last executing test programs: 1m58.779845436s ago: executing program 3 (id=1820): fstat$auto(0xffffffffffffffff, &(0x7f0000000300)={0xff, 0x7, 0x45, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x803, 0x4, 0x6, 0x0, 0x1000073, 0x1, 0x1, 0x8}) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_fops_u8_(0xffffffffffffff9c, &(0x7f00000014c0)='/sys/kernel/debug/nfcsim/nfc0/dropframe\x00', 0x20000, 0x0) read$auto_fops_u8_(r0, 0x0, 0x0) openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000240), 0x303101, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999"}) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) ioctl$auto_SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f0000000040)=0x8) 1m58.662132406s ago: executing program 3 (id=1821): socket(0xa, 0x3, 0x3c) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd10/queue/iosched/read_expire\x00', 0x1c2b02, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48500, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/003/001\x00', 0x42082, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sem\x00', 0xc8202, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) r0 = socket(0x11, 0xa, 0x9) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001280)='/dev/sequencer2\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 1m58.356285389s ago: executing program 3 (id=1823): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f00000009c0)="8939cc4d36227fdb35e4a7779345a4d999cb1552f41b34b4003355454e96e6647b34e58345a013e46d9380cd77dcd9b5804ab378df5b19fd93b23d547b6a39e0563f1da27d880a0c7a41ada96f5899128a2f138a38855f3a0e5090cfcb022a807fd8d8410e21962aea3354ff7d28917ad17443189afcba863b21eedff9ef8944e15848033f30ec1ce206287db0755992c3d95fa6c7a2ecb44696ce661038bdc304c775605215501e237d8713947274ff5249f4fefe090d0581a07ac675fdc5da272124ae5975977941ead35326b8dd9ef2562c730a1df3116a5e25f19463fb391d3ba275758c4dd50d5bb8ecd6b3b07ebadfc8c978bb7e15a95c5bd06356d6d9d9e89db59312c4f8452f55ba7013b2691ca80c7db06df2026b190ae22bd233128b0459f8e22f77579ee7f7c6054e4eb33480be2d6e034dd96379f65937a7edf67a2d6b9fc5bb4253bb95d4bedd94da5d5cd944ccfa98c65c25dc3ab8fda6e68d77806b21e624aae3a6435c313b15894332942eb58e2bc6a0582aceaeb594578a2908b49a6f2ce66aac2e2ee4cadfc452cb953a51449039dbb5c7e84405d9cb335afbed3384ffc695b954cc51531bb083df05e2af461c2a7a0a697d0d59c565f5cfd3b354f051d5637fd1f72aeb79be3567215c648ae85541c9f3c4856229247b1225d327ed57fa7981424b39ebbb77a0f6ca5778ed0c9713d68aedd19627de8edf485f9155261ede5c803da5ce248f4c93a1b9925ee07d3f42c8f999252655c582ff47da1e6d010449345c4f3a43336547112ef4e8e0bd0829027b6dcb8fb127171eeb7a38470592c8422bc5c9bb784c281d20847eb79fef43fd38aa88f1a8639728267aef7a74fc40cc54cefea2807f598cd25f3c1bd8ab17fc88aac82179057717177355a1103433d8f7468a8f49d7d5dd8093f6882a791ce983aa4e03bf1a91e938b8da4f9cb41d6371579d9feb55636d8626b9e339d5e54a2397537e9b2f5bb846f1d0dd4614ad5f68fa35ea3f366a12eb4d51aad810856db0f11974bda08daf259c9477053847f17074fbbcbce75472cb9acada0b400f4fa85b71a97e7c686b2ba98e3d2bbb905d9e82430a2730d8d3465d9b632ba07fd746b2a394feb76db7501208f559be2a151c205103c4481cae7352f7117e6c626f25f0b3367d50a1ea87a38136b6ca64e1ef51207c0d6c06dfe86336b65caeee24138f1ca0955135c5d2b49743b0e51f98b7a8bd3a5ac50ca3a5d6e8e17cdf154bae7fa031b40b83b285b58eb47277920fc28ef916d5ae8536458577a37b73ae29312fee7885c405417d454e38dbe50ef1a8603e28611bf4d6b63251a1abc190581c6efe832d62d6ce8f6c4a64c7e018427b5fadddc1cec3896ed51c977d9e3f7c0d1e8f8d75693e1ead5a7a3714843fb3517bd0ddc68936c801692cce52ba003036764dc7f016e342a54f99916fc595dba1fc76222c5e814a1b71c6b9b735240e6bf747a900f6048b2836af70c6aa717701312c61c965d8ca1bdafb5d3623b2ee9b7e4a767ed76defd661a9f18bffaeada811ac2ad6731bf96274b019498c5552b38678ff0aedb465713d895595b92e2bc9e1b3acec28f3ee5831951582f2ad1831ddce1300dcc4547ec444eae5c614719be9c3d397fc1db1a76d954cbc9b7a0d7c8d1eab3eeccd70b17dcd7c3543b6d9effbea67c4ade126c6fbfdee281fe3479c3052e68cf8441a50a6adc59dec8de4261a117e0286eea92ecc88230fdfdca1ed438026e238e6dbfdc4772dccb17737c398add9644b47bfb1a3e3a4b1316ec25ea07f90f858736e80dbb9c882701e7188d315391c538469695f33d266550fb873f47a12518717c83bec4e0cce65958d08a0e287df6a08efd979e087814b1822681ba6ea015714fd66af5100967e152262973b065ed349398aa13bb4329b4f56081aba2ba73ede47a2f1b2dbd5daeaf4d4f790a030e3c1fac30da1b5f6149074de6d76b1635adf44016027efd4ac08c93983e0935c1c8b38a675d5c356483539624e1f402439e6a55529a44c17207d6a5f9d0a2b1745ccb5d4e7332a2b2467c9690c9b7fb9fa73b4da5d3eadd347b89bf05a6aacac989ce9f1398729a4b3383c64c64cc68a8638735ebd80fb9ba2ee9e30e65a56d5676f2b607567f2a07adba966b210339d6a8cc404ffdcbf8ac02216239cc9e0abec2e2aa1d27d658913c83ae08657439bf32213d6b3c3fbb37f978a1820d23be11511869e5884ccab0de2a2ac982d58f01e88b54a54b0f50cc0ff699e39f86d74371f1667927ea4ba96af4c98b05e2b1d4115ef892332ab7ac777f1537f3ce78a2889fab969aa6a11f9e855ec1ba09096346fe930737e6760688c91a60bce3f173c24fa1efcbe5d12869ba34883f95e6bc90c61994f6761c305f5de4a0f79f6b3403249190542edd86d7231f0d89d1519ccab3ef35e3dc9e35a5031ab1cb888a8ace8cbe67073c19f8060ea78bf6d6a8970ed1aae35246df0b825d325279ae4c2a838e0e1f40a3c9615b06b2c4e929942a2d820a82ef19d355754caa45119d5e07f9052bf02ed05de6e07bf46758255d8ef077fd04e971b5117f8ef54f20559c98a9c51df5ed7d2db8f2085ce9947b474c7f00f4a1585507e2344a53a597292a338dd39592df962267a835d091dc9f1c5e7a6a0f1215a0015d9083720aee97b7fa1aa7f4fbcf698018980ebe5cd928e6ea1f1c4e6087678cfa687f1f6cea280fb9f24496211fb00b3788bf4ac4cf5d0972c398baa70fc54dc28a9fd3b838a5732b5039602d5049afc135cfef8053a20359287d53bcce117c7c36147288178cef8dac66f4b941333dd74cf2e9e22ce1be287f1ea2c0d5f476ea74a996d5952c98714a9939084f87bb525f287214567bf1da94d8d098640215d14800f09367aaade0f57ad08dc581dc19d21bdd640d1d3cf54336bb0feafc14d9709f719b1212eee75d9f8b958783cce8a535cb6a1b890e002fefa0e60597275ca2d516b28ef1d1ce3f25184b20726cb59ccab574b8d0ffd30fce23936ec84224991a6f9d2fd74def41248726f86e413dd13e9be77f1856fa1b5803312b8a9179914980bb70873a380278f1c6ad42186b14933892427939f83556e9d130607c1b3e1292da5ba6908b642a11d2814b7ea8b7442ae9aaea89948a58cba34807e617404af7e34ecc449be8c403ee536f311af194d63c9120e0268c3f7e2cafc739b6a0575396d61e55707820fe6eb6a71ce094b931d67b8be93937542e3f7e5bb80ab033d979b3c1bff4ff367934c73198fd04571e7a74b9376894d4b0c45a53b7711cecdd98fc87980b82019db23bf4f41ad8182b6861cab9fdb8f882eddc568f5f35e798350857b3818e2e0ef189cf08825355a9ffec231c0f5039b80764f3c7d1f2371fc71216e8f8d83bce4273bcbf22908d81b7c28d664e574e396098ad8fb0bcd68dbc3d1bb0f0bf295df0ae59339381ee231536c7d3b949072a5a2ba5245cb57848dfbb7cbcb7cbdae9b96752c824410eb46f6978051ae5734c278292a90f3c395f098162d4a43c7f449b1cd8208e15fe97c11c25b663a837348b45e059998a10f1c05490dae27b12508decaafec265eb2c22f3df91291922c80e33f479a77078717a7beea74972a7817e791e2cedcaafb43d1bb71ae86242f3375633bdcf0176ef26075446d3cf999df207983af46406defa8aaab0071a24c273a6b2ef78c47efdc0950a3bf486e1f0c26587b8de77a7fbfeb10a22485a6ec662f3afa0508343f9019a8a04118a30c78d89311da9fddfab1cd44f0c2c2f934ba94e88862fb2121893dab164b3edd2d3b0f4658624f6883099353b1bd0e0601f5397c5a5d6689890b207189602ee61524acc886ab1276aecf1a0bb4fbc85ff7e4881a977513ea0abd446b757464f6caa3485c3d08a4dc810ce21d85cfffc4fa07015ae41b1c7a6ba1858566db8ecaa0dd1cd6e5b7e3cc2a344399e89103954e380ee58b62cd508c587c9946b05433af55959a2ad30fb9b521c64f57321a23e4ac9866f356d28b29302f9604303bc66215696874eaf63e7a37056f78ac3034dc63db9315edb5bc7ada518e02b28281893792ac39374220645694c8e437358b5117f1e2d8269125111afc070ff118ec3a38d949c9ca4a7a1ce6dcac1e2a8e63af511d140b23a86cb78a7a47c4a9e2dcd4587ae32a36e47ed7a7a6e84bf1dbc60b0b00773b4bc0c9ebd38f0e8ccaa0eef5199229057f93c12988cd52317e64c9668b74e946a5cf837320f0889a427f84431f20540dc17eeb0587e51bd05ae9478dd42d215849d50cb745dd9d2d90c294a404ec95941d39ffacbe0e02c0fb6b017042986f1bb00e675a26eb0e65654eb130e5ad3b67cf73b89783effdebf50788f5287ebf2b1d96a4a94e37f39a9bfa0e6c95791a6fd5b5bc083af38afd3fb3ae0f17736f020d8b055a8081121d9f5d563cba2d8b803c4c687ea9184aa09445af016c77d946b03fca370c157f3c7b61ada339a9d3b1b5d18d68e3d66db596164720b09b1426bae1b96c7c5c201a5b232742cfcba1c45164165b5f342548354c2e040fc3a9dbb77dd35ae1f84aa89360fbd232637c0522c64088d7e4313311708c5525538c2e0db4d25143306e93492170413f1f85c3e582ca354164e14b5d3bb33fd808a8b608e29f744333fc670f3816829c1a8583a7b158154a988f5b3b97c38add8146f2faa7c30acc309763eee280251c0a1e1b2d26bd377531a00a2dc54696b90045b17bba7e76dcef64714fecd12c3e84bcc7cffa17b18c6bbcc39960f4156ef05e368c4f205e8dc05a668b09548c2ced5927e6dab63a9e196aa42034ac8f4b9fb9ee4d8cd9c0fb435efaf5c7f4059607a2ac5669f5ebfd5c6db2579e465a", 0xd82) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8802, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x66c82, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000001900)='/dev/adsp1\x00', 0x28082, 0x0) ioctl$auto_SNDCTL_DSP_GETCAPS(r4, 0x8004500f, &(0x7f0000000040)) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r3, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x4004010) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0xb) sendmsg$auto_NETDEV_CMD_DEV_GET(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6048804}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0x199, 0xfffffffffffffffa, 0x8000) r5 = prctl$auto(0x37, 0x1, 0x4, 0x5, 0x7) quotactl$auto(0x9, 0x0, 0x62a0, 0x0) io_destroy$auto(0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) r6 = io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/active_slave\x00', 0xa800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000280)=""/41, 0x29) io_uring_register$auto(r6, 0xc, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x20200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) io_uring_setup$auto(0x0, &(0x7f0000000140)={0x2, 0x5, 0x58, 0xef7, 0x9, 0x1000, r0, [0x8, 0x8000, 0x4], {0x3, 0xa9, 0xffff, 0x0, 0xd2e, 0x8, 0x8, 0xe0, 0x5}, {0x7, 0x5, 0x1, 0x8, 0x6, 0x2, 0x80, 0x4, 0x4}}) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mtdblock0\x00', 0x14fb02, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x60142, 0x130) 1m58.19553933s ago: executing program 3 (id=1824): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/thermal/cooling_device1/cur_state\x00', 0x20b42, 0x0) sendfile$auto(r0, r0, 0x0, 0x4f64a1d5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socket(0x15, 0x3, 0xfffffffe) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffff00, 0x8000}, "290000000000000000000000008000"}) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000300)='/dev/fuse\x00', 0x444081, 0x0) r2 = socket(0x2, 0x3, 0x4) getsockopt$auto(r2, 0x84, 0x22, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x400000003) r5 = socket(0xa, 0x1, 0x84) accept4$auto(r5, 0x0, 0x0, 0x0) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) write$auto(0x3, 0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) openat$auto_hwsim_simulate_radar_(0xffffffffffffff9c, 0x0, 0x1c1900, 0x0) r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x7, 0x109, 0x7, "aab8e80600080043529f895cf5e8ec8f46cbb766439d070a00", @raw=0x2}, 0x6, 0x4, 0x6, @raw=0xd7, @integer64={0x442df60c, 0x81, 0x7}, "a4699d43a05edbe0d28473c399a7dc920b153e9b1675451d9de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000200)='/dev/log\x00', 0x0, 0x0) msgctl$auto(0x9, 0x287, 0x0) keyctl$auto(0x8, 0x0, 0x0, 0x0, 0x7e) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000880)='/dev/input/event0\x00', 0x40100, 0x0) ioctl$auto_EVIOCGMASK(r7, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x9}) 1m57.363944166s ago: executing program 3 (id=1826): socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x18, 0x3, 0x2) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x8, 0x9, 0x0) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r0 = socket(0x11, 0x6, 0x300) sendfile$auto(0x1, r0, 0x0, 0x8fb5) ioctl$auto(0xc8, 0x400454ce, 0xffffffffffffffff) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x20000080) fcntl$auto(0x0, 0x408, 0x100000) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) close_range$auto(0x2, 0xa, 0x0) unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x6}, 0x1, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 1m56.00674674s ago: executing program 3 (id=1831): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x88880, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x8202, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3e, 0xa, 0xbb7d, 0x6]}, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x400, 0x0) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video54\x00', 0x42942, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/security/tomoyo/query\x00', 0x82a02, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x40d81, 0x0) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000080), 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) madvise$auto(0x0, 0x200007, 0x8) fadvise64$auto_POSIX_FADV_NORMAL(r0, 0x5, 0xd, 0x0) 1m51.988545026s ago: executing program 0 (id=1847): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003180), r0) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000003400)={0x0, 0x0, &(0x7f00000033c0)={&(0x7f0000000000)={0x14, r1, 0x301, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0xa, 0xd, 0x2, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x416, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) bpf$auto_BPF_LINK_UPDATE(0x1d, 0x0, 0x80) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2102, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x2584, 0x0) ioctl$auto(0x3, 0x40045542, 0xb551) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x103, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0xa, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0xffffffffffffffff, 0x28000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x2440, 0x0) read$auto(r4, 0x0, 0x20) select$auto(0x8, 0x0, 0x0, &(0x7f0000000040)={[0xfffffffffffffffc, 0x3, 0xa, 0x40007fff, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000000003, 0x8000400, 0x0, 0x7, 0x2, 0x93, 0x400000001, 0x8002]}, 0x0) landlock_restrict_self$auto(r4, 0x0) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) setsockopt$auto(r3, 0x29, 0x30, 0x0, 0x56b) read$auto(r0, &(0x7f0000000080)='\x00', 0xff09) ioctl$auto(0xc8, 0x800454d7, 0x5c8d) 1m51.790089381s ago: executing program 0 (id=1849): socket(0x2, 0x3, 0x100) socket(0xa, 0x5, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0200, 0x0) socket(0x2, 0x3, 0xa) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) select$auto(0x4748, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x1000, 0xffffffffffffffff, 0x95f4da0a, 0xc, 0x3, 0x8062, 0x80000001, 0x2, 0x6d3f, 0x9, 0x8, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000180)=""/190, 0xbe) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x7, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x7, 0x7fffffe) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mem\x00', 0x20401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) select$auto(0x6, &(0x7f0000000240)={[0xffffffff, 0x3, 0x400, 0x8, 0x2, 0x7, 0x7ffffffffffffffc, 0x443, 0xcdf, 0x93, 0x4, 0x221, 0x10e6, 0x6, 0xc2, 0xc3e]}, &(0x7f00000002c0)={[0x2, 0x4, 0x802, 0xfa, 0x8, 0x5, 0x7, 0x6, 0x5, 0x7b7885c5, 0x7fff, 0x5, 0x7f, 0x7, 0xff, 0x3]}, &(0x7f0000000340)={[0xff, 0x5, 0x9, 0x2, 0x3ff, 0x8, 0x6, 0x100000000, 0x8, 0x80, 0x4007f, 0x2400, 0x3, 0x3, 0x9, 0x5]}, &(0x7f0000000040)={0x9, 0x7}) sysfs$auto(0x2, 0x20, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) 1m50.873690104s ago: executing program 0 (id=1851): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socket(0xf, 0x3, 0x2) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0x6, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0x2, 0xd, 0x6, 0x200000100103}) r0 = socket(0x2, 0x801, 0x106) getsockopt$auto_SO_MAX_PACING_RATE(r0, 0x6, 0x2f, 0x0, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) getsockopt$auto(0x3, 0x200000000001, 0x1d, 0x0, 0x0) read$auto(0x3, 0x0, 0xf3c) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) mmap$auto(0x0, 0x4020009, 0x5, 0xeb9, 0xffffffffffffffff, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/cifsFYI\x00', 0x40c01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2440, 0x0) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2d, 0x2, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/current_tracer\x00', 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x7776, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r2) 1m50.659617371s ago: executing program 0 (id=1853): mmap$auto(0x0, 0x4020009, 0xdb, 0xfd55, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4068aea3, &(0x7f0000000080)={0x7b}) swapon$auto(0x0, 0x4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(&(0x7f0000000000)={0xffff92b5, 0x0, 0x9, 0x3, 0x0, 0x80000000000000, 0x80000000, 0x0, 0x4513, 0x9, 0xffffffffffffffff, {0x7, 0x6}, 0xfffffffc, 0xbfa, 0x9, 0x10, 0x0, 0x2, 0x8, 0xff, 0x10000, 0x100000001, 0x4}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x24) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r0, 0x8, 0xfffffe02) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r4, 0xc0045005, 0x0) socketcall$auto(0x8000, 0x0) 1m50.556162303s ago: executing program 0 (id=1854): mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) move_pages$auto(0x0, 0x1001, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x300, 0x0) socket(0xa, 0x5, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x0, 0x0, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vivid.0/video4linux/video42/power/control\x00', 0xc2902, 0x0) read$auto(r3, 0x0, 0x20) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x80302, 0x0) write$auto(0x3, 0x0, 0xffd8) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) socket(0x15, 0x5, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 1m46.877000997s ago: executing program 0 (id=1866): mmap$auto(0x0, 0x7ffffffff000, 0x8004, 0xeb4, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/product\x00', 0x88800, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/kernel/timer_migration\x00', 0x242, 0x0) sendfile$auto(r2, r1, 0x0, 0x7fffe000) fcntl$auto(r0, 0xa, 0x1) fcntl$auto(r0, 0x10, 0x2) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/virt_wifi0/route_localnet\x00', 0x2202, 0x0) r3 = socket(0x10, 0x2, 0x14) write$auto(r3, &(0x7f0000000100)='\x00', 0xfffffffffffffffa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/remove\x00', 0xa001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x8031ca, 0x9) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) kcmp$auto(0x1, 0x1, 0x0, 0x100000004, 0x100000001) bpf$auto(0x7fffffe, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3, 0x5, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0xe2, 0x4, 0xd}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, 0x0, 0x200040c5) write$auto(r5, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r5, &(0x7f00000005c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0xffffffffffffffff, 0x2000d, 0x8, 0xeb1, 0x404, 0x80000000) 1m40.91019139s ago: executing program 32 (id=1831): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x88880, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x8202, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3e, 0xa, 0xbb7d, 0x6]}, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x400, 0x0) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video54\x00', 0x42942, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/security/tomoyo/query\x00', 0x82a02, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x40d81, 0x0) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000080), 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) madvise$auto(0x0, 0x200007, 0x8) fadvise64$auto_POSIX_FADV_NORMAL(r0, 0x5, 0xd, 0x0) 1m31.80720354s ago: executing program 33 (id=1866): mmap$auto(0x0, 0x7ffffffff000, 0x8004, 0xeb4, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/product\x00', 0x88800, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/kernel/timer_migration\x00', 0x242, 0x0) sendfile$auto(r2, r1, 0x0, 0x7fffe000) fcntl$auto(r0, 0xa, 0x1) fcntl$auto(r0, 0x10, 0x2) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/virt_wifi0/route_localnet\x00', 0x2202, 0x0) r3 = socket(0x10, 0x2, 0x14) write$auto(r3, &(0x7f0000000100)='\x00', 0xfffffffffffffffa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/remove\x00', 0xa001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x8031ca, 0x9) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) kcmp$auto(0x1, 0x1, 0x0, 0x100000004, 0x100000001) bpf$auto(0x7fffffe, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3, 0x5, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0xe2, 0x4, 0xd}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, 0x0, 0x200040c5) write$auto(r5, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r5, &(0x7f00000005c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0xffffffffffffffff, 0x2000d, 0x8, 0xeb1, 0x404, 0x80000000) 23.445356707s ago: executing program 5 (id=2401): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) mknod$auto(0x0, 0x1001, 0x5) open(0x0, 0x8c81, 0x91) write$auto(0x3, 0x0, 0xfdef) r0 = pidfd_open$auto(0x1, 0x8000800) waitid$auto_P_PIDFD(0x3, r0, 0x0, 0xc, 0x0) mmap$auto(0x0, 0x2020009, 0x800000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = getpid() process_vm_readv$auto(r1, 0x0, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22302, 0x0) pread64$auto(r2, 0x0, 0x84, 0xc) read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0) 22.391320572s ago: executing program 5 (id=2408): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket(0x23, 0x80805, 0x0) socket(0x2, 0x1, 0x106) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) socket(0x2, 0x1, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x9, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptys5\x00', 0x2000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000300)="dd") 22.054915108s ago: executing program 5 (id=2409): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4008ae48, 0xffffffffffffffff) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) r4 = waitid$auto(0x10, 0xffffffffffffffff, &(0x7f0000000080)={@siginfo_0_0={0x5, 0x10001, 0x1, @_rt={0xffffffffffffffff, 0xffffffffffffffff, @sival_int=0x4d65}}}, 0x401, &(0x7f0000000100)={{0x5, 0x4e}, {0xf7d8, 0x1}, 0x0, 0x9, 0x3, 0x7fffffffffffffff, 0x1, 0x8d1d, 0xe3e, 0xa3, 0x0, 0xf95, 0xfffffffffffffc00, 0x7, 0x101, 0x83}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000580)={{@inferred=r4, 0xf0ee, 0x20009, 0x10000003, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x1}, 0x4, 0x968, 0x6, @raw=0x404, @integer={0xa, 0x80000001, 0x7b}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) r5 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0x309000, 0x0) fcntl$auto_F_OFD_SETLK(r5, 0x25, 0x10) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, 0x0) 21.423547285s ago: executing program 5 (id=2413): ioctl$auto_TUNGETIFF2(0xffffffffffffffff, 0x800454d2, 0x0) waitid$auto(0x8, 0xffffffffffffffff, &(0x7f0000000100)={@siginfo_0_0={0xffff, 0x413, 0x0, @_sigsys={0x0, 0x0, 0x3ff}}}, 0x3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) clock_gettime$auto(0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x1, 0x0, 0x80000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 20.311785696s ago: executing program 5 (id=2417): r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x240080, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) syz_genetlink_get_family_id$auto_ethtool(0x0, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$auto_BATADV_CMD_SET_MESH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) r2 = open(0x0, 0x6c2880, 0x8d) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, 0x0) sendmsg$auto_WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0xc0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x49402, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000640), 0xffffffffffffffff) read$auto(r3, 0x0, 0x8) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_clone(0x11, 0x0, 0x300, 0x0, 0x0, 0x0) execveat$auto(r2, &(0x7f0000000200)='\x00', 0x0, 0x0, 0x11000) r5 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, 0xffffffffffffffff, 0x10000}, 0x10) mmap$auto(0x0, 0x2009, 0xdffffffffffffff9, 0x8000200008012, r5, 0x8000) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, 0x0, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}}, 0x20008050) 19.822087587s ago: executing program 5 (id=2419): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r1, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) unshare$auto(0x40000080) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5) swapon$auto(0x0, 0x8000004) 6.415921778s ago: executing program 2 (id=2487): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77eeb07c, 0x0) fanotify_init$auto(0x65, 0x2) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0x22, 0x3, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/013/001\x00', 0xa901, 0x0) socket(0xa, 0x5, 0x0) clone$auto(0x7fff, 0xff, 0x0, 0x0, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/mtd/mtd0/ecc_failures\x00', 0x8000, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 6.280424803s ago: executing program 2 (id=2488): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40000000000eb1, r0, 0x8100) r1 = socket(0x2, 0x2, 0x0) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) pwrite64$auto(0xc8, &(0x7f00000003c0)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(0xffffffffffffffff, 0x0, 0x4b, &(0x7f0000000000)='}\'.^\x00', &(0x7f00000000c0)=0x7) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x400002) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) r2 = prctl$auto(0x43, 0xe, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) mlockall$auto(0x7) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000000), r0) accept$auto(r2, &(0x7f0000000240)=@hci={0x1f, 0xffffffffffffffff, 0x2}, &(0x7f00000002c0)=0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.3/usb4/avoid_reset_quirk\x00', 0x129302, 0x0) r3 = socket(0x2, 0x2, 0x1) connect$auto(r3, &(0x7f00000000c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x55) connect$auto(r3, 0x0, 0x7f) open_by_handle_at$auto(r1, &(0x7f00000000c0)={0x0, 0x4}, 0x7) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) 5.470482745s ago: executing program 4 (id=2491): openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000140), 0x121140, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x40100, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) ioctl$auto_EVIOCGMASK(r0, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x9}) close_range$auto(0x2, 0x8, 0x0) r1 = io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x88, 0x1, 0x80000000, 0x10000100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x10000052, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) io_uring_register$auto(r1, 0x3, 0x0, 0x9) socket$nl_generic(0x10, 0x3, 0x10) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x3, 0x2, 0x3, 0x1) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x8, 0x3, 0x2, 0x4) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x401, 0x200000000000000, 0xfffffffffffffff8, 0x0) setrlimit$auto(0xc, &(0x7f0000000040)={0x5, 0x2}) socket(0xf, 0x800, 0x4) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/admmidi2\x00', 0x88042, 0x0) ioprio_set$auto(0x1, 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x8, 0x7, 0x9, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-0/xps_cpus\x00', 0x10b062, 0x0) write$auto(r2, &(0x7f00000001c0)=',\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x3) 5.012299341s ago: executing program 4 (id=2493): write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x1, 0x202000a, 0xfffffffc, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/snmp\x00', 0x40, 0x0) pread64$auto(r2, 0x0, 0x80000000, 0x9fffffffd) mq_notify$auto(0xffffffffffffffff, &(0x7f0000000180)={@sival_ptr=0x0, @inferred, 0x0, @_sigev_thread={0x0, 0x0}}) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.744129635s ago: executing program 34 (id=2419): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r1, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) unshare$auto(0x40000080) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5) swapon$auto(0x0, 0x8000004) 4.00275782s ago: executing program 4 (id=2496): r0 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f00000049c0)={0x0, 0x0, &(0x7f0000004980)={&(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYBLOB="010026bd7000fedbdf25020000000800048004000880"], 0x1c}, 0x1, 0x0, 0x0, 0x40040801}, 0x44000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x1, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x1000000000009489, 0x3, 0x15f4da0a, 0x1, 0x7, 0x7, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffa]}, 0x0) write$auto(r2, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) select$auto(0xa, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, r1, 0x10000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x5, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x85) 4.001294157s ago: executing program 1 (id=2503): r0 = openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0xa8000, 0x0) mmap$auto(0x200000000000000, 0x2020009, 0x3, 0xeb1, r0, 0x100000000) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(0x3, 0xc1485544, 0xb551) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) waitid$auto_P_ALL(0x0, 0x5, 0x0, 0x8, 0x0) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffbfffd}, 0xffff}, 0x4000, 0x20000043) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="00fedb4c609c5f0000000000000003d6c5b248a84c44dad09bb309b35aa654a48eb5d5b9fe85e37b7ac138372e1515fe"], 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000001c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xffffffff) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000000000001) clone$auto(0x8ffe, 0xbc2, 0xffffffffffffffff, 0xfffffffffffffffc, 0x400) select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x3, 0x1, 0xdd, 0x1000000000000004, 0x15f4da0a, 0x4000000400039, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) shutdown$auto(0x200000003, 0x2) 3.861706941s ago: executing program 1 (id=2497): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x20100, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x8100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x181040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x109080, 0x0) eventfd$auto(0x0) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x48400, 0x0) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe$auto(0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 2.809972925s ago: executing program 2 (id=2498): r0 = ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x2efc) r1 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'macvlan0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001580)={'bridge0\x00'}) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r1, &(0x7f0000000080)={&(0x7f0000001540), 0xc, &(0x7f0000001640)={&(0x7f0000000200)={0x58, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_FEC_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_FEC_AUTO={0x5, 0x3, 0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000081) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'macsec0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'dummy0\x00'}) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x24000, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001740)={'bond0\x00'}) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x80008000) socket$nl_generic(0x10, 0x3, 0x10) process_vm_readv$auto(0x0, 0x0, 0x0, 0x0, 0x6, 0x4000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r3, 0x5425, 0x0) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) sysfs$auto(0x2, 0x4c, 0x0) ioctl$auto_TCFLSH2(r4, 0x5408, 0x0) 2.806926844s ago: executing program 1 (id=2506): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x232040, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r1, 0x400454a4, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0) preadv2$auto(r2, &(0x7f0000000100)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x400, 0x2f) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) pread64$auto(r0, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2a, 0x2, 0x1) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) 2.469259724s ago: executing program 2 (id=2499): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$auto_IMDELTIMER(r0, 0x80044941, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sysfs$auto(0x2, 0x23, 0x0) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) sendmsg$auto_NL80211_CMD_DEL_PMKSA(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x40400, 0xd8) fchmod$auto(r2, 0x8) setreuid$auto(0x4, 0x8) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) write$auto(r3, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) 1.436709433s ago: executing program 2 (id=2500): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) shmctl$auto_IPC_SET(0x4, 0x1, &(0x7f0000000280)={{0x80, 0xee00, 0xee00, 0xca6d, 0x8, 0x4bd6, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x1, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x9, 0x0, &(0x7f0000000140)="4f0d6995e943b6bc1919", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815abade214708a4ade77c6faa2f2889ca3e7989f326"}) process_mrelease$auto(0xffffffffffffffff, 0xa) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000080)={[0x10000000000001ff, 0x0, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x800, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xb, 0x82c, 0x1, 0x4, 0x3, 0x104, 0x47, 0xffffffffffffffff, 0x7, 0x8000000000400000, 0x3, 0x200006d3c, 0x3, 0x2, 0x800000000000000a]}, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x400}, 0x7f) 1.436514593s ago: executing program 4 (id=2501): unshare$auto(0x40000080) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(0x3, 0xfffffffe) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)={0x24, r2, 0x1, 0x70bd31, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x5}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x4}]}, 0x24}}, 0x24048084) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) madvise$auto(0xfffffffffffffffa, 0x9, 0x19) sendmmsg$auto(0x3, &(0x7f0000000040)={{0x0, 0x2, 0x0, 0x8, 0x0, 0x4000000, 0x9}, 0x4}, 0x3, 0x2) write$auto_nvmf_dev_fops_fabrics(0xffffffffffffffff, 0x0, 0x300) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, r0) r3 = socket(0x2, 0x80800, 0x73) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r5, 0x1, 0x70bd2d, 0x25dfdbf6, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3b}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x11e789c}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_FD={0x8, 0x17, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) 1.222498437s ago: executing program 1 (id=2502): socket(0xa, 0x3, 0x3c) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd10/queue/iosched/read_expire\x00', 0x1c2b02, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48500, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/003/001\x00', 0x42082, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sem\x00', 0xc8202, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) r0 = socket(0x11, 0xa, 0x9) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001280)='/dev/sequencer2\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 785.813876ms ago: executing program 4 (id=2504): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0x3, 0x2) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8802, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) socket(0x11, 0x2, 0x73) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) fanotify_init$auto(0x5, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x40401, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x540b, 0x0) 785.083275ms ago: executing program 1 (id=2512): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x200, 0x0) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0xb, 0xa, 0x4) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x10000000084, 0x4, 0x0, 0x4) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r0, &(0x7f0000000080)={0x0, 0x1000}, 0x3) mmap$auto(0x0, 0x2020006, 0x3, 0xeb4, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)="fb", 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x88302, 0x0) sendfile$auto(r2, r2, 0x0, 0x7ffff000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) semget$auto(0x7eb, 0xc7, 0xfffffffd) socket$nl_generic(0x10, 0x3, 0x10) 548.18654ms ago: executing program 2 (id=2505): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) clone3$auto(&(0x7f0000000140)={0x6, 0x5, 0xf, 0x4, 0x2, 0x7, 0x0, 0x3, 0x9, 0x0, 0x8}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/nfc/nfc1/rfkill1/soft\x00', 0xa3182, 0x0) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x4) write$auto(0x3, 0x0, 0xffef) r1 = getpgid(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) prctl$auto(0x1000000003b, 0x80000000001, r1, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bpf$auto_BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)=@token_create={0x4}, 0x1) wait4$auto(0x0, 0x0, 0x4, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x8, 0x2000000000002) bpf$auto(0x8, &(0x7f0000000080)=@bpf_attr_4={0x2e, 0xffffffffffffffff, 0x7ffffffd}, 0x6) madvise$auto(0x8000000000000000, 0x724, 0x9) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) mount_setattr$auto(0xffffffffffffff9c, 0x0, 0x1000, 0x0, 0xe9f) 175.540824ms ago: executing program 4 (id=2507): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40000000000eb1, r0, 0x8100) r1 = socket(0x2, 0x2, 0x0) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) pwrite64$auto(0xc8, &(0x7f00000003c0)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(0xffffffffffffffff, 0x0, 0x4b, &(0x7f0000000000)='}\'.^\x00', &(0x7f00000000c0)=0x7) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x400002) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) r2 = prctl$auto(0x43, 0xe, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) mlockall$auto(0x7) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000000), r0) accept$auto(r2, &(0x7f0000000240)=@hci={0x1f, 0xffffffffffffffff, 0x2}, &(0x7f00000002c0)=0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.3/usb4/avoid_reset_quirk\x00', 0x129302, 0x0) r3 = socket(0x2, 0x2, 0x1) connect$auto(r3, &(0x7f00000000c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x55) connect$auto(r3, &(0x7f0000000000)=@l2tp={0x2, 0x0, @multicast2, 0x1}, 0x7f) open_by_handle_at$auto(r1, 0x0, 0x7) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) 0s ago: executing program 1 (id=2508): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/rose14/statistics/rx_length_errors\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0xa0080, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r1, 0x0, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/\x98@dio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r3 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) ioctl$auto(0xffffffffffffffff, 0x541b, 0x24) recvmmsg$auto(0x3, 0x0, 0xfffe, 0x6, 0x0) kernel console output (not intermixed with test programs): 310 [ 579.498172][T11248] __x64_sys_mount+0x293/0x310 [ 579.498190][T11248] ? __pfx___x64_sys_mount+0x10/0x10 [ 579.498215][T11248] do_syscall_64+0x106/0xf80 [ 579.498236][T11248] ? clear_bhb_loop+0x40/0x90 [ 579.498254][T11248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.498269][T11248] RIP: 0033:0x7fe0c7f9c799 [ 579.498282][T11248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 579.498297][T11248] RSP: 002b:00007fe0c8e5e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 579.498311][T11248] RAX: ffffffffffffffda RBX: 00007fe0c8216090 RCX: 00007fe0c7f9c799 [ 579.498320][T11248] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 579.498329][T11248] RBP: 00007fe0c8032c99 R08: 0000000000000000 R09: 0000000000000000 [ 579.498345][T11248] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 579.498354][T11248] R13: 00007fe0c8216128 R14: 00007fe0c8216090 R15: 00007ffd6d198858 [ 579.498374][T11248] [ 581.910491][T11264] FAULT_INJECTION: forcing a failure. [ 581.910491][T11264] name failslab, interval 1, probability 0, space 0, times 0 [ 582.075082][T11264] CPU: 0 UID: 0 PID: 11264 Comm: syz.2.1409 Not tainted syzkaller #0 PREEMPT(full) [ 582.075105][T11264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 582.075114][T11264] Call Trace: [ 582.075120][T11264] [ 582.075126][T11264] dump_stack_lvl+0x100/0x190 [ 582.075154][T11264] should_fail_ex.cold+0x5/0xa [ 582.075173][T11264] should_failslab+0xc2/0x120 [ 582.075190][T11264] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 582.075213][T11264] ? inet_twsk_alloc+0x124/0xa20 [ 582.075348][T11264] ? find_held_lock+0x2b/0x80 [ 582.075368][T11264] inet_twsk_alloc+0x124/0xa20 [ 582.075390][T11264] tcp_time_wait+0x5d/0xec0 [ 582.075434][T11264] tcp_rcv_state_process+0x24cf/0x6f70 [ 582.075475][T11264] ? sk_reset_timer+0x35/0xd0 [ 582.075499][T11264] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 582.075517][T11264] ? tcp_write_xmit+0x1cee/0x8980 [ 582.075547][T11264] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 582.075564][T11264] ? tcp_v4_do_rcv+0x68d/0x10d0 [ 582.075580][T11264] tcp_v4_do_rcv+0x68d/0x10d0 [ 582.075597][T11264] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 582.075613][T11264] __release_sock+0x35a/0x440 [ 582.075639][T11264] __tcp_close+0x5a0/0x1110 [ 582.075658][T11264] ? __local_bh_enable_ip+0x9e/0x120 [ 582.075677][T11264] tcp_close+0x28/0x110 [ 582.075694][T11264] inet_release+0xed/0x200 [ 582.075735][T11264] __sock_release+0xb3/0x260 [ 582.075786][T11264] ? __pfx_sock_close+0x10/0x10 [ 582.075808][T11264] sock_close+0x1c/0x30 [ 582.075836][T11264] __fput+0x3ff/0xb40 [ 582.075856][T11264] ? _raw_spin_unlock_irq+0x23/0x50 [ 582.075878][T11264] task_work_run+0x150/0x240 [ 582.075900][T11264] ? __pfx_task_work_run+0x10/0x10 [ 582.075927][T11264] exit_to_user_mode_loop+0x100/0x4a0 [ 582.075950][T11264] do_syscall_64+0x668/0xf80 [ 582.075971][T11264] ? clear_bhb_loop+0x40/0x90 [ 582.075989][T11264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.076004][T11264] RIP: 0033:0x7fe0c7f9c799 [ 582.076018][T11264] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 582.076031][T11264] RSP: 002b:00007fe0c8e5e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 582.076046][T11264] RAX: 0000000000000000 RBX: 00007fe0c8216090 RCX: 00007fe0c7f9c799 [ 582.076055][T11264] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 582.076063][T11264] RBP: 00007fe0c8032c99 R08: 0000000000000000 R09: 0000000000000000 [ 582.076072][T11264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 582.076081][T11264] R13: 00007fe0c8216128 R14: 00007fe0c8216090 R15: 00007ffd6d198858 [ 582.076101][T11264] [ 590.114627][T11327] can0: slcan on pty238. [ 590.631486][T11324] can0 (unregistered): slcan off pty238. [ 591.012563][ T29] audit: type=1800 audit(4294967357.994:4): pid=11342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1429" name="dummy_udc" dev="gadgetfs" ino=6461 res=0 errno=0 [ 591.188750][T11342] XFS: Clearing xfsstats [ 591.659364][T11349] FAULT_INJECTION: forcing a failure. [ 591.659364][T11349] name failslab, interval 1, probability 0, space 0, times 0 [ 591.809345][T11349] CPU: 0 UID: 0 PID: 11349 Comm: syz.1.1431 Not tainted syzkaller #0 PREEMPT(full) [ 591.809368][T11349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 591.809376][T11349] Call Trace: [ 591.809382][T11349] [ 591.809389][T11349] dump_stack_lvl+0x100/0x190 [ 591.809418][T11349] should_fail_ex.cold+0x5/0xa [ 591.809437][T11349] should_failslab+0xc2/0x120 [ 591.809454][T11349] __kmalloc_cache_noprof+0x7a/0x6f0 [ 591.809474][T11349] ? trace_pid_list_alloc+0x232/0x480 [ 591.809496][T11349] ? lockdep_init_map_type+0x5c/0x250 [ 591.809519][T11349] trace_pid_list_alloc+0x232/0x480 [ 591.809552][T11349] trace_pid_write+0x110/0x460 [ 591.809576][T11349] ? __pfx_trace_pid_write+0x10/0x10 [ 591.809611][T11349] event_pid_write.isra.0+0x1e4/0x800 [ 591.809629][T11349] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 591.809651][T11349] vfs_write+0x2aa/0x1070 [ 591.809666][T11349] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 591.809683][T11349] ? __pfx_vfs_write+0x10/0x10 [ 591.809697][T11349] ? __fget_files+0x215/0x3d0 [ 591.809715][T11349] ? __fget_files+0x21f/0x3d0 [ 591.809735][T11349] ksys_write+0x12a/0x250 [ 591.809749][T11349] ? __pfx_ksys_write+0x10/0x10 [ 591.809769][T11349] do_syscall_64+0x106/0xf80 [ 591.809790][T11349] ? clear_bhb_loop+0x40/0x90 [ 591.809808][T11349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.809823][T11349] RIP: 0033:0x7f949559c799 [ 591.809836][T11349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 591.809850][T11349] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 591.809864][T11349] RAX: ffffffffffffffda RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 591.809873][T11349] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 591.809882][T11349] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 591.809890][T11349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 591.809898][T11349] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 591.809918][T11349] [ 593.961223][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807bf7e400: rx timeout, send abort [ 593.981957][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807bf7e400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 595.262095][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805bcdc400: rx timeout, send abort [ 595.270411][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807a92a400: rx timeout, send abort [ 595.278801][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805bcdc400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 595.293140][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807a92a400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 600.877928][T11425] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78400 [ 600.933409][T11425] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 601.016334][T11425] memcg:ffff888078407741 [ 601.020613][T11425] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 601.143722][T11425] page_type: f5(slab) [ 601.147733][T11425] raw: 00fff00000000040 ffff8881446c9b40 dead000000000100 dead000000000122 [ 601.266793][T11425] raw: 0000000000000000 0000000800090009 00000000f5000000 ffff888078407741 [ 601.375750][T11425] head: 00fff00000000040 ffff8881446c9b40 dead000000000100 dead000000000122 [ 601.471600][T11425] head: 0000000000000000 0000000800090009 00000000f5000000 ffff888078407741 [ 601.528553][T11425] head: 00fff00000000003 ffffea0001e10001 00000000ffffffff 00000000ffffffff [ 601.608984][T11425] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 601.674397][T11425] page dumped because: unmovable page [ 601.755742][T11425] page_owner tracks the page as allocated [ 601.761702][T11425] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 156, tgid 156 (kworker/u8:6), ts 90007541873, free_ts 89986898893 [ 602.015707][T11425] post_alloc_hook+0x153/0x170 [ 602.049804][T11425] get_page_from_freelist+0x111d/0x3140 [ 602.103968][T11425] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 602.163984][T11425] new_slab+0xa6/0x6b0 [ 602.195810][T11425] refill_objects+0x26b/0x400 [ 602.200541][T11425] __pcs_replace_empty_main+0x1ab/0x660 [ 602.325389][T11425] kmem_cache_alloc_noprof+0x480/0x6e0 [ 602.330947][T11425] sk_prot_alloc+0x60/0x2a0 [ 602.401467][T11425] sk_clone+0x7d/0x1670 [ 602.439633][T11425] inet_csk_clone_lock+0x2f/0x760 [ 602.466660][T11425] tcp_create_openreq_child+0x34/0x2820 [ 602.537479][T11425] tcp_v4_syn_recv_sock+0x122/0x12c0 [ 602.604206][T11425] tcp_v6_syn_recv_sock+0x17e5/0x1f40 [ 602.663017][T11425] tcp_check_req+0xab6/0x2be0 [ 602.708013][T11425] tcp_v4_rcv+0x1337/0x4680 [ 602.750782][T11425] ip_protocol_deliver_rcu+0xba/0x4d0 [ 602.818422][T11425] page last free pid 13 tgid 13 stack trace: [ 602.874935][T11447] input: f as /devices/virtual/input/input7 [ 602.884379][T11425] __free_frozen_pages+0x7e1/0x10d0 [ 602.926763][T11425] qlist_free_all+0x47/0xe0 [ 602.966097][T11425] kasan_quarantine_reduce+0x1a0/0x1f0 [ 602.973211][T11447] FAULT_INJECTION: forcing a failure. [ 602.973211][T11447] name failslab, interval 1, probability 0, space 0, times 0 [ 603.034530][T11425] __kasan_slab_alloc+0x69/0x90 [ 603.084858][T11425] __kmalloc_cache_noprof+0x243/0x6f0 [ 603.144772][T11425] ref_tracker_alloc+0x190/0x590 [ 603.186263][T11425] sk_net_refcnt_upgrade+0x1b4/0x360 [ 603.220138][T11425] rds_tcp_tune+0x2a0/0x920 [ 603.259556][T11425] rds_tcp_accept_one+0x4be/0xe70 [ 603.324637][T11425] rds_tcp_accept_worker+0x41/0x60 [ 603.374571][T11425] process_one_work+0xa23/0x19a0 [ 603.408759][T11425] worker_thread+0x5ef/0xe50 [ 603.454747][T11447] CPU: 0 UID: 0 PID: 11447 Comm: syz.1.1447 Not tainted syzkaller #0 PREEMPT(full) [ 603.454770][T11447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 603.454780][T11447] Call Trace: [ 603.454786][T11447] [ 603.454792][T11447] dump_stack_lvl+0x100/0x190 [ 603.454830][T11447] should_fail_ex.cold+0x5/0xa [ 603.454850][T11447] should_failslab+0xc2/0x120 [ 603.454868][T11447] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 603.454890][T11447] ? __kernfs_new_node+0xd2/0x960 [ 603.454915][T11447] __kernfs_new_node+0xd2/0x960 [ 603.454938][T11447] ? __pfx___kernfs_new_node+0x10/0x10 [ 603.454963][T11447] ? find_held_lock+0x2b/0x80 [ 603.454978][T11447] ? kernfs_root+0xee/0x2a0 [ 603.454996][T11447] ? kernfs_root+0xee/0x2a0 [ 603.455020][T11447] kernfs_new_node+0x11b/0x1a0 [ 603.455038][T11447] __kernfs_create_file+0x53/0x350 [ 603.455057][T11447] sysfs_add_file_mode_ns+0x207/0x3c0 [ 603.455082][T11447] sysfs_merge_group+0x194/0x340 [ 603.455104][T11447] ? __pfx_sysfs_merge_group+0x10/0x10 [ 603.455124][T11447] ? bus_add_device+0x368/0x6b0 [ 603.455149][T11447] ? __pfx_bus_add_device+0x10/0x10 [ 603.455169][T11447] ? __pfx_dev_add_physical_location+0x10/0x10 [ 603.455263][T11447] dpm_sysfs_add+0x237/0x280 [ 603.455323][T11447] device_add+0x9ef/0x1950 [ 603.455344][T11447] ? __pfx_device_add+0x10/0x10 [ 603.455366][T11447] ? kobject_get+0xbb/0x150 [ 603.455384][T11447] cdev_device_add+0x12b/0x270 [ 603.455401][T11447] evdev_connect+0x3a8/0x4b0 [ 603.455458][T11447] input_attach_handler.isra.0+0x177/0x1e0 [ 603.455525][T11447] input_register_device.cold+0x139/0x375 [ 603.455560][T11447] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 603.455637][T11447] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 603.455662][T11447] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 603.455686][T11447] ? find_held_lock+0x2b/0x80 [ 603.455700][T11447] ? __fget_files+0x215/0x3d0 [ 603.455724][T11447] ? __pfx_uinput_ioctl+0x10/0x10 [ 603.455743][T11447] __x64_sys_ioctl+0x18e/0x210 [ 603.455765][T11447] do_syscall_64+0x106/0xf80 [ 603.455786][T11447] ? clear_bhb_loop+0x40/0x90 [ 603.455804][T11447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.455819][T11447] RIP: 0033:0x7f949559c799 [ 603.455843][T11447] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 603.455857][T11447] RSP: 002b:00007f94963af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 603.455873][T11447] RAX: ffffffffffffffda RBX: 00007f9495816180 RCX: 00007f949559c799 [ 603.455883][T11447] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000006 [ 603.455891][T11447] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 603.455900][T11447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.455909][T11447] R13: 00007f9495816218 R14: 00007f9495816180 R15: 00007fff17efaf48 [ 603.455929][T11447] [ 604.057304][T11425] kthread+0x370/0x450 [ 604.090986][T11425] ret_from_fork+0x754/0xd80 [ 604.105139][T11425] ret_from_fork_asm+0x1a/0x30 [ 604.625284][T11447] input: failed to attach handler evdev to device input7, error: -12 [ 605.810984][T11459] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 611.604574][T11504] FAULT_INJECTION: forcing a failure. [ 611.604574][T11504] name failslab, interval 1, probability 0, space 0, times 0 [ 611.758017][T11504] CPU: 0 UID: 0 PID: 11504 Comm: syz.2.1462 Not tainted syzkaller #0 PREEMPT(full) [ 611.758041][T11504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 611.758050][T11504] Call Trace: [ 611.758056][T11504] [ 611.758063][T11504] dump_stack_lvl+0x100/0x190 [ 611.758092][T11504] should_fail_ex.cold+0x5/0xa [ 611.758111][T11504] should_failslab+0xc2/0x120 [ 611.758128][T11504] __kmalloc_cache_noprof+0x7a/0x6f0 [ 611.758147][T11504] ? mqueue_init_fs_context+0x4b/0x690 [ 611.758266][T11504] mqueue_init_fs_context+0x4b/0x690 [ 611.758283][T11504] alloc_fs_context+0x60c/0xf40 [ 611.758313][T11504] mq_init_ns+0x16e/0x820 [ 611.758331][T11504] copy_ipcs+0x3dd/0x7e0 [ 611.758348][T11504] create_new_namespaces+0x20a/0xac0 [ 611.758365][T11504] ? security_capable+0x80/0x260 [ 611.758415][T11504] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 611.758434][T11504] ksys_unshare+0x473/0xad0 [ 611.758455][T11504] ? __pfx_ksys_unshare+0x10/0x10 [ 611.758481][T11504] __x64_sys_unshare+0x31/0x40 [ 611.758498][T11504] do_syscall_64+0x106/0xf80 [ 611.758520][T11504] ? clear_bhb_loop+0x40/0x90 [ 611.758538][T11504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.758554][T11504] RIP: 0033:0x7fe0c7f9c799 [ 611.758569][T11504] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 611.758582][T11504] RSP: 002b:00007fe0c8e7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 611.758597][T11504] RAX: ffffffffffffffda RBX: 00007fe0c8215fa0 RCX: 00007fe0c7f9c799 [ 611.758606][T11504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 611.758615][T11504] RBP: 00007fe0c8032c99 R08: 0000000000000000 R09: 0000000000000000 [ 611.758623][T11504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 611.758631][T11504] R13: 00007fe0c8216038 R14: 00007fe0c8215fa0 R15: 00007ffd6d198858 [ 611.758651][T11504] [ 612.829927][T11513] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1463'. [ 614.551005][ T29] audit: type=1804 audit(4294967311.992:5): pid=11516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1465" name="file0" dev="tmpfs" ino=2017 res=1 errno=0 [ 614.800527][ T29] audit: type=1804 audit(4294967312.212:6): pid=11517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1465" name="file0" dev="tmpfs" ino=2017 res=1 errno=0 [ 624.186641][ T29] audit: type=1804 audit(4294967321.627:7): pid=11601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1480" name="/newroot/354/file0" dev="tmpfs" ino=1853 res=1 errno=0 [ 624.455716][ T29] audit: type=1804 audit(4294967321.757:8): pid=11603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1480" name="/newroot/354/file0" dev="tmpfs" ino=1853 res=1 errno=0 [ 633.027810][T11670] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1499'. [ 633.149755][T11670] mac80211_hwsim hwsim7 : renamed from wlan0 (while UP) [ 641.319405][T11747] netlink: 'syz.2.1516': attribute type 1 has an invalid length. [ 641.424511][T11747] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1516'. [ 641.788970][T11750] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[11750] [ 643.524892][T11743] random: crng reseeded on system resumption [ 651.013815][T11854] futex_wake_op: syz.2.1541 tries to shift op by -2048; fix this program [ 651.131272][T11854] futex_wake_op: syz.2.1541 tries to shift op by -2048; fix this program [ 651.225805][T11858] 0x000000000001-0x000000020000 : "" [ 651.525271][T11858] ftl_cs: FTL header corrupt! [ 654.149408][T11894] vivid-007: ================= START STATUS ================= [ 654.246624][T11894] vivid-007: Generate PTS: true [ 654.318816][T11894] vivid-007: Generate SCR: true [ 654.469212][T11894] tpg source WxH: 320x240 (Y'CbCr) [ 654.578743][T11894] tpg field: 1 [ 654.699652][T11894] tpg crop: (0,0)/320x240 [ 654.816161][T11894] tpg compose: (0,0)/320x240 [ 654.870404][T11894] tpg colorspace: 8 [ 654.999919][T11894] tpg transfer function: 0/0 [ 655.191151][T11894] tpg Y'CbCr encoding: 0/0 [ 655.195605][T11894] tpg quantization: 0/0 [ 655.199741][T11894] tpg RGB range: 0/2 [ 655.580788][T11894] vivid-007: ================== END STATUS ================== [ 661.053724][T11938] program syz.2.1554 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 665.276512][T11991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1567'. [ 665.379132][T11991] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1567'. [ 666.234342][ T5833] block nbd0: Receive control failed (result -32) [ 671.179058][T12055] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1580'. [ 679.693728][T12144] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1597'. [ 679.893889][T12147] netlink: 'syz.1.1597': attribute type 1 has an invalid length. [ 680.087640][T12147] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1597'. [ 681.471779][T12153] FAULT_INJECTION: forcing a failure. [ 681.471779][T12153] name failslab, interval 1, probability 0, space 0, times 0 [ 682.030757][T12153] CPU: 0 UID: 0 PID: 12153 Comm: syz.1.1598 Not tainted syzkaller #0 PREEMPT(full) [ 682.030782][T12153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 682.030791][T12153] Call Trace: [ 682.030797][T12153] [ 682.030803][T12153] dump_stack_lvl+0x100/0x190 [ 682.030835][T12153] should_fail_ex.cold+0x5/0xa [ 682.030855][T12153] should_failslab+0xc2/0x120 [ 682.030873][T12153] __kmalloc_cache_noprof+0x7a/0x6f0 [ 682.030894][T12153] ? snd_card_file_add+0x52/0x340 [ 682.030990][T12153] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 682.031012][T12153] snd_card_file_add+0x52/0x340 [ 682.031032][T12153] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 682.031061][T12153] snd_pcm_open+0xf1/0x710 [ 682.031081][T12153] ? __mutex_unlock_slowpath+0x15c/0x790 [ 682.031110][T12153] ? __pfx_snd_pcm_open+0x10/0x10 [ 682.031139][T12153] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 682.031159][T12153] snd_pcm_capture_open+0x89/0xe0 [ 682.031181][T12153] snd_open+0x22d/0x4c0 [ 682.031197][T12153] ? __pfx_snd_open+0x10/0x10 [ 682.031212][T12153] chrdev_open+0x234/0x6a0 [ 682.031228][T12153] ? __pfx_apparmor_file_open+0x10/0x10 [ 682.031247][T12153] ? __pfx_chrdev_open+0x10/0x10 [ 682.031264][T12153] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 682.031284][T12153] do_dentry_open+0x6d8/0x1660 [ 682.031300][T12153] ? __pfx_chrdev_open+0x10/0x10 [ 682.031321][T12153] vfs_open+0x82/0x3f0 [ 682.031341][T12153] path_openat+0x208c/0x31a0 [ 682.031363][T12153] ? __pfx_path_openat+0x10/0x10 [ 682.031385][T12153] do_file_open+0x20e/0x430 [ 682.031403][T12153] ? __pfx_do_file_open+0x10/0x10 [ 682.031432][T12153] ? alloc_fd+0x476/0x790 [ 682.031448][T12153] ? do_getname+0x191/0x390 [ 682.031468][T12153] do_sys_openat2+0x10d/0x1e0 [ 682.031487][T12153] ? __pfx_do_sys_openat2+0x10/0x10 [ 682.031508][T12153] ? __fget_files+0x21f/0x3d0 [ 682.031526][T12153] __x64_sys_openat+0x12d/0x210 [ 682.031546][T12153] ? __pfx___x64_sys_openat+0x10/0x10 [ 682.031572][T12153] do_syscall_64+0x106/0xf80 [ 682.031593][T12153] ? clear_bhb_loop+0x40/0x90 [ 682.031611][T12153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.031626][T12153] RIP: 0033:0x7f949559c799 [ 682.031641][T12153] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 682.031656][T12153] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 682.031672][T12153] RAX: ffffffffffffffda RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 682.031682][T12153] RDX: 0000000000080042 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 682.031693][T12153] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 682.031702][T12153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 682.031711][T12153] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 682.031732][T12153] [ 683.512803][T12176] futex_wake_op: syz.0.1602 tries to shift op by -2048; fix this program [ 683.595255][T12176] futex_wake_op: syz.0.1602 tries to shift op by -2048; fix this program [ 686.511461][ T5833] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 686.519351][ T5833] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 686.529131][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(full) [ 686.529153][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 686.529164][ T5833] Workqueue: hci1 hci_rx_work [ 686.529189][ T5833] Call Trace: [ 686.529195][ T5833] [ 686.529201][ T5833] dump_stack_lvl+0x100/0x190 [ 686.529227][ T5833] sysfs_warn_dup.cold+0x1c/0x28 [ 686.529248][ T5833] sysfs_create_dir_ns+0x24b/0x2b0 [ 686.529271][ T5833] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 686.529290][ T5833] ? find_held_lock+0x2b/0x80 [ 686.529306][ T5833] ? kobject_add_internal+0x25f/0x930 [ 686.529324][ T5833] ? kobject_add_internal+0x25f/0x930 [ 686.529341][ T5833] ? do_raw_spin_unlock+0x145/0x1e0 [ 686.529365][ T5833] kobject_add_internal+0x2c8/0x930 [ 686.529385][ T5833] kobject_add+0x16a/0x1e0 [ 686.529400][ T5833] ? __pfx_kobject_add+0x10/0x10 [ 686.529414][ T5833] ? class_to_subsys+0x10f/0x150 [ 686.529438][ T5833] ? kobject_put+0xb9/0x640 [ 686.529451][ T5833] ? _raw_spin_unlock+0x28/0x50 [ 686.529486][ T5833] device_add+0x294/0x1950 [ 686.529505][ T5833] ? __pfx_dev_set_name+0x10/0x10 [ 686.529525][ T5833] ? __pfx_device_add+0x10/0x10 [ 686.529543][ T5833] ? mgmt_send_event_skb+0x2fb/0x460 [ 686.529568][ T5833] hci_conn_add_sysfs+0x1a3/0x260 [ 686.529591][ T5833] le_conn_complete_evt+0x11cb/0x1f40 [ 686.529615][ T5833] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 686.529633][ T5833] ? __pfx_bt_warn+0x10/0x10 [ 686.529655][ T5833] hci_le_conn_complete_evt+0x23c/0x3a0 [ 686.529684][ T5833] ? skb_pull_data+0x15f/0x1e0 [ 686.529706][ T5833] hci_le_meta_evt+0x34a/0x5f0 [ 686.529726][ T5833] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 686.529748][ T5833] hci_event_packet+0x682/0x11c0 [ 686.529767][ T5833] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 686.529787][ T5833] ? __pfx_hci_event_packet+0x10/0x10 [ 686.529808][ T5833] ? kcov_remote_start+0x374/0x660 [ 686.529823][ T5833] ? lockdep_hardirqs_on+0x78/0x100 [ 686.529849][ T5833] hci_rx_work+0x451/0xfc0 [ 686.529877][ T5833] process_one_work+0xa23/0x19a0 [ 686.529916][ T5833] ? __pfx_process_one_work+0x10/0x10 [ 686.529943][ T5833] ? __pfx_hci_rx_work+0x10/0x10 [ 686.529963][ T5833] worker_thread+0x5ef/0xe50 [ 686.529991][ T5833] ? kthread+0x13a/0x450 [ 686.530008][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 686.530027][ T5833] kthread+0x370/0x450 [ 686.530045][ T5833] ? __pfx_kthread+0x10/0x10 [ 686.530065][ T5833] ret_from_fork+0x754/0xd80 [ 686.530088][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 686.530110][ T5833] ? __switch_to+0x7b4/0x1120 [ 686.530126][ T5833] ? __pfx_kthread+0x10/0x10 [ 686.530146][ T5833] ret_from_fork_asm+0x1a/0x30 [ 686.530173][ T5833] [ 686.530194][ T5833] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 686.841519][ T5833] Bluetooth: hci1: failed to register connection device [ 691.500848][ T29] audit: type=1800 audit(4294967388.904:9): pid=12252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1615" name="dbroot" dev="configfs" ino=614865 res=0 errno=0 [ 702.278298][T12316] FAULT_INJECTION: forcing a failure. [ 702.278298][T12316] name failslab, interval 1, probability 0, space 0, times 0 [ 702.429403][T12316] CPU: 0 UID: 0 PID: 12316 Comm: syz.1.1629 Not tainted syzkaller #0 PREEMPT(full) [ 702.429427][T12316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 702.429436][T12316] Call Trace: [ 702.429442][T12316] [ 702.429449][T12316] dump_stack_lvl+0x100/0x190 [ 702.429479][T12316] should_fail_ex.cold+0x5/0xa [ 702.429498][T12316] should_failslab+0xc2/0x120 [ 702.429516][T12316] __kmalloc_cache_node_noprof+0x7d/0x770 [ 702.429541][T12316] ? blk_mq_init_tags+0x8c/0x300 [ 702.429636][T12316] blk_mq_init_tags+0x8c/0x300 [ 702.429654][T12316] blk_mq_alloc_map_and_rqs+0x218/0xeb0 [ 702.429714][T12316] ? blk_mq_update_queue_map+0x227/0x3a0 [ 702.429733][T12316] blk_mq_alloc_tag_set+0x848/0x1330 [ 702.429764][T12316] loop_add+0x3b7/0xb60 [ 702.429786][T12316] ? __pfx_loop_add+0x10/0x10 [ 702.429819][T12316] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 702.429838][T12316] loop_control_ioctl+0xae/0x620 [ 702.429859][T12316] ? __pfx_loop_control_ioctl+0x10/0x10 [ 702.429880][T12316] ? xfd_validate_state+0x129/0x190 [ 702.429903][T12316] ? __pfx_loop_control_ioctl+0x10/0x10 [ 702.429926][T12316] __x64_sys_ioctl+0x18e/0x210 [ 702.429949][T12316] do_syscall_64+0x106/0xf80 [ 702.429970][T12316] ? clear_bhb_loop+0x40/0x90 [ 702.429989][T12316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.430006][T12316] RIP: 0033:0x7f949559c799 [ 702.430019][T12316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 702.430034][T12316] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 702.430048][T12316] RAX: ffffffffffffffda RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 702.430058][T12316] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 702.430068][T12316] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 702.430078][T12316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 702.430087][T12316] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 702.430108][T12316] [ 702.430215][T12316] blk-mq: reduced tag depth (128 -> 64) [ 702.981977][T12321] futex_wake_op: syz.2.1630 tries to shift op by -2048; fix this program [ 703.014623][T12321] futex_wake_op: syz.2.1630 tries to shift op by -2048; fix this program [ 703.079474][T12322] 0x000000000001-0x000000020000 : "" [ 703.283097][T12322] ftl_cs: FTL header corrupt! [ 707.753022][T12362] NFSD: Failed to start, no listeners configured. [ 713.090816][T12410] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1647'. [ 714.422043][T12428] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 714.719510][T12428] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 714.941651][T12204] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 715.042837][T12428] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 715.744389][T12428] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 715.855116][T12428] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 715.973132][T12428] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 716.151489][T12428] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 716.421470][T12428] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 716.442415][T12204] Bluetooth: hci0: command 0x0406 tx timeout [ 717.103785][T12428] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 717.201584][T12428] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 717.522479][T12428] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 717.528447][T12428] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 717.793252][T12428] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 717.882742][T12204] Bluetooth: hci1: command 0x0406 tx timeout [ 718.522572][T12204] Bluetooth: hci0: command 0x0406 tx timeout [ 719.163965][T12204] Bluetooth: hci2: command 0x0406 tx timeout [ 719.261752][T12454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1657'. [ 719.382741][T12457] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1657'. [ 719.562768][T12204] Bluetooth: hci3: command 0x0406 tx timeout [ 719.963739][T12204] Bluetooth: hci1: command 0x0406 tx timeout [ 720.604242][T12204] Bluetooth: hci0: command 0x0406 tx timeout [ 721.248306][T12204] Bluetooth: hci2: command 0x0406 tx timeout [ 721.644318][T12204] Bluetooth: hci3: command 0x0406 tx timeout [ 722.054051][T12204] Bluetooth: hci1: command 0x0406 tx timeout [ 722.696835][T12204] Bluetooth: hci0: command 0x0406 tx timeout [ 723.743729][T12204] Bluetooth: hci3: command 0x0406 tx timeout [ 724.126778][T12204] Bluetooth: hci1: command 0x0406 tx timeout [ 725.146345][T12486] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1662'. [ 725.213797][T12492] FAULT_INJECTION: forcing a failure. [ 725.213797][T12492] name failslab, interval 1, probability 0, space 0, times 0 [ 725.335373][T12492] CPU: 0 UID: 0 PID: 12492 Comm: syz.1.1665 Not tainted syzkaller #0 PREEMPT(full) [ 725.335396][T12492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 725.335406][T12492] Call Trace: [ 725.335412][T12492] [ 725.335418][T12492] dump_stack_lvl+0x100/0x190 [ 725.335450][T12492] should_fail_ex.cold+0x5/0xa [ 725.335468][T12492] should_failslab+0xc2/0x120 [ 725.335486][T12492] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 725.335509][T12492] ? security_inode_alloc+0x3b/0x2c0 [ 725.335525][T12492] ? lockdep_init_map_type+0x5c/0x250 [ 725.335549][T12492] security_inode_alloc+0x3b/0x2c0 [ 725.335565][T12492] inode_init_always_gfp+0xced/0x1040 [ 725.335584][T12492] alloc_inode+0x8e/0x250 [ 725.335604][T12492] new_inode+0x22/0x1c0 [ 725.335625][T12492] shmem_get_inode+0x212/0x1040 [ 725.335648][T12492] ? __pfx_shmem_get_inode+0x10/0x10 [ 725.335666][T12492] ? rcu_is_watching+0x12/0xc0 [ 725.335688][T12492] ? percpu_counter_add_batch+0xb9/0x230 [ 725.335713][T12492] __shmem_file_setup+0x3ac/0x490 [ 725.335734][T12492] ? __pfx___shmem_file_setup+0x10/0x10 [ 725.335756][T12492] ? vm_area_alloc+0x1f/0x160 [ 725.335779][T12492] shmem_zero_setup+0x96/0x1b0 [ 725.335794][T12492] __mmap_region+0x2198/0x29e0 [ 725.335819][T12492] ? __pfx___mmap_region+0x10/0x10 [ 725.335844][T12492] ? set_next_entity+0x11e/0x9c0 [ 725.335869][T12492] ? __lock_acquire+0x4a5/0x2630 [ 725.335897][T12492] ? find_held_lock+0x2b/0x80 [ 725.335911][T12492] ? finish_task_switch.isra.0+0x200/0xb80 [ 725.335927][T12492] ? finish_task_switch.isra.0+0x200/0xb80 [ 725.335950][T12492] ? trace_sched_exit_tp+0x13a/0x180 [ 725.335968][T12492] ? __schedule+0x1000/0x6120 [ 725.336013][T12492] ? rcu_is_watching+0x12/0xc0 [ 725.336035][T12492] ? cap_capable+0x107/0x460 [ 725.336062][T12492] mmap_region+0x180/0x3e0 [ 725.336088][T12492] do_mmap+0xc63/0x12f0 [ 725.336109][T12492] ? __pfx_do_mmap+0x10/0x10 [ 725.336125][T12492] ? __pfx_down_write_killable+0x10/0x10 [ 725.336144][T12492] vm_mmap_pgoff+0x29e/0x470 [ 725.336173][T12492] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 725.336193][T12492] ? do_futex+0x192/0x350 [ 725.336213][T12492] ? __pfx_do_futex+0x10/0x10 [ 725.336230][T12492] ? __pfx_do_sys_openat2+0x10/0x10 [ 725.336255][T12492] ksys_mmap_pgoff+0xe1/0x650 [ 725.336271][T12492] ? __x64_sys_futex+0x34f/0x4d0 [ 725.336289][T12492] ? __x64_sys_futex+0x358/0x4d0 [ 725.336308][T12492] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 725.336324][T12492] ? xfd_validate_state+0x129/0x190 [ 725.336349][T12492] __x64_sys_mmap+0x125/0x190 [ 725.336373][T12492] do_syscall_64+0x106/0xf80 [ 725.336394][T12492] ? clear_bhb_loop+0x40/0x90 [ 725.336412][T12492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.336428][T12492] RIP: 0033:0x7f949559c799 [ 725.336441][T12492] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 725.336456][T12492] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 725.336470][T12492] RAX: ffffffffffffffda RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 725.336480][T12492] RDX: 000000000000000a RSI: 0000000002020409 RDI: 0000000000000000 [ 725.336488][T12492] RBP: 00007f9495632c99 R08: ffffffffffffffff R09: 0000000000008000 [ 725.336498][T12492] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 725.336508][T12492] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 725.336528][T12492] [ 730.934408][T12528] could not allocate digest TFM handle [ 733.790292][T12560] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1676'. [ 733.977429][T12545] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 734.675971][T12578] input: jJǸ-9%vJ86 as /devices/virtual/input/input10 [ 734.997592][T12581] ======================================================= [ 734.997592][T12581] WARNING: The mand mount option has been deprecated and [ 734.997592][T12581] and is ignored by this kernel. Remove the mand [ 734.997592][T12581] option from the mount to silence this warning. [ 734.997592][T12581] ======================================================= [ 736.859614][T12606] Invalid ELF header magic: != ELF [ 737.427075][T12616] futex_wake_op: syz.1.1686 tries to shift op by -2048; fix this program [ 737.475870][T12616] futex_wake_op: syz.1.1686 tries to shift op by -2048; fix this program [ 737.516229][T12616] 0x000000000001-0x000000020000 : "" [ 737.556717][T12616] ftl_cs: FTL header corrupt! [ 740.885732][T12673] Invalid ELF header magic: != ELF [ 743.662893][T12711] capability: warning: `syz.2.1707' uses 32-bit capabilities (legacy support in use) [ 745.197963][ T5907] Process accounting resumed [ 747.226472][T12771] vhci_hcd vhci_hcd.2: invalid port number 16 [ 747.235641][T12771] vhci_hcd vhci_hcd.2: invalid port number 16 [ 747.399116][T12772] vhci_hcd: not connected 4 [ 748.015717][T12799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1727'. [ 748.046758][T12799] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1727'. [ 748.535822][T12802] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1728'. [ 748.762157][T12804] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1729'. [ 751.835726][T12858] syz.0.1741 (12858) used greatest stack depth: 19672 bytes left [ 752.009582][T12882] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 752.030365][T12865] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 752.050623][T12865] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 752.078977][T12865] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 752.096811][T12865] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 753.179737][T12553] Bluetooth: hci0: command 0x0406 tx timeout [ 754.060044][T12553] Bluetooth: hci2: command 0x0406 tx timeout [ 754.066174][T12553] Bluetooth: hci1: command 0x0406 tx timeout [ 754.140002][T12925] Bluetooth: hci3: command 0x0406 tx timeout [ 754.235899][T12929] ptp ptp0: new virtual clock ptp1 [ 754.282042][T12929] ptp ptp0: guarantee physical clock free running [ 755.016194][T12945] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1759'. [ 756.186118][T12974] FAULT_INJECTION: forcing a failure. [ 756.186118][T12974] name failslab, interval 1, probability 0, space 0, times 0 [ 756.260473][T12974] CPU: 0 UID: 0 PID: 12974 Comm: syz.2.1766 Tainted: G L syzkaller #0 PREEMPT(full) [ 756.260501][T12974] Tainted: [L]=SOFTLOCKUP [ 756.260507][T12974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 756.260516][T12974] Call Trace: [ 756.260523][T12974] [ 756.260529][T12974] dump_stack_lvl+0x100/0x190 [ 756.260558][T12974] should_fail_ex.cold+0x5/0xa [ 756.260577][T12974] should_failslab+0xc2/0x120 [ 756.260593][T12974] __kmalloc_cache_noprof+0x7a/0x6f0 [ 756.260614][T12974] ? wakeup_source_device_create+0x46/0x2e0 [ 756.260716][T12974] wakeup_source_device_create+0x46/0x2e0 [ 756.260736][T12974] wakeup_source_sysfs_add+0x1c/0x90 [ 756.260755][T12974] wakeup_source_register+0x154/0x3e0 [ 756.260771][T12974] ep_create_wakeup_source+0x1df/0x2e0 [ 756.260787][T12974] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 756.260806][T12974] ? do_epoll_ctl+0x1012/0x36a0 [ 756.260821][T12974] ? do_epoll_ctl+0x1012/0x36a0 [ 756.260842][T12974] do_epoll_ctl+0x1eee/0x36a0 [ 756.260866][T12974] ? __pfx_do_epoll_ctl+0x10/0x10 [ 756.260880][T12974] ? find_held_lock+0x2b/0x80 [ 756.260894][T12974] ? __might_fault+0xc5/0x140 [ 756.260917][T12974] ? __might_fault+0xc5/0x140 [ 756.260944][T12974] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 756.260959][T12974] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 756.260975][T12974] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 756.260998][T12974] do_syscall_64+0x106/0xf80 [ 756.261019][T12974] ? clear_bhb_loop+0x40/0x90 [ 756.261038][T12974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.261053][T12974] RIP: 0033:0x7fe0c7f9c799 [ 756.261066][T12974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.261082][T12974] RSP: 002b:00007fe0c8e7f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 756.261096][T12974] RAX: ffffffffffffffda RBX: 00007fe0c8215fa0 RCX: 00007fe0c7f9c799 [ 756.261106][T12974] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 756.261114][T12974] RBP: 00007fe0c8032c99 R08: 0000000000000000 R09: 0000000000000000 [ 756.261123][T12974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.261132][T12974] R13: 00007fe0c8216038 R14: 00007fe0c8215fa0 R15: 00007ffd6d198858 [ 756.261152][T12974] [ 757.463230][ T29] audit: type=1800 audit(4294967461.882:10): pid=12986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1767" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 757.651090][T12974] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1766'. [ 758.163964][T12999] random: crng reseeded on system resumption [ 758.912654][T13009] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 759.287145][T13012] tipc: Started in network mode [ 759.292074][T13012] tipc: Node identity ffffffff, cluster identity 4711 [ 759.353203][T13012] tipc: Node number set to 4294967295 [ 763.169216][T13074] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1787'. [ 763.217116][T13074] bridge0: port 2(bridge_slave_1) entered disabled state [ 763.224442][T13074] bridge0: port 1(bridge_slave_0) entered disabled state [ 763.825813][T13077] FAULT_INJECTION: forcing a failure. [ 763.825813][T13077] name failslab, interval 1, probability 0, space 0, times 0 [ 763.928661][T13077] CPU: 0 UID: 0 PID: 13077 Comm: syz.2.1788 Tainted: G L syzkaller #0 PREEMPT(full) [ 763.928693][T13077] Tainted: [L]=SOFTLOCKUP [ 763.928699][T13077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 763.928709][T13077] Call Trace: [ 763.928715][T13077] [ 763.928720][T13077] dump_stack_lvl+0x100/0x190 [ 763.928749][T13077] should_fail_ex.cold+0x5/0xa [ 763.928768][T13077] should_failslab+0xc2/0x120 [ 763.928785][T13077] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 763.928807][T13077] ? do_getname+0x35/0x390 [ 763.928825][T13077] ? __lock_acquire+0x4a5/0x2630 [ 763.928847][T13077] do_getname+0x35/0x390 [ 763.928868][T13077] do_sys_openat2+0xc5/0x1e0 [ 763.928887][T13077] ? __pfx_do_sys_openat2+0x10/0x10 [ 763.928907][T13077] ? find_held_lock+0x2b/0x80 [ 763.928926][T13077] __x64_sys_open+0xfe/0x1d0 [ 763.928945][T13077] ? __pfx___x64_sys_open+0x10/0x10 [ 763.928980][T13077] do_syscall_64+0x106/0xf80 [ 763.929002][T13077] ? clear_bhb_loop+0x40/0x90 [ 763.929021][T13077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.929036][T13077] RIP: 0033:0x7fe0c7f9c799 [ 763.929050][T13077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 763.929064][T13077] RSP: 002b:00007fe0c8e7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 763.929078][T13077] RAX: ffffffffffffffda RBX: 00007fe0c8215fa0 RCX: 00007fe0c7f9c799 [ 763.929088][T13077] RDX: 0000000000000408 RSI: 0000000000000000 RDI: 0000200000000100 [ 763.929097][T13077] RBP: 00007fe0c8032c99 R08: 0000000000000000 R09: 0000000000000000 [ 763.929106][T13077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.929114][T13077] R13: 00007fe0c8216038 R14: 00007fe0c8215fa0 R15: 00007ffd6d198858 [ 763.929134][T13077] [ 764.122667][T13084] loop6: detected capacity change from 0 to 8 [ 764.459797][T13087] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 766.451001][T13114] FAULT_INJECTION: forcing a failure. [ 766.451001][T13114] name failslab, interval 1, probability 0, space 0, times 0 [ 766.645070][T13114] CPU: 0 UID: 0 PID: 13114 Comm: syz.1.1795 Tainted: G L syzkaller #0 PREEMPT(full) [ 766.645097][T13114] Tainted: [L]=SOFTLOCKUP [ 766.645103][T13114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 766.645112][T13114] Call Trace: [ 766.645118][T13114] [ 766.645124][T13114] dump_stack_lvl+0x100/0x190 [ 766.645154][T13114] should_fail_ex.cold+0x5/0xa [ 766.645173][T13114] ? ops_init+0x77/0x5f0 [ 766.645285][T13114] should_failslab+0xc2/0x120 [ 766.645303][T13114] __kmalloc_noprof+0xe0/0x850 [ 766.645325][T13114] ? brnf_init_net+0x2bc/0x450 [ 766.645381][T13114] ops_init+0x77/0x5f0 [ 766.645406][T13114] setup_net+0x118/0x3a0 [ 766.645429][T13114] ? __pfx_setup_net+0x10/0x10 [ 766.645451][T13114] ? lockdep_init_map_type+0x5c/0x250 [ 766.645472][T13114] ? mutex_init_lockep+0x110/0x150 [ 766.645494][T13114] copy_net_ns+0x46f/0x7c0 [ 766.645512][T13114] create_new_namespaces+0x3ea/0xac0 [ 766.645533][T13114] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 766.645552][T13114] ksys_unshare+0x473/0xad0 [ 766.645573][T13114] ? __pfx_ksys_unshare+0x10/0x10 [ 766.645598][T13114] __x64_sys_unshare+0x31/0x40 [ 766.645616][T13114] do_syscall_64+0x106/0xf80 [ 766.645637][T13114] ? clear_bhb_loop+0x40/0x90 [ 766.645656][T13114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.645671][T13114] RIP: 0033:0x7f949559c799 [ 766.645685][T13114] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 766.645700][T13114] RSP: 002b:00007f94963d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 766.645715][T13114] RAX: ffffffffffffffda RBX: 00007f9495816090 RCX: 00007f949559c799 [ 766.645725][T13114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 766.645733][T13114] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 766.645742][T13114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 766.645751][T13114] R13: 00007f9495816128 R14: 00007f9495816090 R15: 00007fff17efaf48 [ 766.645771][T13114] [ 768.798446][T12925] block nbd1: Receive control failed (result -32) [ 769.344002][T13156] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 769.590447][T13161] tipc: Trying to set illegal importance in message [ 769.984262][T13171] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1811'. [ 770.153721][T13175] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 771.089569][T13198] openvswitch: netlink: IP tunnel attribute has 24 unknown bytes. [ 771.409778][T13185] vhci_hcd: not connected 4 [ 774.588958][T12614] netdevsim netdevsim26 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.102477][T12925] block nbd2: Receive control failed (result -32) [ 779.418632][T13347] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1851'. [ 779.996442][T13349] futex_wake_op: syz.1.1852 tries to shift op by -2048; fix this program [ 780.034178][T13349] futex_wake_op: syz.1.1852 tries to shift op by -2048; fix this program [ 780.224550][ T29] audit: type=1800 audit(4294967484.623:11): pid=13372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1856" name="lu_gp_id" dev="configfs" ino=659644 res=0 errno=0 [ 780.299185][T13366] zswap: compressor not available [ 781.826447][T13397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1861'. [ 783.958735][T13426] FAULT_INJECTION: forcing a failure. [ 783.958735][T13426] name failslab, interval 1, probability 0, space 0, times 0 [ 784.063670][T13426] CPU: 0 UID: 0 PID: 13426 Comm: syz.1.1868 Tainted: G L syzkaller #0 PREEMPT(full) [ 784.063704][T13426] Tainted: [L]=SOFTLOCKUP [ 784.063710][T13426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 784.063719][T13426] Call Trace: [ 784.063725][T13426] [ 784.063731][T13426] dump_stack_lvl+0x100/0x190 [ 784.063765][T13426] should_fail_ex.cold+0x5/0xa [ 784.063786][T13426] should_failslab+0xc2/0x120 [ 784.063804][T13426] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 784.063827][T13426] ? acpi_ut_create_control_state+0x6a/0x100 [ 784.063851][T13426] acpi_ut_create_control_state+0x6a/0x100 [ 784.063868][T13426] acpi_ds_exec_begin_control_op+0x21f/0x530 [ 784.063962][T13426] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 784.063981][T13426] acpi_ds_exec_begin_op+0x20a/0x9c0 [ 784.064000][T13426] acpi_ps_create_op+0x7bb/0xd10 [ 784.064019][T13426] ? __pfx_acpi_ps_create_op+0x10/0x10 [ 784.064036][T13426] ? __pfx_acpi_ut_trace_ptr+0x10/0x10 [ 784.064079][T13426] ? acpi_ut_value_exit+0x10d/0x190 [ 784.064102][T13426] acpi_ps_parse_loop+0xa65/0x24a0 [ 784.064122][T13426] ? __kmalloc_noprof+0x320/0x850 [ 784.064147][T13426] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 784.064164][T13426] ? acpi_ut_status_exit+0x111/0x1c0 [ 784.064185][T13426] ? acpi_ds_call_control_method+0x435/0xab0 [ 784.064211][T13426] acpi_ps_parse_aml+0x81e/0x1120 [ 784.064231][T13426] acpi_ps_execute_method+0x5c4/0xe90 [ 784.064255][T13426] acpi_ns_evaluate+0x640/0x1670 [ 784.064280][T13426] acpi_evaluate_object+0x420/0xe00 [ 784.064295][T13426] ? kasan_save_stack+0x30/0x50 [ 784.064317][T13426] ? kasan_save_track+0x14/0x30 [ 784.064334][T13426] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 784.064356][T13426] acpi_evaluate_integer+0xdf/0x220 [ 784.064380][T13426] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 784.064410][T13426] ? __pfx_status_show+0x10/0x10 [ 784.064425][T13426] status_show+0xa0/0x120 [ 784.064439][T13426] ? __pfx_status_show+0x10/0x10 [ 784.064459][T13426] dev_attr_show+0x52/0xa0 [ 784.064480][T13426] ? __pfx_dev_attr_show+0x10/0x10 [ 784.064497][T13426] sysfs_kf_seq_show+0x217/0x3a0 [ 784.064522][T13426] seq_read_iter+0x32f/0x1270 [ 784.064554][T13426] kernfs_fop_read_iter+0x46c/0x610 [ 784.064571][T13426] ? rw_verify_area+0xce/0x6d0 [ 784.064592][T13426] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 784.064610][T13426] vfs_read+0x825/0xb30 [ 784.064627][T13426] ? __pfx_vfs_read+0x10/0x10 [ 784.064654][T13426] ksys_read+0x12a/0x250 [ 784.064668][T13426] ? __pfx_ksys_read+0x10/0x10 [ 784.064688][T13426] do_syscall_64+0x106/0xf80 [ 784.064721][T13426] ? clear_bhb_loop+0x40/0x90 [ 784.064741][T13426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.064757][T13426] RIP: 0033:0x7f949559c799 [ 784.064771][T13426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 784.064786][T13426] RSP: 002b:00007f94963d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 784.064801][T13426] RAX: ffffffffffffffda RBX: 00007f9495816090 RCX: 00007f949559c799 [ 784.064811][T13426] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000009 [ 784.064820][T13426] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 784.064830][T13426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 784.064839][T13426] R13: 00007f9495816128 R14: 00007f9495816090 R15: 00007fff17efaf48 [ 784.064859][T13426] [ 784.064959][T13426] ACPI Error: Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 785.042775][T13426] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 785.531515][T13449] nbd: socks must be embedded in a SOCK_ITEM attr [ 785.538415][T13449] block nbd3: shutting down sockets [ 785.882268][T13450] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1873'. [ 789.476326][T12925] Bluetooth: hci1: unexpected event 0x3e length: 505 > 260 [ 789.476351][T12925] Bluetooth: hci1: unexpected subevent 0x02 length: 504 > 260 [ 789.492508][T12925] Bluetooth: hci1: Dropping invalid advertising data [ 789.499213][T12925] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 789.573328][T12543] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 789.590481][T12543] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 789.605905][T12543] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 789.615908][T12543] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 789.632156][T12543] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 790.049999][T13511] chnl_net:caif_netlink_parms(): no params data found [ 790.324390][T13511] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.371823][T13511] bridge0: port 1(bridge_slave_0) entered disabled state [ 790.379063][T13511] bridge_slave_0: entered allmulticast mode [ 790.424642][T13511] bridge_slave_0: entered promiscuous mode [ 790.445317][T13511] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.468335][T13511] bridge0: port 2(bridge_slave_1) entered disabled state [ 790.502647][T13511] bridge_slave_1: entered allmulticast mode [ 790.530747][T13511] bridge_slave_1: entered promiscuous mode [ 790.693377][T13511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 790.735375][T13511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 790.828827][T13511] team0: Port device team_slave_0 added [ 790.866129][T13511] team0: Port device team_slave_1 added [ 791.101335][T13511] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 791.126249][T13511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 791.209664][T13545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78400 [ 791.240696][T13511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 791.253647][T13545] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 791.282245][T13545] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 791.289866][T13545] page_type: f5(slab) [ 791.294036][T13511] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 791.320641][T13511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 791.368957][T13545] raw: 00fff00000000040 ffff88813fe3a140 dead000000000122 0000000000000000 [ 791.391009][T13545] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 791.399622][T13545] head: 00fff00000000040 ffff88813fe3a140 dead000000000122 0000000000000000 [ 791.430990][T13511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 791.502860][T13545] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 791.604230][T13545] head: 00fff00000000003 ffffea0001e10001 00000000ffffffff 00000000ffffffff [ 791.621819][T13511] hsr_slave_0: entered promiscuous mode [ 791.655214][T13511] hsr_slave_1: entered promiscuous mode [ 791.674242][T12543] Bluetooth: hci4: command tx timeout [ 791.681172][T13511] debugfs: 'hsr0' already exists in 'hsr' [ 791.686892][T13511] Cannot create hsr debugfs directory [ 791.712730][T13545] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 791.761103][T13535] futex_wake_op: syz.1.1889 tries to shift op by -2048; fix this program [ 791.780649][T13545] page dumped because: unmovable page [ 791.786049][T13545] page_owner tracks the page as allocated [ 791.921330][T13545] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12614, tgid 12614 (kworker/u10:5), ts 785631922708, free_ts 785626322820 [ 792.064571][T13545] post_alloc_hook+0x153/0x170 [ 792.069407][T13545] get_page_from_freelist+0x111d/0x3140 [ 792.132824][T13545] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 792.190682][T13545] new_slab+0xa6/0x6b0 [ 792.201819][T13545] refill_objects+0x26b/0x400 [ 792.265492][T13545] __pcs_replace_empty_main+0x1ab/0x660 [ 792.301325][T13545] __kmalloc_node_track_caller_noprof+0x694/0x850 [ 792.350647][T13545] kmalloc_reserve+0xe8/0x350 [ 792.355376][T13545] __alloc_skb+0x185/0x710 [ 792.410636][T13545] nsim_dev_trap_report_work+0x2af/0xd10 [ 792.460170][T13545] process_one_work+0xa23/0x19a0 [ 792.470449][T13545] worker_thread+0x5ef/0xe50 [ 792.490738][T13545] kthread+0x370/0x450 [ 792.494856][T13545] ret_from_fork+0x754/0xd80 [ 792.520755][T13545] ret_from_fork_asm+0x1a/0x30 [ 792.539110][T13545] page last free pid 13449 tgid 13445 stack trace: [ 792.570660][T13545] __free_frozen_pages+0x7e1/0x10d0 [ 792.590875][T13545] qlist_free_all+0x47/0xe0 [ 792.595411][T13545] kasan_quarantine_reduce+0x1a0/0x1f0 [ 792.623872][T13545] __kasan_slab_alloc+0x69/0x90 [ 792.628750][T13545] __kmalloc_cache_noprof+0x243/0x6f0 [ 792.660735][T13545] ref_tracker_alloc+0x190/0x590 [ 792.677749][T13545] register_netdevice+0x1535/0x2210 [ 792.695723][T13545] register_netdev+0x34/0x50 [ 792.710521][T13545] loopback_net_init+0x7a/0x170 [ 792.716197][T13545] ops_init+0x1e2/0x5f0 [ 792.720347][T13545] setup_net+0x118/0x3a0 [ 792.750643][T13545] copy_net_ns+0x46f/0x7c0 [ 792.760629][T13545] create_new_namespaces+0x3ea/0xac0 [ 792.770654][T13545] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 792.776340][T13545] ksys_unshare+0x473/0xad0 [ 792.801418][T13545] __x64_sys_unshare+0x31/0x40 [ 793.252900][T13511] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 793.325925][T13511] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 793.378096][T13511] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 793.405999][T13511] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 793.754325][T12543] Bluetooth: hci4: command tx timeout [ 793.770845][T13511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 793.820951][T13511] 8021q: adding VLAN 0 to HW filter on device team0 [ 793.829820][T13574] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1894'. [ 793.882811][T12555] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.889951][T12555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 793.922916][T12555] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.930689][T12555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 793.962857][T13562] futex_wake_op: syz.2.1893 tries to shift op by -2048; fix this program [ 794.504121][T13511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 794.902938][T13594] FAULT_INJECTION: forcing a failure. [ 794.902938][T13594] name failslab, interval 1, probability 0, space 0, times 0 [ 795.050711][T13594] CPU: 0 UID: 0 PID: 13594 Comm: syz.2.1896 Tainted: G L syzkaller #0 PREEMPT(full) [ 795.050738][T13594] Tainted: [L]=SOFTLOCKUP [ 795.050744][T13594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 795.050753][T13594] Call Trace: [ 795.050759][T13594] [ 795.050765][T13594] dump_stack_lvl+0x100/0x190 [ 795.050793][T13594] should_fail_ex.cold+0x5/0xa [ 795.050812][T13594] should_failslab+0xc2/0x120 [ 795.050830][T13594] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 795.050853][T13594] ? __d_alloc+0x34/0xa80 [ 795.050875][T13594] __d_alloc+0x34/0xa80 [ 795.050902][T13594] d_alloc_pseudo+0x1c/0xc0 [ 795.050923][T13594] alloc_file_pseudo+0xcf/0x230 [ 795.050948][T13594] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 795.050968][T13594] ? alloc_fd+0x476/0x790 [ 795.050985][T13594] sock_alloc_file+0x50/0x210 [ 795.051010][T13594] __sys_socket+0x1c0/0x260 [ 795.051032][T13594] ? __pfx___sys_socket+0x10/0x10 [ 795.051054][T13594] __x64_sys_socket+0x72/0xb0 [ 795.051071][T13594] ? lockdep_hardirqs_on+0x78/0x100 [ 795.051094][T13594] do_syscall_64+0x106/0xf80 [ 795.051114][T13594] ? clear_bhb_loop+0x40/0x90 [ 795.051133][T13594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.051149][T13594] RIP: 0033:0x7fe0c7f9c799 [ 795.051163][T13594] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.051177][T13594] RSP: 002b:00007fe0c8e5e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 795.051192][T13594] RAX: ffffffffffffffda RBX: 00007fe0c8216090 RCX: 00007fe0c7f9c799 [ 795.051201][T13594] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 795.051210][T13594] RBP: 00007fe0c8032c99 R08: 0000000000000000 R09: 0000000000000000 [ 795.051218][T13594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.051227][T13594] R13: 00007fe0c8216128 R14: 00007fe0c8216090 R15: 00007ffd6d198858 [ 795.051247][T13594] [ 795.528895][T13598] FAULT_INJECTION: forcing a failure. [ 795.528895][T13598] name failslab, interval 1, probability 0, space 0, times 0 [ 795.574221][T13598] CPU: 0 UID: 0 PID: 13598 Comm: syz.2.1897 Tainted: G L syzkaller #0 PREEMPT(full) [ 795.574247][T13598] Tainted: [L]=SOFTLOCKUP [ 795.574253][T13598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 795.574262][T13598] Call Trace: [ 795.574268][T13598] [ 795.574275][T13598] dump_stack_lvl+0x100/0x190 [ 795.574303][T13598] should_fail_ex.cold+0x5/0xa [ 795.574321][T13598] should_failslab+0xc2/0x120 [ 795.574339][T13598] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 795.574361][T13598] ? sk_prot_alloc+0x60/0x2a0 [ 795.574381][T13598] sk_prot_alloc+0x60/0x2a0 [ 795.574397][T13598] sk_alloc+0x36/0xe80 [ 795.574418][T13598] inet6_create+0x385/0x12b0 [ 795.574541][T13598] ? inet6_create+0x7f/0x12b0 [ 795.574566][T13598] __sock_create+0x339/0x860 [ 795.574586][T13598] inet_ctl_sock_create+0x94/0x230 [ 795.574605][T13598] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 795.574622][T13598] ? proc_create_net_data+0x155/0x1c0 [ 795.574642][T13598] ndisc_net_init+0x86/0x230 [ 795.574697][T13598] ? __pfx_ndisc_net_init+0x10/0x10 [ 795.574715][T13598] ? ip6mr_net_init+0x2d6/0x4a0 [ 795.574758][T13598] ? __pfx_ndisc_net_init+0x10/0x10 [ 795.574773][T13598] ops_init+0x1e2/0x5f0 [ 795.574799][T13598] setup_net+0x118/0x3a0 [ 795.574822][T13598] ? __pfx_setup_net+0x10/0x10 [ 795.574843][T13598] ? lockdep_init_map_type+0x5c/0x250 [ 795.574864][T13598] ? mutex_init_lockep+0x110/0x150 [ 795.574887][T13598] copy_net_ns+0x46f/0x7c0 [ 795.574912][T13598] create_new_namespaces+0x3ea/0xac0 [ 795.574934][T13598] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 795.574953][T13598] ksys_unshare+0x473/0xad0 [ 795.574973][T13598] ? __pfx_ksys_unshare+0x10/0x10 [ 795.574999][T13598] __x64_sys_unshare+0x31/0x40 [ 795.575017][T13598] do_syscall_64+0x106/0xf80 [ 795.575038][T13598] ? clear_bhb_loop+0x40/0x90 [ 795.575057][T13598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.575072][T13598] RIP: 0033:0x7fe0c7f9c799 [ 795.575085][T13598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.575100][T13598] RSP: 002b:00007fe0c8e7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 795.575114][T13598] RAX: ffffffffffffffda RBX: 00007fe0c8215fa0 RCX: 00007fe0c7f9c799 [ 795.575124][T13598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 795.575133][T13598] RBP: 00007fe0c8032c99 R08: 0000000000000000 R09: 0000000000000000 [ 795.575142][T13598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.575151][T13598] R13: 00007fe0c8216038 R14: 00007fe0c8215fa0 R15: 00007ffd6d198858 [ 795.575171][T13598] [ 795.575218][T13598] ICMPv6: NDISC: Failed to initialize the control socket (err -105) [ 795.894909][T13511] veth0_vlan: entered promiscuous mode [ 795.904531][T12543] Bluetooth: hci4: command tx timeout [ 795.915013][T13511] veth1_vlan: entered promiscuous mode [ 795.944972][T13603] random: crng reseeded on system resumption [ 795.966659][T13511] veth0_macvtap: entered promiscuous mode [ 795.979830][T13511] veth1_macvtap: entered promiscuous mode [ 796.015957][T13511] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 796.060941][T13511] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 796.131449][T12556] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.151119][T12556] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.159844][T12556] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.189819][T12556] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.284356][T12556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 796.298298][T12556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 796.410239][T12555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 796.427566][T12543] Bluetooth: hci0: unexpected event 0x23 length: 127 > 13 [ 796.435846][T12555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 796.754595][T13614] random: crng reseeded on system resumption [ 797.093284][ T29] audit: type=1800 audit(4294967304.020:12): pid=13612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1886" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 797.991779][T12543] Bluetooth: hci4: command tx timeout [ 798.029138][T13632] delete_channel: no stack [ 798.765529][T12925] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 798.781398][T12925] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 798.789827][T12925] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 798.798512][T12925] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 798.806122][T12925] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 799.579589][T13640] chnl_net:caif_netlink_parms(): no params data found [ 800.185312][T13640] bridge0: port 1(bridge_slave_0) entered blocking state [ 800.220705][T13640] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.261701][T13640] bridge_slave_0: entered allmulticast mode [ 800.296008][T13640] bridge_slave_0: entered promiscuous mode [ 800.336159][T13640] bridge0: port 2(bridge_slave_1) entered blocking state [ 800.390239][T13640] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.421853][T13640] bridge_slave_1: entered allmulticast mode [ 800.468167][T13640] bridge_slave_1: entered promiscuous mode [ 800.646608][T13640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 800.764346][T13640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 800.871124][T12925] Bluetooth: hci5: command tx timeout [ 800.942415][T13640] team0: Port device team_slave_0 added [ 800.976339][T13676] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1913'. [ 800.995161][T13640] team0: Port device team_slave_1 added [ 801.164395][T13640] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 801.195308][T13640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 801.317553][T13640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 801.331820][T13688] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 801.388399][T13640] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 801.425954][T13640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 801.556868][T13640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 801.920488][T13640] hsr_slave_0: entered promiscuous mode [ 801.966394][T13640] hsr_slave_1: entered promiscuous mode [ 801.996505][T13640] debugfs: 'hsr0' already exists in 'hsr' [ 802.026671][T13640] Cannot create hsr debugfs directory [ 802.087056][T13708] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1920'. [ 802.950723][T12925] Bluetooth: hci5: command tx timeout [ 803.336755][T13640] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 803.405946][T13640] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 803.531561][T13640] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 803.622885][T13640] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 803.871402][T13751] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1928'. [ 804.043767][T13640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 804.121905][T13640] 8021q: adding VLAN 0 to HW filter on device team0 [ 804.181971][T12556] bridge0: port 1(bridge_slave_0) entered blocking state [ 804.189160][T12556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 804.258774][T12556] bridge0: port 2(bridge_slave_1) entered blocking state [ 804.266132][T12556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 804.664322][T13765] Invalid ELF header magic: != ELF [ 804.989996][T13640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 805.033064][T12925] Bluetooth: hci5: command tx timeout [ 805.481489][T13781] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 805.481489][T13781] The task syz.4.1935 (13781) triggered the difference, watch for misbehavior. [ 805.910443][T13640] veth0_vlan: entered promiscuous mode [ 805.986440][T13640] veth1_vlan: entered promiscuous mode [ 806.123952][T13640] veth0_macvtap: entered promiscuous mode [ 806.184061][T13640] veth1_macvtap: entered promiscuous mode [ 806.268083][T13640] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 806.307833][T13640] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 806.366171][T12614] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.398757][T12614] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.467340][T12614] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.531631][T12614] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.739415][T12614] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 806.793418][T12614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 806.925537][T13552] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 806.971055][T13552] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 807.110806][T12925] Bluetooth: hci5: command tx timeout [ 807.186666][T13819] netlink: 'syz.1.1945': attribute type 1 has an invalid length. [ 807.236041][T13819] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1945'. [ 807.459698][T13824] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1905'. [ 808.097637][T13836] binder: 13835:13836 ioctl 40046205 0 returned -22 [ 809.538670][T13852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078400000 pfn:0x78400 [ 809.617386][T13852] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 809.748776][T13852] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 809.831305][T13852] page_type: f8(unknown) [ 809.835587][T13852] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 810.050852][T13852] raw: ffff888078400000 0000000000000000 00000000f8000000 0000000000000000 [ 810.152137][T13852] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 810.246622][T13852] head: ffff888078400000 0000000000000000 00000000f8000000 0000000000000000 [ 810.354291][T13852] head: 00fff00000000003 ffffea0001e10001 00000000ffffffff 00000000ffffffff [ 810.512572][T13852] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 810.634774][T13852] page dumped because: unmovable page [ 810.674783][T13852] page_owner tracks the page as allocated [ 810.751849][T13852] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 13690, tgid 13683 (syz.1.1915), ts 801611462885, free_ts 801252905011 [ 811.020756][T13852] post_alloc_hook+0x153/0x170 [ 811.025756][T13852] get_page_from_freelist+0x111d/0x3140 [ 811.185099][T13852] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 811.218627][T13852] alloc_pages_mpol+0x1fb/0x550 [ 811.300010][T13852] ___kmalloc_large_node+0x104/0x150 [ 811.389937][T13852] __kmalloc_large_noprof+0x1c/0x70 [ 811.420677][T13852] can_pernet_init+0x4b/0x370 [ 811.425502][T13852] ops_init+0x1e2/0x5f0 [ 811.493108][T13852] setup_net+0x118/0x3a0 [ 811.525290][T13852] copy_net_ns+0x46f/0x7c0 [ 811.529768][T13852] create_new_namespaces+0x3ea/0xac0 [ 811.572020][T13852] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 811.597741][T13852] ksys_unshare+0x473/0xad0 [ 811.625368][T13852] __x64_sys_unshare+0x31/0x40 [ 811.651074][T13852] do_syscall_64+0x106/0xf80 [ 811.677380][T13852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.716261][T13852] page last free pid 5827 tgid 5827 stack trace: [ 811.751881][T13852] __free_frozen_pages+0x7e1/0x10d0 [ 811.780659][T13852] qlist_free_all+0x47/0xe0 [ 811.808477][T13852] kasan_quarantine_reduce+0x1a0/0x1f0 [ 811.840527][T13852] __kasan_slab_alloc+0x69/0x90 [ 811.871870][T13852] kmem_cache_alloc_lru_noprof+0x246/0x6e0 [ 811.910799][T13852] sock_alloc_inode+0x25/0x1c0 [ 811.928302][T13852] alloc_inode+0x68/0x250 [ 811.949163][T13852] sock_alloc+0x44/0x280 [ 811.970528][T13852] __sock_create+0xc2/0x860 [ 811.993123][T13852] __sys_socket+0x14d/0x260 [ 812.011498][T13852] __x64_sys_socket+0x72/0xb0 [ 812.028683][T13879] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1958'. [ 812.050828][T13852] do_syscall_64+0x106/0xf80 [ 812.062512][T13852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.276459][T13910] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1968'. [ 814.480068][T13922] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1973'. [ 814.926401][T13930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1984'. [ 815.039931][T13930] i: entered promiscuous mode [ 815.309768][T13936] netlink: 'syz.1.1977': attribute type 1 has an invalid length. [ 815.375048][T13936] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1977'. [ 816.254825][T13947] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 818.265135][T14013] netlink: 'syz.5.2008': attribute type 1 has an invalid length. [ 818.307676][T14013] netlink: 9 bytes leftover after parsing attributes in process `syz.5.2008'. [ 818.541705][T14027] FAULT_INJECTION: forcing a failure. [ 818.541705][T14027] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 818.590872][T14027] CPU: 0 UID: 0 PID: 14027 Comm: syz.5.2014 Tainted: G L syzkaller #0 PREEMPT(full) [ 818.590900][T14027] Tainted: [L]=SOFTLOCKUP [ 818.590905][T14027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 818.590915][T14027] Call Trace: [ 818.590921][T14027] [ 818.590927][T14027] dump_stack_lvl+0x100/0x190 [ 818.590956][T14027] should_fail_ex.cold+0x5/0xa [ 818.590972][T14027] ? prepare_alloc_pages+0x16d/0x5f0 [ 818.590992][T14027] should_fail_alloc_page+0xeb/0x140 [ 818.591009][T14027] prepare_alloc_pages+0x1f0/0x5f0 [ 818.591031][T14027] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 818.591054][T14027] ? stack_trace_save+0x8e/0xc0 [ 818.591070][T14027] ? __pfx_stack_trace_save+0x10/0x10 [ 818.591085][T14027] ? stack_depot_save_flags+0x27/0x9d0 [ 818.591106][T14027] ? stack_trace_save+0x8e/0xc0 [ 818.591122][T14027] ? kasan_save_stack+0x3f/0x50 [ 818.591144][T14027] ? kasan_save_stack+0x30/0x50 [ 818.591164][T14027] ? kasan_save_track+0x14/0x30 [ 818.591176][T14027] ? __kasan_slab_alloc+0x89/0x90 [ 818.591190][T14027] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 818.591213][T14027] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 818.591234][T14027] ? insert_page+0xcc/0x220 [ 818.591250][T14027] ? vm_insert_page+0x2c0/0x400 [ 818.591266][T14027] ? kcov_mmap+0xca/0x130 [ 818.591279][T14027] ? mmap_region+0x30a/0x3e0 [ 818.591299][T14027] ? vm_mmap_pgoff+0x29e/0x470 [ 818.591315][T14027] ? ksys_mmap_pgoff+0x3c8/0x650 [ 818.591329][T14027] ? __x64_sys_mmap+0x125/0x190 [ 818.591350][T14027] ? do_syscall_64+0x106/0xf80 [ 818.591370][T14027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.591403][T14027] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 818.591420][T14027] ? policy_nodemask+0xed/0x4f0 [ 818.591438][T14027] alloc_pages_mpol+0x1fb/0x550 [ 818.591456][T14027] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 818.591475][T14027] ? do_raw_spin_lock+0x128/0x260 [ 818.591500][T14027] alloc_pages_noprof+0x131/0x390 [ 818.591518][T14027] pte_alloc_one+0x1c/0x3d0 [ 818.591536][T14027] __pte_alloc+0x6d/0x3e0 [ 818.591551][T14027] ? __pfx___pte_alloc+0x10/0x10 [ 818.591567][T14027] ? walk_to_pmd+0x302/0x4c0 [ 818.591586][T14027] get_locked_pte+0xa1/0xc0 [ 818.591604][T14027] insert_page+0xcc/0x220 [ 818.591622][T14027] ? __pfx_insert_page+0x10/0x10 [ 818.591638][T14027] ? __pfx_down_read_trylock+0x10/0x10 [ 818.591664][T14027] vm_insert_page+0x2c0/0x400 [ 818.591684][T14027] kcov_mmap+0xca/0x130 [ 818.591699][T14027] __mmap_region+0x1443/0x29e0 [ 818.591724][T14027] ? __pfx___mmap_region+0x10/0x10 [ 818.591746][T14027] ? find_held_lock+0x2b/0x80 [ 818.591760][T14027] ? ima_match_policy+0x8c4/0x2350 [ 818.591779][T14027] ? ima_match_policy+0x8c4/0x2350 [ 818.591813][T14027] ? find_held_lock+0x2b/0x80 [ 818.591826][T14027] ? process_measurement+0x4c8/0x2350 [ 818.591848][T14027] ? process_measurement+0x4c8/0x2350 [ 818.591877][T14027] ? process_measurement+0x1f4/0x2350 [ 818.591931][T14027] mmap_region+0x30a/0x3e0 [ 818.591956][T14027] do_mmap+0xc63/0x12f0 [ 818.591976][T14027] ? __pfx_do_mmap+0x10/0x10 [ 818.591992][T14027] ? __pfx_down_write_killable+0x10/0x10 [ 818.592012][T14027] vm_mmap_pgoff+0x29e/0x470 [ 818.592032][T14027] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 818.592048][T14027] ? __fget_files+0x215/0x3d0 [ 818.592065][T14027] ? __fget_files+0x21f/0x3d0 [ 818.592083][T14027] ksys_mmap_pgoff+0x3c8/0x650 [ 818.592099][T14027] ? __x64_sys_futex+0x34f/0x4d0 [ 818.592118][T14027] ? __x64_sys_futex+0x358/0x4d0 [ 818.592137][T14027] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 818.592153][T14027] ? xfd_validate_state+0x129/0x190 [ 818.592177][T14027] __x64_sys_mmap+0x125/0x190 [ 818.592201][T14027] do_syscall_64+0x106/0xf80 [ 818.592221][T14027] ? clear_bhb_loop+0x40/0x90 [ 818.592239][T14027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.592255][T14027] RIP: 0033:0x7f42b2f9c799 [ 818.592269][T14027] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 818.592283][T14027] RSP: 002b:00007f42b3da7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 818.592299][T14027] RAX: ffffffffffffffda RBX: 00007f42b3215fa0 RCX: 00007f42b2f9c799 [ 818.592309][T14027] RDX: 0000000000000007 RSI: 00000000003fffff RDI: 0000000000009000 [ 818.592319][T14027] RBP: 00007f42b3032c99 R08: 00000000000000dd R09: 0000000000000000 [ 818.592329][T14027] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 818.592339][T14027] R13: 00007f42b3216038 R14: 00007f42b3215fa0 R15: 00007ffd90dcc3d8 [ 818.592360][T14027] [ 818.592378][T14027] kcov: kcov: vm_insert_page() failed [ 819.895885][T14054] device-mapper: ioctl: Unable to rename non-existent device,  to [ 819.972385][T14053] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2023'. [ 820.041215][ T29] audit: type=1326 audit(4294967326.940:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14055 comm="syz.4.2025" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f961539c799 code=0x0 [ 820.258549][T14065] futex_wake_op: syz.1.2029 tries to shift op by -2048; fix this program [ 820.277574][T14065] futex_wake_op: syz.1.2029 tries to shift op by -2048; fix this program [ 820.463714][T14070] input: jJǸ-9%vJ86 as /devices/virtual/input/input13 [ 821.356984][ T29] audit: type=1807 audit(4294967328.280:14): UNKNOWN=1 res=0 [ 821.375460][T14099] ima: policy update failed [ 821.380283][ T29] audit: type=1802 audit(4294967328.310:15): pid=14100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.4.2044" res=0 errno=0 [ 821.481300][ T29] audit: type=1802 audit(4294967328.310:16): pid=14099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2044" res=0 errno=0 [ 822.061872][T14127] i2c i2c-0: delete_device: Can't find device in list [ 822.237612][T14131] futex_wake_op: syz.2.2058 tries to shift op by -2048; fix this program [ 822.446885][T14145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2062'. [ 822.489186][T14136] zswap: compressor ] not available [ 822.619106][T14148] futex_wake_op: syz.5.2063 tries to shift op by -2048; fix this program [ 823.291515][T14176] ACPI: button: Initial lid state set to 'ignore' [ 823.566987][T14186] netlink: 'syz.4.2078': attribute type 1 has an invalid length. [ 823.607088][T14186] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2078'. [ 825.371002][T14238] FAULT_INJECTION: forcing a failure. [ 825.371002][T14238] name failslab, interval 1, probability 0, space 0, times 0 [ 825.455214][T14238] CPU: 0 UID: 0 PID: 14238 Comm: syz.1.2096 Tainted: G L syzkaller #0 PREEMPT(full) [ 825.455242][T14238] Tainted: [L]=SOFTLOCKUP [ 825.455247][T14238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 825.455256][T14238] Call Trace: [ 825.455262][T14238] [ 825.455268][T14238] dump_stack_lvl+0x100/0x190 [ 825.455297][T14238] should_fail_ex.cold+0x5/0xa [ 825.455324][T14238] ? apply_wqattrs_prepare+0xfe/0xbb0 [ 825.455341][T14238] should_failslab+0xc2/0x120 [ 825.455358][T14238] __kmalloc_noprof+0xe0/0x850 [ 825.455386][T14238] apply_wqattrs_prepare+0xfe/0xbb0 [ 825.455402][T14238] ? __alloc_workqueue+0x901/0x1880 [ 825.455425][T14238] apply_workqueue_attrs_locked+0x64/0xe0 [ 825.455442][T14238] __alloc_workqueue+0xe25/0x1880 [ 825.455463][T14238] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 825.455486][T14238] alloc_workqueue_noprof+0xd2/0x200 [ 825.455504][T14238] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 825.455528][T14238] ? __pfx___debug_object_init+0x10/0x10 [ 825.455549][T14238] nci_register_device+0x21e/0xb80 [ 825.455569][T14238] ? __pfx_nci_register_device+0x10/0x10 [ 825.455589][T14238] ? lockdep_init_map_type+0x5c/0x250 [ 825.455613][T14238] virtual_ncidev_open+0x141/0x220 [ 825.455635][T14238] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 825.455655][T14238] misc_open+0x26d/0x450 [ 825.455674][T14238] ? __pfx_misc_open+0x10/0x10 [ 825.455691][T14238] chrdev_open+0x234/0x6a0 [ 825.455707][T14238] ? __pfx_apparmor_file_open+0x10/0x10 [ 825.455723][T14238] ? __pfx_chrdev_open+0x10/0x10 [ 825.455740][T14238] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 825.455761][T14238] do_dentry_open+0x6d8/0x1660 [ 825.455775][T14238] ? __pfx_chrdev_open+0x10/0x10 [ 825.455796][T14238] vfs_open+0x82/0x3f0 [ 825.455817][T14238] path_openat+0x208c/0x31a0 [ 825.455840][T14238] ? __pfx_path_openat+0x10/0x10 [ 825.455862][T14238] do_file_open+0x20e/0x430 [ 825.455879][T14238] ? __pfx_do_file_open+0x10/0x10 [ 825.455915][T14238] ? alloc_fd+0x476/0x790 [ 825.455933][T14238] ? do_getname+0x191/0x390 [ 825.455955][T14238] do_sys_openat2+0x10d/0x1e0 [ 825.455975][T14238] ? __pfx_do_sys_openat2+0x10/0x10 [ 825.455997][T14238] ? __fget_files+0x21f/0x3d0 [ 825.456015][T14238] __x64_sys_openat+0x12d/0x210 [ 825.456036][T14238] ? __pfx___x64_sys_openat+0x10/0x10 [ 825.456063][T14238] do_syscall_64+0x106/0xf80 [ 825.456084][T14238] ? clear_bhb_loop+0x40/0x90 [ 825.456102][T14238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.456117][T14238] RIP: 0033:0x7f949559c799 [ 825.456131][T14238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 825.456145][T14238] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 825.456160][T14238] RAX: ffffffffffffffda RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 825.456169][T14238] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 825.456180][T14238] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 825.456189][T14238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.456198][T14238] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 825.456218][T14238] [ 826.844109][T14274] FAULT_INJECTION: forcing a failure. [ 826.844109][T14274] name failslab, interval 1, probability 0, space 0, times 0 [ 826.893468][T14274] CPU: 0 UID: 0 PID: 14274 Comm: syz.1.2111 Tainted: G L syzkaller #0 PREEMPT(full) [ 826.893497][T14274] Tainted: [L]=SOFTLOCKUP [ 826.893503][T14274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 826.893512][T14274] Call Trace: [ 826.893518][T14274] [ 826.893524][T14274] dump_stack_lvl+0x100/0x190 [ 826.893554][T14274] should_fail_ex.cold+0x5/0xa [ 826.893574][T14274] should_failslab+0xc2/0x120 [ 826.893591][T14274] __kmalloc_cache_noprof+0x7a/0x6f0 [ 826.893610][T14274] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 826.893636][T14274] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 826.893659][T14274] ? __mutex_lock+0x26a/0x1b90 [ 826.893684][T14274] ? snd_pcm_oss_sync+0x243/0x840 [ 826.893702][T14274] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 826.893722][T14274] ? __pfx___mutex_lock+0x10/0x10 [ 826.893748][T14274] ? __fsnotify_parent+0x2b4/0xca0 [ 826.893770][T14274] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 826.893789][T14274] snd_pcm_oss_sync+0x265/0x840 [ 826.893810][T14274] snd_pcm_oss_release+0x238/0x300 [ 826.893828][T14274] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 826.893846][T14274] __fput+0x3ff/0xb40 [ 826.893869][T14274] task_work_run+0x150/0x240 [ 826.893891][T14274] ? __pfx_task_work_run+0x10/0x10 [ 826.893916][T14274] exit_to_user_mode_loop+0x100/0x4a0 [ 826.893939][T14274] do_syscall_64+0x668/0xf80 [ 826.893959][T14274] ? clear_bhb_loop+0x40/0x90 [ 826.893977][T14274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 826.893993][T14274] RIP: 0033:0x7f949559c799 [ 826.894013][T14274] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 826.894030][T14274] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 826.894045][T14274] RAX: 0000000000000000 RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 826.894055][T14274] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 826.894064][T14274] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 826.894072][T14274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 826.894081][T14274] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 826.894102][T14274] [ 827.229392][T14278] FAULT_INJECTION: forcing a failure. [ 827.229392][T14278] name failslab, interval 1, probability 0, space 0, times 0 [ 827.242381][T14278] CPU: 0 UID: 0 PID: 14278 Comm: syz.1.2113 Tainted: G L syzkaller #0 PREEMPT(full) [ 827.242408][T14278] Tainted: [L]=SOFTLOCKUP [ 827.242414][T14278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 827.242423][T14278] Call Trace: [ 827.242430][T14278] [ 827.242437][T14278] dump_stack_lvl+0x100/0x190 [ 827.242466][T14278] should_fail_ex.cold+0x5/0xa [ 827.242485][T14278] should_failslab+0xc2/0x120 [ 827.242502][T14278] __kmalloc_cache_noprof+0x7a/0x6f0 [ 827.242522][T14278] ? vkms_plane_duplicate_state+0x45/0x130 [ 827.242639][T14278] vkms_plane_duplicate_state+0x45/0x130 [ 827.242658][T14278] drm_atomic_get_plane_state+0x279/0x760 [ 827.242714][T14278] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 827.242762][T14278] ? trace_contention_end+0x140/0x180 [ 827.242786][T14278] ? __mutex_lock+0x26a/0x1b90 [ 827.242812][T14278] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 827.242839][T14278] ? drm_master_internal_acquire+0x21/0x80 [ 827.242878][T14278] drm_client_modeset_commit_locked+0x14d/0x580 [ 827.242904][T14278] drm_client_modeset_commit+0x4f/0x80 [ 827.242926][T14278] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 827.243001][T14278] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 827.243025][T14278] drm_fbdev_client_restore+0x1b/0x30 [ 827.243073][T14278] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 827.243090][T14278] drm_client_dev_restore+0x205/0x2a0 [ 827.243115][T14278] drm_release+0x2c6/0x360 [ 827.243158][T14278] ? __pfx_drm_release+0x10/0x10 [ 827.243178][T14278] __fput+0x3ff/0xb40 [ 827.243202][T14278] task_work_run+0x150/0x240 [ 827.243224][T14278] ? __pfx_task_work_run+0x10/0x10 [ 827.243252][T14278] exit_to_user_mode_loop+0x100/0x4a0 [ 827.243274][T14278] do_syscall_64+0x668/0xf80 [ 827.243294][T14278] ? clear_bhb_loop+0x40/0x90 [ 827.243314][T14278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.243330][T14278] RIP: 0033:0x7f949559c799 [ 827.243344][T14278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 827.243359][T14278] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 827.243374][T14278] RAX: 0000000000000000 RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 827.243384][T14278] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 827.243393][T14278] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 827.243402][T14278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 827.243411][T14278] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 827.243432][T14278] [ 830.688179][T14371] zswap: compressor not available [ 832.837253][T14448] FAULT_INJECTION: forcing a failure. [ 832.837253][T14448] name failslab, interval 1, probability 0, space 0, times 0 [ 832.920339][T14448] CPU: 0 UID: 0 PID: 14448 Comm: syz.5.2169 Tainted: G L syzkaller #0 PREEMPT(full) [ 832.920368][T14448] Tainted: [L]=SOFTLOCKUP [ 832.920373][T14448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 832.920382][T14448] Call Trace: [ 832.920387][T14448] [ 832.920393][T14448] dump_stack_lvl+0x100/0x190 [ 832.920423][T14448] should_fail_ex.cold+0x5/0xa [ 832.920443][T14448] should_failslab+0xc2/0x120 [ 832.920460][T14448] __kvmalloc_node_noprof+0xfa/0xa00 [ 832.920489][T14448] ? alloc_netdev_mqs+0xc99/0x14f0 [ 832.920580][T14448] ? lockdep_init_map_type+0x5c/0x250 [ 832.920604][T14448] alloc_netdev_mqs+0xc99/0x14f0 [ 832.920630][T14448] ppp_ioctl+0x906/0x2800 [ 832.920692][T14448] ? find_held_lock+0x2b/0x80 [ 832.920707][T14448] ? __pfx_ppp_ioctl+0x10/0x10 [ 832.920732][T14448] ? __fget_files+0x21f/0x3d0 [ 832.920751][T14448] ? __pfx_ppp_ioctl+0x10/0x10 [ 832.920772][T14448] __x64_sys_ioctl+0x18e/0x210 [ 832.920795][T14448] do_syscall_64+0x106/0xf80 [ 832.920816][T14448] ? clear_bhb_loop+0x40/0x90 [ 832.920835][T14448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.920851][T14448] RIP: 0033:0x7f42b2f9c799 [ 832.920865][T14448] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 832.920879][T14448] RSP: 002b:00007f42b3da7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 832.920894][T14448] RAX: ffffffffffffffda RBX: 00007f42b3215fa0 RCX: 00007f42b2f9c799 [ 832.920904][T14448] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003 [ 832.920913][T14448] RBP: 00007f42b3032c99 R08: 0000000000000000 R09: 0000000000000000 [ 832.920922][T14448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 832.920931][T14448] R13: 00007f42b3216038 R14: 00007f42b3215fa0 R15: 00007ffd90dcc3d8 [ 832.920951][T14448] [ 834.718052][T14481] UHID_CREATE from different security context by process 134 (syz.5.2180), this is not allowed. [ 834.980415][T14489] FAULT_INJECTION: forcing a failure. [ 834.980415][T14489] name failslab, interval 1, probability 0, space 0, times 0 [ 834.993848][T14489] CPU: 0 UID: 0 PID: 14489 Comm: syz.5.2183 Tainted: G L syzkaller #0 PREEMPT(full) [ 834.993874][T14489] Tainted: [L]=SOFTLOCKUP [ 834.993880][T14489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 834.993889][T14489] Call Trace: [ 834.993895][T14489] [ 834.993902][T14489] dump_stack_lvl+0x100/0x190 [ 834.993931][T14489] should_fail_ex.cold+0x5/0xa [ 834.993950][T14489] should_failslab+0xc2/0x120 [ 834.993967][T14489] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 834.993990][T14489] ? __send_signal_locked+0x155/0x12d0 [ 834.994017][T14489] __send_signal_locked+0x155/0x12d0 [ 834.994043][T14489] group_send_sig_info+0x2a4/0x300 [ 834.994061][T14489] ? __pfx_group_send_sig_info+0x10/0x10 [ 834.994084][T14489] ? kill_pid_info_type+0x1a/0x290 [ 834.994099][T14489] kill_pid_info_type+0x92/0x290 [ 834.994118][T14489] kill_proc_info+0x6f/0x1b0 [ 834.994135][T14489] kill_something_info+0x2a0/0x310 [ 834.994156][T14489] __x64_sys_kill+0x1c4/0x250 [ 834.994173][T14489] ? __pfx___x64_sys_kill+0x10/0x10 [ 834.994201][T14489] do_syscall_64+0x106/0xf80 [ 834.994222][T14489] ? clear_bhb_loop+0x40/0x90 [ 834.994239][T14489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.994255][T14489] RIP: 0033:0x7f42b2f9c799 [ 834.994275][T14489] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 834.994291][T14489] RSP: 002b:00007f42b3da7028 EFLAGS: 00000246 ORIG_RAX: 000000000000003e [ 834.994306][T14489] RAX: ffffffffffffffda RBX: 00007f42b3215fa0 RCX: 00007f42b2f9c799 [ 834.994316][T14489] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000089 [ 834.994325][T14489] RBP: 00007f42b3032c99 R08: 0000000000000000 R09: 0000000000000000 [ 834.994334][T14489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 834.994343][T14489] R13: 00007f42b3216038 R14: 00007f42b3215fa0 R15: 00007ffd90dcc3d8 [ 834.994366][T14489] [ 836.853988][T14523] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 837.501108][T14539] FAULT_INJECTION: forcing a failure. [ 837.501108][T14539] name failslab, interval 1, probability 0, space 0, times 0 [ 837.561439][T14539] CPU: 0 UID: 0 PID: 14539 Comm: syz.1.2200 Tainted: G L syzkaller #0 PREEMPT(full) [ 837.561466][T14539] Tainted: [L]=SOFTLOCKUP [ 837.561472][T14539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 837.561482][T14539] Call Trace: [ 837.561487][T14539] [ 837.561494][T14539] dump_stack_lvl+0x100/0x190 [ 837.561523][T14539] should_fail_ex.cold+0x5/0xa [ 837.561543][T14539] should_failslab+0xc2/0x120 [ 837.561560][T14539] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 837.561585][T14539] ? snd_pcm_hw_rule_add+0x3b3/0x510 [ 837.561639][T14539] krealloc_node_align_noprof+0x30a/0x3e0 [ 837.561663][T14539] ? __split_page_owner+0x1f9/0x350 [ 837.561681][T14539] snd_pcm_hw_rule_add+0x3b3/0x510 [ 837.561699][T14539] ? __pfx_snd_pcm_hw_rule_format+0x10/0x10 [ 837.561719][T14539] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 837.561737][T14539] ? mutex_init_lockep+0x110/0x150 [ 837.561758][T14539] ? snd_pcm_attach_substream+0x29b/0xd60 [ 837.561808][T14539] snd_pcm_open_substream+0x54a/0x1850 [ 837.561832][T14539] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 837.561854][T14539] ? rcu_is_watching+0x12/0xc0 [ 837.561882][T14539] snd_pcm_open+0x2a3/0x710 [ 837.561905][T14539] ? __pfx_snd_pcm_open+0x10/0x10 [ 837.561931][T14539] ? __pfx_default_wake_function+0x10/0x10 [ 837.561958][T14539] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 837.561979][T14539] snd_pcm_playback_open+0x86/0xe0 [ 837.562001][T14539] snd_open+0x22d/0x4c0 [ 837.562021][T14539] ? __pfx_snd_open+0x10/0x10 [ 837.562037][T14539] chrdev_open+0x234/0x6a0 [ 837.562054][T14539] ? __pfx_chrdev_open+0x10/0x10 [ 837.562070][T14539] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 837.562091][T14539] do_dentry_open+0x6d8/0x1660 [ 837.562106][T14539] ? __pfx_chrdev_open+0x10/0x10 [ 837.562126][T14539] vfs_open+0x82/0x3f0 [ 837.562147][T14539] path_openat+0x208c/0x31a0 [ 837.562169][T14539] ? __pfx_path_openat+0x10/0x10 [ 837.562192][T14539] do_file_open+0x20e/0x430 [ 837.562217][T14539] ? __pfx_do_file_open+0x10/0x10 [ 837.562248][T14539] ? alloc_fd+0x476/0x790 [ 837.562266][T14539] ? do_getname+0x191/0x390 [ 837.562288][T14539] do_sys_openat2+0x10d/0x1e0 [ 837.562308][T14539] ? __pfx_do_sys_openat2+0x10/0x10 [ 837.562335][T14539] __x64_sys_openat+0x12d/0x210 [ 837.562356][T14539] ? __pfx___x64_sys_openat+0x10/0x10 [ 837.562383][T14539] do_syscall_64+0x106/0xf80 [ 837.562405][T14539] ? clear_bhb_loop+0x40/0x90 [ 837.562425][T14539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.562441][T14539] RIP: 0033:0x7f949559c799 [ 837.562454][T14539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 837.562469][T14539] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 837.562484][T14539] RAX: ffffffffffffffda RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 837.562494][T14539] RDX: 0000000000002100 RSI: 0000200000004ec0 RDI: ffffffffffffff9c [ 837.562504][T14539] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 837.562513][T14539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 837.562522][T14539] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 837.562542][T14539] [ 840.639033][T14592] nvme_fabrics: missing parameter 'transport=%s' [ 840.672645][T14592] nvme_fabrics: missing parameter 'nqn=%s' [ 843.140793][T14664] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 843.164016][T14664] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 843.180390][T14664] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 843.209486][T14664] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 843.226138][T14664] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 843.247023][T14664] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 843.299249][T14664] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 843.329962][T14664] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 843.355014][T14664] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 843.387975][T14664] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 843.768909][T14681] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2249'. [ 843.830109][T14685] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2249'. [ 843.897707][T14681] netlink: 210 bytes leftover after parsing attributes in process `syz.4.2249'. [ 844.134779][T14697] futex_wake_op: syz.4.2253 tries to shift op by -2048; fix this program [ 844.179758][T14697] futex_wake_op: syz.4.2253 tries to shift op by -2048; fix this program [ 844.229595][T14697] 0x000000000001-0x000000020000 : "" [ 844.277079][T14697] ftl_cs: FTL header corrupt! [ 845.111449][T12925] Bluetooth: hci0: command 0x0406 tx timeout [ 845.142320][T14722] FAULT_INJECTION: forcing a failure. [ 845.142320][T14722] name failslab, interval 1, probability 0, space 0, times 0 [ 845.191517][T12925] Bluetooth: hci2: command 0x0406 tx timeout [ 845.199012][T12543] Bluetooth: hci1: command 0x0406 tx timeout [ 845.248152][T14722] CPU: 0 UID: 0 PID: 14722 Comm: syz.5.2260 Tainted: G L syzkaller #0 PREEMPT(full) [ 845.248180][T14722] Tainted: [L]=SOFTLOCKUP [ 845.248186][T14722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 845.248195][T14722] Call Trace: [ 845.248201][T14722] [ 845.248207][T14722] dump_stack_lvl+0x100/0x190 [ 845.248236][T14722] should_fail_ex.cold+0x5/0xa [ 845.248256][T14722] should_failslab+0xc2/0x120 [ 845.248272][T14722] __kmalloc_cache_noprof+0x7a/0x6f0 [ 845.248292][T14722] ? sctp_add_bind_addr+0xae/0x3e0 [ 845.248408][T14722] sctp_add_bind_addr+0xae/0x3e0 [ 845.248431][T14722] sctp_copy_local_addr_list+0x349/0x550 [ 845.248535][T14722] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 845.248557][T14722] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 845.248605][T14722] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 845.248624][T14722] sctp_bind_addr_copy+0xe0/0x530 [ 845.248649][T14722] sctp_sf_do_unexpected_init.isra.0+0x906/0x16e0 [ 845.248698][T14722] ? __pfx_sctp_sf_do_unexpected_init.isra.0+0x10/0x10 [ 845.248720][T14722] ? __pfx_sctp_sm_lookup_event+0x10/0x10 [ 845.248744][T14722] ? __pfx_sctp_cname+0x10/0x10 [ 845.248764][T14722] sctp_do_sm+0x17a/0x5be0 [ 845.248785][T14722] ? __pfx_sctp_packet_singleton+0x10/0x10 [ 845.248803][T14722] ? __pfx_sctp_do_sm+0x10/0x10 [ 845.248851][T14722] ? ktime_get+0x200/0x300 [ 845.248867][T14722] ? lockdep_hardirqs_on+0x78/0x100 [ 845.248892][T14722] sctp_assoc_bh_rcv+0x392/0x6f0 [ 845.248913][T14722] sctp_inq_push+0x1db/0x280 [ 845.248930][T14722] sctp_backlog_rcv+0x169/0x590 [ 845.248950][T14722] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 845.248969][T14722] __release_sock+0x3a2/0x440 [ 845.248992][T14722] ? lockdep_hardirqs_on+0x78/0x100 [ 845.249016][T14722] release_sock+0x5a/0x220 [ 845.249037][T14722] sctp_wait_for_connect+0x1ed/0x610 [ 845.249065][T14722] ? __pfx_sctp_wait_for_connect+0x10/0x10 [ 845.249088][T14722] ? __pfx_autoremove_wake_function+0x10/0x10 [ 845.249110][T14722] ? sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 845.249129][T14722] __sctp_connect+0x9bb/0xc70 [ 845.249150][T14722] ? __pfx___sctp_connect+0x10/0x10 [ 845.249167][T14722] ? __pfx_sctp_inet_connect+0x10/0x10 [ 845.249184][T14722] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 845.249201][T14722] ? __pfx_sctp_inet_connect+0x10/0x10 [ 845.249216][T14722] sctp_inet_connect+0x15f/0x220 [ 845.249233][T14722] __sys_connect_file+0x141/0x1a0 [ 845.249254][T14722] __sys_connect+0x141/0x170 [ 845.249273][T14722] ? __pfx___sys_connect+0x10/0x10 [ 845.249304][T14722] __x64_sys_connect+0x72/0xb0 [ 845.249322][T14722] ? lockdep_hardirqs_on+0x78/0x100 [ 845.249342][T14722] do_syscall_64+0x106/0xf80 [ 845.249363][T14722] ? clear_bhb_loop+0x40/0x90 [ 845.249381][T14722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.249397][T14722] RIP: 0033:0x7f42b2f9c799 [ 845.249411][T14722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 845.249425][T14722] RSP: 002b:00007f42b3da7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 845.249441][T14722] RAX: ffffffffffffffda RBX: 00007f42b3215fa0 RCX: 00007f42b2f9c799 [ 845.249451][T14722] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 845.249460][T14722] RBP: 00007f42b3032c99 R08: 0000000000000000 R09: 0000000000000000 [ 845.249469][T14722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.249478][T14722] R13: 00007f42b3216038 R14: 00007f42b3215fa0 R15: 00007ffd90dcc3d8 [ 845.249498][T14722] [ 845.776652][T12925] Bluetooth: hci4: command 0x0c1a tx timeout [ 845.784561][T12925] Bluetooth: hci3: command 0x0406 tx timeout [ 845.791663][T12925] Bluetooth: hci5: command 0x0c1a tx timeout [ 847.832261][T12925] Bluetooth: hci5: command 0x0c1a tx timeout [ 847.838345][T12543] Bluetooth: hci4: command 0x0c1a tx timeout [ 848.011294][T14816] random: crng reseeded on system resumption [ 849.317537][T14855] FAULT_INJECTION: forcing a failure. [ 849.317537][T14855] name failslab, interval 1, probability 0, space 0, times 0 [ 849.367168][T14855] CPU: 0 UID: 0 PID: 14855 Comm: syz.5.2304 Tainted: G L syzkaller #0 PREEMPT(full) [ 849.367196][T14855] Tainted: [L]=SOFTLOCKUP [ 849.367201][T14855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 849.367211][T14855] Call Trace: [ 849.367216][T14855] [ 849.367222][T14855] dump_stack_lvl+0x100/0x190 [ 849.367252][T14855] should_fail_ex.cold+0x5/0xa [ 849.367271][T14855] should_failslab+0xc2/0x120 [ 849.367321][T14855] __kmalloc_cache_noprof+0x7a/0x6f0 [ 849.367342][T14855] ? vhost_net_open+0xb9/0x8b0 [ 849.367488][T14855] vhost_net_open+0xb9/0x8b0 [ 849.367510][T14855] ? __pfx_vhost_net_open+0x10/0x10 [ 849.367532][T14855] misc_open+0x26d/0x450 [ 849.367550][T14855] ? __pfx_misc_open+0x10/0x10 [ 849.367567][T14855] chrdev_open+0x234/0x6a0 [ 849.367583][T14855] ? __pfx_apparmor_file_open+0x10/0x10 [ 849.367599][T14855] ? __pfx_chrdev_open+0x10/0x10 [ 849.367615][T14855] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 849.367636][T14855] do_dentry_open+0x6d8/0x1660 [ 849.367651][T14855] ? __pfx_chrdev_open+0x10/0x10 [ 849.367672][T14855] vfs_open+0x82/0x3f0 [ 849.367694][T14855] path_openat+0x208c/0x31a0 [ 849.367716][T14855] ? __pfx_path_openat+0x10/0x10 [ 849.367738][T14855] do_file_open+0x20e/0x430 [ 849.367758][T14855] ? __pfx_do_file_open+0x10/0x10 [ 849.367787][T14855] ? alloc_fd+0x476/0x790 [ 849.367804][T14855] ? do_getname+0x191/0x390 [ 849.367825][T14855] do_sys_openat2+0x10d/0x1e0 [ 849.367844][T14855] ? __pfx_do_sys_openat2+0x10/0x10 [ 849.367871][T14855] __x64_sys_openat+0x12d/0x210 [ 849.367890][T14855] ? __pfx___x64_sys_openat+0x10/0x10 [ 849.367918][T14855] do_syscall_64+0x106/0xf80 [ 849.367940][T14855] ? clear_bhb_loop+0x40/0x90 [ 849.367959][T14855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 849.367975][T14855] RIP: 0033:0x7f42b2f9c799 [ 849.367988][T14855] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 849.368002][T14855] RSP: 002b:00007f42b3da7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 849.368018][T14855] RAX: ffffffffffffffda RBX: 00007f42b3215fa0 RCX: 00007f42b2f9c799 [ 849.368028][T14855] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 849.368038][T14855] RBP: 00007f42b3032c99 R08: 0000000000000000 R09: 0000000000000000 [ 849.368047][T14855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 849.368056][T14855] R13: 00007f42b3216038 R14: 00007f42b3215fa0 R15: 00007ffd90dcc3d8 [ 849.368076][T14855] [ 849.966003][T12925] Bluetooth: hci5: command 0x0c1a tx timeout [ 849.972095][T12925] Bluetooth: hci4: command 0x0c1a tx timeout [ 850.015605][T14867] ubi0: attaching mtd0 [ 850.027470][T14867] FAULT_INJECTION: forcing a failure. [ 850.027470][T14867] name failslab, interval 1, probability 0, space 0, times 0 [ 850.059311][T14867] CPU: 0 UID: 0 PID: 14867 Comm: syz.1.2307 Tainted: G L syzkaller #0 PREEMPT(full) [ 850.059339][T14867] Tainted: [L]=SOFTLOCKUP [ 850.059344][T14867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 850.059353][T14867] Call Trace: [ 850.059359][T14867] [ 850.059365][T14867] dump_stack_lvl+0x100/0x190 [ 850.059405][T14867] should_fail_ex.cold+0x5/0xa [ 850.059425][T14867] should_failslab+0xc2/0x120 [ 850.059442][T14867] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 850.059464][T14867] ? add_to_list+0xcb/0x600 [ 850.059594][T14867] add_to_list+0xcb/0x600 [ 850.059618][T14867] ubi_attach+0x2044/0x4d30 [ 850.059640][T14867] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 850.059660][T14867] ? ubi_msg+0x114/0x159 [ 850.059690][T14867] ? __pfx_ubi_msg+0x10/0x10 [ 850.059712][T14867] ? __pfx_ubi_attach+0x10/0x10 [ 850.059726][T14867] ? lockdep_init_map_type+0x5c/0x250 [ 850.059748][T14867] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 850.059763][T14867] ? __vmalloc_node_noprof+0xad/0xf0 [ 850.059781][T14867] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 850.059798][T14867] ubi_attach_mtd_dev+0x139f/0x32a0 [ 850.059822][T14867] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 850.059837][T14867] ? __pfx_get_mtd_device+0x10/0x10 [ 850.059883][T14867] ctrl_cdev_ioctl+0x36a/0x400 [ 850.059899][T14867] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 850.059921][T14867] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 850.059937][T14867] __x64_sys_ioctl+0x18e/0x210 [ 850.059961][T14867] do_syscall_64+0x106/0xf80 [ 850.059983][T14867] ? clear_bhb_loop+0x40/0x90 [ 850.060001][T14867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.060016][T14867] RIP: 0033:0x7f949559c799 [ 850.060031][T14867] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 850.060045][T14867] RSP: 002b:00007f94963f1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 850.060060][T14867] RAX: ffffffffffffffda RBX: 00007f9495815fa0 RCX: 00007f949559c799 [ 850.060070][T14867] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000005 [ 850.060079][T14867] RBP: 00007f9495632c99 R08: 0000000000000000 R09: 0000000000000000 [ 850.060089][T14867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 850.060097][T14867] R13: 00007f9495816038 R14: 00007f9495815fa0 R15: 00007fff17efaf48 [ 850.060118][T14867] [ 850.303697][ T29] audit: type=1326 audit(4294967356.980:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14869 comm="syz.2.2309" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0c7f9c799 code=0x0 [ 850.935870][T14867] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -12 [ 853.229108][T14925] netlink: 318 bytes leftover after parsing attributes in process `syz.2.2326'. [ 853.826767][T14941] sp0: Synchronizing with TNC [ 853.923065][T14951] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2335'. [ 853.982622][T14954] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2335'. [ 854.695308][T14969] FAULT_INJECTION: forcing a failure. [ 854.695308][T14969] name fail_futex, interval 1, probability 0, space 0, times 0 [ 854.832279][T14969] CPU: 0 UID: 0 PID: 14969 Comm: syz.5.2339 Tainted: G L syzkaller #0 PREEMPT(full) [ 854.832306][T14969] Tainted: [L]=SOFTLOCKUP [ 854.832311][T14969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 854.832320][T14969] Call Trace: [ 854.832325][T14969] [ 854.832331][T14969] dump_stack_lvl+0x100/0x190 [ 854.832357][T14969] should_fail_ex.cold+0x5/0xa [ 854.832373][T14969] ? rcu_is_watching+0x12/0xc0 [ 854.832396][T14969] get_futex_key+0x107c/0x1620 [ 854.832416][T14969] ? __pfx_get_futex_key+0x10/0x10 [ 854.832431][T14969] ? lock_acquire+0x1cf/0x380 [ 854.832455][T14969] futex_wake+0xea/0x530 [ 854.832478][T14969] ? __pfx_futex_wake+0x10/0x10 [ 854.832498][T14969] ? exit_mm_release+0x19/0x30 [ 854.832520][T14969] do_futex+0x32b/0x350 [ 854.832538][T14969] ? __pfx_do_futex+0x10/0x10 [ 854.832554][T14969] ? __might_fault+0xc5/0x140 [ 854.832579][T14969] mm_release+0x24a/0x2f0 [ 854.832600][T14969] do_exit+0x704/0x2b60 [ 854.832621][T14969] ? __pfx_do_exit+0x10/0x10 [ 854.832639][T14969] ? do_raw_spin_lock+0x128/0x260 [ 854.832658][T14969] ? find_held_lock+0x2b/0x80 [ 854.832672][T14969] ? get_signal+0x7e0/0x21e0 [ 854.832688][T14969] do_group_exit+0xd5/0x2a0 [ 854.832708][T14969] get_signal+0x1ec7/0x21e0 [ 854.832729][T14969] ? __pfx_get_signal+0x10/0x10 [ 854.832745][T14969] ? do_futex+0x192/0x350 [ 854.832765][T14969] arch_do_signal_or_restart+0x91/0x770 [ 854.832782][T14969] ? __pfx_kernel_move_pages+0x10/0x10 [ 854.832800][T14969] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 854.832823][T14969] ? __pfx___x64_sys_futex+0x10/0x10 [ 854.832845][T14969] exit_to_user_mode_loop+0x86/0x4a0 [ 854.832865][T14969] do_syscall_64+0x668/0xf80 [ 854.832886][T14969] ? clear_bhb_loop+0x40/0x90 [ 854.832904][T14969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.832918][T14969] RIP: 0033:0x7f42b2f9c799 [ 854.832931][T14969] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 854.832944][T14969] RSP: 002b:00007f42b3da70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 854.832958][T14969] RAX: fffffffffffffe00 RBX: 00007f42b3215fa8 RCX: 00007f42b2f9c799 [ 854.832968][T14969] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f42b3215fa8 [ 854.832976][T14969] RBP: 00007f42b3215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 854.832985][T14969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 854.832993][T14969] R13: 00007f42b3216038 R14: 00007ffd90dcc2f0 R15: 00007ffd90dcc3d8 [ 854.833012][T14969] [ 855.557661][T14981] ubi0: attaching mtd0 [ 855.585799][T14981] FAULT_INJECTION: forcing a failure. [ 855.585799][T14981] name failslab, interval 1, probability 0, space 0, times 0 [ 855.669988][T14981] CPU: 0 UID: 0 PID: 14981 Comm: syz.5.2342 Tainted: G L syzkaller #0 PREEMPT(full) [ 855.670015][T14981] Tainted: [L]=SOFTLOCKUP [ 855.670021][T14981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 855.670031][T14981] Call Trace: [ 855.670037][T14981] [ 855.670043][T14981] dump_stack_lvl+0x100/0x190 [ 855.670073][T14981] should_fail_ex.cold+0x5/0xa [ 855.670093][T14981] should_failslab+0xc2/0x120 [ 855.670110][T14981] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 855.670132][T14981] ? add_to_list+0xcb/0x600 [ 855.670159][T14981] add_to_list+0xcb/0x600 [ 855.670189][T14981] ubi_attach+0x2044/0x4d30 [ 855.670211][T14981] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 855.670231][T14981] ? ubi_msg+0x114/0x159 [ 855.670254][T14981] ? __pfx_ubi_msg+0x10/0x10 [ 855.670287][T14981] ? __pfx_ubi_attach+0x10/0x10 [ 855.670301][T14981] ? lockdep_init_map_type+0x5c/0x250 [ 855.670325][T14981] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 855.670341][T14981] ? __vmalloc_node_noprof+0xad/0xf0 [ 855.670360][T14981] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 855.670378][T14981] ubi_attach_mtd_dev+0x139f/0x32a0 [ 855.670406][T14981] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 855.670420][T14981] ? __pfx_get_mtd_device+0x10/0x10 [ 855.670445][T14981] ctrl_cdev_ioctl+0x36a/0x400 [ 855.670460][T14981] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 855.670481][T14981] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 855.670497][T14981] __x64_sys_ioctl+0x18e/0x210 [ 855.670519][T14981] do_syscall_64+0x106/0xf80 [ 855.670544][T14981] ? clear_bhb_loop+0x40/0x90 [ 855.670563][T14981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.670580][T14981] RIP: 0033:0x7f42b2f9c799 [ 855.670593][T14981] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 855.670611][T14981] RSP: 002b:00007f42b3da7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 855.670626][T14981] RAX: ffffffffffffffda RBX: 00007f42b3215fa0 RCX: 00007f42b2f9c799 [ 855.670636][T14981] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000005 [ 855.670645][T14981] RBP: 00007f42b3032c99 R08: 0000000000000000 R09: 0000000000000000 [ 855.670654][T14981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 855.670663][T14981] R13: 00007f42b3216038 R14: 00007f42b3215fa0 R15: 00007ffd90dcc3d8 [ 855.670684][T14981] [ 856.348450][T14988] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2345'. [ 856.381472][T14988] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2345'. [ 856.892033][T14992] netlink: 54 bytes leftover after parsing attributes in process `syz.2.2347'. [ 857.925577][T15010] netlink: 'syz.1.2354': attribute type 1 has an invalid length. [ 857.969473][T15010] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2354'. [ 858.067306][T14981] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -12 [ 860.176799][T15053] FAULT_INJECTION: forcing a failure. [ 860.176799][T15053] name failslab, interval 1, probability 0, space 0, times 0 [ 860.332049][T15053] CPU: 0 UID: 0 PID: 15053 Comm: syz.5.2365 Tainted: G L syzkaller #0 PREEMPT(full) [ 860.332078][T15053] Tainted: [L]=SOFTLOCKUP [ 860.332083][T15053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 860.332093][T15053] Call Trace: [ 860.332098][T15053] [ 860.332104][T15053] dump_stack_lvl+0x100/0x190 [ 860.332133][T15053] should_fail_ex.cold+0x5/0xa [ 860.332153][T15053] should_failslab+0xc2/0x120 [ 860.332171][T15053] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 860.332192][T15053] ? can_rx_register+0x582/0x6f0 [ 860.332217][T15053] can_rx_register+0x582/0x6f0 [ 860.332235][T15053] ? __pfx_raw_rcv+0x10/0x10 [ 860.332258][T15053] ? __pfx_can_rx_register+0x10/0x10 [ 860.332286][T15053] raw_enable_filters+0xe0/0x210 [ 860.332312][T15053] raw_enable_allfilters+0x8b/0x2b0 [ 860.332334][T15053] ? __local_bh_enable_ip+0x9e/0x120 [ 860.332354][T15053] raw_bind+0x1bd/0xdf0 [ 860.332374][T15053] ? apparmor_socket_bind+0x105/0x1e0 [ 860.332481][T15053] __sys_bind+0x1a9/0x260 [ 860.332501][T15053] ? __pfx___sys_bind+0x10/0x10 [ 860.332531][T15053] __x64_sys_bind+0x72/0xb0 [ 860.332548][T15053] ? lockdep_hardirqs_on+0x78/0x100 [ 860.332571][T15053] do_syscall_64+0x106/0xf80 [ 860.332591][T15053] ? clear_bhb_loop+0x40/0x90 [ 860.332610][T15053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.332625][T15053] RIP: 0033:0x7f42b2f9c799 [ 860.332639][T15053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 860.332653][T15053] RSP: 002b:00007f42b3da7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 860.332668][T15053] RAX: ffffffffffffffda RBX: 00007f42b3215fa0 RCX: 00007f42b2f9c799 [ 860.332678][T15053] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 860.332686][T15053] RBP: 00007f42b3032c99 R08: 0000000000000000 R09: 0000000000000000 [ 860.332696][T15053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 860.332704][T15053] R13: 00007f42b3216038 R14: 00007f42b3215fa0 R15: 00007ffd90dcc3d8 [ 860.332725][T15053] [ 861.082334][T15059] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2366'. [ 861.096245][T15059] netlink: 13 bytes leftover after parsing attributes in process `syz.5.2366'. [ 861.700946][T15071] binder: BINDER_SET_CONTEXT_MGR already set [ 861.720694][T15071] binder: 15070:15071 ioctl 4018620d 2000000027c0 returned -16 [ 863.452850][T15106] netlink: 17 bytes leftover after parsing attributes in process `syz.5.2382'. [ 863.471681][T15108] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2381'. [ 864.173670][T15123] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2388'. [ 865.836104][T15165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2395'. [ 868.491613][T15207] netlink: 350 bytes leftover after parsing attributes in process `syz.4.2410'. [ 868.719588][T15209] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2411'. [ 868.809379][T15209] bond0: (slave bond_slave_0): Releasing backup interface [ 869.063611][T15216] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1597170177 is already present [ 870.019547][T15229] FAULT_INJECTION: forcing a failure. [ 870.019547][T15229] name failslab, interval 1, probability 0, space 0, times 0 [ 870.106263][T15229] CPU: 0 UID: 0 PID: 15229 Comm: syz.5.2417 Tainted: G L syzkaller #0 PREEMPT(full) [ 870.106292][T15229] Tainted: [L]=SOFTLOCKUP [ 870.106298][T15229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 870.106307][T15229] Call Trace: [ 870.106313][T15229] [ 870.106320][T15229] dump_stack_lvl+0x100/0x190 [ 870.106349][T15229] should_fail_ex.cold+0x5/0xa [ 870.106369][T15229] should_failslab+0xc2/0x120 [ 870.106386][T15229] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 870.106409][T15229] ? copy_process+0x2802/0x7a40 [ 870.106428][T15229] ? _raw_spin_unlock+0x28/0x50 [ 870.106450][T15229] copy_process+0x2802/0x7a40 [ 870.106482][T15229] ? __pfx_copy_process+0x10/0x10 [ 870.106510][T15229] kernel_clone+0xfc/0x9a0 [ 870.106527][T15229] ? __pfx_futex_wait+0x10/0x10 [ 870.106552][T15229] ? __pfx_kernel_clone+0x10/0x10 [ 870.106580][T15229] __do_sys_clone+0xd9/0x120 [ 870.106597][T15229] ? __pfx___do_sys_clone+0x10/0x10 [ 870.106630][T15229] do_syscall_64+0x106/0xf80 [ 870.106650][T15229] ? clear_bhb_loop+0x40/0x90 [ 870.106668][T15229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.106683][T15229] RIP: 0033:0x7f42b2f9c799 [ 870.106697][T15229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 870.106711][T15229] RSP: 002b:00007f42b3da6fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 870.106734][T15229] RAX: ffffffffffffffda RBX: 00007f42b3215fa0 RCX: 00007f42b2f9c799 [ 870.106744][T15229] RDX: 0000000000000000 RSI: 0000000000000300 RDI: 0000000000000011 [ 870.106753][T15229] RBP: 00007f42b3032c99 R08: 0000000000000000 R09: 0000000000000000 [ 870.106762][T15229] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 870.106771][T15229] R13: 00007f42b3216038 R14: 00007f42b3215fa0 R15: 00007ffd90dcc3d8 [ 870.106791][T15229] [ 870.582995][T15250] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2421'. [ 870.851711][T15236] zswap: compressor not available [ 871.095572][T15262] can0: slcan on ttyS2. [ 871.264743][T15260] can0 (unregistered): slcan off ttyS2. [ 871.616764][T15277] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2426'. [ 872.010412][T15278] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 872.134860][T15278] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. [ 872.161564][T15278] TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details. [ 872.194806][T15278] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details. [ 874.350507][T15357] zswap: compressor not available [ 874.699498][T15370] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2444'. [ 876.475371][T15428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2455'. [ 876.514823][T15428] netlink: 'syz.4.2455': attribute type 1 has an invalid length. [ 876.551842][T15428] netlink: 5 bytes leftover after parsing attributes in process `syz.4.2455'. [ 876.573220][T15432] tipc: Started in network mode [ 876.578266][T15432] tipc: Node identity ffffffff, cluster identity 4711 [ 876.642961][T15432] tipc: Node number set to 4294967295 [ 879.645347][T15473] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2466'. [ 880.959345][T15498] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2473'. [ 881.897950][T15513] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2477'. [ 882.055821][T15517] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 882.950695][T12543] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 885.097338][T15572] netlink: 226 bytes leftover after parsing attributes in process `syz.1.2492'. [ 885.108573][T15572] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2492'. [ 885.121322][T15572] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 885.845723][T12925] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 885.860831][T12925] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 885.869207][T12925] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 885.878821][T12925] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 885.886743][T12925] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 886.320731][T15586] chnl_net:caif_netlink_parms(): no params data found [ 886.616039][T15586] bridge0: port 1(bridge_slave_0) entered blocking state [ 886.630775][T15586] bridge0: port 1(bridge_slave_0) entered disabled state [ 886.641388][T15586] bridge_slave_0: entered allmulticast mode [ 886.653912][T15586] bridge_slave_0: entered promiscuous mode [ 886.675911][T15586] bridge0: port 2(bridge_slave_1) entered blocking state [ 886.695507][T15586] bridge0: port 2(bridge_slave_1) entered disabled state [ 886.738430][T15586] bridge_slave_1: entered allmulticast mode [ 886.753233][T15586] bridge_slave_1: entered promiscuous mode [ 886.889420][T15586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 886.962983][T15586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 887.052175][T15586] team0: Port device team_slave_0 added [ 887.098886][T15586] team0: Port device team_slave_1 added [ 887.179403][T15586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 887.199976][T15586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 887.270624][T15586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 887.294819][T15586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 887.310886][T15586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 887.420915][T15586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 887.541675][T15586] hsr_slave_0: entered promiscuous mode [ 887.559088][T15586] hsr_slave_1: entered promiscuous mode [ 887.587774][T15586] debugfs: 'hsr0' already exists in 'hsr' [ 887.598956][T15586] Cannot create hsr debugfs directory [ 887.916263][T12925] Bluetooth: hci6: command tx timeout [ 888.691365][T15586] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 888.720772][T15586] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 888.755642][T15586] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 888.782476][T15586] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 889.024795][T15632] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2502'. [ 889.457521][T15586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 889.556754][T15586] 8021q: adding VLAN 0 to HW filter on device team0 [ 889.593842][T12556] bridge0: port 1(bridge_slave_0) entered blocking state [ 889.601052][T12556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 889.677170][T12562] bridge0: port 2(bridge_slave_1) entered blocking state [ 889.685151][T12562] bridge0: port 2(bridge_slave_1) entered forwarding state [ 889.949417][T15643] zswap: compressor not available [ 889.964598][T15646] Setting dangerous option i915.mitigations - tainting kernel [ 889.993924][T12925] Bluetooth: hci6: command tx timeout [ 890.346006][T15586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 890.711465][ T30] INFO: task kworker/u10:1:12548 blocked for more than 143 seconds. [ 890.719654][ T30] Tainted: G U L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 890.765675][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 890.812636][ T30] task:kworker/u10:1 state:D stack:26888 pid:12548 tgid:12548 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 890.902980][ T30] Workqueue: netns cleanup_net [ 890.914005][ T30] Call Trace: [ 890.921128][ T30] [ 890.943377][ T30] __schedule+0xfee/0x6120 [ 890.960622][ T30] ? __lock_acquire+0x4a5/0x2630 [ 890.980756][ T30] ? __pfx___schedule+0x10/0x10 [ 890.985681][ T30] ? find_held_lock+0x2b/0x80 [ 891.071742][ T30] ? schedule+0x2bf/0x390 [ 891.076154][ T30] schedule+0xdd/0x390 [ 891.080281][ T30] schedule_timeout+0x1b2/0x280 [ 891.142157][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 891.147622][ T30] ? mark_held_locks+0x40/0x70 [ 891.196037][ T30] __wait_for_common+0x2e7/0x4c0 [ 891.220673][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 891.226116][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 891.252171][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 891.257448][ T30] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 891.266710][ T30] __flush_workqueue+0x3f7/0x1200 [ 891.281252][ T30] ? __lock_acquire+0x4a5/0x2630 [ 891.286255][ T30] ? __lock_acquire+0x4a5/0x2630 [ 891.299270][ T30] ? __pfx___flush_workqueue+0x10/0x10 [ 891.311062][ T30] ? reacquire_held_locks+0xce/0x1e0 [ 891.316429][ T30] ? __pfx_sock_def_readable+0x10/0x10 [ 891.351061][ T30] ? __pfx_sock_def_readable+0x10/0x10 [ 891.358575][ T30] rds_tcp_listen_stop+0x104/0x160 [ 891.370869][ T30] rds_tcp_exit_net+0xe0/0x870 [ 891.375704][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 891.399095][ T30] ? __pfx___might_resched+0x10/0x10 [ 891.411704][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 891.417327][ T30] ops_undo_list+0x2ee/0xab0 [ 891.470619][ T30] ? __pfx_ops_undo_list+0x10/0x10 [ 891.475798][ T30] ? cleanup_net+0x332/0x920 [ 891.490619][ T30] ? idr_destroy+0x62/0x2e0 [ 891.495367][ T30] cleanup_net+0x499/0x920 [ 891.499825][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 891.520612][ T30] ? rcu_is_watching+0x12/0xc0 [ 891.525629][ T30] process_one_work+0xa23/0x19a0 [ 891.540962][ T30] ? __pfx_process_one_work+0x10/0x10 [ 891.546417][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 891.583948][ T30] worker_thread+0x5ef/0xe50 [ 891.588626][ T30] ? __pfx_worker_thread+0x10/0x10 [ 891.610622][ T30] ? kthread+0x13a/0x450 [ 891.615027][ T30] ? __pfx_worker_thread+0x10/0x10 [ 891.620179][ T30] kthread+0x370/0x450 [ 891.630778][ T30] ? __pfx_kthread+0x10/0x10 [ 891.635436][ T30] ret_from_fork+0x754/0xd80 [ 891.640075][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 891.645875][ T30] ? __switch_to+0x7b4/0x1120 [ 891.650941][ T30] ? __pfx_kthread+0x10/0x10 [ 891.660891][ T30] ret_from_fork_asm+0x1a/0x30 [ 891.665680][ T30] [ 891.668868][ T30] [ 891.668868][ T30] Showing all locks held in the system: [ 891.701805][ T30] 3 locks held by kworker/1:0/24: [ 891.707316][ T30] #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 891.800671][ T30] #1: ffffc900001e7d08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 891.810446][ T30] #2: ffffffff8e7f3338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 891.870681][ T30] 1 lock held by khungtaskd/30: [ 891.875685][ T30] #0: ffffffff8e7e7720 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 891.950855][ T30] 4 locks held by kworker/0:5/5907: [ 891.956091][ T30] #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 891.991225][ T30] #1: ffffc900042a7d08 ((work_completion)(&(&idev->mc_dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 892.035176][ T30] #2: ffff888076e391e0 (&r->consumer_lock#2){+...}-{3:3}, at: wg_packet_handshake_receive_worker+0x1a5/0x370 [ 892.071852][T12925] Bluetooth: hci6: command tx timeout [ 892.090957][ T30] #3: ffffffff8e7e76c0 (rcu_read_lock_bh){....}-{1:3}, at: wg_pubkey_hashtable_lookup+0x17/0x3f0 [ 892.140669][ T30] 7 locks held by kworker/0:1/12515: [ 892.146022][ T30] 3 locks held by kworker/u10:1/12548: [ 892.170702][ T30] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 892.200612][ T30] #1: ffffc900039c7d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 892.250654][ T30] #2: ffffffff905fca50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 892.260069][ T30] 1 lock held by syz.3.1831/13251: [ 892.272119][ T30] #0: ffffffff905fca50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 892.282453][ T30] 1 lock held by syz.0.1866/13432: [ 892.287601][ T30] #0: ffffffff905fca50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 892.297575][ T30] 2 locks held by getty/13972: [ 892.302741][ T30] #0: ffff888033dee0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 892.313043][ T30] #1: ffffc90004d472f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 892.340644][ T30] 1 lock held by syz.5.2419/15259: [ 892.345813][ T30] #0: ffffffff905fca50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 892.360620][ T30] 4 locks held by syz-executor/15586: [ 892.366042][ T30] #0: ffff8880774b0ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 892.390822][ T30] #1: ffff8880774b00c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240 [ 892.410625][ T30] #2: ffffffff908adf48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280 [ 892.420906][ T30] #3: ffff888053add2f8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x770 [ 892.430299][ T30] 1 lock held by syz.2.2505/15648: [ 892.450617][ T30] 1 lock held by syz.1.2508/15663: [ 892.455784][ T30] #0: ffffffff8e7f3338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 892.466897][ T30] [ 892.472200][ T30] ============================================= [ 892.472200][ T30] [ 892.513628][ T30] NMI backtrace for cpu 1 [ 892.513653][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 892.513691][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 892.513700][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 892.513730][ T30] Call Trace: [ 892.513739][ T30] [ 892.513749][ T30] dump_stack_lvl+0x100/0x190 [ 892.513793][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 892.513835][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 892.513866][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 892.513900][ T30] sys_info+0x141/0x190 [ 892.513926][ T30] watchdog+0xd25/0x1050 [ 892.513962][ T30] ? __pfx_watchdog+0x10/0x10 [ 892.513989][ T30] ? __kthread_parkme+0x18c/0x230 [ 892.514024][ T30] ? kthread+0x13a/0x450 [ 892.514052][ T30] ? __pfx_watchdog+0x10/0x10 [ 892.514076][ T30] kthread+0x370/0x450 [ 892.514106][ T30] ? __pfx_kthread+0x10/0x10 [ 892.514141][ T30] ret_from_fork+0x754/0xd80 [ 892.514179][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 892.514218][ T30] ? __switch_to+0x7b4/0x1120 [ 892.514247][ T30] ? __pfx_kthread+0x10/0x10 [ 892.514282][ T30] ret_from_fork_asm+0x1a/0x30 [ 892.514328][ T30] [ 892.514348][ T30] Sending NMI from CPU 1 to CPUs 0: [ 892.643449][ C0] NMI backtrace for cpu 0 [ 892.643476][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G U L syzkaller #0 PREEMPT(full) [ 892.643511][ C0] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 892.643520][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 892.643533][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 892.643572][ C0] Code: 28 85 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 b0 1d 00 fb f4 fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 892.643595][ C0] RSP: 0018:ffffffff8e407e00 EFLAGS: 00000242 [ 892.643613][ C0] RAX: 000000000016a575 RBX: ffffffff8e4975c0 RCX: ffffffff8b8ddc75 [ 892.643629][ C0] RDX: 0000000000000000 RSI: ffffffff8de80d86 RDI: ffffffff8c1b11a0 [ 892.643643][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed101708679d [ 892.643657][ C0] R10: ffff8880b8433ceb R11: 0000000000000000 R12: 0000000000000000 [ 892.643671][ C0] R13: fffffbfff1c92eb8 R14: 0000000000000000 R15: ffffffff90d9d910 [ 892.643686][ C0] FS: 0000000000000000(0000) GS:ffff888124346000(0000) knlGS:0000000000000000 [ 892.643707][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 892.643722][ C0] CR2: 00000000003c5000 CR3: 000000000e598000 CR4: 00000000003526f0 [ 892.643737][ C0] Call Trace: [ 892.643744][ C0] [ 892.643751][ C0] default_idle+0x9/0x10 [ 892.643773][ C0] default_idle_call+0x6c/0xb0 [ 892.643794][ C0] do_idle+0x464/0x590 [ 892.643818][ C0] ? __pfx_do_idle+0x10/0x10 [ 892.643843][ C0] cpu_startup_entry+0x4f/0x60 [ 892.643871][ C0] rest_init+0x251/0x260 [ 892.643894][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 892.644031][ C0] start_kernel+0x47f/0x480 [ 892.644082][ C0] x86_64_start_reservations+0x24/0x30 [ 892.644109][ C0] x86_64_start_kernel+0x12b/0x130 [ 892.644134][ C0] common_startup_64+0x13e/0x148 [ 892.644167][ C0] [ 892.863894][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 892.870893][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 892.881597][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 892.886893][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 892.897309][ T30] Call Trace: [ 892.900599][ T30] [ 892.903532][ T30] dump_stack_lvl+0x100/0x190 [ 892.908229][ T30] vpanic+0x552/0x970 [ 892.912214][ T30] ? __pfx_vpanic+0x10/0x10 [ 892.916810][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 892.922991][ T30] panic+0xd1/0xe0 [ 892.926720][ T30] ? __pfx_panic+0x10/0x10 [ 892.931143][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 892.937304][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 892.943565][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 892.949743][ T30] ? watchdog.cold+0x198/0x1ca [ 892.954549][ T30] ? watchdog+0xd35/0x1050 [ 892.958984][ T30] watchdog.cold+0x1a9/0x1ca [ 892.963857][ T30] ? __pfx_watchdog+0x10/0x10 [ 892.968547][ T30] ? __kthread_parkme+0x18c/0x230 [ 892.974026][ T30] ? kthread+0x13a/0x450 [ 892.978370][ T30] ? __pfx_watchdog+0x10/0x10 [ 892.983049][ T30] kthread+0x370/0x450 [ 892.987303][ T30] ? __pfx_kthread+0x10/0x10 [ 892.992344][ T30] ret_from_fork+0x754/0xd80 [ 892.997431][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 893.002650][ T30] ? __switch_to+0x7b4/0x1120 [ 893.007344][ T30] ? __pfx_kthread+0x10/0x10 [ 893.011949][ T30] ret_from_fork_asm+0x1a/0x30 [ 893.016738][ T30] [ 893.020011][ T30] Kernel Offset: disabled [ 893.024418][ T30] Rebooting in 86400 seconds..