d, 0x2, 0x7) socket(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x1aa, 0x0, 0x6, 0x0, 0x5, 0x1001}, 0x5}, 0x2, 0x100) bpf$auto(0x9, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x71c, 0xfaae, 0x468, 0x2, 0x8000000000000001, 0x80, 0x7, 0x1, 0x1fc, 0xff, 0xb5, 0x4, 0x40004, 0xd9ee}, 0xe3) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x200) 4m7.19691917s ago: executing program 3 (id=2030): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x540a, r1) write$auto(r0, &(0x7f0000000000)='0\x81=\xa2\xad\xff\x8d\xf9\xac\xa6\xad\xfbi\xa3^}\x91\xa3}\x85\xfaP\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb\x05\x00\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0x7fff) getsockopt$auto_SO_SNDTIMEO_NEW(0xffffffffffffffff, 0x8, 0x43, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram11\x00', 0x145002, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1eba02, 0x0) ioctl$auto_BLKALIGNOFF(r2, 0x127a, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) syz_clone(0x20000000, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000300)="2918758169251555183442853a27ba37074b62633f338d1a7b74c6ff4c91676d9a5e0078ab1db0f30dc404f23fd5820a80ed88704e31ac2c5f3169cb36f22141f45b35a2e04fe71bc918ec46671bf5d28d8d26ce4970c811a8b669c7011c3e9ff8b2109640c07450f5b7b624fde03bb975adc229120a3b8750efcf8a90044854f04b55f429540f9fc390d24df293299b9c4395aed65212fdd9a1597ffcfaf9b300") openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpgid$auto(0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x28002, 0x0) syz_clone(0x904000, &(0x7f0000000380)="edc4fb9c39c6f60b7c2781272d215abbd65ce0067f3fcf5722070466b811eaafe49d9fa027baeb7a0aeec795768b116e03ad30d6c7e4c01e0d07821ad841c73d5489bbe700a62b97a8260316683f6a5929de6a568c9b6d31f713ba3c960f7f3f1274a01eda4926d05a391ef8e4a6c907badc0d7435080f1d3482f110511c4df46ce6e9123f433e86222c7d5eaf7097c0078e3d7d1042bf3169968c5b74759d78c46cf3ee59efdd37f25d9248857d5dffe891ecb58b6614cb2706d80f230147e93d14d3230e70a43497b2", 0xca, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000480)="7c5eda57ce4455e15f") 4m5.403426407s ago: executing program 3 (id=2031): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x22, 0x3, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) 4m2.37427219s ago: executing program 3 (id=2034): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, 0x0, 0x100000a3d9) socket(0x6, 0xc, 0x8007) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) connect$auto(0x3, 0x0, 0x54) unshare$auto(0x40000080) unshare$auto(0x40000080) socket(0x2d, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0xb, 0x0) readv$auto(0x3, 0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) msgrcv$auto(0x0, 0x0, 0xff9, 0x0, 0x3) 3m50.502478696s ago: executing program 3 (id=2052): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setresgid$auto(0x800, 0xee01, 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x14) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) 3m34.486190908s ago: executing program 32 (id=2052): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setresgid$auto(0x800, 0xee01, 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x14) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) 2m18.587021918s ago: executing program 2 (id=2154): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3, 0x5) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x273) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x181441, 0x0) socket(0xa, 0x1, 0x84) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000) bpf$auto(0x7fffffe, &(0x7f00000001c0)=@test={r0, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac5, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x1c00000000000000, 0xffff, 0x40006, 0x81, 0x68198}, 0x6) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m16.952320909s ago: executing program 1 (id=2157): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) mincore$auto(0x1000, 0x4000000, 0x0) listen$auto(0x3, 0x81) mremap$auto(0x8, 0x8000000000000001, 0x0, 0x3, 0x2) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9u\x00', 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x40000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) ioctl$auto_EVIOCREVOKE(r1, 0x40044591, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x855}, 0x10) pread64$auto(r0, 0x0, 0x101, 0x103) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0x6, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x6, 0x16, 0x5, 0x100000001, 0xc, 0x9, 0x0, 0x1, 0x7ff, 0xd59, 0x101, 0x6, 0xfffffffffffffffe, 0x80000001]}, 0x0, 0x0) 2m16.556861707s ago: executing program 2 (id=2159): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) 2m12.263245713s ago: executing program 2 (id=2171): r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0) write$auto(r1, 0x0, 0x9) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/interrupts\x00', 0x18901, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000700), r2) openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000040), 0x48080, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x2, 0x3, 0x100) recvfrom$auto(r3, &(0x7f0000000080)="bf32a16cf4b6d58e1dffb843bde4de474101", 0x0, 0x3, &(0x7f0000000100)=@ax25={0x3, @null}, &(0x7f0000000180)=0x9ea0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x60d02, 0x0) mknod$auto(&(0x7f0000000900)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x4, 0x407) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) 2m11.794653629s ago: executing program 1 (id=2164): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) 2m7.056464595s ago: executing program 1 (id=2169): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) 2m6.754775822s ago: executing program 2 (id=2172): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) 2m5.093764488s ago: executing program 1 (id=2174): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) mincore$auto(0x1000, 0x4000000, 0x0) listen$auto(0x3, 0x81) mremap$auto(0x8, 0x8000000000000001, 0x0, 0x3, 0x2) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9u\x00', 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x40000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) ioctl$auto_EVIOCREVOKE(r1, 0x40044591, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x855}, 0x10) pread64$auto(r0, 0x0, 0x101, 0x103) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0x6, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x6, 0x16, 0x5, 0x100000001, 0xc, 0x9, 0x0, 0x1, 0x7ff, 0xd59, 0x101, 0x6, 0xfffffffffffffffe, 0x80000001]}, 0x0, 0x0) 2m3.336637086s ago: executing program 2 (id=2176): unshare$auto(0x40000080) r0 = socket(0x11, 0x3, 0x9) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000000), 0x5aa, &(0x7f00000000c0)={&(0x7f0000000040)='f', 0x49}, 0x1, &(0x7f0000000200), 0x5, 0x3}, 0x4}, 0x2, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2048000}, 0x40000) kexec_load$auto(0x70, 0x2, &(0x7f0000000080)={@buf=0x0, 0x0, 0x8000, 0x403000}, 0x4) syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/au`io1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) io_uring_setup$auto(0x4, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) 2m1.80659208s ago: executing program 1 (id=2178): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3, 0x5) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x273) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x181441, 0x0) socket(0xa, 0x1, 0x84) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000) bpf$auto(0x7fffffe, &(0x7f00000001c0)=@test={r0, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac5, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x1c00000000000000, 0xffff, 0x40006, 0x81, 0x68198}, 0x6) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m58.205946931s ago: executing program 0 (id=2181): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0xb, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2000002003f2, 0x15) socket(0xa, 0x1, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x6600, 0x0) openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x5, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x82, 0x0, 0x0) 1m57.585323929s ago: executing program 2 (id=2182): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) 1m57.034654734s ago: executing program 1 (id=2183): connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) 1m56.475825118s ago: executing program 0 (id=2184): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty28\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000280)="13") socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfff, 0x700, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0x8000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) 1m52.570637455s ago: executing program 0 (id=2185): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty28\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000280)="13") socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfff, 0x700, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0x8000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) 1m47.799976901s ago: executing program 0 (id=2187): r0 = open(&(0x7f00000000c0)='./file0\x00', 0x161342, 0x134) fallocate$auto(r0, 0x7ffc, 0x856, 0x4cbd5a) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume_offset\x00', 0xa081, 0x0) write$auto(r1, &(0x7f0000000040)=',\x00^\xa2\x02\x00\x00\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x1000) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop12\x00', 0x14fa02, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x60142, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) rename$auto(&(0x7f0000000500)='./file0\x00', &(0x7f0000000100)='./cgroup\x00') mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) r2 = socket(0x1e, 0x1, 0x0) bind$auto(r2, &(0x7f0000000040)=@generic={0x1e, "0abc988d53c600522300c8574560"}, 0x66) unlink$auto(&(0x7f0000000180)='./file0\x00') mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) ioctl$auto_SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) dup3$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xffffffa3) 1m44.973229053s ago: executing program 0 (id=2189): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) mincore$auto(0x1000, 0x4000000, 0x0) listen$auto(0x3, 0x81) mremap$auto(0x8, 0x8000000000000001, 0x0, 0x3, 0x2) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9u\x00', 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x40000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x6d3f, 0x9, 0x8, 0x4]}, 0x0) ioctl$auto_EVIOCREVOKE(r1, 0x40044591, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x855}, 0x10) pread64$auto(r0, 0x0, 0x101, 0x103) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0x6, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x6, 0x16, 0x5, 0x100000001, 0xc, 0x9, 0x0, 0x1, 0x7ff, 0xd59, 0x101, 0x6, 0xfffffffffffffffe, 0x80000001]}, 0x0, 0x0) 1m42.306630014s ago: executing program 33 (id=2182): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) 1m41.540734983s ago: executing program 0 (id=2193): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x540a, r1) write$auto(r0, &(0x7f0000000000)='0\x81=\xa2\xad\xff\x8d\xf9\xac\xa6\xad\xfbi\xa3^}\x91\xa3}\x85\xfaP\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb\x05\x00\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0x7fff) getsockopt$auto_SO_SNDTIMEO_NEW(0xffffffffffffffff, 0x8, 0x43, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram11\x00', 0x145002, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1eba02, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) syz_clone(0x20000000, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000300)="2918758169251555183442853a27ba37074b62633f338d1a7b74c6ff4c91676d9a5e0078ab1db0f30dc404f23fd5820a80ed88704e31ac2c5f3169cb36f22141f45b35a2e04fe71bc918ec46671bf5d28d8d26ce4970c811a8b669c7011c3e9ff8b2109640c07450f5b7b624fde03bb975adc229120a3b8750efcf8a90044854f04b55f429540f9fc390d24df293299b9c4395aed65212fdd9a1597ffcfaf9b300") openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpgid$auto(0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x28002, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) syz_clone(0x904000, &(0x7f0000000380)="edc4fb9c39c6f60b7c2781272d215abbd65ce0067f3fcf5722070466b811eaafe49d9fa027baeb7a0aeec795768b116e03ad30d6c7e4c01e0d07821ad841c73d5489bbe700a62b97a8260316683f6a5929de6a568c9b6d31f713ba3c960f7f3f1274a01eda4926d05a391ef8e4a6c907badc0d7435080f1d3482f110511c4df46ce6e9123f433e86222c7d5eaf7097c0078e3d7d1042bf3169968c5b74759d78c46cf3ee59efdd37f25d9248857d5dffe891ecb58b6614cb2706d80f230147e93d14d3230e70a43497b2", 0xca, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000480)="7c5eda57ce4455e15f") 1m41.357216216s ago: executing program 34 (id=2183): connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) 1m26.412210719s ago: executing program 35 (id=2193): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x540a, r1) write$auto(r0, &(0x7f0000000000)='0\x81=\xa2\xad\xff\x8d\xf9\xac\xa6\xad\xfbi\xa3^}\x91\xa3}\x85\xfaP\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb\x05\x00\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0x7fff) getsockopt$auto_SO_SNDTIMEO_NEW(0xffffffffffffffff, 0x8, 0x43, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram11\x00', 0x145002, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1eba02, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) syz_clone(0x20000000, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000300)="2918758169251555183442853a27ba37074b62633f338d1a7b74c6ff4c91676d9a5e0078ab1db0f30dc404f23fd5820a80ed88704e31ac2c5f3169cb36f22141f45b35a2e04fe71bc918ec46671bf5d28d8d26ce4970c811a8b669c7011c3e9ff8b2109640c07450f5b7b624fde03bb975adc229120a3b8750efcf8a90044854f04b55f429540f9fc390d24df293299b9c4395aed65212fdd9a1597ffcfaf9b300") openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpgid$auto(0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x28002, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) syz_clone(0x904000, &(0x7f0000000380)="edc4fb9c39c6f60b7c2781272d215abbd65ce0067f3fcf5722070466b811eaafe49d9fa027baeb7a0aeec795768b116e03ad30d6c7e4c01e0d07821ad841c73d5489bbe700a62b97a8260316683f6a5929de6a568c9b6d31f713ba3c960f7f3f1274a01eda4926d05a391ef8e4a6c907badc0d7435080f1d3482f110511c4df46ce6e9123f433e86222c7d5eaf7097c0078e3d7d1042bf3169968c5b74759d78c46cf3ee59efdd37f25d9248857d5dffe891ecb58b6614cb2706d80f230147e93d14d3230e70a43497b2", 0xca, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000480)="7c5eda57ce4455e15f") 27.774537334s ago: executing program 5 (id=2290): select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x20b02, 0x0) io_uring_register$auto_IORING_UNREGISTER_FILES(r0, 0x3, &(0x7f0000000080)="193f32b995f0ecb4ddf8cd83baeda5c352a745214ad880cc4c561670de2d13131c656d339507302cd18f379f551569932d17bb17195ecfc677eb23ac801128003ef54e78817f1a", 0x3) sendfile$auto(r0, r0, &(0x7f0000000000)=0x3, 0xad6) settimeofday$auto(&(0x7f00000001c0)={0x7, 0x3}, &(0x7f0000000240)={0x7, 0x3}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) read$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffffff, &(0x7f00000002c0)=""/141, 0x8d) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x0, 0x80000001, r2}, 0x6f4) write$auto(0xffffffffffffffff, 0x0, 0x6) unshare$auto(0x40000080) 21.424641702s ago: executing program 5 (id=2300): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty28\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000280)="13") socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfff, 0x700, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r1, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) 18.083860513s ago: executing program 5 (id=2306): r0 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f00000049c0)={0x0, 0x0, &(0x7f0000004980)={&(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYBLOB="010026bd7000fedbdf25020000000800048004000880"], 0x1c}, 0x1, 0x0, 0x0, 0x40040801}, 0x44000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x1, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x1000000000009489, 0x3, 0x15f4da0a, 0x1, 0x7, 0x7, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffa]}, 0x0) write$auto(r1, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) select$auto(0xa, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x5, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x85) 14.966645254s ago: executing program 6 (id=2312): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r1 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r1, 0x29, 0x0, 0x0, 0x110) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) write$auto_proc_uid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) 13.075255366s ago: executing program 5 (id=2314): r0 = socket(0xf, 0x3, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/oom_adj\x00', 0x980, 0x0) read$auto(r1, 0x0, 0x4) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) r3 = ioctl$auto_NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, 0x0, 0x6) process_madvise$auto_MADV_DOFORK(0xffffffffffffffff, 0x0, 0x0, 0xb, 0x9) unshare$auto(0x6c000000) r4 = getgid() setregid$auto(0x0, r4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) write$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000540)=""/150, 0x96) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r0) sendmsg$auto_NETDEV_CMD_NAPI_GET(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044800}, 0x20000001) 12.501572778s ago: executing program 7 (id=2317): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) wait4$auto(0x0, &(0x7f0000000040)=0x8, 0x6, &(0x7f0000000080)={{0x9, 0x6}, {0x7f, 0x5}, 0x100000000, 0xcef4, 0x2, 0x2, 0x5, 0x9, 0x3, 0xffffffff, 0x10, 0x7fff, 0x4, 0x65, 0x8000000000000001, 0x3}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0xa0241, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x1, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x401, 0x5, 0x4, @inferred, @integer={0xdbe, 0x255, 0x8}, "7a9fc199a16a2311eacf2fc7ae1d8778dc618090334fdd73340238d21000debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cbce0bb32791702b8d7c2d"}) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000640)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7b, 0x0, 0x5, 0xfffffffffffffffd}, {0x100, 0x20001, 0x52, 0x85, 0x2, 0x0, 0x2072c2, 0xc, 0x100000000}}) io_uring_register$auto(0x2, 0x20, &(0x7f0000000240), 0x1) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mseal$auto(0x0, 0x7dda, 0x0) madvise$auto(0x0, 0x3, 0x3) writev$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xf, 0xfffffffd, 0x44b, 0x3, 0x5, 0x1007181, 0xd1, 0x400007, 0x3, 0x2, 0x800c, 0x80000001, 0x4, 0x80200000000001, 0x200000004, 0xde3, 0x9809588, 0xfffffffd, 0x2, 0x1, 0x864, 0x6, 0x22000, 0x201, 0x4, 0xc3f, 0x2000000, 0x0, 0x0, 0x0, 0x39, [0x0, 0x0, 0x0, 0x7fdf, 0x47, 0x4000000000000, 0x100, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7cd, 0x7, 0x2, 0x8000000000000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x6, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0xfff]}, 0xa, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1441, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd02, &(0x7f00000001c0)) 11.705245084s ago: executing program 6 (id=2318): unshare$auto(0x40000080) r0 = socket(0x11, 0x3, 0x9) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000000), 0x5aa, &(0x7f00000000c0)={&(0x7f0000000040)='f', 0x49}, 0x1, &(0x7f0000000200), 0x5, 0x3}, 0x4}, 0x2, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2048000}, 0x40000) kexec_load$auto(0x70, 0x2, &(0x7f0000000080)={@buf=0x0, 0x0, 0x8000, 0x403000}, 0x4) syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/au`io1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) io_uring_setup$auto(0x4, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) 10.361458735s ago: executing program 4 (id=2319): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto_ftrace_subsystem_filter_fops_trace_events(r0, &(0x7f0000000240)="8f0447fef2afea7e35a0274f508a73119aff3bc0528f45fd27fea1bb4baa95f757cf9e57a14e04353736f4a23ce2a531c678ed7d6d28d43aaea2a69abe3e93453380adf35653f5875227ce319330afe5e4cc7601a8eccbb3729f9869ca35edaf6343e41fe91304ef53273ed0943b28e00e9c2f919d54fe990911e4c265c3d23eb66229", 0x83) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x8000000000000001, 0x2020009, 0x3, 0x1fb, 0xfffffffffffffffa, 0xc000000000000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, 0x0, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/err_count\x00', 0x800, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop4\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) madvise$auto(0x0, 0x2000000080000001, 0x3) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) write$auto_tap_fops_tap(r3, &(0x7f0000000000)="c6c45342f36d76e12eaa55e1d6f56e36b2641f6f81fa48a1243798eb218435a659637ceb5ff4b2089e31", 0x2a) shutdown$auto(r3, 0x3) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/slab/kmalloc-64/total_objects\x00', 0x80000, 0x0) read$auto(r4, 0x0, 0x2) 8.271796892s ago: executing program 7 (id=2320): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2201, 0x0) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r2, 0x1269, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x4a, 0x0, 0x9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x6]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x0, 0x3, 0x5, 0x10001, 0x400000000003, 0x5, 0xffffffffffffffff, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(0x2, 0xa, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x80001, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev6\x00', 0xc0400, 0x0) 8.042402813s ago: executing program 6 (id=2321): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[], 0x70}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00', 0x100000002, 0x100000001) 5.005308008s ago: executing program 4 (id=2322): syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) sendfile$auto(r0, r0, 0x0, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x20040894) sendmsg$auto_NL80211_CMD_GET_SCAN(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r2, 0x0, 0x800003, 0x1) mlockall$auto(0x7) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r3, r3, 0x0) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi3\x00', 0x2af01, 0x0) ioctl$auto(r4, 0xc0585611, r4) 4.702478713s ago: executing program 4 (id=2323): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0xb, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2000002003f2, 0x15) socket(0xa, 0x1, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x6600, 0x0) openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x5, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 4.27077051s ago: executing program 7 (id=2324): r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, 0x0, 0x4048000) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r2, 0x4018620d, 0x9) socketpair$auto(0x5, 0x5, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x220080, 0x0) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(r0, 0x0, 0x9a6, 0x7000000) 3.800475336s ago: executing program 6 (id=2325): unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) mkdir$auto(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x8cd) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={0xffffffffffffffff, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x9, 0x7, 0x8000000008011, 0x3, 0x8000) mprotect$auto(0x200000000000, 0x806122, 0xc) sched_setscheduler$auto(0x0, 0x5, &(0x7f0000000040)={0x2}) ioprio_set$auto(0x2, 0x800000000, 0x8) read$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) settimeofday$auto(0x0, &(0x7f0000000100)={0x82, 0x4}) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/smaps_rollup\x00', 0x840, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x400000000f34) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/dfscache\x00', 0x101a41, 0x0) write$auto(r0, 0x0, 0x6) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r1, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) unshare$auto(0x8000400) 2.644369932s ago: executing program 6 (id=2326): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x3b7742, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x101000, 0x0) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mknod$auto(0x0, 0x20e9, 0x103) unshare$auto(0x20000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) 2.643739348s ago: executing program 4 (id=2327): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r1 = open(0x0, 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0x0, 0x1, 0xfd5, 0x12, r1, 0x0) mmap$auto(0x9, 0x1ff, 0x4, 0x14, 0x3, 0x0) socket(0xa, 0x3, 0x73) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x668401, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r3 = socket(0xa, 0x5, 0x84) openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/trace_clock\x00', 0x402080, 0x0) sendto$auto(r3, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) getsockopt$auto(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0) ioctl$auto(r0, 0x5646, r0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000280)=""/40, 0x28) 2.562028108s ago: executing program 5 (id=2328): clone$auto(0x801fd, 0x3, 0x0, 0x0, 0x15) mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x4, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) syslog$auto(0x3, &(0x7f0000000240)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) fchdir$auto(0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x28000, 0x0) mlockall$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x4, 0x109) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80051, 0x0) sendmmsg$auto(r0, 0x0, 0x9a9, 0x80230) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x89\xe8^\x98#\x86\x92\x86w\xa1\x05\x9b\xad}yX\xc5\xc0\x1c\xd1\xd9\x9e\x91\b\xfc=\x18\xf9E\b\xa3Rgu\xf5L\x1d\xf8\ny', 0x401) shmget$auto(0x100000000, 0x3, 0x79e56dc9) shmget$auto(0x5, 0x7, 0x35fa256d) 2.405986484s ago: executing program 7 (id=2329): socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) r0 = socket(0x10, 0x2, 0xf) close_range$auto(0x0, 0xffffeffe, 0x2) socket(0xa, 0x3, 0xff) pipe$auto(0x0) bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@bpf_attr_3={0x5, 0x0, 0x702955be, 0x40000, 0x4, 0x5, 0x80, 0xe4, 0xfffff800, "0566c8ee7c78a925488276d7697a12bd", 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x9, 0x4, 0x7, 0x10001, 0x0, 0x8001, @attach_prog_fd=r0, 0x7e, 0x4, 0x1, 0x5, 0x3}, 0x5) 2.068336429s ago: executing program 7 (id=2330): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/controlC1\x00', 0x62c620, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f00000004c0)={{@raw=0x5, 0xffffff7d, 0xa, 0xfffffffc, "50ddcc2d0a7b79ca0e62e667b5000000000000000000000000000000000100ffffffffffffffe700", @inferred=0xffffffffffffffff}, 0x1, @integer64=@value=[0x1, 0x9, 0x6b92, 0x6, 0xfffffffffffffffe, 0x7fffffff, 0x1, 0x5, 0xc, 0xffffffffffffff30, 0x6, 0x2000000002, 0x8, 0x7c1, 0x2, 0x8, 0x2, 0x2, 0xca1, 0xfffffffffffffffc, 0xffffffff00000001, 0x2, 0xffff, 0x6, 0x6, 0xc, 0x4, 0x93, 0xaa, 0x4, 0x2, 0x81, 0x7, 0x8003, 0x749, 0x3, 0x4, 0x7, 0x1, 0x3, 0x9186, 0x1000000003, 0x1, 0x1, 0x8, 0x6, 0x345f, 0x3, 0x4, 0x7fff, 0x3, 0x1, 0xaa7, 0x0, 0xfffffffffffff41f, 0xb0, 0x8000000e36c, 0x22e, 0x9, 0x10000000, 0xaca7, 0xf3c, 0x9660, 0x9], "bee8fd3b16a97731269aff7312ae1a01006266a3bde1f332e1078696becfd044280e7fb7719d4362b09d9f6cb070bad3af7185ae1e691c585914c0b11dd65468fb68dfc32254d8ed55c8d806a2ef4bba7bc65cd90676ce6dec79ff2f44034ad55049ff128dd27f04ac14d8dbaffacc77596ca0dffa00"}) mremap$auto(0x110c230000, 0x0, 0x2000101, 0x3, 0xf000) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/mem\x00', 0x68200, 0x0) readv$auto(r2, &(0x7f0000000700)={0x0, 0x6}, 0x3) fsopen$auto(0xfffffffffffffffd, 0x8) unshare$auto(0x0) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x5453, 0x0) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000080)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000010) socket(0x10, 0x2, 0x0) open_by_handle_at$auto(r0, &(0x7f0000000140)={0xa3, 0x1f5, "c16de251ef28fd3c8c3344e1d61155e496668c6cd3afd5cfc30446470486e025685aaef1ca384331066efa213baf72dba72831a660dbc648aea5444fdc5c2fbe091de795eb0d4dc506da8d538b49c0ea7bfde75b03bba6783392f0c3caa8db5a5c6fb061e02e6b970c85cee3cdc141a5980f7efdcfe1b9703c743faf35ee592d93c28fbb1553b38f84fd6dea91e8f631356449983958778538a744fb896765ac9ebf2e"}, 0x3) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r4 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x10e, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0xcb}, 0x3, 0x0, 0x0, 0x6}, 0x9}, 0x7, 0x6, 0x0) 1.221278357s ago: executing program 7 (id=2331): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x540a, r1) write$auto(r0, &(0x7f0000000000)='0\x81=\xa2\xad\xff\x8d\xf9\xac\xa6\xad\xfbi\xa3^}\x91\xa3}\x85\xfaP\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb\x05\x00\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0x7fff) getsockopt$auto_SO_SNDTIMEO_NEW(0xffffffffffffffff, 0x8, 0x43, 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1eba02, 0x0) ioctl$auto_BLKALIGNOFF(r2, 0x127a, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) syz_clone(0x20000000, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000300)="2918758169251555183442853a27ba37074b62633f338d1a7b74c6ff4c91676d9a5e0078ab1db0f30dc404f23fd5820a80ed88704e31ac2c5f3169cb36f22141f45b35a2e04fe71bc918ec46671bf5d28d8d26ce4970c811a8b669c7011c3e9ff8b2109640c07450f5b7b624fde03bb975adc229120a3b8750efcf8a90044854f04b55f429540f9fc390d24df293299b9c4395aed65212fdd9a1597ffcfaf9b300") openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) getpgid$auto(0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x28002, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) syz_clone(0x904000, &(0x7f0000000380)="edc4fb9c39c6f60b7c2781272d215abbd65ce0067f3fcf5722070466b811eaafe49d9fa027baeb7a0aeec795768b116e03ad30d6c7e4c01e0d07821ad841c73d5489bbe700a62b97a8260316683f6a5929de6a568c9b6d31f713ba3c960f7f3f1274a01eda4926d05a391ef8e4a6c907badc0d7435080f1d3482f110511c4df46ce6e9123f433e86222c7d5eaf7097c0078e3d7d1042bf3169968c5b74759d78c46cf3ee59efdd37f25d9248857d5dffe891ecb58b6614cb2706d80f230147e93d14d3230e70a43497b2", 0xca, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000480)="7c5eda57ce4455e15f") 1.178130194s ago: executing program 4 (id=2332): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty28\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000280)="13") socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfff, 0x700, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0x8000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r1, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) 307.292976ms ago: executing program 6 (id=2333): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0xf, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) ioctl$auto_SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1004c095}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES8], 0x1ac}}, 0x40000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x40086602, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x8002, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) select$auto(0x4, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) write$auto(r1, &(0x7f00000002c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef`\xd8\x9c\xf7?:\x1a\xc62\x911e\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\b};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xff\x7f\xd0UV\x11\xcb\xdd\x81\xbe\xde\f/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7\x00\x85Z\x06?\x12\x98\x0f)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1;\xe4pd$\xd7\x1b\v\x82\r\f\xd0Hq\xd9\r\x88#\x89\x8d\xcd\x1e\x87N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8HR+\a\xb7R\t\n+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb\xc8^\xa4\xe2\x05\x91|\x123\xc3:\xfd\xee\x04a\xc8\x12\xce\xa2\x12\xcb\x8c\x87f\xebGQ\xe9\x96\xd5E\x13a\xb7\x057<&\xe0\x94\xa7\xfb\x9d;\xfa\xb1\x1b4a,\'\xb2Ym\xe1:\xbf\x8cs\x06\xa3u\x8d!\n\x80-\x9a\xbb;\xf4\xf3\xe1\x97\xfc8\xff\xa7\\\x8b\xf9\x95\x10$\xef\x1a #b\xfb\xfe\xe9\x06fK0\xdd\x84T,\xfa\xb5\x00\x83d\xbba\xd7\n\x92l\xdfAN\x9d\xcb\x96\xc7\xe8\xe6\x8bC\xeb\xc7EZ\xc8\x1a\x81nf\tZ-sZ\x13n\xec\xa9\xbf\xd0$\xb9\xd8\x00\x00\x00\x00\x00\x00\x00', 0xb) 195.565662ms ago: executing program 5 (id=2334): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x942, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000700), r3) r5 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x20000, 0x0) ioctl$auto_SG_GET_SCSI_ID(r5, 0x2276, &(0x7f0000000040)) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_CHANNEL(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000780)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010027bd7000fddbdf255c7c000008000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r4, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_EPCS={0x4}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x1}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x3}, @NL80211_ATTR_PREV_BSSID={0x7, 0x4f, "4a2b13"}, @NL80211_ATTR_PMKR0_NAME={0x35, 0x102, "fa8187b15d038e27ebbdee9403b42d163f0cf5825404a83da74b14a4b6c40b8ccb4e75f09e092da80167e32552b36e9c55"}]}, 0x68}, 0x1, 0x0, 0x0, 0x50040010}, 0x801) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000001c0), r2) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r7, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0x2}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0xfff}, @IOAM6_ATTR_NS_ID={0x6}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0xc0}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c68aba9bfb7025e}, 0x8001) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x6, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 4 (id=2335): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0xb, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2000002003f2, 0x15) socket(0xa, 0x1, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x6600, 0x0) openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x5, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x40106f52, r0) kernel console output (not intermixed with test programs): x250 [ 583.438531][T10927] new_inode+0x22/0x1c0 [ 583.438567][T10927] shmem_get_inode+0x212/0x1040 [ 583.438604][T10927] ? __pfx_shmem_get_inode+0x10/0x10 [ 583.438635][T10927] ? d_add+0x443/0x850 [ 583.438668][T10927] ? do_raw_spin_unlock+0x145/0x1e0 [ 583.438712][T10927] shmem_mknod+0x20c/0x470 [ 583.438747][T10927] ? __pfx_shmem_mknod+0x10/0x10 [ 583.438778][T10927] ? bpf_lsm_inode_create+0x9/0x10 [ 583.438819][T10927] ? __pfx_shmem_create+0x10/0x10 [ 583.438853][T10927] lookup_open.isra.0+0xc47/0x11b0 [ 583.438897][T10927] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 583.438941][T10927] ? __pfx___might_resched+0x10/0x10 [ 583.438978][T10927] ? mnt_get_write_access+0x52/0x2f0 [ 583.439017][T10927] ? __pfx_down_write+0x10/0x10 [ 583.439062][T10927] ? mnt_get_write_access+0x1e9/0x2f0 [ 583.439102][T10927] path_openat+0x2291/0x31a0 [ 583.439137][T10927] ? __pfx_path_openat+0x10/0x10 [ 583.439174][T10927] do_file_open+0x20e/0x430 [ 583.439203][T10927] ? __pfx_do_file_open+0x10/0x10 [ 583.439250][T10927] ? alloc_fd+0x476/0x790 [ 583.439278][T10927] ? do_getname+0x191/0x390 [ 583.439312][T10927] do_sys_openat2+0x10d/0x1e0 [ 583.439345][T10927] ? __pfx_do_sys_openat2+0x10/0x10 [ 583.439386][T10927] ? __fget_files+0x21f/0x3d0 [ 583.439416][T10927] __x64_sys_openat+0x12d/0x210 [ 583.439457][T10927] ? __pfx___x64_sys_openat+0x10/0x10 [ 583.439503][T10927] do_syscall_64+0x106/0xf80 [ 583.439538][T10927] ? clear_bhb_loop+0x40/0x90 [ 583.439571][T10927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.439597][T10927] RIP: 0033:0x7f282ef9c799 [ 583.439618][T10927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 583.439643][T10927] RSP: 002b:00007f282fdbb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 583.439667][T10927] RAX: ffffffffffffffda RBX: 00007f282f215fa0 RCX: 00007f282ef9c799 [ 583.439683][T10927] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 583.439699][T10927] RBP: 00007f282f032c99 R08: 0000000000000000 R09: 0000000000000000 [ 583.439715][T10927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 583.439731][T10927] R13: 00007f282f216038 R14: 00007f282f215fa0 R15: 00007ffebdafeb78 [ 583.439762][T10927] [ 584.559942][T10932] netlink: zone id is out of range [ 584.609719][T10932] netlink: zone id is out of range [ 584.655906][T10932] netlink: zone id is out of range [ 584.720233][T10934] netlink: zone id is out of range [ 584.725416][T10934] netlink: zone id is out of range [ 584.760546][T10932] netlink: zone id is out of range [ 584.800344][T10932] netlink: zone id is out of range [ 584.860275][T10934] netlink: zone id is out of range [ 584.900063][T10932] netlink: zone id is out of range [ 584.910286][T10934] netlink: zone id is out of range [ 586.022526][T10911] Process accounting paused [ 589.032051][T10967] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1272'. [ 594.738496][T11031] FAULT_INJECTION: forcing a failure. [ 594.738496][T11031] name failslab, interval 1, probability 0, space 0, times 0 [ 594.956363][T11033] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 595.049033][T11031] CPU: 0 UID: 0 PID: 11031 Comm: syz.0.1279 Tainted: G L syzkaller #0 PREEMPT(full) [ 595.049075][T11031] Tainted: [L]=SOFTLOCKUP [ 595.049083][T11031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 595.049099][T11031] Call Trace: [ 595.049106][T11031] [ 595.049115][T11031] dump_stack_lvl+0x100/0x190 [ 595.049159][T11031] should_fail_ex.cold+0x5/0xa [ 595.049188][T11031] should_failslab+0xc2/0x120 [ 595.049215][T11031] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 595.049254][T11031] ? shmem_alloc_inode+0x25/0x50 [ 595.049291][T11031] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 595.049321][T11031] shmem_alloc_inode+0x25/0x50 [ 595.049348][T11031] alloc_inode+0x68/0x250 [ 595.049382][T11031] new_inode+0x22/0x1c0 [ 595.049418][T11031] shmem_get_inode+0x212/0x1040 [ 595.049462][T11031] ? __pfx_shmem_get_inode+0x10/0x10 [ 595.049494][T11031] ? d_add+0x443/0x850 [ 595.049527][T11031] ? do_raw_spin_unlock+0x145/0x1e0 [ 595.049572][T11031] shmem_mknod+0x20c/0x470 [ 595.049607][T11031] ? __pfx_shmem_mknod+0x10/0x10 [ 595.049639][T11031] ? bpf_lsm_inode_create+0x9/0x10 [ 595.049680][T11031] ? __pfx_shmem_create+0x10/0x10 [ 595.049720][T11031] lookup_open.isra.0+0xc47/0x11b0 [ 595.049765][T11031] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 595.049809][T11031] ? __pfx___might_resched+0x10/0x10 [ 595.049847][T11031] ? mnt_get_write_access+0x52/0x2f0 [ 595.049886][T11031] ? __pfx_down_write+0x10/0x10 [ 595.049926][T11031] ? mnt_get_write_access+0x1e9/0x2f0 [ 595.049965][T11031] path_openat+0x2291/0x31a0 [ 595.050001][T11031] ? __pfx_path_openat+0x10/0x10 [ 595.050038][T11031] do_file_open+0x20e/0x430 [ 595.050066][T11031] ? __pfx_do_file_open+0x10/0x10 [ 595.050113][T11031] ? alloc_fd+0x476/0x790 [ 595.050140][T11031] ? do_getname+0x191/0x390 [ 595.050174][T11031] do_sys_openat2+0x10d/0x1e0 [ 595.050208][T11031] ? __pfx_do_sys_openat2+0x10/0x10 [ 595.050244][T11031] ? __fget_files+0x21f/0x3d0 [ 595.050273][T11031] __x64_sys_openat+0x12d/0x210 [ 595.050308][T11031] ? __pfx___x64_sys_openat+0x10/0x10 [ 595.050353][T11031] do_syscall_64+0x106/0xf80 [ 595.050388][T11031] ? clear_bhb_loop+0x40/0x90 [ 595.050419][T11031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.050452][T11031] RIP: 0033:0x7f57d579c799 [ 595.050473][T11031] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 595.050497][T11031] RSP: 002b:00007f57d66fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 595.050521][T11031] RAX: ffffffffffffffda RBX: 00007f57d5a15fa0 RCX: 00007f57d579c799 [ 595.050538][T11031] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 595.050554][T11031] RBP: 00007f57d5832c99 R08: 0000000000000000 R09: 0000000000000000 [ 595.050569][T11031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.050583][T11031] R13: 00007f57d5a16038 R14: 00007f57d5a15fa0 R15: 00007ffc0610f0d8 [ 595.050615][T11031] [ 596.379679][ T29] audit: type=1807 audit(4294967585.090:15): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 596.426287][ T29] audit: type=1802 audit(4294967585.090:16): pid=11041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.1282" res=0 errno=0 [ 596.499925][T10658] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 597.004106][T11039] ima: policy update failed [ 597.019725][ T29] audit: type=1802 audit(4294967585.800:17): pid=11039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1282" res=0 errno=0 [ 597.753318][T11060] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 597.932087][T11063] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 599.232649][T11068] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 599.330929][T11068] ptp ptp0: guarantee physical clock free running [ 600.911212][T11086] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 603.540698][T11131] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1300'. [ 603.989607][T11136] binder: 11134:11136 ioctl c018620c 200000000040 returned -22 [ 604.516873][T11145] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1303'. [ 613.493571][T11215] ptp ptp0: delete virtual clock ptp3 [ 613.702720][T11215] ptp ptp0: delete virtual clock ptp2 [ 614.032585][T11215] ptp ptp0: guarantee physical clock free running [ 614.181632][T11223] ptp ptp0: delete virtual clock ptp1 [ 614.682648][T11223] ptp ptp0: only physical clock in use now [ 617.233358][T11247] Process accounting resumed [ 620.076465][T11277] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1322'. [ 620.255419][T11270] netlink: 'syz.0.1322': attribute type 1 has an invalid length. [ 620.542145][T11270] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.1322'. [ 621.697003][T11285] FAULT_INJECTION: forcing a failure. [ 621.697003][T11285] name failslab, interval 1, probability 0, space 0, times 0 [ 621.836171][T11285] CPU: 0 UID: 0 PID: 11285 Comm: syz.0.1323 Tainted: G L syzkaller #0 PREEMPT(full) [ 621.836211][T11285] Tainted: [L]=SOFTLOCKUP [ 621.836220][T11285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 621.836235][T11285] Call Trace: [ 621.836243][T11285] [ 621.836252][T11285] dump_stack_lvl+0x100/0x190 [ 621.836296][T11285] should_fail_ex.cold+0x5/0xa [ 621.836325][T11285] should_failslab+0xc2/0x120 [ 621.836351][T11285] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 621.836393][T11285] ? devinet_init_net+0xca/0x8d0 [ 621.836442][T11285] kmemdup_noprof+0x29/0x60 [ 621.836482][T11285] devinet_init_net+0xca/0x8d0 [ 621.836525][T11285] ? __pfx_devinet_init_net+0x10/0x10 [ 621.836566][T11285] ops_init+0x1e2/0x5f0 [ 621.836607][T11285] setup_net+0x118/0x3a0 [ 621.836646][T11285] ? __pfx_setup_net+0x10/0x10 [ 621.836682][T11285] ? lockdep_init_map_type+0x5c/0x250 [ 621.836719][T11285] ? mutex_init_lockep+0x110/0x150 [ 621.836758][T11285] copy_net_ns+0x46f/0x7c0 [ 621.836784][T11285] create_new_namespaces+0x3ea/0xac0 [ 621.836817][T11285] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 621.836846][T11285] ksys_unshare+0x473/0xad0 [ 621.836880][T11285] ? __pfx_ksys_unshare+0x10/0x10 [ 621.836932][T11285] __x64_sys_unshare+0x31/0x40 [ 621.836963][T11285] do_syscall_64+0x106/0xf80 [ 621.837008][T11285] ? clear_bhb_loop+0x40/0x90 [ 621.837039][T11285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.837065][T11285] RIP: 0033:0x7f57d579c799 [ 621.837086][T11285] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 621.837110][T11285] RSP: 002b:00007f57d66fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 621.837134][T11285] RAX: ffffffffffffffda RBX: 00007f57d5a15fa0 RCX: 00007f57d579c799 [ 621.837150][T11285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 621.837165][T11285] RBP: 00007f57d5832c99 R08: 0000000000000000 R09: 0000000000000000 [ 621.837180][T11285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.837195][T11285] R13: 00007f57d5a16038 R14: 00007f57d5a15fa0 R15: 00007ffc0610f0d8 [ 621.837227][T11285] [ 624.474416][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.481141][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.092123][T11364] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1341'. [ 632.527731][T11364] bridge0: port 2(bridge_slave_1) entered disabled state [ 632.601330][T11364] bridge_slave_1 (unregistering): left allmulticast mode [ 632.651572][T11364] bridge_slave_1 (unregistering): left promiscuous mode [ 632.694703][T11364] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.471981][T11396] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1351'. [ 635.757685][T11398] can0: slcan on ttyS2. [ 636.099240][T11394] can0 (unregistered): slcan off ttyS2. [ 636.729817][T11415] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 636.736140][T11415] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 636.898918][T11415] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 636.954154][T11415] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 637.649835][T11434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1358'. [ 637.665593][T11436] FAULT_INJECTION: forcing a failure. [ 637.665593][T11436] name failslab, interval 1, probability 0, space 0, times 0 [ 637.722255][T11434] netlink: 'syz.2.1358': attribute type 1 has an invalid length. [ 637.756888][T11436] CPU: 0 UID: 0 PID: 11436 Comm: syz.0.1359 Tainted: G L syzkaller #0 PREEMPT(full) [ 637.756929][T11436] Tainted: [L]=SOFTLOCKUP [ 637.756938][T11436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 637.756953][T11436] Call Trace: [ 637.756961][T11436] [ 637.756969][T11436] dump_stack_lvl+0x100/0x190 [ 637.757042][T11436] should_fail_ex.cold+0x5/0xa [ 637.757072][T11436] ? __register_sysctl_table+0xbe4/0x1650 [ 637.757115][T11436] should_failslab+0xc2/0x120 [ 637.757143][T11436] __kmalloc_noprof+0xe0/0x850 [ 637.757189][T11436] __register_sysctl_table+0xbe4/0x1650 [ 637.757238][T11436] ? __pfx___register_sysctl_table+0x10/0x10 [ 637.757279][T11436] ? is_module_address+0x69/0xf0 [ 637.757312][T11436] ? register_net_sysctl_sz+0x222/0x430 [ 637.757363][T11436] __devinet_sysctl_register+0x1b9/0x360 [ 637.757409][T11436] ? trace_kmalloc+0x101/0x130 [ 637.757435][T11436] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 637.757482][T11436] ? __asan_memcpy+0x3c/0x60 [ 637.757521][T11436] devinet_init_net+0x303/0x8d0 [ 637.757564][T11436] ? __pfx_devinet_init_net+0x10/0x10 [ 637.757612][T11436] ops_init+0x1e2/0x5f0 [ 637.757653][T11436] setup_net+0x118/0x3a0 [ 637.757692][T11436] ? __pfx_setup_net+0x10/0x10 [ 637.757728][T11436] ? lockdep_init_map_type+0x5c/0x250 [ 637.757764][T11436] ? mutex_init_lockep+0x110/0x150 [ 637.757803][T11436] copy_net_ns+0x46f/0x7c0 [ 637.757829][T11436] create_new_namespaces+0x3ea/0xac0 [ 637.757862][T11436] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 637.757896][T11436] ksys_unshare+0x473/0xad0 [ 637.757930][T11436] ? __pfx_ksys_unshare+0x10/0x10 [ 637.757973][T11436] __x64_sys_unshare+0x31/0x40 [ 637.758003][T11436] do_syscall_64+0x106/0xf80 [ 637.758040][T11436] ? clear_bhb_loop+0x40/0x90 [ 637.758071][T11436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.758097][T11436] RIP: 0033:0x7f57d579c799 [ 637.758117][T11436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 637.758142][T11436] RSP: 002b:00007f57d66fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 637.758166][T11436] RAX: ffffffffffffffda RBX: 00007f57d5a15fa0 RCX: 00007f57d579c799 [ 637.758182][T11436] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 637.758197][T11436] RBP: 00007f57d5832c99 R08: 0000000000000000 R09: 0000000000000000 [ 637.758213][T11436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 637.758227][T11436] R13: 00007f57d5a16038 R14: 00007f57d5a15fa0 R15: 00007ffc0610f0d8 [ 637.758259][T11436] [ 638.287408][T11434] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1358'. [ 638.306675][T11436] sysctl could not get directory: /net/ipv4/conf -12 [ 638.852395][T10658] Bluetooth: hci1: command 0x0406 tx timeout [ 638.858450][T10658] Bluetooth: hci0: command 0x0406 tx timeout [ 639.001076][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 639.082160][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 641.632099][T11472] FAULT_INJECTION: forcing a failure. [ 641.632099][T11472] name failslab, interval 1, probability 0, space 0, times 0 [ 641.759523][T11472] CPU: 0 UID: 0 PID: 11472 Comm: syz.0.1369 Tainted: G L syzkaller #0 PREEMPT(full) [ 641.759563][T11472] Tainted: [L]=SOFTLOCKUP [ 641.759572][T11472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 641.759588][T11472] Call Trace: [ 641.759596][T11472] [ 641.759606][T11472] dump_stack_lvl+0x100/0x190 [ 641.759649][T11472] should_fail_ex.cold+0x5/0xa [ 641.759678][T11472] should_failslab+0xc2/0x120 [ 641.759704][T11472] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 641.759743][T11472] ? key_alloc+0x3c5/0x1310 [ 641.759773][T11472] ? rcu_is_watching+0x12/0xc0 [ 641.759817][T11472] key_alloc+0x3c5/0x1310 [ 641.759857][T11472] ? __pfx_key_alloc+0x10/0x10 [ 641.759895][T11472] keyring_alloc+0x44/0xc0 [ 641.759931][T11472] install_session_keyring_to_cred+0x190/0x230 [ 641.759964][T11472] join_session_keyring+0x1bc/0x350 [ 641.759992][T11472] lookup_user_key+0x32f/0x1300 [ 641.760022][T11472] ? __pfx_lookup_user_key+0x10/0x10 [ 641.760052][T11472] ? __pfx_futex_wait+0x10/0x10 [ 641.760094][T11472] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 641.760126][T11472] ? __pfx_msgctl_down+0x10/0x10 [ 641.760170][T11472] keyctl_get_persistent+0x197/0x8b0 [ 641.760206][T11472] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 641.760245][T11472] ? __x64_sys_futex+0x34f/0x4d0 [ 641.760283][T11472] ? __x64_sys_futex+0x358/0x4d0 [ 641.760318][T11472] ? xfd_validate_state+0x129/0x190 [ 641.760362][T11472] __do_sys_keyctl+0x3b2/0x5a0 [ 641.760389][T11472] do_syscall_64+0x106/0xf80 [ 641.760425][T11472] ? clear_bhb_loop+0x40/0x90 [ 641.760455][T11472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.760482][T11472] RIP: 0033:0x7f57d579c799 [ 641.760502][T11472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 641.760527][T11472] RSP: 002b:00007f57d66fa028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 641.760551][T11472] RAX: ffffffffffffffda RBX: 00007f57d5a15fa0 RCX: 00007f57d579c799 [ 641.760567][T11472] RDX: 7ffffffffffffffd RSI: 0000000000000000 RDI: 0000000000000016 [ 641.760583][T11472] RBP: 00007f57d5832c99 R08: 0004000000000000 R09: 0000000000000000 [ 641.760599][T11472] R10: 00000000000099a5 R11: 0000000000000246 R12: 0000000000000000 [ 641.760614][T11472] R13: 00007f57d5a16038 R14: 00007f57d5a15fa0 R15: 00007ffc0610f0d8 [ 641.760645][T11472] [ 647.060848][T11530] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1374'. [ 647.243550][T11532] Process accounting paused [ 648.169956][T11543] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1387'. [ 648.178863][T11543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1387'. [ 649.243304][ T5839] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 650.706568][T11573] FAULT_INJECTION: forcing a failure. [ 650.706568][T11573] name failslab, interval 1, probability 0, space 0, times 0 [ 651.039267][T11573] CPU: 0 UID: 0 PID: 11573 Comm: syz.2.1385 Tainted: G L syzkaller #0 PREEMPT(full) [ 651.039313][T11573] Tainted: [L]=SOFTLOCKUP [ 651.039321][T11573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 651.039337][T11573] Call Trace: [ 651.039345][T11573] [ 651.039354][T11573] dump_stack_lvl+0x100/0x190 [ 651.039398][T11573] should_fail_ex.cold+0x5/0xa [ 651.039426][T11573] ? security_inode_init_security+0x113/0x370 [ 651.039464][T11573] should_failslab+0xc2/0x120 [ 651.039490][T11573] __kmalloc_noprof+0xe0/0x850 [ 651.039535][T11573] security_inode_init_security+0x113/0x370 [ 651.039574][T11573] ? __pfx_shmem_initxattrs+0x10/0x10 [ 651.039605][T11573] ? __pfx_security_inode_init_security+0x10/0x10 [ 651.039647][T11573] ? make_vfsgid+0xf1/0x140 [ 651.039685][T11573] shmem_mknod+0x2bf/0x470 [ 651.039720][T11573] ? __pfx_shmem_mknod+0x10/0x10 [ 651.039761][T11573] vfs_create+0x301/0x6c0 [ 651.039800][T11573] filename_mknodat+0x2de/0x7f0 [ 651.039831][T11573] ? __pfx_filename_mknodat+0x10/0x10 [ 651.039858][T11573] ? strncpy_from_user+0x19d/0x2d0 [ 651.039890][T11573] ? do_getname+0x191/0x390 [ 651.039925][T11573] __x64_sys_mknod+0x8f/0xc0 [ 651.039952][T11573] do_syscall_64+0x106/0xf80 [ 651.039988][T11573] ? clear_bhb_loop+0x40/0x90 [ 651.040027][T11573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.040053][T11573] RIP: 0033:0x7fac1db9c799 [ 651.040073][T11573] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 651.040097][T11573] RSP: 002b:00007fac1eaf0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 651.040121][T11573] RAX: ffffffffffffffda RBX: 00007fac1de16090 RCX: 00007fac1db9c799 [ 651.040137][T11573] RDX: 0000000000000009 RSI: 0000000000000002 RDI: 0000000000000000 [ 651.040152][T11573] RBP: 00007fac1dc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 651.040167][T11573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 651.040182][T11573] R13: 00007fac1de16128 R14: 00007fac1de16090 R15: 00007ffc19d914b8 [ 651.040215][T11573] [ 651.721143][T11585] overlayfs: missing 'lowerdir' [ 651.881649][T11589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1389'. [ 652.690348][T11593] overlayfs: missing 'lowerdir' [ 653.310298][T11598] overlayfs: missing 'lowerdir' [ 653.560279][T11605] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 653.710030][T11605] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 654.240192][T11619] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input13 [ 657.449826][T11640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1403'. [ 664.215017][T11684] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 668.307544][T11715] zswap: compressor not available [ 669.245735][T11738] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1429'. [ 669.307681][T11738] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.493143][T11738] bridge_slave_1 (unregistering): left allmulticast mode [ 669.541607][T11738] bridge_slave_1 (unregistering): left promiscuous mode [ 669.609850][T11738] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.640177][T11799] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1440'. [ 675.700140][T11811] mkiss: ax0: crc mode is auto. [ 677.182666][T11821] Process accounting resumed [ 677.441640][T11813] Process accounting resumed [ 683.923775][T11865] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x78001 [ 684.043267][T11865] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 684.139259][T11865] page_type: f2(table) [ 684.229529][T11865] raw: 00fff00000000000 0000000000000000 0000000000000000 0000000000000000 [ 684.323831][T11865] raw: ffff888000000000 ffff888089f92a80 00000001f2000000 0000000000000000 [ 684.377356][T11865] page dumped because: unmovable page [ 684.428981][T11865] page_owner tracks the page as allocated [ 684.489617][T11865] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), pid 5198, tgid 5198 (udevd), ts 635742027982, free_ts 635590609514 [ 684.627353][T11865] post_alloc_hook+0x153/0x170 [ 684.654930][T11865] get_page_from_freelist+0x111d/0x3140 [ 684.742237][T11865] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 684.748219][T11865] alloc_pages_mpol+0x1fb/0x550 [ 684.859765][T11865] alloc_pages_noprof+0x131/0x390 [ 684.879581][T11865] __pmd_alloc+0x3b/0x950 [ 684.884039][T11865] copy_page_range+0x4531/0x6570 [ 684.933905][T11865] dup_mmap+0xd25/0x2180 [ 684.938215][T11865] copy_process+0x7523/0x7a40 [ 684.989793][T11865] kernel_clone+0xfc/0x9a0 [ 684.994280][T11865] __do_sys_clone+0xd9/0x120 [ 684.998894][T11865] do_syscall_64+0x106/0xf80 [ 685.078774][T11865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.118577][T11865] page last free pid 5186 tgid 5186 stack trace: [ 685.151167][T11865] __free_frozen_pages+0x7e1/0x10d0 [ 685.156432][T11865] qlist_free_all+0x47/0xe0 [ 685.233703][T11865] kasan_quarantine_reduce+0x1a0/0x1f0 [ 685.274347][T11865] __kasan_slab_alloc+0x69/0x90 [ 685.279258][T11865] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 685.315847][T11865] __alloc_skb+0x140/0x710 [ 685.374696][T11865] alloc_skb_with_frags+0xe0/0x810 [ 685.404798][T11865] sock_alloc_send_pskb+0x801/0x980 [ 685.437932][T11865] unix_dgram_sendmsg+0x3c7/0x1820 [ 685.465501][T11865] __sys_sendto+0x468/0x4b0 [ 685.494320][T11865] __x64_sys_sendto+0xe0/0x1c0 [ 685.515754][T11865] do_syscall_64+0x106/0xf80 [ 685.535953][T11865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.911747][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.918130][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.720915][T11897] FAULT_INJECTION: forcing a failure. [ 686.720915][T11897] name failslab, interval 1, probability 0, space 0, times 0 [ 686.818931][T11897] CPU: 0 UID: 0 PID: 11897 Comm: syz.0.1462 Tainted: G L syzkaller #0 PREEMPT(full) [ 686.818972][T11897] Tainted: [L]=SOFTLOCKUP [ 686.818980][T11897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 686.818996][T11897] Call Trace: [ 686.819004][T11897] [ 686.819013][T11897] dump_stack_lvl+0x100/0x190 [ 686.819056][T11897] should_fail_ex.cold+0x5/0xa [ 686.819086][T11897] should_failslab+0xc2/0x120 [ 686.819113][T11897] __kmalloc_cache_noprof+0x7a/0x6f0 [ 686.819147][T11897] ? single_open+0x4d/0x1d0 [ 686.819183][T11897] ? __pfx_cifsFYI_proc_show+0x10/0x10 [ 686.819219][T11897] single_open+0x4d/0x1d0 [ 686.819252][T11897] ? __pfx_cifsFYI_proc_open+0x10/0x10 [ 686.819285][T11897] proc_reg_open+0x2ab/0x5f0 [ 686.819326][T11897] do_dentry_open+0x6d8/0x1660 [ 686.819351][T11897] ? __pfx_proc_reg_open+0x10/0x10 [ 686.819396][T11897] vfs_open+0x82/0x3f0 [ 686.819431][T11897] path_openat+0x208c/0x31a0 [ 686.819466][T11897] ? __pfx_path_openat+0x10/0x10 [ 686.819503][T11897] do_file_open+0x20e/0x430 [ 686.819531][T11897] ? __pfx_do_file_open+0x10/0x10 [ 686.819577][T11897] ? alloc_fd+0x476/0x790 [ 686.819603][T11897] ? do_getname+0x191/0x390 [ 686.819638][T11897] do_sys_openat2+0x10d/0x1e0 [ 686.819671][T11897] ? __pfx_do_sys_openat2+0x10/0x10 [ 686.819715][T11897] __x64_sys_openat+0x12d/0x210 [ 686.819749][T11897] ? __pfx___x64_sys_openat+0x10/0x10 [ 686.819802][T11897] do_syscall_64+0x106/0xf80 [ 686.819839][T11897] ? clear_bhb_loop+0x40/0x90 [ 686.819870][T11897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.819896][T11897] RIP: 0033:0x7f57d579c799 [ 686.819916][T11897] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 686.819941][T11897] RSP: 002b:00007f57d66fa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 686.819964][T11897] RAX: ffffffffffffffda RBX: 00007f57d5a15fa0 RCX: 00007f57d579c799 [ 686.819981][T11897] RDX: 0000000000040c01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 686.819997][T11897] RBP: 00007f57d5832c99 R08: 0000000000000000 R09: 0000000000000000 [ 686.820012][T11897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.820027][T11897] R13: 00007f57d5a16038 R14: 00007f57d5a15fa0 R15: 00007ffc0610f0d8 [ 686.820058][T11897] [ 688.865893][T11917] sd 0:0:1:0: PR command failed: 1026 [ 688.903109][T11917] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 688.979421][T11917] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 690.689171][T11933] __vm_enough_memory: pid: 11933, comm: syz.1.1474, bytes: 4398046511104 not enough memory for the allocation [ 692.598899][T11956] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1477'. [ 693.725227][T11971] sd 0:0:1:0: PR command failed: 1026 [ 693.786889][T11971] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 693.830376][T11971] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 695.050185][T11985] futex_wake_op: syz.2.1484 tries to shift op by -2048; fix this program [ 695.123270][T11985] futex_wake_op: syz.2.1484 tries to shift op by -2048; fix this program [ 695.209569][T11992] 0x000000000001-0x000000020000 : "" [ 695.314125][T11992] ftl_cs: FTL header corrupt! [ 697.008006][T12013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1490'. [ 701.023562][T12061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1501'. [ 702.253940][T12076] futex_wake_op: syz.0.1505 tries to shift op by -2048; fix this program [ 702.383254][T12076] futex_wake_op: syz.0.1505 tries to shift op by -2048; fix this program [ 704.733055][T12112] Invalid ELF header magic: != ELF [ 707.894764][T12125] Process accounting paused [ 710.375915][T12128] Process accounting paused [ 710.411006][T12164] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 710.683653][T12164] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 713.516787][T12188] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1527'. [ 715.240308][T12198] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1541'. [ 716.823156][T12214] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1543'. [ 724.150606][T12262] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1545'. [ 726.700617][T12287] can0: slcan on ttyS2. [ 726.918757][T12285] can0 (unregistered): slcan off ttyS2. [ 727.479771][T12302] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 733.185854][T12375] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 733.431202][T12376] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 738.483961][T12417] Process accounting resumed [ 740.449852][T12450] sd 0:0:1:0: PR command failed: 1026 [ 740.455311][T12450] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 740.609935][T12450] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 741.516475][T12430] Process accounting resumed [ 744.643930][T12492] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 747.344299][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.350701][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.501358][T12529] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 748.724825][T12533] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 751.294669][T12546] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 754.831841][T12568] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1617'. [ 755.065802][T12572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1617'. [ 755.262389][T12577] Invalid ELF header magic: != ELF [ 763.512066][T12667] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input14 [ 769.319931][T12733] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 769.506774][T12735] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 770.194653][T12724] Process accounting paused [ 772.335686][T12742] Process accounting paused [ 773.278661][T12767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1649'. [ 773.774780][T12770] hub 1-0:1.0: USB hub found [ 773.883914][T12770] hub 1-0:1.0: 1 port detected [ 777.113111][T12803] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 777.295093][T12804] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 782.043200][T12828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1664'. [ 782.144952][T12828] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1664'. [ 785.481217][T12856] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1671'. [ 785.571897][T12856] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 785.639840][T12856] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 785.694603][T12856] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 785.795896][T12856] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 788.702772][T12892] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 790.045575][T12901] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1679'. [ 800.423666][ T29] audit: type=1800 audit(4294967789.210:18): pid=12993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1705" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 800.721005][T12999] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 800.980597][T12999] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 801.685351][T12980] FAULT_INJECTION: forcing a failure. [ 801.685351][T12980] name failslab, interval 1, probability 0, space 0, times 0 [ 801.799458][T12980] CPU: 0 UID: 0 PID: 12980 Comm: syz.1.1702 Tainted: G L syzkaller #0 PREEMPT(full) [ 801.799499][T12980] Tainted: [L]=SOFTLOCKUP [ 801.799508][T12980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 801.799523][T12980] Call Trace: [ 801.799532][T12980] [ 801.799542][T12980] dump_stack_lvl+0x100/0x190 [ 801.799587][T12980] should_fail_ex.cold+0x5/0xa [ 801.799617][T12980] should_failslab+0xc2/0x120 [ 801.799645][T12980] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 801.799685][T12980] ? security_inode_alloc+0x3b/0x2c0 [ 801.799712][T12980] ? lockdep_init_map_type+0x5c/0x250 [ 801.799751][T12980] security_inode_alloc+0x3b/0x2c0 [ 801.799778][T12980] inode_init_always_gfp+0xced/0x1040 [ 801.799808][T12980] alloc_inode+0x8e/0x250 [ 801.799841][T12980] new_inode+0x22/0x1c0 [ 801.799877][T12980] hugetlbfs_get_inode+0x313/0x750 [ 801.799909][T12980] hugetlb_file_setup+0x3cc/0x5b0 [ 801.799940][T12980] newseg+0xabb/0xed0 [ 801.799977][T12980] ? __pfx_newseg+0x10/0x10 [ 801.800008][T12980] ? down_write+0x146/0x1f0 [ 801.800051][T12980] ? ksys_write+0x190/0x250 [ 801.800073][T12980] ? ksys_write+0x190/0x250 [ 801.800099][T12980] ipcget+0xee/0xf50 [ 801.800130][T12980] ? do_futex+0x192/0x350 [ 801.800165][T12980] ? __pfx_do_futex+0x10/0x10 [ 801.800202][T12980] ? __pfx_ipcget+0x10/0x10 [ 801.800243][T12980] ? __x64_sys_futex+0x34f/0x4d0 [ 801.800275][T12980] ? __x64_sys_futex+0x358/0x4d0 [ 801.800313][T12980] __x64_sys_shmget+0x13b/0x1b0 [ 801.800346][T12980] ? __pfx___x64_sys_shmget+0x10/0x10 [ 801.800396][T12980] do_syscall_64+0x106/0xf80 [ 801.800432][T12980] ? clear_bhb_loop+0x40/0x90 [ 801.800463][T12980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.800493][T12980] RIP: 0033:0x7f282ef9c799 [ 801.800514][T12980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 801.800538][T12980] RSP: 002b:00007f282fdbb028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 801.800562][T12980] RAX: ffffffffffffffda RBX: 00007f282f215fa0 RCX: 00007f282ef9c799 [ 801.800579][T12980] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 801.800594][T12980] RBP: 00007f282f032c99 R08: 0000000000000000 R09: 0000000000000000 [ 801.800610][T12980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.800625][T12980] R13: 00007f282f216038 R14: 00007f282f215fa0 R15: 00007ffebdafeb78 [ 801.800656][T12980] [ 802.914440][T12977] Process accounting resumed [ 803.382897][T13009] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 803.593136][T13011] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 805.779928][ T29] audit: type=1800 audit(4294967794.560:19): pid=13021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1712" name="dbroot" dev="configfs" ino=353472 res=0 errno=0 [ 806.064494][T13021] zswap: compressor not available [ 807.100985][T13042] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 807.337084][T13043] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 807.454107][T12979] Process accounting resumed [ 808.789906][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.799545][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.960571][T13078] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 810.194527][T13079] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 810.553839][ T29] audit: type=1800 audit(4294967799.340:20): pid=13081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1727" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 812.819831][T13103] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 813.041862][T13105] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 816.440571][T13129] ecryptfs_miscdev_response: (sizeof(*msg) + msg->data_len) = [1067213646]; data_size = [146]. Invalid packet. [ 816.560170][T13129] ecryptfs_miscdev_write: Failed to deliver miscdev response to requesting operation; rc = [-22] [ 816.609886][T13134] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 816.870043][T13137] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 817.464505][T13145] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 817.771735][T13147] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 819.181669][T13164] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 819.463915][T13165] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 822.792296][T13195] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 823.034625][T13196] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 825.092392][T13210] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1754'. [ 825.979773][T13210] veth1_macvtap: left promiscuous mode [ 827.423873][ T29] audit: type=1800 audit(4294967816.210:21): pid=13218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1755" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 827.450461][T13221] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 827.723348][T13224] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 829.482577][T13239] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 829.704439][T13240] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 830.939864][T13254] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 831.141119][T13255] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 832.099757][T13276] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 832.340619][T13277] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 833.328641][T13274] Process accounting paused [ 833.814819][T13287] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 833.991284][T13289] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 834.610473][T13294] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 834.863995][T13295] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 838.165876][T13315] Process accounting paused [ 844.717435][T13386] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 844.982324][T13388] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 851.701626][T13442] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1803'. [ 851.790008][T13442] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1803'. [ 858.215082][T13512] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 858.473790][T13516] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 864.827754][T13541] Process accounting resumed [ 867.100082][T13586] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 867.290639][T13589] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 869.148331][T13586] Process accounting resumed [ 870.054827][T13609] random: crng reseeded on system resumption [ 870.221936][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.228345][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.789569][T13668] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 876.111005][T13668] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 880.995180][T13705] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 881.223175][T13709] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 883.971091][T13739] FAULT_INJECTION: forcing a failure. [ 883.971091][T13739] name failslab, interval 1, probability 0, space 0, times 0 [ 884.291765][T13739] CPU: 0 UID: 0 PID: 13739 Comm: syz.2.1865 Tainted: G L syzkaller #0 PREEMPT(full) [ 884.291823][T13739] Tainted: [L]=SOFTLOCKUP [ 884.291832][T13739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 884.291849][T13739] Call Trace: [ 884.291857][T13739] [ 884.291867][T13739] dump_stack_lvl+0x100/0x190 [ 884.291914][T13739] should_fail_ex.cold+0x5/0xa [ 884.291944][T13739] ? udp_init_sock+0x24e/0x450 [ 884.292039][T13739] should_failslab+0xc2/0x120 [ 884.292067][T13739] __kmalloc_noprof+0xe0/0x850 [ 884.292106][T13739] ? lockdep_init_map_type+0x5c/0x250 [ 884.292146][T13739] udp_init_sock+0x24e/0x450 [ 884.292174][T13739] ? __pfx_udp_init_sock+0x10/0x10 [ 884.292207][T13739] inet_create+0x94c/0x1060 [ 884.292235][T13739] ? inet_create+0x94/0x1060 [ 884.292266][T13739] __sock_create+0x339/0x860 [ 884.292300][T13739] udp_sock_create4+0xa6/0x450 [ 884.292373][T13739] ? __pfx_udp_sock_create4+0x10/0x10 [ 884.292414][T13739] ? lockdep_hardirqs_on+0x78/0x100 [ 884.292452][T13739] ? crng_make_state+0x2b0/0x6c0 [ 884.292482][T13739] rxrpc_open_socket+0x4ef/0x6b0 [ 884.292552][T13739] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 884.292592][T13739] ? rcu_is_watching+0x12/0xc0 [ 884.292636][T13739] rxrpc_lookup_local+0xac7/0x1220 [ 884.292668][T13739] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 884.292698][T13739] ? __local_bh_enable_ip+0x9e/0x120 [ 884.292729][T13739] rxrpc_sendmsg+0x34a/0x680 [ 884.292788][T13739] sock_write_iter+0x524/0x5a0 [ 884.292821][T13739] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 884.292853][T13739] ? __pfx_sock_write_iter+0x10/0x10 [ 884.292890][T13739] ? bpf_lsm_file_permission+0x9/0x10 [ 884.292931][T13739] ? security_file_permission+0x76/0x210 [ 884.292965][T13739] ? rw_verify_area+0xce/0x6d0 [ 884.293005][T13739] vfs_write+0x6ac/0x1070 [ 884.293028][T13739] ? __pfx_sock_write_iter+0x10/0x10 [ 884.293057][T13739] ? __pfx_vfs_write+0x10/0x10 [ 884.293078][T13739] ? find_held_lock+0x2b/0x80 [ 884.293120][T13739] ksys_write+0x1f8/0x250 [ 884.293143][T13739] ? __pfx_ksys_write+0x10/0x10 [ 884.293174][T13739] do_syscall_64+0x106/0xf80 [ 884.293209][T13739] ? clear_bhb_loop+0x40/0x90 [ 884.293240][T13739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.293266][T13739] RIP: 0033:0x7fac1db9c799 [ 884.293287][T13739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 884.293312][T13739] RSP: 002b:00007fac1eaf0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 884.293335][T13739] RAX: ffffffffffffffda RBX: 00007fac1de16090 RCX: 00007fac1db9c799 [ 884.293352][T13739] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 884.293367][T13739] RBP: 00007fac1dc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 884.293383][T13739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 884.293397][T13739] R13: 00007fac1de16128 R14: 00007fac1de16090 R15: 00007ffc19d914b8 [ 884.293429][T13739] [ 885.643177][T13754] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 886.028259][T13756] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 888.880743][T13780] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 889.143352][T13782] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 890.781895][T13795] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1877'. [ 890.872370][T13798] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1877'. [ 892.086873][T13813] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 892.429988][T13816] netlink: 122 bytes leftover after parsing attributes in process `syz.3.1882'. [ 892.522610][T13815] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 894.544676][T13836] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 894.798438][T13837] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 895.360012][T13813] Process accounting paused [ 896.714679][T13850] FAULT_INJECTION: forcing a failure. [ 896.714679][T13850] name failslab, interval 1, probability 0, space 0, times 0 [ 897.042930][T13850] CPU: 0 UID: 0 PID: 13850 Comm: syz.1.1887 Tainted: G L syzkaller #0 PREEMPT(full) [ 897.042972][T13850] Tainted: [L]=SOFTLOCKUP [ 897.042981][T13850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 897.042997][T13850] Call Trace: [ 897.043006][T13850] [ 897.043016][T13850] dump_stack_lvl+0x100/0x190 [ 897.043093][T13850] should_fail_ex.cold+0x5/0xa [ 897.043122][T13850] should_failslab+0xc2/0x120 [ 897.043149][T13850] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 897.043188][T13850] ? __proc_create+0x2cb/0x8c0 [ 897.043237][T13850] __proc_create+0x2cb/0x8c0 [ 897.043278][T13850] ? __pfx___proc_create+0x10/0x10 [ 897.043323][T13850] ? _raw_write_unlock+0x28/0x50 [ 897.043357][T13850] ? proc_register+0x559/0x8a0 [ 897.043383][T13850] proc_create_reg+0x75/0x170 [ 897.043410][T13850] proc_create_seq_private+0x8e/0x180 [ 897.043437][T13850] ? __pfx_proc_create_seq_private+0x10/0x10 [ 897.043464][T13850] ? __pfx_proc_create_net_data+0x10/0x10 [ 897.043488][T13850] ? __pfx_uevent_net_rcv+0x10/0x10 [ 897.043519][T13850] ? __pfx_dev_proc_net_init+0x10/0x10 [ 897.043553][T13850] dev_proc_net_init+0xac/0x230 [ 897.043586][T13850] ops_init+0x1e2/0x5f0 [ 897.043636][T13850] setup_net+0x118/0x3a0 [ 897.043675][T13850] ? __pfx_setup_net+0x10/0x10 [ 897.043711][T13850] ? lockdep_init_map_type+0x5c/0x250 [ 897.043747][T13850] ? mutex_init_lockep+0x110/0x150 [ 897.043785][T13850] copy_net_ns+0x46f/0x7c0 [ 897.043811][T13850] create_new_namespaces+0x3ea/0xac0 [ 897.043844][T13850] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 897.043874][T13850] ksys_unshare+0x473/0xad0 [ 897.043907][T13850] ? __pfx_ksys_unshare+0x10/0x10 [ 897.043953][T13850] __x64_sys_unshare+0x31/0x40 [ 897.043984][T13850] do_syscall_64+0x106/0xf80 [ 897.044019][T13850] ? clear_bhb_loop+0x40/0x90 [ 897.044050][T13850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.044076][T13850] RIP: 0033:0x7f282ef9c799 [ 897.044097][T13850] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 897.044121][T13850] RSP: 002b:00007f282fdbb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 897.044145][T13850] RAX: ffffffffffffffda RBX: 00007f282f215fa0 RCX: 00007f282ef9c799 [ 897.044161][T13850] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 897.044177][T13850] RBP: 00007f282f032c99 R08: 0000000000000000 R09: 0000000000000000 [ 897.044192][T13850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 897.044206][T13850] R13: 00007f282f216038 R14: 00007f282f215fa0 R15: 00007ffebdafeb78 [ 897.044238][T13850] [ 899.493292][T13862] Process accounting paused [ 900.122923][T13878] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 900.362190][T13879] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 900.979879][T13883] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 901.260482][T13885] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 901.670398][T13891] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 901.961418][T13892] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 902.216659][T13903] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 902.483025][T13906] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 904.057931][T13916] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 904.314139][T13920] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 908.149526][T13941] FAULT_INJECTION: forcing a failure. [ 908.149526][T13941] name failslab, interval 1, probability 0, space 0, times 0 [ 908.262402][T13941] CPU: 0 UID: 0 PID: 13941 Comm: syz.0.1908 Tainted: G L syzkaller #0 PREEMPT(full) [ 908.262445][T13941] Tainted: [L]=SOFTLOCKUP [ 908.262453][T13941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 908.262469][T13941] Call Trace: [ 908.262477][T13941] [ 908.262485][T13941] dump_stack_lvl+0x100/0x190 [ 908.262528][T13941] should_fail_ex.cold+0x5/0xa [ 908.262557][T13941] should_failslab+0xc2/0x120 [ 908.262584][T13941] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 908.262623][T13941] ? __mpol_dup+0x74/0x370 [ 908.262659][T13941] __mpol_dup+0x74/0x370 [ 908.262698][T13941] ? __pfx___mpol_dup+0x10/0x10 [ 908.262727][T13941] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 908.262765][T13941] ? sp_alloc+0x27/0x160 [ 908.262800][T13941] sp_alloc+0x4d/0x160 [ 908.262833][T13941] mpol_set_shared_policy+0xa5/0x8a0 [ 908.262871][T13941] ? __pfx_shmem_set_policy+0x10/0x10 [ 908.262899][T13941] mbind_range+0x339/0x550 [ 908.262933][T13941] do_mbind+0x7de/0xfd0 [ 908.262969][T13941] ? __might_fault+0xc5/0x140 [ 908.263005][T13941] ? __pfx_do_mbind+0x10/0x10 [ 908.263042][T13941] ? _copy_from_user+0x59/0xd0 [ 908.263079][T13941] ? __pfx_get_nodes+0x10/0x10 [ 908.263126][T13941] kernel_mbind+0x1b7/0x200 [ 908.263162][T13941] ? __pfx_kernel_mbind+0x10/0x10 [ 908.263203][T13941] do_syscall_64+0x106/0xf80 [ 908.263238][T13941] ? clear_bhb_loop+0x40/0x90 [ 908.263269][T13941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.263294][T13941] RIP: 0033:0x7f57d579c799 [ 908.263314][T13941] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 908.263338][T13941] RSP: 002b:00007f57d66fa028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 908.263363][T13941] RAX: ffffffffffffffda RBX: 00007f57d5a15fa0 RCX: 00007f57d579c799 [ 908.263380][T13941] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 908.263395][T13941] RBP: 00007f57d5832c99 R08: 0000000000000003 R09: 0000000000000003 [ 908.263410][T13941] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 908.263426][T13941] R13: 00007f57d5a16038 R14: 00007f57d5a15fa0 R15: 00007ffc0610f0d8 [ 908.263457][T13941] [ 909.093394][T13962] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 909.239973][T13964] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 913.153289][T13993] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 913.632237][T13998] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 921.544082][T14074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1935'. [ 921.544906][T14074] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1935'. [ 922.028337][T14081] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 922.098812][T14081] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 926.465871][T14097] Process accounting resumed [ 927.327395][T14123] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 927.559798][T14125] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 927.842473][T14134] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 928.070850][T14135] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 930.935110][T14153] Process accounting resumed [ 931.519691][T14167] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 931.665820][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.672874][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.087031][T14173] netlink: 122 bytes leftover after parsing attributes in process `syz.2.1956'. [ 933.708431][T14187] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 933.919919][T14189] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 935.506374][T14201] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 935.532372][T14201] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 937.674723][T14212] random: crng reseeded on system resumption [ 940.581058][T14245] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 942.312829][T14263] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 942.370868][T14265] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 942.610544][T14269] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 942.800175][T14270] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 943.720174][T14275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 943.994938][T14275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 946.361745][T14284] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 946.822460][T14289] netlink: 122 bytes leftover after parsing attributes in process `syz.1.1982'. [ 947.429321][ T5839] Bluetooth: hci0: unexpected event 0x10 length: 440 > 1 [ 947.433341][ T5839] Bluetooth: hci0: hardware error 0x00 [ 949.510001][ T5839] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 949.625012][T14323] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 954.551802][T14342] FAULT_INJECTION: forcing a failure. [ 954.551802][T14342] name failslab, interval 1, probability 0, space 0, times 0 [ 954.551861][T14342] CPU: 0 UID: 0 PID: 14342 Comm: syz.1.1996 Tainted: G L syzkaller #0 PREEMPT(full) [ 954.551897][T14342] Tainted: [L]=SOFTLOCKUP [ 954.551905][T14342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 954.551920][T14342] Call Trace: [ 954.551928][T14342] [ 954.551937][T14342] dump_stack_lvl+0x100/0x190 [ 954.551979][T14342] should_fail_ex.cold+0x5/0xa [ 954.552008][T14342] should_failslab+0xc2/0x120 [ 954.552035][T14342] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 954.552077][T14342] ? kstrdup_const+0x63/0x80 [ 954.552099][T14342] ? find_held_lock+0x2b/0x80 [ 954.552127][T14342] kstrdup+0x51/0xe0 [ 954.552168][T14342] kstrdup_const+0x63/0x80 [ 954.552189][T14342] __kernfs_new_node+0x9b/0x960 [ 954.552230][T14342] ? __pfx___kernfs_new_node+0x10/0x10 [ 954.552273][T14342] ? find_held_lock+0x2b/0x80 [ 954.552295][T14342] ? kernfs_root+0xee/0x2a0 [ 954.552329][T14342] ? kernfs_root+0xee/0x2a0 [ 954.552371][T14342] kernfs_new_node+0x11b/0x1a0 [ 954.552416][T14342] kernfs_create_link+0xcc/0x240 [ 954.552447][T14342] sysfs_do_create_link_sd+0x90/0x140 [ 954.552485][T14342] sysfs_create_link+0x61/0xc0 [ 954.552521][T14342] device_add+0xb5d/0x1950 [ 954.552564][T14342] ? __pfx_device_add+0x10/0x10 [ 954.552592][T14342] ? kfree_const+0x5a/0x70 [ 954.552630][T14342] ? kfree+0x2ec/0x6b0 [ 954.552671][T14342] device_create_groups_vargs+0x1f8/0x270 [ 954.552707][T14342] device_create+0xed/0x130 [ 954.552739][T14342] ? __pfx_device_create+0x10/0x10 [ 954.552771][T14342] ? is_console_locked+0x9/0x20 [ 954.552800][T14342] ? con_is_visible+0x65/0x150 [ 954.552869][T14342] ? csi_J+0x57e/0xad0 [ 954.552907][T14342] vcs_make_sysfs+0x55/0x80 [ 954.552964][T14342] vc_allocate+0x539/0x880 [ 954.553000][T14342] ? __pfx_vc_allocate+0x10/0x10 [ 954.553044][T14342] con_install+0xa1/0x620 [ 954.553081][T14342] ? __pfx_con_install+0x10/0x10 [ 954.553123][T14342] ? __pfx_con_install+0x10/0x10 [ 954.553160][T14342] tty_init_dev.part.0+0x9e/0x470 [ 954.553228][T14342] tty_open+0xa63/0xfa0 [ 954.553271][T14342] ? __pfx_tty_open+0x10/0x10 [ 954.553317][T14342] ? chrdev_open+0x589/0x6a0 [ 954.553342][T14342] ? chrdev_open+0x589/0x6a0 [ 954.553372][T14342] ? __pfx_tty_open+0x10/0x10 [ 954.553411][T14342] chrdev_open+0x234/0x6a0 [ 954.553438][T14342] ? __pfx_chrdev_open+0x10/0x10 [ 954.553465][T14342] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 954.553499][T14342] do_dentry_open+0x6d8/0x1660 [ 954.553523][T14342] ? __pfx_chrdev_open+0x10/0x10 [ 954.553564][T14342] vfs_open+0x82/0x3f0 [ 954.553606][T14342] path_openat+0x208c/0x31a0 [ 954.553642][T14342] ? __pfx_path_openat+0x10/0x10 [ 954.553679][T14342] do_file_open+0x20e/0x430 [ 954.553707][T14342] ? __pfx_do_file_open+0x10/0x10 [ 954.553760][T14342] ? alloc_fd+0x476/0x790 [ 954.553788][T14342] ? do_getname+0x191/0x390 [ 954.553823][T14342] do_sys_openat2+0x10d/0x1e0 [ 954.553856][T14342] ? __pfx_do_sys_openat2+0x10/0x10 [ 954.553891][T14342] ? fd_install+0x24f/0x580 [ 954.553920][T14342] __x64_sys_openat+0x12d/0x210 [ 954.553955][T14342] ? __pfx___x64_sys_openat+0x10/0x10 [ 954.554001][T14342] do_syscall_64+0x106/0xf80 [ 954.554036][T14342] ? clear_bhb_loop+0x40/0x90 [ 954.554068][T14342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 954.554095][T14342] RIP: 0033:0x7f282ef9c799 [ 954.554116][T14342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 954.554141][T14342] RSP: 002b:00007f282fdbb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 954.554166][T14342] RAX: ffffffffffffffda RBX: 00007f282f215fa0 RCX: 00007f282ef9c799 [ 954.554182][T14342] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 954.554199][T14342] RBP: 00007f282f032c99 R08: 0000000000000000 R09: 0000000000000000 [ 954.554214][T14342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 954.554229][T14342] R13: 00007f282f216038 R14: 00007f282f215fa0 R15: 00007ffebdafeb78 [ 954.554262][T14342] [ 959.024360][T14342] Process accounting paused [ 962.272724][T14339] Process accounting paused [ 962.757938][T14399] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 963.660499][T14410] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 963.740784][T14410] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 973.713953][T14476] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 973.986877][T14477] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 975.505402][T14485] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2026'. [ 975.692413][T14487] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2026'. [ 976.459968][T14492] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2037'. [ 976.522725][T14492] veth0_macvtap: left promiscuous mode [ 976.662643][T14492] macvtap0: entered promiscuous mode [ 976.668026][T14492] macvtap0: entered allmulticast mode [ 976.855455][ T5839] Bluetooth: hci1: unexpected event 0x0e length: 440 > 260 [ 976.856525][ T5839] Bluetooth: hci1: unexpected event for opcode 0x0f00 [ 980.861827][ T5839] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 980.871689][ T5839] Bluetooth: hci1: Injecting HCI hardware error event [ 980.881253][T14302] Bluetooth: hci1: hardware error 0x00 [ 982.949621][T14302] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 984.477982][T14551] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 984.549636][T14551] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 989.854407][T14567] Process accounting resumed [ 990.360310][T14608] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 990.692813][T14610] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 993.104967][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.111441][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.802095][T14629] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 994.170293][T14630] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 994.606312][T14597] Process accounting resumed [ 996.399875][T14652] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 996.680787][T14654] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1011.269499][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1011.280539][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1011.288733][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1011.297198][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1011.315625][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1012.864855][T14736] chnl_net:caif_netlink_parms(): no params data found [ 1013.423346][ T5839] Bluetooth: hci4: command tx timeout [ 1013.590171][T14736] bridge0: port 1(bridge_slave_0) entered blocking state [ 1013.662515][T14736] bridge0: port 1(bridge_slave_0) entered disabled state [ 1013.739860][T14736] bridge_slave_0: entered allmulticast mode [ 1013.823268][T14736] bridge_slave_0: entered promiscuous mode [ 1013.900999][T14736] bridge0: port 2(bridge_slave_1) entered blocking state [ 1013.908257][T14736] bridge0: port 2(bridge_slave_1) entered disabled state [ 1014.059872][T14736] bridge_slave_1: entered allmulticast mode [ 1014.129675][T14736] bridge_slave_1: entered promiscuous mode [ 1014.355170][T14736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1014.358413][T14736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1014.958901][T14765] net_ratelimit: 8 callbacks suppressed [ 1014.958926][T14765] netlink: zone id is out of range [ 1014.958951][T14765] netlink: zone id is out of range [ 1014.958982][T14765] netlink: zone id is out of range [ 1014.959445][T14765] netlink: zone id is out of range [ 1014.959770][T14765] netlink: zone id is out of range [ 1014.960853][T14765] netlink: zone id is out of range [ 1014.961107][T14765] netlink: zone id is out of range [ 1014.962370][T14765] netlink: zone id is out of range [ 1014.962390][T14765] netlink: zone id is out of range [ 1014.965989][T14765] netlink: zone id is out of range [ 1015.275440][T14736] team0: Port device team_slave_0 added [ 1015.277636][T14736] team0: Port device team_slave_1 added [ 1015.509361][ T5839] Bluetooth: hci4: command tx timeout [ 1015.532766][T14736] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1015.532785][T14736] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1015.532817][T14736] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1015.549398][T14736] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1015.549421][T14736] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1015.549454][T14736] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1015.882868][T14736] hsr_slave_0: entered promiscuous mode [ 1015.900945][T14736] hsr_slave_1: entered promiscuous mode [ 1015.901642][T14736] debugfs: 'hsr0' already exists in 'hsr' [ 1015.901663][T14736] Cannot create hsr debugfs directory [ 1017.583318][ T5839] Bluetooth: hci4: command tx timeout [ 1017.643381][T14736] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1017.866846][T14736] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1018.179666][T14736] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1018.332786][T14736] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1019.336208][T14736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1019.663482][ T5839] Bluetooth: hci4: command tx timeout [ 1020.864090][T14736] 8021q: adding VLAN 0 to HW filter on device team0 [ 1021.033143][ T9757] bridge0: port 1(bridge_slave_0) entered blocking state [ 1021.040366][ T9757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1021.177430][ T9757] bridge0: port 2(bridge_slave_1) entered blocking state [ 1021.184850][ T9757] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1021.260647][T14783] Process accounting paused [ 1023.954505][T14798] futex_wake_op: syz.2.2078 tries to shift op by -2048; fix this program [ 1024.282238][T10798] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1024.715353][T14736] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1024.844030][T14736] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1025.470676][T10798] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1026.362423][T10798] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1026.611177][T10798] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1027.844163][T14833] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1028.048436][T14834] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1028.238261][T14736] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1028.288974][T14647] Process accounting paused [ 1030.425613][T10798] netdevsim netdevsim1335 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1032.619538][T14736] veth0_vlan: entered promiscuous mode [ 1032.665961][T14736] veth1_vlan: entered promiscuous mode [ 1033.161136][T14842] FAULT_INJECTION: forcing a failure. [ 1033.161136][T14842] name failslab, interval 1, probability 0, space 0, times 0 [ 1033.492144][T10798] bridge_slave_0: left allmulticast mode [ 1033.498562][T10798] bridge_slave_0: left promiscuous mode [ 1033.520541][T14842] CPU: 0 UID: 0 PID: 14842 Comm: syz.1.2083 Tainted: G L syzkaller #0 PREEMPT(full) [ 1033.520582][T14842] Tainted: [L]=SOFTLOCKUP [ 1033.520591][T14842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1033.520607][T14842] Call Trace: [ 1033.520616][T14842] [ 1033.520626][T14842] dump_stack_lvl+0x100/0x190 [ 1033.520673][T14842] should_fail_ex.cold+0x5/0xa [ 1033.520703][T14842] should_failslab+0xc2/0x120 [ 1033.520731][T14842] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1033.520771][T14842] ? security_inode_alloc+0x3b/0x2c0 [ 1033.520807][T14842] ? lockdep_init_map_type+0x5c/0x250 [ 1033.520846][T14842] security_inode_alloc+0x3b/0x2c0 [ 1033.520873][T14842] inode_init_always_gfp+0xced/0x1040 [ 1033.520903][T14842] alloc_inode+0x8e/0x250 [ 1033.520937][T14842] new_inode+0x22/0x1c0 [ 1033.520972][T14842] hugetlbfs_get_inode+0x313/0x750 [ 1033.521004][T14842] hugetlb_file_setup+0x3cc/0x5b0 [ 1033.521035][T14842] newseg+0xabb/0xed0 [ 1033.521073][T14842] ? __pfx_newseg+0x10/0x10 [ 1033.521104][T14842] ? down_write+0x146/0x1f0 [ 1033.521147][T14842] ? ksys_write+0x190/0x250 [ 1033.521169][T14842] ? ksys_write+0x190/0x250 [ 1033.521195][T14842] ipcget+0xee/0xf50 [ 1033.521227][T14842] ? do_futex+0x192/0x350 [ 1033.521261][T14842] ? __pfx_do_futex+0x10/0x10 [ 1033.521301][T14842] ? __pfx_ipcget+0x10/0x10 [ 1033.521334][T14842] ? __x64_sys_futex+0x34f/0x4d0 [ 1033.521365][T14842] ? __x64_sys_futex+0x358/0x4d0 [ 1033.521403][T14842] __x64_sys_shmget+0x13b/0x1b0 [ 1033.521436][T14842] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1033.521478][T14842] do_syscall_64+0x106/0xf80 [ 1033.521513][T14842] ? clear_bhb_loop+0x40/0x90 [ 1033.521545][T14842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1033.521571][T14842] RIP: 0033:0x7f282ef9c799 [ 1033.521592][T14842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1033.521616][T14842] RSP: 002b:00007f282fdbb028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1033.521640][T14842] RAX: ffffffffffffffda RBX: 00007f282f215fa0 RCX: 00007f282ef9c799 [ 1033.521657][T14842] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1033.521673][T14842] RBP: 00007f282f032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1033.521688][T14842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1033.521703][T14842] R13: 00007f282f216038 R14: 00007f282f215fa0 R15: 00007ffebdafeb78 [ 1033.521735][T14842] [ 1034.060679][T10798] bridge0: port 1(bridge_slave_0) entered disabled state [ 1036.110212][T10798] bond0 (unregistering): (slave ›): Releasing backup interface [ 1036.304193][T10798] bond0 (unregistering): Released all slaves [ 1036.596147][T14736] veth0_macvtap: entered promiscuous mode [ 1036.722748][T10798] i: left promiscuous mode [ 1036.992818][T14736] veth1_macvtap: entered promiscuous mode [ 1037.101986][T10798] HfR: left promiscuous mode [ 1037.201483][T14736] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1037.272894][T14736] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1037.411398][ T2922] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1037.451302][ T2922] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1037.674174][ T2922] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1037.779356][ T2922] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1037.882845][T14887] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2087'. [ 1038.951540][T14887] veth0_macvtap: left promiscuous mode [ 1039.309231][T14887] macvtap0: entered promiscuous mode [ 1039.409354][T14887] macvtap0: entered allmulticast mode [ 1040.619072][ T9756] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1040.654717][ T9756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1041.234761][ T2995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1041.295256][ T2995] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1042.683860][T10798] hsr_slave_1: left promiscuous mode [ 1042.736856][T10798] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1042.804255][T10798] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1042.964944][T10798] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1043.034156][T10798] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1043.181246][T10798] veth1_macvtap: left promiscuous mode [ 1043.188399][T10798] veth0_macvtap: left promiscuous mode [ 1043.271689][T10798] veth1_vlan: left promiscuous mode [ 1043.277116][T10798] veth0_vlan: left promiscuous mode [ 1045.163761][T10798] team0 (unregistering): Port device team_slave_1 removed [ 1045.300501][T10798] team0 (unregistering): Port device team_slave_0 removed [ 1046.784845][T14943] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1047.032102][T14946] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1048.540222][T14961] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1048.719867][T14964] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1051.327206][T14998] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1051.560274][T15002] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1051.874329][T14843] Process accounting resumed [ 1053.022829][T15016] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1053.141678][T15019] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1053.390237][T15023] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1053.441883][T15025] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1053.627850][T15027] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1053.695251][T15029] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1053.909553][T15030] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1054.228084][T15028] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1054.547354][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.560838][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.955011][T15053] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1056.326294][T15057] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1058.696073][T15067] Process accounting resumed [ 1059.145690][T15079] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1059.223834][T15079] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1059.671876][T15087] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1059.862374][T15088] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1060.353627][T15094] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1060.430365][T15094] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1072.611312][T15249] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1079.851172][T15345] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1080.132682][T15348] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1082.030691][T15334] Process accounting paused [ 1082.734141][T15370] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1082.760992][T15371] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1082.769827][T15370] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1088.892327][T15426] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1089.370670][T15427] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1089.762091][T15433] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1089.961251][T15436] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1090.589876][T15442] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1091.388303][T15424] Process accounting paused [ 1092.993746][T15458] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1093.049609][T15458] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1098.341401][T15486] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1098.537565][T15493] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1098.872375][T15497] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1107.725711][T15548] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1108.009753][T15549] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1108.570539][T15552] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1108.840207][T15552] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1116.033897][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.049252][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.807667][T15583] FAULT_INJECTION: forcing a failure. [ 1117.807667][T15583] name failslab, interval 1, probability 0, space 0, times 0 [ 1117.900077][T15583] CPU: 0 UID: 0 PID: 15583 Comm: syz.4.2188 Tainted: G L syzkaller #0 PREEMPT(full) [ 1117.900118][T15583] Tainted: [L]=SOFTLOCKUP [ 1117.900126][T15583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1117.900142][T15583] Call Trace: [ 1117.900150][T15583] [ 1117.900159][T15583] dump_stack_lvl+0x100/0x190 [ 1117.900216][T15583] should_fail_ex.cold+0x5/0xa [ 1117.900246][T15583] should_failslab+0xc2/0x120 [ 1117.900275][T15583] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1117.900315][T15583] ? mempool_init_node+0x2f7/0x6e0 [ 1117.900342][T15583] ? mempool_init_noprof+0x3a/0x50 [ 1117.900369][T15583] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1117.900397][T15583] mempool_init_node+0x2f7/0x6e0 [ 1117.900429][T15583] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1117.900454][T15583] ? __pfx_mempool_free_slab+0x10/0x10 [ 1117.900480][T15583] mempool_init_noprof+0x3a/0x50 [ 1117.900510][T15583] bioset_init+0x37e/0x8a0 [ 1117.900605][T15583] ? __pfx_bioset_init+0x10/0x10 [ 1117.900644][T15583] __alloc_disk_node+0x83/0x6b0 [ 1117.900693][T15583] __blk_alloc_disk+0xd2/0x170 [ 1117.900719][T15583] ? __pfx___blk_alloc_disk+0x10/0x10 [ 1117.900762][T15583] ? __pfx_idr_alloc+0x10/0x10 [ 1117.900799][T15583] ? lockdep_init_map_type+0x5c/0x250 [ 1117.900835][T15583] ? __raw_spin_lock_init+0x3a/0x110 [ 1117.900875][T15583] ? __pfx_hot_add_show+0x10/0x10 [ 1117.900955][T15583] zram_add+0x1bf/0x610 [ 1117.900988][T15583] ? __pfx_zram_add+0x10/0x10 [ 1117.901041][T15583] ? find_held_lock+0x2b/0x80 [ 1117.901063][T15583] ? sysfs_file_kobj+0xe4/0x290 [ 1117.901100][T15583] ? __pfx_hot_add_show+0x10/0x10 [ 1117.901135][T15583] hot_add_show+0x21/0x80 [ 1117.901169][T15583] class_attr_show+0x72/0xa0 [ 1117.901219][T15583] ? __pfx_class_attr_show+0x10/0x10 [ 1117.901246][T15583] sysfs_kf_seq_show+0x217/0x3a0 [ 1117.901284][T15583] seq_read_iter+0x32f/0x1270 [ 1117.901336][T15583] kernfs_fop_read_iter+0x46c/0x610 [ 1117.901365][T15583] ? rw_verify_area+0xce/0x6d0 [ 1117.901401][T15583] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1117.901432][T15583] vfs_read+0x825/0xb30 [ 1117.901476][T15583] ? __pfx_vfs_read+0x10/0x10 [ 1117.901543][T15583] ksys_read+0x12a/0x250 [ 1117.901566][T15583] ? __pfx_ksys_read+0x10/0x10 [ 1117.901598][T15583] do_syscall_64+0x106/0xf80 [ 1117.901635][T15583] ? clear_bhb_loop+0x40/0x90 [ 1117.901667][T15583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1117.901693][T15583] RIP: 0033:0x7f9b4cb9c799 [ 1117.901714][T15583] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1117.901738][T15583] RSP: 002b:00007f9b4d9bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1117.901763][T15583] RAX: ffffffffffffffda RBX: 00007f9b4ce15fa0 RCX: 00007f9b4cb9c799 [ 1117.901781][T15583] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000007 [ 1117.901796][T15583] RBP: 00007f9b4cc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1117.901812][T15583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1117.901827][T15583] R13: 00007f9b4ce16038 R14: 00007f9b4ce15fa0 R15: 00007ffed5d33858 [ 1117.901860][T15583] [ 1120.261954][T15583] zram: Error allocating disk structure for device 1 [ 1122.480305][ T5833] Process accounting resumed [ 1123.042773][T14302] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1123.053784][T14302] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1123.063128][T14302] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1123.104598][T14302] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1123.114481][T14302] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1123.405455][ T5834] Process accounting resumed [ 1124.142008][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1124.195207][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1124.205379][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1124.213566][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1124.222775][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1124.426956][T15600] chnl_net:caif_netlink_parms(): no params data found [ 1125.179274][ T5839] Bluetooth: hci1: command tx timeout [ 1125.270576][T15600] bridge0: port 1(bridge_slave_0) entered blocking state [ 1125.270695][T15600] bridge0: port 1(bridge_slave_0) entered disabled state [ 1125.270918][T15600] bridge_slave_0: entered allmulticast mode [ 1125.289298][T15600] bridge_slave_0: entered promiscuous mode [ 1125.342365][T15600] bridge0: port 2(bridge_slave_1) entered blocking state [ 1125.342452][T15600] bridge0: port 2(bridge_slave_1) entered disabled state [ 1125.342771][T15600] bridge_slave_1: entered allmulticast mode [ 1125.359435][T15600] bridge_slave_1: entered promiscuous mode [ 1125.653536][T15600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1125.656380][T15600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1125.950792][T15600] team0: Port device team_slave_0 added [ 1125.953177][T15600] team0: Port device team_slave_1 added [ 1126.077765][T15612] chnl_net:caif_netlink_parms(): no params data found [ 1126.273570][T15600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1126.273598][T15600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1126.273631][T15600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1126.299494][ T5839] Bluetooth: hci5: command tx timeout [ 1126.677920][T15600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1126.677943][T15600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1126.677976][T15600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1127.000722][T15600] hsr_slave_0: entered promiscuous mode [ 1127.009829][T15600] hsr_slave_1: entered promiscuous mode [ 1127.010927][T15600] debugfs: 'hsr0' already exists in 'hsr' [ 1127.010949][T15600] Cannot create hsr debugfs directory [ 1127.279664][ T5839] Bluetooth: hci1: command tx timeout [ 1127.450959][T15628] random: crng reseeded on system resumption [ 1127.648275][T15612] bridge0: port 1(bridge_slave_0) entered blocking state [ 1127.648370][T15612] bridge0: port 1(bridge_slave_0) entered disabled state [ 1127.648504][T15612] bridge_slave_0: entered allmulticast mode [ 1127.650033][T15612] bridge_slave_0: entered promiscuous mode [ 1127.684086][T15612] bridge0: port 2(bridge_slave_1) entered blocking state [ 1127.684170][T15612] bridge0: port 2(bridge_slave_1) entered disabled state [ 1127.684347][T15612] bridge_slave_1: entered allmulticast mode [ 1127.690345][T15612] bridge_slave_1: entered promiscuous mode [ 1128.380518][ T5839] Bluetooth: hci5: command tx timeout [ 1128.780969][T15612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1128.811115][T15612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1129.339236][ T5839] Bluetooth: hci1: command tx timeout [ 1129.585811][ T205] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1130.024760][T15636] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1130.462008][ T5839] Bluetooth: hci5: command tx timeout [ 1131.353818][ T205] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1131.429233][ T5839] Bluetooth: hci1: command tx timeout [ 1131.511046][T15612] team0: Port device team_slave_0 added [ 1131.534484][T15612] team0: Port device team_slave_1 added [ 1132.142183][ T205] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1132.261652][T15612] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1132.261672][T15612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1132.261704][T15612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1132.263281][T15612] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1132.263297][T15612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1132.263328][T15612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1132.539690][ T5839] Bluetooth: hci5: command tx timeout [ 1132.931378][ T205] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1133.066214][T15612] hsr_slave_0: entered promiscuous mode [ 1133.069701][T15612] hsr_slave_1: entered promiscuous mode [ 1133.070314][T15612] debugfs: 'hsr0' already exists in 'hsr' [ 1133.070335][T15612] Cannot create hsr debugfs directory [ 1133.140913][T15600] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1133.362096][T15600] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1133.565307][T15600] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1133.585018][T15600] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1134.277029][ T205] bridge_slave_0: left allmulticast mode [ 1134.277086][ T205] bridge_slave_0: left promiscuous mode [ 1134.278473][ T205] bridge0: port 1(bridge_slave_0) entered disabled state [ 1134.749570][T15146] syz.1.2126 (15146) used greatest stack depth: 19320 bytes left [ 1135.136983][T15667] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1135.439776][ T205] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1135.491467][ T205] bond0 (unregistering): Released all slaves [ 1135.674799][ T205] HSR: left promiscuous mode [ 1135.856383][T15600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1135.978527][T15600] 8021q: adding VLAN 0 to HW filter on device team0 [ 1136.035118][T15679] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1136.045315][T15679] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1136.144336][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state [ 1136.144444][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1136.148798][T15612] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1136.220345][T15612] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1136.232276][ T2922] bridge0: port 2(bridge_slave_1) entered blocking state [ 1136.232365][ T2922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1136.304137][T15612] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1136.324870][T15612] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1136.704444][T15600] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1136.704474][T15600] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1137.629670][ T205] hsr_slave_0: left promiscuous mode [ 1137.741112][ T205] hsr_slave_1: left promiscuous mode [ 1137.741787][ T205] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1137.741808][ T205] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1138.049611][ T205] veth1_macvtap: left promiscuous mode [ 1138.049665][ T205] veth0_macvtap: left promiscuous mode [ 1138.049742][ T205] veth1_vlan: left promiscuous mode [ 1138.550173][ T5839] Bluetooth: hci4: command 0x0406 tx timeout [ 1138.584943][T15705] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1138.588095][T15705] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1138.588829][T15705] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1138.590645][T15705] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1138.591112][T15705] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1139.479942][ T205] team0 (unregistering): Port device team_slave_1 removed [ 1139.601061][ T205] team0 (unregistering): Port device team_slave_0 removed [ 1139.889737][T15713] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1139.911498][T15712] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1140.171664][T15612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1140.391753][T15612] 8021q: adding VLAN 0 to HW filter on device team0 [ 1140.612276][T10798] bridge0: port 1(bridge_slave_0) entered blocking state [ 1140.619836][T10798] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1140.780537][ T2995] bridge0: port 2(bridge_slave_1) entered blocking state [ 1140.788035][ T2995] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1140.796148][T14302] Bluetooth: hci2: command tx timeout [ 1140.866505][T15600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1141.594005][T15704] chnl_net:caif_netlink_parms(): no params data found [ 1142.658535][T15742] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1142.860104][T14302] Bluetooth: hci2: command tx timeout [ 1142.982905][T15747] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1143.068293][T15612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1143.182997][T15704] bridge0: port 1(bridge_slave_0) entered blocking state [ 1143.228025][T15704] bridge0: port 1(bridge_slave_0) entered disabled state [ 1143.301832][T15704] bridge_slave_0: entered allmulticast mode [ 1143.369894][T15704] bridge_slave_0: entered promiscuous mode [ 1143.421077][T15704] bridge0: port 2(bridge_slave_1) entered blocking state [ 1143.428280][T15704] bridge0: port 2(bridge_slave_1) entered disabled state [ 1143.529361][T15704] bridge_slave_1: entered allmulticast mode [ 1143.593862][T15704] bridge_slave_1: entered promiscuous mode [ 1143.825818][T15704] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1144.178487][T15704] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1144.443032][T15704] team0: Port device team_slave_0 added [ 1144.501612][T15704] team0: Port device team_slave_1 added [ 1144.844388][T15600] veth0_vlan: entered promiscuous mode [ 1144.941356][T15705] Bluetooth: hci2: command tx timeout [ 1145.807618][T15600] veth1_vlan: entered promiscuous mode [ 1145.885696][T15704] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1145.939468][T15704] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1146.099259][T15704] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1146.179410][T15704] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1146.186589][T15704] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1146.389167][T15704] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1146.811753][ T205] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.019426][T15705] Bluetooth: hci2: command tx timeout [ 1147.360915][ T205] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.618501][T15704] hsr_slave_0: entered promiscuous mode [ 1147.650398][T15704] hsr_slave_1: entered promiscuous mode [ 1147.657027][T15704] debugfs: 'hsr0' already exists in 'hsr' [ 1147.679485][T15704] Cannot create hsr debugfs directory [ 1147.740832][ T205] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.853764][T15600] veth0_macvtap: entered promiscuous mode [ 1147.921870][T15612] veth0_vlan: entered promiscuous mode [ 1148.062026][ T205] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1148.112010][T15600] veth1_macvtap: entered promiscuous mode [ 1148.287704][T15612] veth1_vlan: entered promiscuous mode [ 1148.370422][T15600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1148.536000][T15600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1148.562692][T15612] veth0_macvtap: entered promiscuous mode [ 1148.667989][T15612] veth1_macvtap: entered promiscuous mode [ 1148.715617][ T2922] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.742234][ T2922] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.808261][ T2922] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.836124][ T2922] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.997415][T15778] FAULT_INJECTION: forcing a failure. [ 1148.997415][T15778] name failslab, interval 1, probability 0, space 0, times 0 [ 1149.013541][ T205] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1149.106446][T15612] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1149.119999][T15778] CPU: 0 UID: 0 PID: 15778 Comm: syz.4.2207 Tainted: G L syzkaller #0 PREEMPT(full) [ 1149.120042][T15778] Tainted: [L]=SOFTLOCKUP [ 1149.120051][T15778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1149.120066][T15778] Call Trace: [ 1149.120074][T15778] [ 1149.120084][T15778] dump_stack_lvl+0x100/0x190 [ 1149.120126][T15778] should_fail_ex.cold+0x5/0xa [ 1149.120155][T15778] should_failslab+0xc2/0x120 [ 1149.120181][T15778] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1149.120215][T15778] ? alloc_fs_context+0x57/0xf40 [ 1149.120251][T15778] alloc_fs_context+0x57/0xf40 [ 1149.120292][T15778] mq_init_ns+0x16e/0x820 [ 1149.120321][T15778] copy_ipcs+0x3dd/0x7e0 [ 1149.120348][T15778] create_new_namespaces+0x20a/0xac0 [ 1149.120375][T15778] ? security_capable+0x80/0x260 [ 1149.120423][T15778] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1149.120453][T15778] ksys_unshare+0x473/0xad0 [ 1149.120491][T15778] ? __pfx_ksys_unshare+0x10/0x10 [ 1149.120535][T15778] __x64_sys_unshare+0x31/0x40 [ 1149.120571][T15778] do_syscall_64+0x106/0xf80 [ 1149.120607][T15778] ? clear_bhb_loop+0x40/0x90 [ 1149.120637][T15778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.120663][T15778] RIP: 0033:0x7f9b4cb9c799 [ 1149.120683][T15778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1149.120708][T15778] RSP: 002b:00007f9b4d9bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1149.120731][T15778] RAX: ffffffffffffffda RBX: 00007f9b4ce15fa0 RCX: 00007f9b4cb9c799 [ 1149.120748][T15778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 1149.120763][T15778] RBP: 00007f9b4cc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1149.120779][T15778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1149.120794][T15778] R13: 00007f9b4ce16038 R14: 00007f9b4ce15fa0 R15: 00007ffed5d33858 [ 1149.120825][T15778] [ 1149.381046][T15778] FAULT_INJECTION: forcing a failure. [ 1149.381046][T15778] name failslab, interval 1, probability 0, space 0, times 0 [ 1149.394331][T15778] CPU: 0 UID: 0 PID: 15778 Comm: syz.4.2207 Tainted: G L syzkaller #0 PREEMPT(full) [ 1149.394371][T15778] Tainted: [L]=SOFTLOCKUP [ 1149.394379][T15778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1149.394417][T15778] Call Trace: [ 1149.394426][T15778] [ 1149.394435][T15778] dump_stack_lvl+0x100/0x190 [ 1149.394477][T15778] should_fail_ex.cold+0x5/0xa [ 1149.394507][T15778] should_failslab+0xc2/0x120 [ 1149.394532][T15778] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1149.394575][T15778] ? vm_area_dup+0x27/0x8e0 [ 1149.394607][T15778] ? mas_next_slot+0x1003/0x18b0 [ 1149.394651][T15778] vm_area_dup+0x27/0x8e0 [ 1149.394687][T15778] __split_vma+0x18c/0xd90 [ 1149.394725][T15778] ? __pfx___split_vma+0x10/0x10 [ 1149.394758][T15778] ? validate_mm+0x392/0x4e0 [ 1149.394807][T15778] vma_modify+0x1121/0x2250 [ 1149.394850][T15778] ? __pfx_vma_modify+0x10/0x10 [ 1149.394893][T15778] vma_modify_flags+0x257/0x3d0 [ 1149.394934][T15778] ? __pfx_vma_modify_flags+0x10/0x10 [ 1149.394984][T15778] ? rcu_is_watching+0x12/0xc0 [ 1149.395022][T15778] ? percpu_counter_add_batch+0xb9/0x230 [ 1149.395122][T15778] mprotect_fixup+0x209/0xb70 [ 1149.395162][T15778] ? __pfx_mprotect_fixup+0x10/0x10 [ 1149.395199][T15778] ? __pfx_mas_prev+0x10/0x10 [ 1149.395245][T15778] do_mprotect_pkey+0x9e1/0xe70 [ 1149.395289][T15778] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 1149.395324][T15778] ? do_vmi_munmap+0x1f8/0x3e0 [ 1149.395358][T15778] ? do_vmi_munmap+0x200/0x3e0 [ 1149.395408][T15778] ? __pfx___vm_munmap+0x10/0x10 [ 1149.395465][T15778] __x64_sys_mprotect+0x78/0xc0 [ 1149.395499][T15778] ? lockdep_hardirqs_on+0x78/0x100 [ 1149.395538][T15778] do_syscall_64+0x106/0xf80 [ 1149.395573][T15778] ? clear_bhb_loop+0x40/0x90 [ 1149.395603][T15778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.395629][T15778] RIP: 0033:0x7f9b4cb9c597 [ 1149.395650][T15778] Code: 89 38 eb 84 0f 1f 80 00 00 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff e9 7a ff ff ff b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1149.395676][T15778] RSP: 002b:00007f9b4d9b9d18 EFLAGS: 00000217 ORIG_RAX: 000000000000000a [ 1149.395699][T15778] RAX: ffffffffffffffda RBX: 00007f9b44000000 RCX: 00007f9b4cb9c597 [ 1149.395716][T15778] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 00007f9b44000000 [ 1149.395731][T15778] RBP: 0000000000021000 R08: 00000000ffffffff R09: 0000000000000000 [ 1149.395747][T15778] R10: 0000000000000022 R11: 0000000000000217 R12: 0000000004000000 [ 1149.395762][T15778] R13: 0000000000001000 R14: 00007f9b48000000 R15: 0000000001400000 [ 1149.395793][T15778] [ 1150.043199][ T205] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1150.133285][T15612] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1150.269418][ T205] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1150.347983][ T2922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1150.390279][ T2922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1150.448103][ T205] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1150.562014][ T85] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.589188][ T85] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.598434][ T85] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.715388][ T85] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.963246][ T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1151.005182][T15704] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1151.041605][ T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1151.252284][T15704] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1151.315669][T15704] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1151.413274][ T205] bridge_slave_0: left allmulticast mode [ 1151.439290][ T205] bridge_slave_0: left promiscuous mode [ 1151.445164][ T205] bridge0: port 1(bridge_slave_0) entered disabled state [ 1151.601796][T15806] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1151.627594][T15806] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1152.029988][ T205] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1152.074013][ T205] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1152.090110][ T205] bond0 (unregistering): Released all slaves [ 1152.655012][ T205] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1152.782359][ T205] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1152.881250][ T205] bond0 (unregistering): Released all slaves [ 1152.921121][T15704] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1153.163418][ T2922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1153.224712][ T205] tipc: Left network mode [ 1153.241844][ T2922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1153.256553][T15826] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1153.346413][T10798] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1153.412293][T10798] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1153.665625][T15704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1153.798697][T15704] 8021q: adding VLAN 0 to HW filter on device team0 [ 1153.988738][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state [ 1153.988828][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1153.990693][ T2922] bridge0: port 2(bridge_slave_1) entered blocking state [ 1153.990780][ T2922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1155.388645][T15859] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1155.462174][T15704] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1155.526992][T15862] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1156.109669][T15877] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1156.111490][T15877] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1157.305521][T15892] can0: slcan on ttyS2. [ 1157.507427][ T205] hsr_slave_0: left promiscuous mode [ 1157.523177][ T205] hsr_slave_1: left promiscuous mode [ 1157.552927][ T205] hsr_slave_0: left promiscuous mode [ 1157.575819][ T205] hsr_slave_1: left promiscuous mode [ 1157.618045][ T205] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1157.661075][ T205] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1157.710946][ T205] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1157.751643][ T205] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1157.853276][ T205] veth1_vlan: left promiscuous mode [ 1157.937898][T15906] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1158.047048][T15910] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1159.173146][ T205] team0 (unregistering): Port device team_slave_1 removed [ 1159.272249][ T205] team0 (unregistering): Port device team_slave_0 removed [ 1159.625316][T15919] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1159.697538][T15920] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1159.972488][ T205] team0 (unregistering): Port device team_slave_1 removed [ 1160.045054][ T205] team0 (unregistering): Port device team_slave_0 removed [ 1160.413333][T15893] can0 (unregistered): slcan off ttyS2. [ 1160.481047][T15704] veth0_vlan: entered promiscuous mode [ 1160.615225][T15704] veth1_vlan: entered promiscuous mode [ 1160.812513][T15704] veth0_macvtap: entered promiscuous mode [ 1160.902167][T15704] veth1_macvtap: entered promiscuous mode [ 1161.031003][T15704] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1161.095504][T15704] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1161.174457][ T2995] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1161.229560][ T2995] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1161.301758][ T2995] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1161.370509][ T2995] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1161.424342][T15943] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1161.710078][T15948] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1162.780400][ T9756] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1162.789043][ T9756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1162.951497][ T2922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1162.994100][ T2922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1163.397184][T15966] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2225'. [ 1164.033033][T15975] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1164.159598][T15975] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1165.630151][T15995] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1166.397360][T16015] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1166.627380][T16020] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1167.661627][T16044] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1167.733865][T16046] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1172.760007][T16094] netlink: 306 bytes leftover after parsing attributes in process `syz.4.2243'. [ 1174.739312][ T29] audit: type=1804 audit(4294986507.519:22): pid=16142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.2249" name="/newroot/7/file0" dev="tmpfs" ino=53 res=1 errno=0 [ 1174.917680][ T29] audit: type=1804 audit(4294986507.569:23): pid=16151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.2249" name="/newroot/7/file0" dev="tmpfs" ino=53 res=1 errno=0 [ 1175.744071][T16163] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2251'. [ 1175.782608][T16169] netlink: 25 bytes leftover after parsing attributes in process `syz.7.2252'. [ 1176.188486][T16175] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2254'. [ 1176.240150][T16177] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1176.249451][T16178] netlink: 'syz.7.2254': attribute type 1 has an invalid length. [ 1176.257222][T16178] netlink: 'syz.7.2254': attribute type 6 has an invalid length. [ 1176.359643][T16179] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1177.424843][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.431405][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.230226][T16201] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1178.300610][T16201] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1179.869840][T16224] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1180.009573][T16224] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1181.264496][T16249] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1181.551828][T16251] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1183.827493][T16272] FAULT_INJECTION: forcing a failure. [ 1183.827493][T16272] name failslab, interval 1, probability 0, space 0, times 0 [ 1184.153631][T16272] CPU: 0 UID: 0 PID: 16272 Comm: syz.4.2266 Tainted: G L syzkaller #0 PREEMPT(full) [ 1184.153671][T16272] Tainted: [L]=SOFTLOCKUP [ 1184.153679][T16272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1184.153698][T16272] Call Trace: [ 1184.153706][T16272] [ 1184.153716][T16272] dump_stack_lvl+0x100/0x190 [ 1184.153793][T16272] should_fail_ex.cold+0x5/0xa [ 1184.153835][T16272] should_failslab+0xc2/0x120 [ 1184.153877][T16272] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1184.153924][T16272] ? __proc_create+0x2cb/0x8c0 [ 1184.153989][T16272] __proc_create+0x2cb/0x8c0 [ 1184.154034][T16272] ? __pfx___proc_create+0x10/0x10 [ 1184.154076][T16272] ? _raw_write_unlock+0x28/0x50 [ 1184.154144][T16272] proc_create_reg+0x75/0x170 [ 1184.154169][T16272] ? __pfx_kcm_stats_seq_show+0x10/0x10 [ 1184.154293][T16272] proc_create_net_single+0x86/0x180 [ 1184.154320][T16272] ? __pfx_proc_create_net_single+0x10/0x10 [ 1184.154352][T16272] ? __pfx_kcm_proc_init_net+0x10/0x10 [ 1184.154386][T16272] kcm_proc_init_net+0x52/0x120 [ 1184.154419][T16272] ops_init+0x1e2/0x5f0 [ 1184.154482][T16272] setup_net+0x118/0x3a0 [ 1184.154521][T16272] ? __pfx_setup_net+0x10/0x10 [ 1184.154558][T16272] ? lockdep_init_map_type+0x5c/0x250 [ 1184.154604][T16272] ? mutex_init_lockep+0x110/0x150 [ 1184.154643][T16272] copy_net_ns+0x46f/0x7c0 [ 1184.154669][T16272] create_new_namespaces+0x3ea/0xac0 [ 1184.154706][T16272] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1184.154735][T16272] ksys_unshare+0x473/0xad0 [ 1184.154776][T16272] ? __pfx_ksys_unshare+0x10/0x10 [ 1184.154819][T16272] __x64_sys_unshare+0x31/0x40 [ 1184.154850][T16272] do_syscall_64+0x106/0xf80 [ 1184.154885][T16272] ? clear_bhb_loop+0x40/0x90 [ 1184.154922][T16272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1184.154947][T16272] RIP: 0033:0x7f9b4cb9c799 [ 1184.154972][T16272] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1184.155000][T16272] RSP: 002b:00007f9b4d9bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1184.155027][T16272] RAX: ffffffffffffffda RBX: 00007f9b4ce15fa0 RCX: 00007f9b4cb9c799 [ 1184.155045][T16272] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1184.155059][T16272] RBP: 00007f9b4cc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1184.155075][T16272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1184.155089][T16272] R13: 00007f9b4ce16038 R14: 00007f9b4ce15fa0 R15: 00007ffed5d33858 [ 1184.155121][T16272] [ 1185.188412][T16297] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1186.922547][T16313] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1190.473950][T16346] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1190.713577][T16346] [U] [ 1190.716339][T16346] [U] [ 1190.719057][T16346] [U] [ 1190.721769][T16346] [U] [ 1191.025507][T16346] [U] [ 1191.028293][T16346] [U] [ 1191.031028][T16346] [U] [ 1191.033911][T16346] [U] [ 1191.229568][T16346] [U] [ 1194.410395][T16385] vivid-007: ================= START STATUS ================= [ 1194.565767][T16385] vivid-007: Generate PTS: true [ 1194.665593][T16385] vivid-007: Generate SCR: true [ 1194.766686][T16385] tpg source WxH: 320x240 (Y'CbCr) [ 1194.829446][T16385] tpg field: 1 [ 1194.846890][T16385] tpg crop: (0,0)/320x240 [ 1194.914862][T16385] tpg compose: (0,0)/320x240 [ 1194.988495][T16385] tpg colorspace: 8 [ 1195.010056][T16385] tpg transfer function: 0/0 [ 1195.014898][T16385] tpg Y'CbCr encoding: 0/0 [ 1195.097219][T16385] tpg quantization: 0/0 [ 1195.141654][T16385] tpg RGB range: 0/2 [ 1195.145689][T16385] vivid-007: ================== END STATUS ================== [ 1199.684532][T16456] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1199.960429][T16464] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1202.293298][T16492] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1203.070057][T16486] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2297'. [ 1204.409582][T16522] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2302'. [ 1209.879508][T16607] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1210.188074][T16617] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1210.547772][T16621] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1212.790577][T16644] FAULT_INJECTION: forcing a failure. [ 1212.790577][T16644] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.127834][T16644] CPU: 0 UID: 0 PID: 16644 Comm: syz.5.2314 Tainted: G L syzkaller #0 PREEMPT(full) [ 1213.127876][T16644] Tainted: [L]=SOFTLOCKUP [ 1213.127885][T16644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1213.127901][T16644] Call Trace: [ 1213.127909][T16644] [ 1213.127918][T16644] dump_stack_lvl+0x100/0x190 [ 1213.127966][T16644] should_fail_ex.cold+0x5/0xa [ 1213.128003][T16644] should_failslab+0xc2/0x120 [ 1213.128047][T16644] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1213.128092][T16644] ? __get_vm_area_node+0x101/0x330 [ 1213.128121][T16644] ? register_lock_class+0x40/0x560 [ 1213.128160][T16644] __get_vm_area_node+0x101/0x330 [ 1213.128193][T16644] __vmalloc_node_range_noprof+0x213/0x1530 [ 1213.128226][T16644] ? n_tty_open+0x1a/0x170 [ 1213.128336][T16644] ? look_up_lock_class+0x64/0x120 [ 1213.128378][T16644] ? n_tty_open+0x1a/0x170 [ 1213.128412][T16644] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1213.128445][T16644] ? __ldsem_down_write_nested+0xfd/0x830 [ 1213.128485][T16644] ? __ldsem_down_write_nested+0x10e/0x830 [ 1213.128512][T16644] ? __pfx_class_find_device+0x10/0x10 [ 1213.128565][T16644] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 1213.128595][T16644] ? n_tty_open+0x1a/0x170 [ 1213.128617][T16644] __vmalloc_node_noprof+0xad/0xf0 [ 1213.128649][T16644] ? n_tty_open+0x1a/0x170 [ 1213.128674][T16644] ? __pfx_n_tty_open+0x10/0x10 [ 1213.128698][T16644] n_tty_open+0x1a/0x170 [ 1213.128724][T16644] tty_ldisc_open+0xa2/0x120 [ 1213.128760][T16644] tty_ldisc_setup+0x40/0xf0 [ 1213.128795][T16644] tty_init_dev.part.0+0x1b5/0x470 [ 1213.128846][T16644] tty_open+0xa63/0xfa0 [ 1213.128892][T16644] ? __pfx_tty_open+0x10/0x10 [ 1213.128930][T16644] ? chrdev_open+0x10b/0x6a0 [ 1213.128960][T16644] ? chrdev_open+0x10b/0x6a0 [ 1213.128992][T16644] ? __pfx_tty_open+0x10/0x10 [ 1213.129031][T16644] chrdev_open+0x234/0x6a0 [ 1213.129057][T16644] ? __pfx_apparmor_file_open+0x10/0x10 [ 1213.129098][T16644] ? __pfx_chrdev_open+0x10/0x10 [ 1213.129126][T16644] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1213.129167][T16644] do_dentry_open+0x6d8/0x1660 [ 1213.129201][T16644] ? __pfx_chrdev_open+0x10/0x10 [ 1213.129234][T16644] vfs_open+0x82/0x3f0 [ 1213.129271][T16644] path_openat+0x208c/0x31a0 [ 1213.129311][T16644] ? __pfx_path_openat+0x10/0x10 [ 1213.129349][T16644] do_file_open+0x20e/0x430 [ 1213.129384][T16644] ? __pfx_do_file_open+0x10/0x10 [ 1213.129432][T16644] ? alloc_fd+0x476/0x790 [ 1213.129464][T16644] ? do_getname+0x191/0x390 [ 1213.129707][T16644] do_sys_openat2+0x10d/0x1e0 [ 1213.129748][T16644] ? __pfx_do_sys_openat2+0x10/0x10 [ 1213.129791][T16644] ? find_held_lock+0x2b/0x80 [ 1213.129817][T16644] ? setid_policy_lookup+0x10c/0x350 [ 1213.130065][T16644] __x64_sys_openat+0x12d/0x210 [ 1213.130117][T16644] ? __pfx___x64_sys_openat+0x10/0x10 [ 1213.130170][T16644] do_syscall_64+0x106/0xf80 [ 1213.130207][T16644] ? clear_bhb_loop+0x40/0x90 [ 1213.130239][T16644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.130268][T16644] RIP: 0033:0x7fbe11d9c799 [ 1213.130291][T16644] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1213.130316][T16644] RSP: 002b:00007fbe12ba4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1213.130347][T16644] RAX: ffffffffffffffda RBX: 00007fbe12016090 RCX: 00007fbe11d9c799 [ 1213.130365][T16644] RDX: 0000000000103e81 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 1213.130381][T16644] RBP: 00007fbe11e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1213.130395][T16644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1213.130410][T16644] R13: 00007fbe12016128 R14: 00007fbe12016090 R15: 00007ffc076587f8 [ 1213.130442][T16644] [ 1218.159389][T16644] syz.5.2314: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1218.420856][T16644] CPU: 0 UID: 0 PID: 16644 Comm: syz.5.2314 Tainted: G L syzkaller #0 PREEMPT(full) [ 1218.420897][T16644] Tainted: [L]=SOFTLOCKUP [ 1218.420906][T16644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1218.420922][T16644] Call Trace: [ 1218.420932][T16644] [ 1218.420941][T16644] dump_stack_lvl+0x100/0x190 [ 1218.420987][T16644] warn_alloc.cold+0x95/0x1c1 [ 1218.421032][T16644] ? __pfx_warn_alloc+0x10/0x10 [ 1218.421070][T16644] ? trace_kmalloc+0x101/0x130 [ 1218.421098][T16644] ? __kmalloc_cache_node_noprof+0x2d9/0x770 [ 1218.421144][T16644] ? __kasan_kmalloc+0x8a/0xb0 [ 1218.421185][T16644] ? __get_vm_area_node+0x208/0x330 [ 1218.421221][T16644] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 1218.421263][T16644] ? look_up_lock_class+0x64/0x120 [ 1218.421306][T16644] ? n_tty_open+0x1a/0x170 [ 1218.421342][T16644] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1218.421376][T16644] ? __ldsem_down_write_nested+0xfd/0x830 [ 1218.421401][T16644] ? __ldsem_down_write_nested+0x10e/0x830 [ 1218.421428][T16644] ? __pfx_class_find_device+0x10/0x10 [ 1218.421466][T16644] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 1218.421496][T16644] ? n_tty_open+0x1a/0x170 [ 1218.421518][T16644] __vmalloc_node_noprof+0xad/0xf0 [ 1218.421551][T16644] ? n_tty_open+0x1a/0x170 [ 1218.421575][T16644] ? __pfx_n_tty_open+0x10/0x10 [ 1218.421599][T16644] n_tty_open+0x1a/0x170 [ 1218.421624][T16644] tty_ldisc_open+0xa2/0x120 [ 1218.421657][T16644] tty_ldisc_setup+0x40/0xf0 [ 1218.421692][T16644] tty_init_dev.part.0+0x1b5/0x470 [ 1218.421736][T16644] tty_open+0xa63/0xfa0 [ 1218.421785][T16644] ? __pfx_tty_open+0x10/0x10 [ 1218.421822][T16644] ? chrdev_open+0x10b/0x6a0 [ 1218.421847][T16644] ? chrdev_open+0x10b/0x6a0 [ 1218.421877][T16644] ? __pfx_tty_open+0x10/0x10 [ 1218.421916][T16644] chrdev_open+0x234/0x6a0 [ 1218.421941][T16644] ? __pfx_apparmor_file_open+0x10/0x10 [ 1218.421967][T16644] ? __pfx_chrdev_open+0x10/0x10 [ 1218.421994][T16644] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1218.422030][T16644] do_dentry_open+0x6d8/0x1660 [ 1218.422054][T16644] ? __pfx_chrdev_open+0x10/0x10 [ 1218.422087][T16644] vfs_open+0x82/0x3f0 [ 1218.422123][T16644] path_openat+0x208c/0x31a0 [ 1218.422159][T16644] ? __pfx_path_openat+0x10/0x10 [ 1218.422196][T16644] do_file_open+0x20e/0x430 [ 1218.422225][T16644] ? __pfx_do_file_open+0x10/0x10 [ 1218.422278][T16644] ? alloc_fd+0x476/0x790 [ 1218.422306][T16644] ? do_getname+0x191/0x390 [ 1218.422342][T16644] do_sys_openat2+0x10d/0x1e0 [ 1218.422375][T16644] ? __pfx_do_sys_openat2+0x10/0x10 [ 1218.422410][T16644] ? find_held_lock+0x2b/0x80 [ 1218.422436][T16644] ? setid_policy_lookup+0x10c/0x350 [ 1218.422478][T16644] __x64_sys_openat+0x12d/0x210 [ 1218.422513][T16644] ? __pfx___x64_sys_openat+0x10/0x10 [ 1218.422560][T16644] do_syscall_64+0x106/0xf80 [ 1218.422594][T16644] ? clear_bhb_loop+0x40/0x90 [ 1218.422625][T16644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1218.422651][T16644] RIP: 0033:0x7fbe11d9c799 [ 1218.422672][T16644] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1218.422697][T16644] RSP: 002b:00007fbe12ba4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1218.422720][T16644] RAX: ffffffffffffffda RBX: 00007fbe12016090 RCX: 00007fbe11d9c799 [ 1218.422737][T16644] RDX: 0000000000103e81 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 1218.422755][T16644] RBP: 00007fbe11e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1218.422770][T16644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1218.422785][T16644] R13: 00007fbe12016128 R14: 00007fbe12016090 R15: 00007ffc076587f8 [ 1218.422817][T16644] [ 1219.212584][T16644] Mem-Info: [ 1219.232497][T16644] active_anon:7031 inactive_anon:29784 isolated_anon:0 [ 1219.232497][T16644] active_file:19548 inactive_file:38056 isolated_file:0 [ 1219.232497][T16644] unevictable:768 dirty:727 writeback:0 [ 1219.232497][T16644] slab_reclaimable:12290 slab_unreclaimable:96939 [ 1219.232497][T16644] mapped:36350 shmem:22014 pagetables:1641 [ 1219.232497][T16644] sec_pagetables:0 bounce:0 [ 1219.232497][T16644] kernel_misc_reclaimable:0 [ 1219.232497][T16644] free:1285465 free_pcp:15087 free_cma:0 [ 1219.439824][T16644] Node 0 active_anon:30124kB inactive_anon:87172kB active_file:78244kB inactive_file:152092kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:111648kB dirty:2948kB writeback:0kB shmem:56684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12320kB pagetables:6432kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1219.659627][T16644] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1219.786951][T16644] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1219.906790][T16644] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1219.934516][T16644] Node 0 DMA32 free:1237592kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24916kB inactive_anon:65072kB active_file:75488kB inactive_file:154848kB unevictable:1540kB writepending:2948kB zspages:0kB present:3129332kB managed:2537380kB mlocked:4kB bounce:0kB free_pcp:63444kB local_pcp:63444kB free_cma:0kB [ 1220.099026][T16644] lowmem_reserve[]: 0 0 1 1 1 [ 1220.180534][T16644] Node 0 Normal free:28kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 1220.530445][T16644] lowmem_reserve[]: 0 0 0 0 0 [ 1220.588565][T16644] Node 1 Normal free:3942816kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1220.909105][T16644] lowmem_reserve[]: 0 0 0 0 0 [ 1220.951325][T16644] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1221.079169][T16644] Node 0 DMA32: 5488*4kB (UME) 7861*8kB (UME) 5449*16kB (UME) 2960*32kB (UME) 1790*64kB (UME) 1194*128kB (UME) 620*256kB (UME) 337*512kB (UME) 190*1024kB (UM) 53*2048kB (UME) 27*4096kB (M) = 1279096kB [ 1221.201007][T16644] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1221.250112][T16644] Node 1 Normal: 4*4kB (UM) 8*8kB (UM) 13*16kB (UM) 8*32kB (UM) 8*64kB (UM) 3*128kB (UM) 2*256kB (M) 3*512kB (UM) 1*1024kB (M) 3*2048kB (UM) 960*4096kB (UM) = 3942816kB [ 1221.316507][T16644] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1221.367433][T16644] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=1 hugepages_size=2048kB [ 1221.401872][T16644] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1221.446616][T16644] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1221.490356][T16644] 59013 total pagecache pages [ 1221.495079][T16644] 1 pages in swap cache [ 1221.534389][T16644] Free swap = 124992kB [ 1221.538585][T16644] Total swap = 124996kB [ 1221.574418][T16644] 2097051 pages RAM [ 1221.578276][T16644] 0 pages HighMem/MovableOnly [ 1221.619825][T16644] 430826 pages reserved [ 1221.640087][T16644] 0 pages cma reserved [ 1221.666425][T16644] ttyS ttyS2: ldisc open failed (-12), clearing slot 2 [ 1222.360714][T16739] vivid-007: ================= START STATUS ================= [ 1222.429224][T16739] vivid-007: Generate PTS: true [ 1222.457715][T16739] vivid-007: Generate SCR: true [ 1222.491901][T16739] tpg source WxH: 320x240 (Y'CbCr) [ 1222.534843][T16739] tpg field: 1 [ 1222.580892][T16739] tpg crop: (0,0)/320x240 [ 1222.628114][T16739] tpg compose: (0,0)/320x240 [ 1222.680679][T16739] tpg colorspace: 8 [ 1222.717805][T16739] tpg transfer function: 0/0 [ 1222.767938][T16739] tpg Y'CbCr encoding: 0/0 [ 1222.867624][T16739] tpg quantization: 0/0 [ 1222.969535][T16739] tpg RGB range: 0/2 [ 1223.006547][T16739] vivid-007: ================== END STATUS ================== [ 1224.276910][T16735] FAULT_INJECTION: forcing a failure. [ 1224.276910][T16735] name failslab, interval 1, probability 0, space 0, times 0 [ 1224.277022][T16735] CPU: 0 UID: 0 PID: 16735 Comm: syz.5.2328 Tainted: G L syzkaller #0 PREEMPT(full) [ 1224.277058][T16735] Tainted: [L]=SOFTLOCKUP [ 1224.277066][T16735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1224.277081][T16735] Call Trace: [ 1224.277089][T16735] [ 1224.277098][T16735] dump_stack_lvl+0x100/0x190 [ 1224.277145][T16735] should_fail_ex.cold+0x5/0xa [ 1224.277173][T16735] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1224.277228][T16735] should_failslab+0xc2/0x120 [ 1224.277256][T16735] __kmalloc_noprof+0xe0/0x850 [ 1224.277320][T16735] ? ipcget+0xee/0xf50 [ 1224.277369][T16735] memcg_list_lru_alloc+0x4ec/0x740 [ 1224.277416][T16735] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1224.277454][T16735] ? rcu_read_unlock+0x17/0x60 [ 1224.277489][T16735] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1224.277531][T16735] __memcg_slab_post_alloc_hook+0x130/0x990 [ 1224.277566][T16735] ? kasan_save_track+0x14/0x30 [ 1224.277608][T16735] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1224.277647][T16735] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1224.277686][T16735] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1224.277711][T16735] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 1224.277737][T16735] alloc_inode+0x68/0x250 [ 1224.277770][T16735] new_inode+0x22/0x1c0 [ 1224.277806][T16735] hugetlbfs_get_inode+0x313/0x750 [ 1224.277837][T16735] hugetlb_file_setup+0x3cc/0x5b0 [ 1224.277868][T16735] newseg+0xabb/0xed0 [ 1224.277904][T16735] ? __pfx_newseg+0x10/0x10 [ 1224.277934][T16735] ? down_write+0x146/0x1f0 [ 1224.277976][T16735] ? ksys_write+0x190/0x250 [ 1224.277998][T16735] ? ksys_write+0x190/0x250 [ 1224.278024][T16735] ipcget+0xee/0xf50 [ 1224.278056][T16735] ? do_futex+0x192/0x350 [ 1224.278098][T16735] ? __pfx_do_futex+0x10/0x10 [ 1224.278135][T16735] ? __pfx_ipcget+0x10/0x10 [ 1224.278168][T16735] ? __x64_sys_futex+0x34f/0x4d0 [ 1224.278200][T16735] ? __x64_sys_futex+0x358/0x4d0 [ 1224.278237][T16735] __x64_sys_shmget+0x13b/0x1b0 [ 1224.278276][T16735] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1224.278317][T16735] do_syscall_64+0x106/0xf80 [ 1224.278352][T16735] ? clear_bhb_loop+0x40/0x90 [ 1224.278383][T16735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1224.278409][T16735] RIP: 0033:0x7fbe11d9c799 [ 1224.278430][T16735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1224.278471][T16735] RSP: 002b:00007fbe12bc5028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1224.278495][T16735] RAX: ffffffffffffffda RBX: 00007fbe12015fa0 RCX: 00007fbe11d9c799 [ 1224.278512][T16735] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1224.278528][T16735] RBP: 00007fbe11e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1224.278544][T16735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1224.278558][T16735] R13: 00007fbe12016038 R14: 00007fbe12015fa0 R15: 00007ffc076587f8 [ 1224.278591][T16735] [ 1224.617522][T16770] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1224.619179][ T0] numa_add_cpu cpu 1 node 0: mask now 0-1 [ 1224.619213][ T0] numa_add_cpu cpu 1 node 1: mask now 0-1 [ 1224.813095][ T22] numa_remove_cpu cpu 1 node 0: mask now 0 [ 1224.813201][ T22] numa_remove_cpu cpu 1 node 1: mask now 0 [ 1224.814660][T16773] smpboot: CPU 1 is now offline [ 1224.888717][T16773] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1224.889784][ T0] numa_add_cpu cpu 1 node 0: mask now 0-1 [ 1224.889813][ T0] numa_add_cpu cpu 1 node 1: mask now 0-1 [ 1224.892799][T16773] ------------[ cut here ]------------ [ 1224.892822][T16773] DEAD callback error for CPU1 [ 1224.892843][T16773] WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020, CPU#0: syz.6.2333/16773 [ 1224.892891][T16773] Modules linked in: [ 1224.892971][T16773] CPU: 0 UID: 0 PID: 16773 Comm: syz.6.2333 Tainted: G L syzkaller #0 PREEMPT(full) [ 1224.893009][T16773] Tainted: [L]=SOFTLOCKUP [ 1224.893019][T16773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1224.893037][T16773] RIP: 0010:_cpu_down+0x75c/0x1020 [ 1224.893067][T16773] Code: 4e 7a f6 89 ee bf 91 00 00 00 e8 df 48 7a f6 81 fd 91 00 00 00 0f 84 6b 02 00 00 e8 1e 4e 7a f6 48 8d 3d f7 e7 4e 05 44 89 ee <67> 48 0f b9 3a e9 3a fa ff ff 45 31 ff e9 32 fa ff ff e8 fd 4d 7a [ 1224.893095][T16773] RSP: 0018:ffffc900044b7aa8 EFLAGS: 00010287 [ 1224.893117][T16773] RAX: 00000000000061bd RBX: ffff8880b85242e0 RCX: ffffc9001d570000 [ 1224.893136][T16773] RDX: 0000000000080000 RSI: 0000000000000001 RDI: ffffffff90dcb240 [ 1224.893154][T16773] RBP: 0000000000000092 R08: 0000000000000005 R09: 0000000000000091 [ 1224.893170][T16773] R10: 0000000000000092 R11: 0000000000000001 R12: 00000000000000ed [ 1224.893187][T16773] R13: 0000000000000001 R14: 0000000000000001 R15: 00000000fffffff5 [ 1224.893205][T16773] FS: 00007f11028906c0(0000) GS:ffff888124349000(0000) knlGS:0000000000000000 [ 1224.893231][T16773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1224.893249][T16773] CR2: 000020000011f000 CR3: 00000000358d8000 CR4: 00000000003526f0 [ 1224.893267][T16773] Call Trace: [ 1224.893277][T16773] [ 1224.893296][T16773] ? __pfx_cpu_subsys_offline+0x10/0x10 [ 1224.893340][T16773] cpu_device_down+0x82/0xc0 [ 1224.893374][T16773] device_offline+0x2a7/0x3c0 [ 1224.893408][T16773] ? __pfx_device_offline+0x10/0x10 [ 1224.893444][T16773] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1224.893505][T16773] ? __pfx_online_store+0x10/0x10 [ 1224.893538][T16773] online_store+0xd1/0x180 [ 1224.893570][T16773] ? __pfx_online_store+0x10/0x10 [ 1224.893603][T16773] ? __pfx_find_held_lock+0x10/0x10 [ 1224.893629][T16773] ? sysfs_file_kobj+0xe4/0x290 [ 1224.893662][T16773] ? sysfs_file_kobj+0xe4/0x290 [ 1224.893698][T16773] dev_attr_store+0x58/0x80 [ 1224.893765][T16773] ? __pfx_dev_attr_store+0x10/0x10 [ 1224.893796][T16773] sysfs_kf_write+0xf2/0x150 [ 1224.893838][T16773] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1224.893866][T16773] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1224.893902][T16773] vfs_write+0x6ac/0x1070 [ 1224.893929][T16773] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1224.893962][T16773] ? __pfx_vfs_write+0x10/0x10 [ 1224.894006][T16773] ksys_write+0x12a/0x250 [ 1224.894031][T16773] ? __pfx_ksys_write+0x10/0x10 [ 1224.894055][T16773] ? kcov_ioctl+0x16a/0x720 [ 1224.894087][T16773] do_syscall_64+0x106/0xf80 [ 1224.894125][T16773] ? clear_bhb_loop+0x40/0x90 [ 1224.894158][T16773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1224.894185][T16773] RIP: 0033:0x7f110199c799 [ 1224.894208][T16773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1224.894234][T16773] RSP: 002b:00007f1102890028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1224.894260][T16773] RAX: ffffffffffffffda RBX: 00007f1101c16270 RCX: 00007f110199c799 [ 1224.894279][T16773] RDX: 000000000000000b RSI: 00002000000002c0 RDI: 0000000000000003 [ 1224.894296][T16773] RBP: 00007f1101a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1224.894313][T16773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1224.894330][T16773] R13: 00007f1101c16308 R14: 00007f1101c16270 R15: 00007fff855d4b88 [ 1224.894365][T16773] [ 1224.894399][T16773] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1224.894419][T16773] CPU: 0 UID: 0 PID: 16773 Comm: syz.6.2333 Tainted: G L syzkaller #0 PREEMPT(full) [ 1224.894456][T16773] Tainted: [L]=SOFTLOCKUP [ 1224.894465][T16773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1224.894480][T16773] Call Trace: [ 1224.894489][T16773] [ 1224.894498][T16773] dump_stack_lvl+0x100/0x190 [ 1224.894538][T16773] vpanic+0x552/0x970 [ 1224.894562][T16773] ? __pfx_vpanic+0x10/0x10 [ 1224.894597][T16773] panic+0xd1/0xe0 [ 1224.894620][T16773] ? __pfx_panic+0x10/0x10 [ 1224.894659][T16773] check_panic_on_warn.cold+0x19/0x34 [ 1224.894687][T16773] ? _cpu_down+0x759/0x1020 [ 1224.894714][T16773] __warn.cold+0x191/0x348 [ 1224.894744][T16773] __report_bug+0x296/0x3d0 [ 1224.894825][T16773] ? _cpu_down+0x759/0x1020 [ 1224.894861][T16773] ? __pfx___report_bug+0x10/0x10 [ 1224.894894][T16773] ? __pfx_try_to_wake_up+0x10/0x10 [ 1224.894937][T16773] report_bug_entry+0xe1/0x290 [ 1224.894970][T16773] ? _cpu_down+0x75c/0x1020 [ 1224.894998][T16773] handle_bug+0x1cd/0x2a0 [ 1224.895023][T16773] exc_invalid_op+0x17/0x50 [ 1224.895048][T16773] asm_exc_invalid_op+0x1a/0x20 [ 1224.895072][T16773] RIP: 0010:_cpu_down+0x75c/0x1020 [ 1224.895101][T16773] Code: 4e 7a f6 89 ee bf 91 00 00 00 e8 df 48 7a f6 81 fd 91 00 00 00 0f 84 6b 02 00 00 e8 1e 4e 7a f6 48 8d 3d f7 e7 4e 05 44 89 ee <67> 48 0f b9 3a e9 3a fa ff ff 45 31 ff e9 32 fa ff ff e8 fd 4d 7a [ 1224.895127][T16773] RSP: 0018:ffffc900044b7aa8 EFLAGS: 00010287 [ 1224.895147][T16773] RAX: 00000000000061bd RBX: ffff8880b85242e0 RCX: ffffc9001d570000 [ 1224.895164][T16773] RDX: 0000000000080000 RSI: 0000000000000001 RDI: ffffffff90dcb240 [ 1224.895181][T16773] RBP: 0000000000000092 R08: 0000000000000005 R09: 0000000000000091 [ 1224.895197][T16773] R10: 0000000000000092 R11: 0000000000000001 R12: 00000000000000ed [ 1224.895216][T16773] R13: 0000000000000001 R14: 0000000000000001 R15: 00000000fffffff5 [ 1224.895247][T16773] ? _cpu_down+0x752/0x1020 [ 1224.895283][T16773] ? __pfx_cpu_subsys_offline+0x10/0x10 [ 1224.895325][T16773] cpu_device_down+0x82/0xc0 [ 1224.895356][T16773] device_offline+0x2a7/0x3c0 [ 1224.895389][T16773] ? __pfx_device_offline+0x10/0x10 [ 1224.895424][T16773] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1224.895471][T16773] ? __pfx_online_store+0x10/0x10 [ 1224.895503][T16773] online_store+0xd1/0x180 [ 1224.895535][T16773] ? __pfx_online_store+0x10/0x10 [ 1224.895566][T16773] ? __pfx_find_held_lock+0x10/0x10 [ 1224.895591][T16773] ? sysfs_file_kobj+0xe4/0x290 [ 1224.895622][T16773] ? sysfs_file_kobj+0xe4/0x290 [ 1224.895657][T16773] dev_attr_store+0x58/0x80 [ 1224.895686][T16773] ? __pfx_dev_attr_store+0x10/0x10 [ 1224.895716][T16773] sysfs_kf_write+0xf2/0x150 [ 1224.895750][T16773] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1224.895776][T16773] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1224.895811][T16773] vfs_write+0x6ac/0x1070 [ 1224.895871][T16773] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1224.895903][T16773] ? __pfx_vfs_write+0x10/0x10 [ 1224.895947][T16773] ksys_write+0x12a/0x250 [ 1224.895971][T16773] ? __pfx_ksys_write+0x10/0x10 [ 1224.895994][T16773] ? kcov_ioctl+0x16a/0x720 [ 1224.896025][T16773] do_syscall_64+0x106/0xf80 [ 1224.896062][T16773] ? clear_bhb_loop+0x40/0x90 [ 1224.896093][T16773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1224.896120][T16773] RIP: 0033:0x7f110199c799 [ 1224.896140][T16773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1224.896165][T16773] RSP: 002b:00007f1102890028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1224.896189][T16773] RAX: ffffffffffffffda RBX: 00007f1101c16270 RCX: 00007f110199c799 [ 1224.896206][T16773] RDX: 000000000000000b RSI: 00002000000002c0 RDI: 0000000000000003 [ 1224.896222][T16773] RBP: 00007f1101a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1224.896238][T16773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1224.896255][T16773] R13: 00007f1101c16308 R14: 00007f1101c16270 R15: 00007fff855d4b88 [ 1224.896289][T16773] [ 1224.896496][T16773] Kernel Offset: disabled