last executing test programs: 3m3.864373631s ago: executing program 1 (id=4971): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000006380), 0x101101, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010300000000ffdbdf250100000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) read$auto(r0, &(0x7f00000004c0)=':)%-\x00', 0x1) 3m3.672881882s ago: executing program 1 (id=4973): mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x401, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0c\x00', 0x80, 0x0) 3m3.219306921s ago: executing program 1 (id=4982): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) read$auto(0x3, 0x0, 0x1f40) r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r0) mkdir$auto(0x0, 0xfffd) 3m2.955002036s ago: executing program 1 (id=4976): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f00000000c0), 0x141401, 0x0) capset$auto(0x0, 0x0) clock_adjtime$auto(0xfffffffffffffffb, 0x0) 3m2.72865193s ago: executing program 1 (id=4979): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) read$auto(0x3, 0x0, 0x7fffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x8af}, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x4) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) 3m2.448242534s ago: executing program 1 (id=4980): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/udp\x00', 0x22180, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000380)=""/122, 0xc7) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000400)=""/241, 0xf1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r2) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r3, 0x1, 0x70bd21, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20004810}, 0x20008050) sendmsg$auto_NFSD_CMD_VERSION_SET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x80, r3, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@NFSD_A_SERVER_PROTO_VERSION={0xc, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_MINOR={0x8, 0x2, 0x460}]}, @NFSD_A_SERVER_PROTO_VERSION={0x3c, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x83}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x4}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x8b27}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x6}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x895}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x1}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x8}]}, @NFSD_A_SERVER_PROTO_VERSION={0x18, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x1}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x10000}]}, @NFSD_A_SERVER_PROTO_VERSION={0xc, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_ENABLED={0x4}]}]}, 0x80}, 0x1, 0x0, 0x0, 0xc880}, 0xc050) 2m47.292723839s ago: executing program 32 (id=4980): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/udp\x00', 0x22180, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000380)=""/122, 0xc7) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000400)=""/241, 0xf1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r2) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r3, 0x1, 0x70bd21, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20004810}, 0x20008050) sendmsg$auto_NFSD_CMD_VERSION_SET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x80, r3, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@NFSD_A_SERVER_PROTO_VERSION={0xc, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_MINOR={0x8, 0x2, 0x460}]}, @NFSD_A_SERVER_PROTO_VERSION={0x3c, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x83}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x4}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x8b27}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x6}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x895}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x1}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x8}]}, @NFSD_A_SERVER_PROTO_VERSION={0x18, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x1}, @NFSD_A_VERSION_MINOR={0x8, 0x2, 0x10000}]}, @NFSD_A_SERVER_PROTO_VERSION={0xc, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_ENABLED={0x4}]}]}, 0x80}, 0x1, 0x0, 0x0, 0xc880}, 0xc050) 2m40.427598943s ago: executing program 0 (id=5098): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) 2m40.061495218s ago: executing program 0 (id=5101): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) io_uring_setup$auto(0x401, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, 0x0, 0x55) 2m39.44514294s ago: executing program 0 (id=5105): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x4600, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x4b72, r2) 2m39.19887323s ago: executing program 0 (id=5107): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0xb00) 2m38.19697148s ago: executing program 0 (id=5117): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 2m37.474864274s ago: executing program 0 (id=5113): name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = epoll_create$auto(0x1) capset$auto(0x0, 0x0) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) read$auto(r1, 0x0, 0x8) close_range$auto(r0, 0xffffffffffffffff, 0x0) 2m21.537912093s ago: executing program 33 (id=5113): name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = epoll_create$auto(0x1) capset$auto(0x0, 0x0) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) read$auto(r1, 0x0, 0x8) close_range$auto(r0, 0xffffffffffffffff, 0x0) 1m29.051025241s ago: executing program 3 (id=5495): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x186, 0x400, 0x9}]}) 1m28.632307214s ago: executing program 3 (id=5500): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mtd/mtd0/oobsize\x00', 0x40000, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0xa0040, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x1, 0x10001, 0x3, 0x5e, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) 1m27.867816398s ago: executing program 3 (id=5504): prctl$auto(0x4e, 0x1, 0x0, 0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0x5, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x100007) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8002, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r0, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 1m27.020703787s ago: executing program 3 (id=5510): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0xa9, 0x0) timer_create$auto(0x2, 0x0, 0x0) r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f00000002c0), 0x20001, 0x0) writev$auto(r0, &(0x7f0000001c80)={0x0, 0x101}, 0x6) 1m26.427396527s ago: executing program 3 (id=5515): syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0xa00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) lseek$auto(r0, 0x9, 0x0) getdents$auto(r0, 0x0, 0x62d4) 1m25.345918512s ago: executing program 3 (id=5518): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x58400, 0x22) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)) r2 = epoll_create$auto(0x8800001) epoll_ctl$auto(r2, 0x1, r0, 0x0) 1m10.21580192s ago: executing program 34 (id=5518): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x58400, 0x22) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)) r2 = epoll_create$auto(0x8800001) epoll_ctl$auto(r2, 0x1, r0, 0x0) 49.533657863s ago: executing program 6 (id=5706): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xff}}, 0x54) 49.263746557s ago: executing program 6 (id=5707): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001480)='/proc/sys/net/ipv6/conf/geneve0/disable_ipv6\x00', 0x40001, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r1 = socket(0xa, 0x5, 0x0) getsockopt$auto(r1, 0x84, 0x11, 0x0, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15a}, 0x6, 0x8, 0x5) pwritev$auto(r0, &(0x7f0000000040)={0x0, 0x1}, 0x9, 0x3, 0xd3b8) 47.579671903s ago: executing program 6 (id=5718): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) bpf$auto(0x3, 0x0, 0x8) socket(0xa, 0x2, 0x3a) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x6) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000100), 0x20201, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) 45.617380655s ago: executing program 6 (id=5726): close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc048aeca, 0x0) 45.20180034s ago: executing program 6 (id=5728): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) mkdir$auto(&(0x7f00000000c0)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r2 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r2, 0x0, 0x400) ioctl$auto(r1, 0x2284, r0) 44.582627815s ago: executing program 6 (id=5732): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x11, 0x3, 0x2) getsockopt$auto(r0, 0x107, 0x11, 0x0, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec4\x00', 0x189380, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_GET(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r1, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, 0x0, 0x8094) 29.255445535s ago: executing program 35 (id=5732): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x11, 0x3, 0x2) getsockopt$auto(r0, 0x107, 0x11, 0x0, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec4\x00', 0x189380, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_GET(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r1, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, 0x0, 0x8094) 6.784910384s ago: executing program 4 (id=5940): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x149) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x2, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0xb}, 0x200000003) write$auto(0x3, 0x0, 0x5c8) 4.390999092s ago: executing program 4 (id=5948): r0 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x3) mmap$auto(0x0, 0xe983, 0x0, 0x18, r0, 0x8004) mknod$auto(0x0, 0xd, 0x7) write$auto(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x880c2, 0xb3) getpid() r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x40103, 0x0) ioctl$auto_SNDCTL_SEQ_CTRLRATE(r1, 0xc0045103, 0x0) 4.210546306s ago: executing program 4 (id=5950): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x8, @old_prog_fd=r0}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0xff, 0xffffff01, 0x9, 0x6, @count=0x75, 0x0, 0x3, 0xa, 0x0, 0x7}, 0x9) 4.075109572s ago: executing program 4 (id=5951): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/input/event0\x00', 0x3496c2, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x143242, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(r0, 0xc028ae92, 0x0) 3.882949452s ago: executing program 5 (id=5952): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x0, 0x408, 0x100000) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mbind$auto(0x8000000000000001, 0x10, 0x10000, 0x0, 0x2, 0x8) madvise$auto_MADV_GUARD_REMOVE(0x0, 0x40, 0x67) 3.851168128s ago: executing program 4 (id=5953): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) mkdir$auto(&(0x7f00000000c0)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r2 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r2, 0x0, 0x400) ioctl$auto(r1, 0x2284, r0) 3.406253338s ago: executing program 4 (id=5956): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x2a) r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1}, 0x57) write$auto(0x3, 0x0, 0x3f00) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 3.269304648s ago: executing program 7 (id=5957): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = open(&(0x7f0000000040)='./file0\x00', 0x6041, 0x131) write$auto(r0, 0x0, 0xfffffdf1) fsetxattr$auto(r0, &(0x7f0000000180)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', 0x0, 0x7bd, 0x1) write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) gettid() ioctl$auto_FS_IOC_SETFLAGS2(r0, 0x40086602, 0x0) mprotect$auto(0x0, 0x8000000000800001, 0x8) 2.291750615s ago: executing program 7 (id=5961): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) pselect6$auto(0x9, &(0x7f0000000000)={[0x8, 0x4, 0x0, 0x6, 0x8001, 0xfffffffffffff000, 0xfff, 0x9, 0xcf1, 0x100000003, 0x8000000000000001, 0x0, 0x2f, 0x4002, 0x8000000000000002, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) msgctl$auto_MSG_INFO(0x10, 0xc, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 1.978529391s ago: executing program 7 (id=5962): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="cb5b"], 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x4, 0x0, 0x0, 0x1009}, 0x7}, 0x3, 0x0) syz_genetlink_get_family_id$auto_l2tp(0x0, r0) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) recvmmsg$auto(r0, 0x0, 0x7, 0x6, 0x0) 1.930922351s ago: executing program 5 (id=5963): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) recvfrom$auto(0x3, 0x0, 0x80000000002, 0x6, 0x0, 0x0) 1.675636351s ago: executing program 2 (id=5964): unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) io_uring_setup$auto(0x3, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x400caed0, r0) 1.542506943s ago: executing program 7 (id=5965): io_uring_setup$auto(0x59, &(0x7f0000000080)={0xb, 0x40000d, 0x10400, 0x6, 0x4, 0x3, 0xffffffffffffffff, [], {0x7, 0x200004, 0x7, 0x2a3, 0x100, 0x3, 0x40100101, 0x6}, {0xf8, 0x4, 0x9, 0x1, 0x3, 0x40, 0xcc, 0x8, 0x100000004}}) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x6, 0x2, 0x20000007, 0x0) pselect6$auto(0x5, &(0x7f0000000400)={[0x8, 0x5, 0x0, 0x5, 0x8001, 0x6, 0xac, 0x2000009, 0x3, 0xffffffff, 0x7fffffffffffffff, 0x0, 0x1000, 0x2, 0x8, 0x3ff]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) clone$auto(0x6d8, 0xffe, 0x0, 0x0, 0x4000000a) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_enter$auto(0x3, 0x4, 0xb0b2, 0x6, 0x0, 0x2) 1.256049731s ago: executing program 2 (id=5966): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x8400ae8e, 0x0) 928.780126ms ago: executing program 2 (id=5967): r0 = socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) socket(0x10, 0x3, 0x6) socketpair$auto(0x400001e, 0x4, 0x8000000000000000, 0x0) write$auto(r0, 0x0, 0x5c8) socket(0x10, 0x2, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) 897.582377ms ago: executing program 5 (id=5968): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000d80), r0) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0xa, 0x3, 0x87) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "00800000ffefffffff0200000001"}, 0x55) sendmsg$auto_CGROUPSTATS_CMD_GET(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbff}, 0x14}}, 0x20000004) 740.568297ms ago: executing program 2 (id=5969): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r0, 0x7, 0x6}, 0x6, 0x100000) r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r0) close_range$auto(0x2, 0x8, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x121200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000000)={0x54, r2, 0x301, 0x70bd2b, 0x25dfdbfd, {}, [@NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x950}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0xfffffffb}, @NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x4}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x106}]}, 0x54}, 0x1, 0x0, 0x0, 0x2004c005}, 0xc4) 671.648503ms ago: executing program 7 (id=5970): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x400, 0x1, 0x4}]}) 637.281988ms ago: executing program 5 (id=5971): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000040), 0x8006, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) read$auto(0x3, 0x0, 0x7ffffffff000) mmap$auto(0x0, 0x10000, 0xde, 0x11, 0xffffffffffffffff, 0x28000) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0) 388.094311ms ago: executing program 7 (id=5972): mmap$auto(0x9, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) getsockopt$auto(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) mmap$auto(0x0, 0x810004, 0x400000000fff, 0x8000000008011, 0x3, 0x8000) getdents$auto(0xffffffffffffffff, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) madvise$auto(0x0, 0xffffffffffff0005, 0x17) sendfile$auto(0x2, 0x3, 0x0, 0xc3e0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 387.369799ms ago: executing program 2 (id=5980): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x8000) mmap$auto(0x0, 0x20009, 0x4, 0xeb1, 0x405, 0x8000) sendmsg$auto_NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x24, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x8, 0x2, "141dbb9d"}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4040000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fcdbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a000500c862a41184f600000a00010000000000000000000a00010070b28a70c5dc0000080004000300000006000700ff"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x10000) 286.932945ms ago: executing program 5 (id=5973): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x400000f4, 0x400, 0x4}]}) 132.592197ms ago: executing program 2 (id=5974): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x2, 0x2, 0x1) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @local}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, 0x0, 0x10a, 0x6, 0x0) 0s ago: executing program 5 (id=5975): mmap$auto(0x0, 0x40000c, 0x45bd, 0x9b72, 0x2, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="110b27bd7000ffdbdf250900000800030000", @ANYRES32=0x0, @ANYBLOB="080006"], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x1000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0xc045}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8000, 0x1, 0x8, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "787d66da4a620eab7f736e854ef61529", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) kernel console output (not intermixed with test programs): 611] ? alloc_fd+0x476/0x790 [ 727.488764][T18611] ? do_getname+0x191/0x390 [ 727.488800][T18611] do_sys_openat2+0x10d/0x1e0 [ 727.488834][T18611] ? __pfx_do_sys_openat2+0x10/0x10 [ 727.488872][T18611] ? __fget_files+0x21f/0x3d0 [ 727.488905][T18611] __x64_sys_openat+0x12d/0x210 [ 727.488941][T18611] ? __pfx___x64_sys_openat+0x10/0x10 [ 727.488991][T18611] do_syscall_64+0x106/0xf80 [ 727.489028][T18611] ? clear_bhb_loop+0x40/0x90 [ 727.489060][T18611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.489087][T18611] RIP: 0033:0x7f6408b9c799 [ 727.489108][T18611] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 727.489132][T18611] RSP: 002b:00007f6409af4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 727.489162][T18611] RAX: ffffffffffffffda RBX: 00007f6408e15fa0 RCX: 00007f6408b9c799 [ 727.489178][T18611] RDX: 0000000000008382 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 727.489194][T18611] RBP: 00007f6408c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 727.489210][T18611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 727.489225][T18611] R13: 00007f6408e16038 R14: 00007f6408e15fa0 R15: 00007fff00d278d8 [ 727.489258][T18611] [ 729.338308][T18646] netlink: 146 bytes leftover after parsing attributes in process `syz.3.4705'. [ 729.813974][T18656] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4708'. [ 730.126238][T18657] Process accounting resumed [ 730.514926][T18672] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 730.699981][T18669] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 731.069066][T18683] FAULT_INJECTION: forcing a failure. [ 731.069066][T18683] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 731.158781][T18683] CPU: 0 UID: 0 PID: 18683 Comm: syz.2.4716 Tainted: G L syzkaller #0 PREEMPT(full) [ 731.158823][T18683] Tainted: [L]=SOFTLOCKUP [ 731.158832][T18683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 731.158847][T18683] Call Trace: [ 731.158855][T18683] [ 731.158864][T18683] dump_stack_lvl+0x100/0x190 [ 731.158909][T18683] should_fail_ex.cold+0x5/0xa [ 731.158934][T18683] ? prepare_alloc_pages+0x16d/0x5f0 [ 731.158968][T18683] should_fail_alloc_page+0xeb/0x140 [ 731.158998][T18683] prepare_alloc_pages+0x1f0/0x5f0 [ 731.159032][T18683] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 731.159080][T18683] ? try_to_migrate_one+0x13fd/0x3860 [ 731.159125][T18683] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 731.159187][T18683] ? reacquire_held_locks+0xce/0x1e0 [ 731.159221][T18683] ? folio_lock_anon_vma_read+0x348/0xe30 [ 731.159260][T18683] ? folio_lock_anon_vma_read+0x348/0xe30 [ 731.159300][T18683] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 731.159327][T18683] ? policy_nodemask+0xed/0x4f0 [ 731.159363][T18683] alloc_pages_mpol+0x1fb/0x550 [ 731.159392][T18683] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 731.159428][T18683] folio_alloc_mpol_noprof+0x36/0x340 [ 731.159463][T18683] alloc_migration_target_by_mpol+0x2c1/0x650 [ 731.159499][T18683] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 731.159535][T18683] ? __pfx___might_resched+0x10/0x10 [ 731.159575][T18683] ? folio_get_anon_vma+0x16b/0x980 [ 731.159614][T18683] migrate_pages_batch+0x4f2/0x4530 [ 731.159645][T18683] ? kernel_text_address+0x50/0x100 [ 731.159684][T18683] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 731.159731][T18683] ? __pfx_migrate_pages_batch+0x10/0x10 [ 731.159764][T18683] ? __pfx_stack_trace_save+0x10/0x10 [ 731.159791][T18683] ? stack_depot_save_flags+0x27/0x9d0 [ 731.159823][T18683] ? __split_vma+0x392/0xd90 [ 731.159861][T18683] ? kasan_save_stack+0x3f/0x50 [ 731.159900][T18683] ? kasan_save_stack+0x30/0x50 [ 731.159939][T18683] ? kasan_save_track+0x14/0x30 [ 731.159960][T18683] ? __kasan_slab_alloc+0x89/0x90 [ 731.159983][T18683] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 731.160022][T18683] ? __mpol_dup+0x74/0x370 [ 731.160050][T18683] ? mbind_range+0x2ad/0x550 [ 731.160084][T18683] migrate_pages_sync+0x12c/0x880 [ 731.160116][T18683] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 731.160158][T18683] ? __pfx_migrate_pages_sync+0x10/0x10 [ 731.160193][T18683] ? __lock_acquire+0x4a5/0x2630 [ 731.160233][T18683] migrate_pages+0x1aae/0x28a0 [ 731.160268][T18683] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 731.160310][T18683] ? __pfx_migrate_pages+0x10/0x10 [ 731.160351][T18683] ? find_held_lock+0x2b/0x80 [ 731.160376][T18683] ? do_mbind+0x557/0xfd0 [ 731.160412][T18683] ? up_write+0x290/0x4f0 [ 731.160452][T18683] do_mbind+0x5a6/0xfd0 [ 731.160492][T18683] ? __pfx_do_mbind+0x10/0x10 [ 731.160523][T18683] ? ksys_write+0x190/0x250 [ 731.160550][T18683] ? ksys_write+0x190/0x250 [ 731.160586][T18683] ? __pfx_get_nodes+0x10/0x10 [ 731.160616][T18683] kernel_mbind+0x1b7/0x200 [ 731.160651][T18683] ? __pfx_kernel_mbind+0x10/0x10 [ 731.160692][T18683] do_syscall_64+0x106/0xf80 [ 731.160730][T18683] ? clear_bhb_loop+0x40/0x90 [ 731.160761][T18683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.160787][T18683] RIP: 0033:0x7f6408b9c799 [ 731.160807][T18683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 731.160832][T18683] RSP: 002b:00007f6409ad3028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 731.160855][T18683] RAX: ffffffffffffffda RBX: 00007f6408e16090 RCX: 00007f6408b9c799 [ 731.160872][T18683] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 731.160887][T18683] RBP: 00007f6408c32c99 R08: 0000002000000006 R09: 0000000000000002 [ 731.160903][T18683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.160917][T18683] R13: 00007f6408e16128 R14: 00007f6408e16090 R15: 00007fff00d278d8 [ 731.160949][T18683] [ 731.878567][T18690] FAULT_INJECTION: forcing a failure. [ 731.878567][T18690] name failslab, interval 1, probability 0, space 0, times 0 [ 731.892424][T18690] CPU: 0 UID: 0 PID: 18690 Comm: syz.1.4720 Tainted: G L syzkaller #0 PREEMPT(full) [ 731.892464][T18690] Tainted: [L]=SOFTLOCKUP [ 731.892473][T18690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 731.892488][T18690] Call Trace: [ 731.892496][T18690] [ 731.892504][T18690] dump_stack_lvl+0x100/0x190 [ 731.892547][T18690] should_fail_ex.cold+0x5/0xa [ 731.892578][T18690] should_failslab+0xc2/0x120 [ 731.892606][T18690] __kmalloc_cache_noprof+0x7a/0x6f0 [ 731.892640][T18690] ? copy_mount_options+0x55/0x190 [ 731.892681][T18690] copy_mount_options+0x55/0x190 [ 731.892718][T18690] __x64_sys_mount+0x1ab/0x310 [ 731.892749][T18690] ? __pfx___x64_sys_mount+0x10/0x10 [ 731.892790][T18690] do_syscall_64+0x106/0xf80 [ 731.892828][T18690] ? clear_bhb_loop+0x40/0x90 [ 731.892859][T18690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.892884][T18690] RIP: 0033:0x7f179719c799 [ 731.892904][T18690] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 731.892929][T18690] RSP: 002b:00007f1798023028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 731.892953][T18690] RAX: ffffffffffffffda RBX: 00007f1797415fa0 RCX: 00007f179719c799 [ 731.892970][T18690] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 731.892986][T18690] RBP: 00007f1797232c99 R08: 0000200000000280 R09: 0000000000000000 [ 731.893001][T18690] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 731.893016][T18690] R13: 00007f1797416038 R14: 00007f1797415fa0 R15: 00007ffec8d79a18 [ 731.893047][T18690] [ 733.369126][T18722] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4731'. [ 733.635401][T18727] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 733.769469][T18730] smpboot: CPU 1 is now offline [ 736.134493][T18782] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 736.249297][T18785] netlink: 318 bytes leftover after parsing attributes in process `syz.2.4754'. [ 736.369847][T18783] smpboot: CPU 1 is now offline [ 736.554161][T18789] random: crng reseeded on system resumption [ 736.785817][T18789] hub 1-0:1.0: USB hub found [ 736.810444][T18789] hub 1-0:1.0: 1 port detected [ 736.864578][T18796] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4758'. [ 737.761962][T18817] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4766'. [ 737.812979][T18817] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.820427][T18817] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.088005][T18839] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4776'. [ 739.402408][T18848] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4780'. [ 742.185616][T18901] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 742.351324][T18905] smpboot: CPU 1 is now offline [ 742.419262][T18890] ima: policy update failed [ 742.435837][ T30] audit: type=1802 audit(4294987000.633:26): pid=18890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.4804" res=0 errno=0 [ 743.744387][T18940] ubi0: attaching mtd0 [ 743.783777][T18941] binder: 18938:18941 ioctl 40046210 0 returned -14 [ 743.800331][T18940] ubi0: scanning is finished [ 743.820663][T18940] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 744.122099][T18940] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 744.569016][T18965] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4817'. [ 744.872670][T18975] blktrace: Concurrent blktraces are not allowed on sda1 [ 745.834221][T18996] vivid-007: ================= START STATUS ================= [ 745.888126][T18996] vivid-007: Generate PTS: true [ 745.910427][T18996] vivid-007: Generate SCR: true [ 745.915412][T18996] tpg source WxH: 320x240 (Y'CbCr) [ 745.990366][T18996] tpg field: 1 [ 746.034133][T18996] tpg crop: (0,0)/320x240 [ 746.090787][T18996] tpg compose: (0,0)/320x240 [ 746.123160][T18996] tpg colorspace: 8 [ 746.153673][T18996] tpg transfer function: 0/0 [ 746.196417][T18996] tpg Y'CbCr encoding: 0/0 [ 746.226240][T18996] tpg quantization: 0/0 [ 746.280244][T18996] tpg RGB range: 0/2 [ 746.307562][T18996] vivid-007: ================== END STATUS ================== [ 747.070114][T19027] random: crng reseeded on system resumption [ 747.083251][ T30] audit: type=1800 audit(4294987005.291:27): pid=19024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4836" name="dbroot" dev="configfs" ino=83854 res=0 errno=0 [ 747.238333][T19027] hub 1-0:1.0: USB hub found [ 747.280515][T19027] hub 1-0:1.0: 1 port detected [ 747.371383][T19032] netlink: 'syz.3.4838': attribute type 21 has an invalid length. [ 747.396220][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.402735][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.431033][T19032] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4838'. [ 748.548706][T19054] nvme_fabrics: missing parameter 'transport=%s' [ 748.561595][T19054] nvme_fabrics: missing parameter 'nqn=%s' [ 748.797602][T19064] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4849'. [ 748.842793][T19066] bond0: option all_slaves_active: invalid value () [ 749.146820][T19074] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807fe01140 pfn:0x7fe01 [ 749.199360][T19074] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 749.277954][T19074] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 749.309538][T19074] raw: ffff88807fe01140 0000000000000000 00000001ffffffff 0000000000000000 [ 749.345139][T19074] page dumped because: unmovable page [ 749.367419][T19074] page_owner tracks the page as allocated [ 749.382605][T19074] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 10532, tgid 10531 (syz.2.1776), ts 310886445486, free_ts 274468962921 [ 749.429244][T19074] post_alloc_hook+0x153/0x170 [ 749.442054][T19074] get_page_from_freelist+0x111d/0x3140 [ 749.452248][T19074] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 749.468485][T19074] alloc_pages_mpol+0x1fb/0x550 [ 749.478593][T19074] alloc_pages_noprof+0x131/0x390 [ 749.492124][T19074] brd_submit_bio+0x116a/0x20d0 [ 749.502276][T19074] __submit_bio+0x419/0x6c0 [ 749.512234][T19074] submit_bio_noacct_nocheck+0x74f/0xc10 [ 749.529601][T19074] submit_bio_noacct+0xd17/0x2010 [ 749.538988][T19074] blkdev_direct_IO+0x155c/0x1fb0 [ 749.551027][T19074] blkdev_write_iter+0x703/0xd70 [ 749.561165][T19074] vfs_write+0x6ac/0x1070 [ 749.567323][T19074] ksys_write+0x12a/0x250 [ 749.581905][T19074] do_syscall_64+0x106/0xf80 [ 749.592069][T19074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.602467][T19074] page last free pid 9861 tgid 9861 stack trace: [ 749.619159][T19074] __free_frozen_pages+0x7e1/0x10d0 [ 749.629286][T19074] mon_bin_release+0x15a/0x210 [ 749.639406][T19074] __fput+0x3ff/0xb40 [ 749.652082][T19074] task_work_run+0x150/0x240 [ 749.662355][T19074] exit_to_user_mode_loop+0x100/0x4a0 [ 749.672258][T19074] do_syscall_64+0x668/0xf80 [ 749.685111][T19074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.092502][T19105] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4859'. [ 751.394315][T19112] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 751.456709][T19112] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 751.739547][T19114] zswap: compressor not available [ 752.873035][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e96fc00: rx timeout, send abort [ 752.883372][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805e96fc00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 753.328527][T19161] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4881'. [ 754.586057][T19194] vivid-003: ================= START STATUS ================= [ 754.630036][T19194] vivid-003: Radio HW Seek Mode: Bounded [ 754.670977][T19194] vivid-003: Radio Programmable HW Seek: false [ 754.701361][T19194] vivid-003: RDS Rx I/O Mode: Block I/O [ 754.732697][T19194] vivid-003: Generate RBDS Instead of RDS: false [ 754.767035][T19194] vivid-003: RDS Reception: true [ 754.818948][T19194] vivid-003: RDS Program Type: 0 inactive [ 754.855169][T19194] vivid-003: RDS PS Name: inactive [ 754.881539][T19194] vivid-003: RDS Radio Text: inactive [ 754.958923][T19194] vivid-003: RDS Traffic Announcement: false inactive [ 755.014833][T19194] vivid-003: RDS Traffic Program: false inactive [ 755.059505][T19194] vivid-003: RDS Music: false inactive [ 755.087040][T19194] vivid-003: ================== END STATUS ================== [ 755.133694][T19205] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4893'. [ 755.546688][T19184] Process accounting resumed [ 756.005628][T19225] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 756.018602][T19225] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 756.031333][T19225] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 756.048300][T19225] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 758.036732][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 758.043448][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 758.049507][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 758.117765][T19276] Bluetooth: hci3: command 0x0406 tx timeout [ 760.579790][T19317] Process accounting paused [ 762.408481][T19363] type: 65536 invalid [ 762.636616][T19372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4946'. [ 762.689711][T19372] netlink: 5 bytes leftover after parsing attributes in process `syz.2.4946'. [ 762.729767][T19372] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4946'. [ 762.928051][T19377] FAULT_INJECTION: forcing a failure. [ 762.928051][T19377] name failslab, interval 1, probability 0, space 0, times 0 [ 762.995861][T19377] CPU: 0 UID: 0 PID: 19377 Comm: syz.1.4949 Tainted: G L syzkaller #0 PREEMPT(full) [ 762.995900][T19377] Tainted: [L]=SOFTLOCKUP [ 762.995909][T19377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 762.995924][T19377] Call Trace: [ 762.995931][T19377] [ 762.995940][T19377] dump_stack_lvl+0x100/0x190 [ 762.995985][T19377] should_fail_ex.cold+0x5/0xa [ 762.996015][T19377] ? alloc_pipe_info+0x1ec/0x590 [ 762.996040][T19377] should_failslab+0xc2/0x120 [ 762.996068][T19377] __kmalloc_noprof+0xe0/0x850 [ 762.996113][T19377] alloc_pipe_info+0x1ec/0x590 [ 762.996143][T19377] splice_direct_to_actor+0x78f/0xa30 [ 762.996172][T19377] ? __lock_acquire+0x4a5/0x2630 [ 762.996204][T19377] ? __pfx_direct_splice_actor+0x10/0x10 [ 762.996231][T19377] ? __pfx_aa_file_perm+0x10/0x10 [ 762.996270][T19377] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 762.996305][T19377] do_splice_direct+0x174/0x240 [ 762.996332][T19377] ? __pfx_do_splice_direct+0x10/0x10 [ 762.996359][T19377] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 762.996407][T19377] ? rw_verify_area+0xce/0x6d0 [ 762.996448][T19377] do_sendfile+0xadc/0xe20 [ 762.996494][T19377] ? __pfx_do_sendfile+0x10/0x10 [ 762.996539][T19377] ? __x64_sys_futex+0x34f/0x4d0 [ 762.996573][T19377] ? __x64_sys_futex+0x358/0x4d0 [ 762.996610][T19377] __x64_sys_sendfile64+0x1d8/0x220 [ 762.996641][T19377] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 762.996681][T19377] do_syscall_64+0x106/0xf80 [ 762.996720][T19377] ? clear_bhb_loop+0x40/0x90 [ 762.996750][T19377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.996784][T19377] RIP: 0033:0x7f179719c799 [ 762.996803][T19377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 762.996829][T19377] RSP: 002b:00007f1798023028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 762.996852][T19377] RAX: ffffffffffffffda RBX: 00007f1797415fa0 RCX: 00007f179719c799 [ 762.996869][T19377] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 762.996883][T19377] RBP: 00007f1797232c99 R08: 0000000000000000 R09: 0000000000000000 [ 762.996899][T19377] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000000 [ 762.996914][T19377] R13: 00007f1797416038 R14: 00007f1797415fa0 R15: 00007ffec8d79a18 [ 762.996945][T19377] [ 763.779713][T19383] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 763.840906][T19384] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 764.814597][T19394] sp0: Synchronizing with TNC [ 764.883997][T19393] [U] è [ 765.047168][T19399] sp0: Synchronizing with TNC [ 766.341385][T19433] hugetlbfs: syz.0.4968 (19433): Using mlock ulimits for SHM_HUGETLB is obsolete [ 768.358450][T19474] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4983'. [ 768.771468][T19479] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4986'. [ 769.322836][T19489] netlink: 'syz.3.4988': attribute type 4 has an invalid length. [ 769.608962][T19495] mtrr: base(0x8f000) is not aligned on a size(0x0000) boundary [ 775.518164][T19567] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5015'. [ 776.833490][T19587] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 777.032042][T19592] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 777.103093][T19592] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 778.489206][T19619] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 779.285610][T19641] futex_wake_op: syz.0.5040 tries to shift op by -2048; fix this program [ 780.238594][T19663] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5050'. [ 782.189548][T19692] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 783.568902][T19714] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5068'. [ 783.641364][ T5830] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 783.651532][ T5830] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 783.660469][ T5830] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 783.668294][ T5830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 783.676181][ T5830] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 784.762872][T19725] chnl_net:caif_netlink_parms(): no params data found [ 785.730278][ T5830] Bluetooth: hci4: command tx timeout [ 785.764392][T19773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5080'. [ 785.838613][T19773] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5080'. [ 785.874889][T19725] bridge0: port 1(bridge_slave_0) entered blocking state [ 785.939533][T19725] bridge0: port 1(bridge_slave_0) entered disabled state [ 785.979593][T19725] bridge_slave_0: entered allmulticast mode [ 786.042806][T19725] bridge_slave_0: entered promiscuous mode [ 786.097932][T19725] bridge0: port 2(bridge_slave_1) entered blocking state [ 786.142483][T19725] bridge0: port 2(bridge_slave_1) entered disabled state [ 786.149718][T19725] bridge_slave_1: entered allmulticast mode [ 786.216565][T19725] bridge_slave_1: entered promiscuous mode [ 786.578213][T19759] Process accounting paused [ 786.649407][T19725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 786.705323][T19725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 786.839547][T19725] team0: Port device team_slave_0 added [ 786.871676][T19725] team0: Port device team_slave_1 added [ 786.995522][T19725] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 787.052447][T19725] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 787.191119][T19725] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 787.236748][T19725] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 787.271219][T19725] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 787.381503][T19725] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 787.441786][T19799] netlink: 234 bytes leftover after parsing attributes in process `syz.2.5086'. [ 787.582300][T19725] hsr_slave_0: entered promiscuous mode [ 787.613972][T19725] hsr_slave_1: entered promiscuous mode [ 787.642679][T19725] debugfs: 'hsr0' already exists in 'hsr' [ 787.648452][T19725] Cannot create hsr debugfs directory [ 787.814159][ T5830] Bluetooth: hci4: command tx timeout [ 788.508156][T19725] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 788.695889][T19725] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 788.790487][T19725] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 788.846267][T19725] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 788.864471][T19819] FAULT_INJECTION: forcing a failure. [ 788.864471][T19819] name failslab, interval 1, probability 0, space 0, times 0 [ 788.907828][T19819] CPU: 0 UID: 0 PID: 19819 Comm: syz.2.5094 Tainted: G L syzkaller #0 PREEMPT(full) [ 788.907867][T19819] Tainted: [L]=SOFTLOCKUP [ 788.907876][T19819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 788.907891][T19819] Call Trace: [ 788.907900][T19819] [ 788.907908][T19819] dump_stack_lvl+0x100/0x190 [ 788.907952][T19819] should_fail_ex.cold+0x5/0xa [ 788.907983][T19819] should_failslab+0xc2/0x120 [ 788.908011][T19819] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 788.908050][T19819] ? sp_alloc+0x27/0x160 [ 788.908087][T19819] sp_alloc+0x27/0x160 [ 788.908125][T19819] mpol_set_shared_policy+0xa5/0x8a0 [ 788.908165][T19819] ? __pfx_shmem_set_policy+0x10/0x10 [ 788.908194][T19819] mbind_range+0x339/0x550 [ 788.908230][T19819] do_mbind+0x7de/0xfd0 [ 788.908269][T19819] ? __might_fault+0xc5/0x140 [ 788.908306][T19819] ? __pfx_do_mbind+0x10/0x10 [ 788.908345][T19819] ? _copy_from_user+0x59/0xd0 [ 788.908384][T19819] ? __pfx_get_nodes+0x10/0x10 [ 788.908415][T19819] kernel_mbind+0x1b7/0x200 [ 788.908450][T19819] ? __pfx_kernel_mbind+0x10/0x10 [ 788.908492][T19819] do_syscall_64+0x106/0xf80 [ 788.908531][T19819] ? clear_bhb_loop+0x40/0x90 [ 788.908561][T19819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 788.908587][T19819] RIP: 0033:0x7f6408b9c799 [ 788.908614][T19819] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 788.908641][T19819] RSP: 002b:00007f6409af4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 788.908665][T19819] RAX: ffffffffffffffda RBX: 00007f6408e15fa0 RCX: 00007f6408b9c799 [ 788.908682][T19819] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 788.908697][T19819] RBP: 00007f6408c32c99 R08: 0000000000000003 R09: 0000000000000003 [ 788.908712][T19819] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 788.908728][T19819] R13: 00007f6408e16038 R14: 00007f6408e15fa0 R15: 00007fff00d278d8 [ 788.908760][T19819] [ 789.291744][T19725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 789.307584][T19725] 8021q: adding VLAN 0 to HW filter on device team0 [ 789.340408][T19725] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 789.350965][T19725] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 789.454512][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 789.461679][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 789.544855][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 789.552057][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 789.896943][ T5830] Bluetooth: hci4: command tx timeout [ 790.093735][T19725] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 790.917277][T19725] veth0_vlan: entered promiscuous mode [ 790.937063][T19839] Process accounting resumed [ 790.962686][T19725] veth1_vlan: entered promiscuous mode [ 791.135585][T19725] veth0_macvtap: entered promiscuous mode [ 791.187911][T19725] veth1_macvtap: entered promiscuous mode [ 791.266231][T19725] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 791.327008][T19725] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 791.403118][ T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.443420][ T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.486282][ T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.558583][ T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.798551][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 791.851242][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 791.955037][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 791.973832][ T5830] Bluetooth: hci4: command tx timeout [ 791.980681][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 793.175222][T19894] netlink: 146 bytes leftover after parsing attributes in process `syz.4.5114'. [ 794.091681][T19908] FAULT_INJECTION: forcing a failure. [ 794.091681][T19908] name failslab, interval 1, probability 0, space 0, times 0 [ 794.204447][T19908] CPU: 0 UID: 0 PID: 19908 Comm: syz.2.5119 Tainted: G L syzkaller #0 PREEMPT(full) [ 794.204495][T19908] Tainted: [L]=SOFTLOCKUP [ 794.204503][T19908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 794.204518][T19908] Call Trace: [ 794.204526][T19908] [ 794.204535][T19908] dump_stack_lvl+0x100/0x190 [ 794.204586][T19908] should_fail_ex.cold+0x5/0xa [ 794.204617][T19908] should_failslab+0xc2/0x120 [ 794.204644][T19908] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 794.204687][T19908] ? mas_alloc_nodes+0x280/0x390 [ 794.204728][T19908] mas_alloc_nodes+0x280/0x390 [ 794.204765][T19908] mas_preallocate+0x39c/0xf10 [ 794.204805][T19908] ? __memcg_slab_post_alloc_hook+0x420/0x990 [ 794.204842][T19908] ? __pfx_mas_preallocate+0x10/0x10 [ 794.204891][T19908] ? anon_vma_name+0x5a/0x250 [ 794.204927][T19908] __split_vma+0x33d/0xd90 [ 794.204967][T19908] ? __pfx___split_vma+0x10/0x10 [ 794.205010][T19908] ? __pfx_mas_prev+0x10/0x10 [ 794.205041][T19908] vms_gather_munmap_vmas+0x39f/0x1500 [ 794.205078][T19908] ? find_held_lock+0x2b/0x80 [ 794.205110][T19908] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 794.205147][T19908] ? move_page_tables+0xe1d/0x4500 [ 794.205200][T19908] do_vmi_align_munmap+0x287/0x5f0 [ 794.205243][T19908] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 794.205322][T19908] do_vmi_munmap+0x1f8/0x3e0 [ 794.205365][T19908] move_vma+0xd99/0x1890 [ 794.205407][T19908] ? __pfx_move_vma+0x10/0x10 [ 794.205448][T19908] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 794.205495][T19908] ? vrm_set_new_addr+0x204/0x290 [ 794.205535][T19908] mremap_to+0x1b7/0x450 [ 794.205574][T19908] do_mremap+0xb76/0x2130 [ 794.205625][T19908] ? __pfx_do_mremap+0x10/0x10 [ 794.205670][T19908] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 794.205704][T19908] __do_sys_mremap+0x126/0x170 [ 794.205743][T19908] ? __pfx___do_sys_mremap+0x10/0x10 [ 794.205790][T19908] ? __x64_sys_futex+0x34f/0x4d0 [ 794.205842][T19908] do_syscall_64+0x106/0xf80 [ 794.205881][T19908] ? clear_bhb_loop+0x40/0x90 [ 794.205912][T19908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.205938][T19908] RIP: 0033:0x7f6408b9c799 [ 794.205958][T19908] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 794.205982][T19908] RSP: 002b:00007f6409ad3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 794.206006][T19908] RAX: ffffffffffffffda RBX: 00007f6408e16090 RCX: 00007f6408b9c799 [ 794.206023][T19908] RDX: 0000000000000037 RSI: 0000000000000008 RDI: 0000200000001000 [ 794.206038][T19908] RBP: 00007f6408c32c99 R08: 000000110c230000 R09: 0000000000000000 [ 794.206054][T19908] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 794.206069][T19908] R13: 00007f6408e16128 R14: 00007f6408e16090 R15: 00007fff00d278d8 [ 794.206101][T19908] [ 795.291464][T19923] FAULT_INJECTION: forcing a failure. [ 795.291464][T19923] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 795.304905][T19923] CPU: 0 UID: 0 PID: 19923 Comm: syz.4.5123 Tainted: G L syzkaller #0 PREEMPT(full) [ 795.304944][T19923] Tainted: [L]=SOFTLOCKUP [ 795.304953][T19923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 795.304969][T19923] Call Trace: [ 795.304979][T19923] [ 795.304988][T19923] dump_stack_lvl+0x100/0x190 [ 795.305033][T19923] should_fail_ex.cold+0x5/0xa [ 795.305064][T19923] _copy_from_user+0x2e/0xd0 [ 795.305096][T19923] snd_pcm_oss_write2+0x1c2/0x400 [ 795.305133][T19923] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 795.305174][T19923] snd_pcm_oss_write+0x729/0xa30 [ 795.305207][T19923] ? security_file_permission+0x76/0x210 [ 795.305247][T19923] vfs_write+0x2aa/0x1070 [ 795.305280][T19923] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 795.305315][T19923] ? __pfx_vfs_write+0x10/0x10 [ 795.305338][T19923] ? find_held_lock+0x2b/0x80 [ 795.305363][T19923] ? __fget_files+0x215/0x3d0 [ 795.305387][T19923] ? __fget_files+0x215/0x3d0 [ 795.305415][T19923] ? __fget_files+0x21f/0x3d0 [ 795.305448][T19923] ksys_write+0x12a/0x250 [ 795.305472][T19923] ? __pfx_ksys_write+0x10/0x10 [ 795.305505][T19923] do_syscall_64+0x106/0xf80 [ 795.305544][T19923] ? clear_bhb_loop+0x40/0x90 [ 795.305575][T19923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.305601][T19923] RIP: 0033:0x7fc20a99c799 [ 795.305621][T19923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.305645][T19923] RSP: 002b:00007fc20b7d2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 795.305668][T19923] RAX: ffffffffffffffda RBX: 00007fc20ac16180 RCX: 00007fc20a99c799 [ 795.305684][T19923] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 795.305699][T19923] RBP: 00007fc20aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 795.305714][T19923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.305729][T19923] R13: 00007fc20ac16218 R14: 00007fc20ac16180 R15: 00007ffd31ce00e8 [ 795.305764][T19923] [ 795.609441][T19925] GUP no longer grows the stack in syz.3.5124 (19925): 14000-41000 (4000) [ 795.619395][T19925] CPU: 0 UID: 0 PID: 19925 Comm: syz.3.5124 Tainted: G L syzkaller #0 PREEMPT(full) [ 795.619433][T19925] Tainted: [L]=SOFTLOCKUP [ 795.619442][T19925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 795.619457][T19925] Call Trace: [ 795.619464][T19925] [ 795.619473][T19925] dump_stack_lvl+0x100/0x190 [ 795.619520][T19925] gup_vma_lookup.cold+0x83/0x96 [ 795.619557][T19925] __get_user_pages+0x241/0x34d0 [ 795.619594][T19925] ? down_read_killable+0x30e/0x4c0 [ 795.619620][T19925] ? __lock_acquire+0x4a5/0x2630 [ 795.619654][T19925] ? __pfx___get_user_pages+0x10/0x10 [ 795.619692][T19925] __gup_longterm_locked+0x87d/0x16f0 [ 795.619730][T19925] ? __pfx___gup_longterm_locked+0x10/0x10 [ 795.619763][T19925] ? try_get_folio+0x262/0x750 [ 795.619788][T19925] ? find_held_lock+0x2b/0x80 [ 795.619813][T19925] ? sanity_check_pinned_pages+0x5f6/0x1250 [ 795.619848][T19925] gup_fast_fallback+0x18c6/0x2460 [ 795.619899][T19925] ? __pfx_gup_fast_fallback+0x10/0x10 [ 795.619929][T19925] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 795.619958][T19925] ? is_bpf_text_address+0x94/0x1a0 [ 795.620001][T19925] ? __kernel_text_address+0xd/0x30 [ 795.620038][T19925] ? unwind_get_return_address+0x59/0xa0 [ 795.620071][T19925] pin_user_pages_fast+0xa7/0xf0 [ 795.620101][T19925] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 795.620140][T19925] iov_iter_extract_pages+0xa0d/0x1ef0 [ 795.620179][T19925] ? __blkdev_direct_IO_simple+0x112/0x890 [ 795.620218][T19925] ? kasan_save_stack+0x3f/0x50 [ 795.620263][T19925] ? kasan_save_stack+0x30/0x50 [ 795.620302][T19925] ? kasan_save_track+0x14/0x30 [ 795.620324][T19925] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 795.620354][T19925] ? blkdev_direct_IO+0xc76/0x1fb0 [ 795.620391][T19925] ? blkdev_write_iter+0x703/0xd70 [ 795.620428][T19925] ? vfs_write+0x6ac/0x1070 [ 795.620454][T19925] ? __lock_acquire+0x4a5/0x2630 [ 795.620493][T19925] iov_iter_extract_bvecs+0x10e/0xf40 [ 795.620556][T19925] ? find_held_lock+0x2b/0x80 [ 795.620584][T19925] ? bio_associate_blkg_from_css+0x394/0x13f0 [ 795.620690][T19925] ? __pfx_iov_iter_extract_bvecs+0x10/0x10 [ 795.620725][T19925] ? bio_associate_blkg_from_css+0x550/0x13f0 [ 795.620769][T19925] bio_iov_iter_get_pages+0x26a/0x970 [ 795.620809][T19925] __blkdev_direct_IO_simple+0x3a7/0x890 [ 795.620854][T19925] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 795.620919][T19925] ? ktime_get_coarse_real_ts64_mg+0x249/0x300 [ 795.620952][T19925] ? ktime_get_coarse_real_ts64_mg+0x1e0/0x300 [ 795.620993][T19925] blkdev_direct_IO+0xc76/0x1fb0 [ 795.621044][T19925] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 795.621082][T19925] ? rcu_is_watching+0x12/0xc0 [ 795.621121][T19925] ? __mark_inode_dirty+0x55c/0x1790 [ 795.621159][T19925] ? filemap_check_errors+0xa9/0x150 [ 795.621197][T19925] blkdev_write_iter+0x703/0xd70 [ 795.621247][T19925] vfs_write+0x6ac/0x1070 [ 795.621271][T19925] ? __pfx_blkdev_write_iter+0x10/0x10 [ 795.621312][T19925] ? __pfx_vfs_write+0x10/0x10 [ 795.621334][T19925] ? find_held_lock+0x2b/0x80 [ 795.621377][T19925] ksys_write+0x12a/0x250 [ 795.621402][T19925] ? __pfx_ksys_write+0x10/0x10 [ 795.621435][T19925] do_syscall_64+0x106/0xf80 [ 795.621472][T19925] ? clear_bhb_loop+0x40/0x90 [ 795.621503][T19925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.621529][T19925] RIP: 0033:0x7f6b1099c799 [ 795.621549][T19925] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.621573][T19925] RSP: 002b:00007f6b117de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 795.621596][T19925] RAX: ffffffffffffffda RBX: 00007f6b10c15fa0 RCX: 00007f6b1099c799 [ 795.621612][T19925] RDX: 000000000010007c RSI: 0000000000000000 RDI: 0000000000000003 [ 795.621627][T19925] RBP: 00007f6b10a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 795.621642][T19925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.621657][T19925] R13: 00007f6b10c16038 R14: 00007f6b10c15fa0 R15: 00007ffe7ca34d48 [ 795.621690][T19925] [ 800.244379][T19971] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5139'. [ 800.473201][T19966] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 800.473383][T19966] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 800.473506][T19966] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 800.473648][T19966] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 800.473768][T19966] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 800.473848][T19966] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 800.608572][T19966] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 801.898167][T19276] Bluetooth: hci0: command 0x0406 tx timeout [ 801.946083][T19992] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5147'. [ 802.538539][T19276] Bluetooth: hci4: command 0x0c1a tx timeout [ 802.544633][T19276] Bluetooth: hci3: command 0x0406 tx timeout [ 802.554408][ T5830] Bluetooth: hci2: command 0x0406 tx timeout [ 802.561251][T19276] Bluetooth: hci1: command 0x0406 tx timeout [ 803.020608][ T30] audit: type=1800 audit(4294988084.208:28): pid=20011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5154" name="lu_gp_id" dev="configfs" ino=89018 res=0 errno=0 [ 803.215037][T20016] netlink: 'syz.3.5155': attribute type 20 has an invalid length. [ 803.244030][T20016] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5155'. [ 803.278964][T20016] IPv6: NLM_F_CREATE should be specified when creating new route [ 804.619642][T20005] Bluetooth: hci4: command 0x0c1a tx timeout [ 805.105663][T20044] netlink: 'syz.3.5163': attribute type 27 has an invalid length. [ 805.138185][T20044] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5163'. [ 805.835407][T20058] netlink: 146 bytes leftover after parsing attributes in process `syz.3.5165'. [ 806.701346][T20005] Bluetooth: hci4: command 0x0c1a tx timeout [ 808.872075][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.879156][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.299242][ T5837] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 809.309613][ T5837] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 809.317983][ T5837] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 809.328436][ T5837] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 809.336457][ T5837] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 809.471502][T20111] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 810.117233][T20108] chnl_net:caif_netlink_parms(): no params data found [ 810.134950][T20124] netlink: 146 bytes leftover after parsing attributes in process `syz.3.5179'. [ 810.403028][T20127] MTRR 3 not used [ 810.494945][T20108] bridge0: port 1(bridge_slave_0) entered blocking state [ 810.542659][T20108] bridge0: port 1(bridge_slave_0) entered disabled state [ 810.549912][T20108] bridge_slave_0: entered allmulticast mode [ 810.594467][T20108] bridge_slave_0: entered promiscuous mode [ 810.632803][T20108] bridge0: port 2(bridge_slave_1) entered blocking state [ 810.640117][T20108] bridge0: port 2(bridge_slave_1) entered disabled state [ 810.702309][T20108] bridge_slave_1: entered allmulticast mode [ 810.733026][T20108] bridge_slave_1: entered promiscuous mode [ 810.860184][T20108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 810.911205][T20108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 811.090843][T20108] team0: Port device team_slave_0 added [ 811.134119][T20108] team0: Port device team_slave_1 added [ 811.275936][T20108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 811.309449][T20108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 811.405932][T20108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 811.423634][ T5837] Bluetooth: hci5: command tx timeout [ 811.485346][T20108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 811.511493][T20108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 811.606839][T20108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 811.939519][T20108] hsr_slave_0: entered promiscuous mode [ 811.962605][T20108] hsr_slave_1: entered promiscuous mode [ 811.986314][T20108] debugfs: 'hsr0' already exists in 'hsr' [ 812.045010][T20108] Cannot create hsr debugfs directory [ 812.816830][T20108] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 812.847909][T20108] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 812.867670][T20108] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 812.888930][T20108] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 813.065570][T20159] FAULT_INJECTION: forcing a failure. [ 813.065570][T20159] name failslab, interval 1, probability 0, space 0, times 0 [ 813.137016][T20159] CPU: 0 UID: 0 PID: 20159 Comm: syz.2.5187 Tainted: G L syzkaller #0 PREEMPT(full) [ 813.137057][T20159] Tainted: [L]=SOFTLOCKUP [ 813.137067][T20159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 813.137082][T20159] Call Trace: [ 813.137090][T20159] [ 813.137099][T20159] dump_stack_lvl+0x100/0x190 [ 813.137144][T20159] should_fail_ex.cold+0x5/0xa [ 813.137174][T20159] should_failslab+0xc2/0x120 [ 813.137203][T20159] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 813.137242][T20159] ? __proc_create+0x2cb/0x8c0 [ 813.137274][T20159] __proc_create+0x2cb/0x8c0 [ 813.137333][T20159] ? __pfx___proc_create+0x10/0x10 [ 813.137362][T20159] ? __pfx___netlink_kernel_create+0x10/0x10 [ 813.137507][T20159] proc_create_reg+0x75/0x170 [ 813.137536][T20159] proc_create_seq_private+0x8e/0x180 [ 813.137565][T20159] ? __pfx_proc_create_seq_private+0x10/0x10 [ 813.137593][T20159] ? timer_init_key+0x150/0x340 [ 813.137622][T20159] ? __pfx_nl_fib_input+0x10/0x10 [ 813.137668][T20159] ? __pfx_ip_rt_do_proc_init+0x10/0x10 [ 813.137695][T20159] ip_rt_do_proc_init+0x5d/0x1d0 [ 813.137721][T20159] ? __pfx_ip_rt_do_proc_init+0x10/0x10 [ 813.137744][T20159] ops_init+0x1e2/0x5f0 [ 813.137820][T20159] setup_net+0x118/0x3a0 [ 813.137860][T20159] ? __pfx_setup_net+0x10/0x10 [ 813.137898][T20159] ? lockdep_init_map_type+0x5c/0x250 [ 813.137934][T20159] ? mutex_init_lockep+0x110/0x150 [ 813.137974][T20159] copy_net_ns+0x46f/0x7c0 [ 813.138002][T20159] create_new_namespaces+0x3ea/0xac0 [ 813.138039][T20159] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 813.138070][T20159] ksys_unshare+0x473/0xad0 [ 813.138106][T20159] ? __pfx_ksys_unshare+0x10/0x10 [ 813.138150][T20159] __x64_sys_unshare+0x31/0x40 [ 813.138182][T20159] do_syscall_64+0x106/0xf80 [ 813.138220][T20159] ? clear_bhb_loop+0x40/0x90 [ 813.138251][T20159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.138277][T20159] RIP: 0033:0x7f6408b9c799 [ 813.138298][T20159] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 813.138328][T20159] RSP: 002b:00007f6409af4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 813.138351][T20159] RAX: ffffffffffffffda RBX: 00007f6408e15fa0 RCX: 00007f6408b9c799 [ 813.138368][T20159] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 813.138384][T20159] RBP: 00007f6408c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 813.138399][T20159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 813.138414][T20159] R13: 00007f6408e16038 R14: 00007f6408e15fa0 R15: 00007fff00d278d8 [ 813.138447][T20159] [ 813.558920][ T5837] Bluetooth: hci5: command tx timeout [ 814.005896][T20168] binder: 20165:20168 ioctl 40086602 e20 returned -22 [ 814.051388][T20108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 814.136826][T20108] 8021q: adding VLAN 0 to HW filter on device team0 [ 814.217579][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 814.224782][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 814.267915][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.275131][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 814.840682][T20181] random: crng reseeded on system resumption [ 814.923738][T20108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 815.585573][ T5837] Bluetooth: hci5: command tx timeout [ 815.952206][T20108] veth0_vlan: entered promiscuous mode [ 815.995099][T20108] veth1_vlan: entered promiscuous mode [ 816.136259][T20108] veth0_macvtap: entered promiscuous mode [ 816.188150][T20108] veth1_macvtap: entered promiscuous mode [ 816.320477][T20108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 816.364165][T20108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 816.411825][T16652] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.453343][T16652] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.490308][T16652] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.544462][T16652] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.727184][T20204] Process accounting resumed [ 816.922498][T16652] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 816.959428][T16652] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 817.074268][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 817.108534][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 817.673675][ T5837] Bluetooth: hci5: command tx timeout [ 817.871881][T20224] FAULT_INJECTION: forcing a failure. [ 817.871881][T20224] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 817.961758][T20224] CPU: 0 UID: 0 PID: 20224 Comm: syz.4.5207 Tainted: G L syzkaller #0 PREEMPT(full) [ 817.961798][T20224] Tainted: [L]=SOFTLOCKUP [ 817.961807][T20224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 817.961831][T20224] Call Trace: [ 817.961839][T20224] [ 817.961848][T20224] dump_stack_lvl+0x100/0x190 [ 817.961892][T20224] should_fail_ex.cold+0x5/0xa [ 817.961918][T20224] ? prepare_alloc_pages+0x16d/0x5f0 [ 817.961950][T20224] should_fail_alloc_page+0xeb/0x140 [ 817.961980][T20224] prepare_alloc_pages+0x1f0/0x5f0 [ 817.962015][T20224] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 817.962059][T20224] ? mas_next_slot+0x1003/0x18b0 [ 817.962107][T20224] ? __pfx___up_read+0x10/0x10 [ 817.962144][T20224] ? validate_mm+0x261/0x4e0 [ 817.962179][T20224] ? validate_mm+0x261/0x4e0 [ 817.962217][T20224] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 817.962259][T20224] ? validate_mm+0x392/0x4e0 [ 817.962296][T20224] ? vma_interval_tree_insert+0x240/0x410 [ 817.962334][T20224] ? __pfx_validate_mm+0x10/0x10 [ 817.962380][T20224] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 817.962408][T20224] ? policy_nodemask+0xed/0x4f0 [ 817.962442][T20224] alloc_pages_mpol+0x1fb/0x550 [ 817.962471][T20224] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 817.962507][T20224] alloc_pages_noprof+0x131/0x390 [ 817.962536][T20224] __pmd_alloc+0x3b/0x950 [ 817.962570][T20224] move_page_tables+0x3224/0x4500 [ 817.962612][T20224] ? __pfx_copy_vma+0x10/0x10 [ 817.962661][T20224] ? __pfx_move_page_tables+0x10/0x10 [ 817.962716][T20224] ? finish_task_switch.isra.0+0x200/0xb80 [ 817.962748][T20224] copy_vma_and_data+0x25c/0x7c0 [ 817.962789][T20224] ? __pfx_copy_vma_and_data+0x10/0x10 [ 817.962852][T20224] ? __vma_start_write+0x17f/0x280 [ 817.962886][T20224] ? __pfx___vma_start_write+0x10/0x10 [ 817.962920][T20224] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 817.962971][T20224] move_vma+0x51b/0x1890 [ 817.963014][T20224] ? __pfx_move_vma+0x10/0x10 [ 817.963054][T20224] ? shmem_get_unmapped_area+0x141/0x960 [ 817.963089][T20224] ? cap_mmap_addr+0x4b/0x120 [ 817.963113][T20224] ? bpf_lsm_mmap_addr+0x9/0x30 [ 817.963135][T20224] ? security_mmap_addr+0x71/0x1e0 [ 817.963168][T20224] ? __get_unmapped_area+0x255/0x3e0 [ 817.963200][T20224] ? vrm_set_new_addr+0x204/0x290 [ 817.963240][T20224] mremap_to+0x1b7/0x450 [ 817.963279][T20224] do_mremap+0xd8d/0x2130 [ 817.963324][T20224] ? futex_wait+0x125/0x380 [ 817.963367][T20224] ? __pfx_do_mremap+0x10/0x10 [ 817.963410][T20224] ? vfs_write+0x15d/0x1070 [ 817.963435][T20224] ? __pfx_sock_write_iter+0x10/0x10 [ 817.963468][T20224] __do_sys_mremap+0x126/0x170 [ 817.963507][T20224] ? __pfx___do_sys_mremap+0x10/0x10 [ 817.963554][T20224] ? __x64_sys_futex+0x34f/0x4d0 [ 817.963606][T20224] do_syscall_64+0x106/0xf80 [ 817.963644][T20224] ? clear_bhb_loop+0x40/0x90 [ 817.963675][T20224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.963700][T20224] RIP: 0033:0x7fc20a99c799 [ 817.963720][T20224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 817.963744][T20224] RSP: 002b:00007fc20b814028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 817.963767][T20224] RAX: ffffffffffffffda RBX: 00007fc20ac15fa0 RCX: 00007fc20a99c799 [ 817.963784][T20224] RDX: 0000000004013fd4 RSI: 0000000000000800 RDI: 0000000000004000 [ 817.963799][T20224] RBP: 00007fc20aa32c99 R08: 00000000fffff000 R09: 0000000000000000 [ 817.963814][T20224] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 817.963836][T20224] R13: 00007fc20ac16038 R14: 00007fc20ac15fa0 R15: 00007ffd31ce00e8 [ 817.963867][T20224] [ 818.328851][T20226] pci 0000:00:00.0: MSI/MSI-X allowed for future drivers [ 818.423671][T20228] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5209'. [ 818.433293][T20228] IPv6: NLM_F_CREATE should be specified when creating new route [ 818.441557][T20228] IPv6: Can't replace route, no match found [ 819.608647][T20254] synth uevent: /devices/virtual/net/lowpan0: unknown uevent action string [ 819.629373][T20254] net lowpan0: uevent: failed to send synthetic uevent: -22 [ 820.681912][T20279] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5229'. [ 820.713419][T20282] netlink: 'syz.2.5230': attribute type 1 has an invalid length. [ 820.744153][T20282] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5230'. [ 821.035582][T20287] Process accounting paused [ 821.047265][T20290] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5233'. [ 825.753370][T20368] netlink: 'syz.4.5255': attribute type 19 has an invalid length. [ 825.841011][T20368] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5255'. [ 827.702945][T20412] mkiss: ax0: crc mode is auto. [ 828.970993][T20435] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5274'. [ 829.307278][T20443] random: crng reseeded on system resumption [ 831.346049][T20477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5287'. [ 831.357428][T20477] netlink: 25 bytes leftover after parsing attributes in process `syz.5.5287'. [ 831.606091][T20483] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 832.997948][T20510] netlink: 18 bytes leftover after parsing attributes in process `syz.2.5298'. [ 833.327422][ T5837] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 834.874916][T20550] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5314'. [ 835.400694][T20559] netlink: 'syz.4.5318': attribute type 27 has an invalid length. [ 835.427570][T20559] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5318'. [ 835.929931][T20569] FAULT_INJECTION: forcing a failure. [ 835.929931][T20569] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 836.024945][T20569] CPU: 0 UID: 0 PID: 20569 Comm: syz.5.5322 Tainted: G L syzkaller #0 PREEMPT(full) [ 836.024986][T20569] Tainted: [L]=SOFTLOCKUP [ 836.024995][T20569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 836.025011][T20569] Call Trace: [ 836.025019][T20569] [ 836.025028][T20569] dump_stack_lvl+0x100/0x190 [ 836.025073][T20569] should_fail_ex.cold+0x5/0xa [ 836.025099][T20569] ? prepare_alloc_pages+0x16d/0x5f0 [ 836.025132][T20569] should_fail_alloc_page+0xeb/0x140 [ 836.025168][T20569] prepare_alloc_pages+0x1f0/0x5f0 [ 836.025204][T20569] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 836.025252][T20569] ? cpa_flush+0x19c/0x980 [ 836.025276][T20569] ? __lock_acquire+0x4a5/0x2630 [ 836.025310][T20569] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 836.025351][T20569] ? pgprot2cachemode+0x9a/0x130 [ 836.025386][T20569] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 836.025441][T20569] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 836.025469][T20569] ? policy_nodemask+0xed/0x4f0 [ 836.025496][T20569] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 836.025523][T20569] ? policy_nodemask+0xed/0x4f0 [ 836.025552][T20569] alloc_pages_mpol+0x1fb/0x550 [ 836.025581][T20569] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 836.025611][T20569] ? alloc_pages_noprof+0x233/0x390 [ 836.025642][T20569] alloc_pages_noprof+0x131/0x390 [ 836.025670][T20569] kimage_alloc_pages+0x72/0x380 [ 836.025699][T20569] kimage_alloc_page+0x232/0x910 [ 836.025732][T20569] kimage_load_segment+0x507/0xde0 [ 836.025766][T20569] do_kexec_load+0x58d/0x810 [ 836.025797][T20569] ? __pfx_do_kexec_load+0x10/0x10 [ 836.025828][T20569] ? _copy_from_user+0x59/0xd0 [ 836.025861][T20569] __x64_sys_kexec_load+0x1bf/0x230 [ 836.025900][T20569] do_syscall_64+0x106/0xf80 [ 836.025944][T20569] ? clear_bhb_loop+0x40/0x90 [ 836.025975][T20569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.026000][T20569] RIP: 0033:0x7f25c0d9c799 [ 836.026020][T20569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 836.026045][T20569] RSP: 002b:00007f25c1bdf028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 836.026070][T20569] RAX: ffffffffffffffda RBX: 00007f25c1015fa0 RCX: 00007f25c0d9c799 [ 836.026087][T20569] RDX: 0000200000000080 RSI: 0000000000000002 RDI: 00000000ffffffff [ 836.026102][T20569] RBP: 00007f25c0e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 836.026117][T20569] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 836.026132][T20569] R13: 00007f25c1016038 R14: 00007f25c1015fa0 R15: 00007ffe86219328 [ 836.026164][T20569] [ 836.558774][T20576] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5326'. [ 836.747540][T20582] FAULT_INJECTION: forcing a failure. [ 836.747540][T20582] name failslab, interval 1, probability 0, space 0, times 0 [ 836.760272][T20582] CPU: 0 UID: 0 PID: 20582 Comm: syz.4.5328 Tainted: G L syzkaller #0 PREEMPT(full) [ 836.760312][T20582] Tainted: [L]=SOFTLOCKUP [ 836.760321][T20582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 836.760337][T20582] Call Trace: [ 836.760345][T20582] [ 836.760355][T20582] dump_stack_lvl+0x100/0x190 [ 836.760399][T20582] should_fail_ex.cold+0x5/0xa [ 836.760429][T20582] should_failslab+0xc2/0x120 [ 836.760456][T20582] __kmalloc_cache_noprof+0x7a/0x6f0 [ 836.760491][T20582] ? tipc_service_create+0xb1/0x340 [ 836.760635][T20582] tipc_service_create+0xb1/0x340 [ 836.760675][T20582] ? tipc_service_find+0x161/0x1c0 [ 836.760717][T20582] tipc_nametbl_insert_publ+0xeca/0x1570 [ 836.760773][T20582] tipc_nametbl_publish+0x137/0x260 [ 836.760827][T20582] tipc_sk_publish+0x1d8/0x430 [ 836.760875][T20582] ? __pfx_tipc_sk_publish+0x10/0x10 [ 836.760904][T20582] ? __local_bh_enable_ip+0x9e/0x120 [ 836.760936][T20582] tipc_sk_bind+0x16f/0x380 [ 836.760964][T20582] tipc_bind+0x18d/0x280 [ 836.760991][T20582] __sys_bind+0x1a9/0x260 [ 836.761024][T20582] ? __pfx___sys_bind+0x10/0x10 [ 836.761074][T20582] __x64_sys_bind+0x72/0xb0 [ 836.761104][T20582] ? lockdep_hardirqs_on+0x78/0x100 [ 836.761152][T20582] do_syscall_64+0x106/0xf80 [ 836.761190][T20582] ? clear_bhb_loop+0x40/0x90 [ 836.761222][T20582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.761248][T20582] RIP: 0033:0x7fc20a99c799 [ 836.761269][T20582] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 836.761293][T20582] RSP: 002b:00007fc20b814028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 836.761316][T20582] RAX: ffffffffffffffda RBX: 00007fc20ac15fa0 RCX: 00007fc20a99c799 [ 836.761333][T20582] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000003 [ 836.761349][T20582] RBP: 00007fc20aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 836.761364][T20582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 836.761379][T20582] R13: 00007fc20ac16038 R14: 00007fc20ac15fa0 R15: 00007ffd31ce00e8 [ 836.761411][T20582] [ 836.761426][T20582] tipc: Service creation failed, no memory [ 836.985718][T20583] netlink: 21 bytes leftover after parsing attributes in process `syz.2.5327'. [ 837.528729][T20580] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 837.538220][T20580] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 837.561995][T20580] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 837.583426][T20580] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 837.605848][T20580] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 837.621686][T20580] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 837.634576][T20580] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 837.652053][T20580] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 837.861982][T20600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5333'. [ 837.903611][T20600] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5333'. [ 839.197981][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 839.595255][T20005] Bluetooth: hci2: command 0x0406 tx timeout [ 839.601350][ T5830] Bluetooth: hci1: command 0x0406 tx timeout [ 839.608238][ T5837] Bluetooth: hci3: command 0x0406 tx timeout [ 839.674544][ T5837] Bluetooth: hci5: command 0x0c1a tx timeout [ 839.680894][T20005] Bluetooth: hci4: command 0x0c1a tx timeout [ 840.213299][T20648] netlink: 146 bytes leftover after parsing attributes in process `syz.3.5348'. [ 841.655668][T20674] netlink: 346 bytes leftover after parsing attributes in process `syz.4.5357'. [ 841.760531][ T5837] Bluetooth: hci5: command 0x0c1a tx timeout [ 842.427709][T20689] FAULT_INJECTION: forcing a failure. [ 842.427709][T20689] name failslab, interval 1, probability 0, space 0, times 0 [ 842.507319][T20691] netlink: 322 bytes leftover after parsing attributes in process `syz.3.5365'. [ 842.524001][T20689] CPU: 0 UID: 0 PID: 20689 Comm: syz.5.5364 Tainted: G L syzkaller #0 PREEMPT(full) [ 842.524040][T20689] Tainted: [L]=SOFTLOCKUP [ 842.524049][T20689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 842.524065][T20689] Call Trace: [ 842.524072][T20689] [ 842.524081][T20689] dump_stack_lvl+0x100/0x190 [ 842.524138][T20689] should_fail_ex.cold+0x5/0xa [ 842.524168][T20689] ? sk_prot_alloc+0x10b/0x2a0 [ 842.524192][T20689] should_failslab+0xc2/0x120 [ 842.524221][T20689] __kmalloc_noprof+0xe0/0x850 [ 842.524266][T20689] sk_prot_alloc+0x10b/0x2a0 [ 842.524299][T20689] sk_alloc+0x36/0xe80 [ 842.524334][T20689] can_create+0x1e5/0x630 [ 842.524469][T20689] __sock_create+0x339/0x860 [ 842.524503][T20689] __sys_socket+0x14d/0x260 [ 842.524538][T20689] ? __pfx___sys_socket+0x10/0x10 [ 842.524577][T20689] __x64_sys_socket+0x72/0xb0 [ 842.524607][T20689] ? lockdep_hardirqs_on+0x78/0x100 [ 842.524649][T20689] do_syscall_64+0x106/0xf80 [ 842.524686][T20689] ? clear_bhb_loop+0x40/0x90 [ 842.524718][T20689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.524744][T20689] RIP: 0033:0x7f25c0d9c799 [ 842.524764][T20689] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 842.524788][T20689] RSP: 002b:00007f25c1bdf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 842.524811][T20689] RAX: ffffffffffffffda RBX: 00007f25c1015fa0 RCX: 00007f25c0d9c799 [ 842.524828][T20689] RDX: 0000000000000007 RSI: 0000000000000002 RDI: 000000000000001d [ 842.524843][T20689] RBP: 00007f25c0e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 842.524859][T20689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 842.524875][T20689] R13: 00007f25c1016038 R14: 00007f25c1015fa0 R15: 00007ffe86219328 [ 842.524906][T20689] [ 843.833959][ T5837] Bluetooth: hci5: command 0x0c1a tx timeout [ 844.939336][T20737] sp0: Synchronizing with TNC [ 845.244090][T20745] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 845.289317][T20749] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5387'. [ 846.499944][T20778] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5394'. [ 846.532955][T20778] netlink: 25 bytes leftover after parsing attributes in process `syz.5.5394'. [ 846.872761][T20762] Process accounting paused [ 846.927670][T20780] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807fe01140 pfn:0x7fe01 [ 846.978965][T20780] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 847.041595][T20780] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 847.091313][T20780] raw: ffff88807fe01140 0000000000000000 00000001ffffffff 0000000000000000 [ 847.153863][T20780] page dumped because: unmovable page [ 847.202064][T20780] page_owner tracks the page as allocated [ 847.259775][T20780] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 10532, tgid 10531 (syz.2.1776), ts 310886445486, free_ts 274468962921 [ 847.368246][T20780] post_alloc_hook+0x153/0x170 [ 847.389153][T20780] get_page_from_freelist+0x111d/0x3140 [ 847.404108][T20780] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 847.423924][T20780] alloc_pages_mpol+0x1fb/0x550 [ 847.446494][T20780] alloc_pages_noprof+0x131/0x390 [ 847.493846][T20780] brd_submit_bio+0x116a/0x20d0 [ 847.514112][T20780] __submit_bio+0x419/0x6c0 [ 847.530261][T20780] submit_bio_noacct_nocheck+0x74f/0xc10 [ 847.552701][T20780] submit_bio_noacct+0xd17/0x2010 [ 847.563442][T20780] blkdev_direct_IO+0x155c/0x1fb0 [ 847.581914][T20780] blkdev_write_iter+0x703/0xd70 [ 847.620722][T20780] vfs_write+0x6ac/0x1070 [ 847.648110][T20780] ksys_write+0x12a/0x250 [ 847.652524][T20780] do_syscall_64+0x106/0xf80 [ 847.675475][T20780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.704769][T20780] page last free pid 9861 tgid 9861 stack trace: [ 847.720129][T20795] FAULT_INJECTION: forcing a failure. [ 847.720129][T20795] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 847.735328][T20780] __free_frozen_pages+0x7e1/0x10d0 [ 847.750812][T20780] mon_bin_release+0x15a/0x210 [ 847.757609][T20780] __fput+0x3ff/0xb40 [ 847.764053][T20795] CPU: 0 UID: 0 PID: 20795 Comm: syz.4.5402 Tainted: G L syzkaller #0 PREEMPT(full) [ 847.764091][T20795] Tainted: [L]=SOFTLOCKUP [ 847.764100][T20795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 847.764115][T20795] Call Trace: [ 847.764123][T20795] [ 847.764132][T20795] dump_stack_lvl+0x100/0x190 [ 847.764174][T20795] should_fail_ex.cold+0x5/0xa [ 847.764199][T20795] ? prepare_alloc_pages+0x16d/0x5f0 [ 847.764231][T20795] should_fail_alloc_page+0xeb/0x140 [ 847.764260][T20795] prepare_alloc_pages+0x1f0/0x5f0 [ 847.764295][T20795] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 847.764344][T20795] ? kasan_save_stack+0x3f/0x50 [ 847.764384][T20795] ? kasan_save_stack+0x30/0x50 [ 847.764425][T20795] ? kasan_save_track+0x14/0x30 [ 847.764446][T20795] ? __kasan_slab_alloc+0x89/0x90 [ 847.764469][T20795] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 847.764508][T20795] ? ptlock_alloc+0x1f/0x70 [ 847.764540][T20795] ? pte_alloc_one+0x82/0x3d0 [ 847.764567][T20795] ? __pte_alloc+0x6d/0x3e0 [ 847.764591][T20795] ? walk_pgd_range+0xb83/0x1eb0 [ 847.764629][T20795] ? __walk_page_range+0x163/0x820 [ 847.764668][T20795] ? walk_page_range_vma_unsafe+0x209/0x8f0 [ 847.764692][T20795] ? madvise_guard_install+0x43f/0x7c0 [ 847.764720][T20795] ? madvise_vma_behavior+0x11f1/0x3050 [ 847.764759][T20795] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 847.764798][T20795] ? __x64_sys_madvise+0xa9/0x110 [ 847.764827][T20795] ? do_syscall_64+0x106/0xf80 [ 847.764865][T20795] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.764893][T20795] ? look_up_lock_class+0x64/0x120 [ 847.764932][T20795] ? look_up_lock_class+0x64/0x120 [ 847.764968][T20795] ? register_lock_class+0x40/0x560 [ 847.765009][T20795] ? interleave_nodes+0x170/0x400 [ 847.765036][T20795] ? __lock_acquire+0x4a5/0x2630 [ 847.765072][T20795] ? policy_nodemask+0xed/0x4f0 [ 847.765101][T20795] alloc_pages_mpol+0x1fb/0x550 [ 847.765130][T20795] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 847.765157][T20795] ? do_raw_spin_lock+0x128/0x260 [ 847.765197][T20795] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 847.765240][T20795] alloc_pages_noprof+0x131/0x390 [ 847.765269][T20795] pte_alloc_one+0x1c/0x3d0 [ 847.765310][T20795] __pte_alloc+0x6d/0x3e0 [ 847.765336][T20795] ? __pfx___pte_alloc+0x10/0x10 [ 847.765361][T20795] ? walk_pgd_range+0x139e/0x1eb0 [ 847.765401][T20795] ? walk_pgd_range+0x139e/0x1eb0 [ 847.765447][T20795] walk_pgd_range+0xb83/0x1eb0 [ 847.765491][T20795] ? __pfx_guard_install_set_pte+0x10/0x10 [ 847.765520][T20795] ? __pfx_guard_install_pte_entry+0x10/0x10 [ 847.765551][T20795] ? __pfx_guard_install_set_pte+0x10/0x10 [ 847.765584][T20795] ? __pfx_guard_install_set_pte+0x10/0x10 [ 847.765613][T20795] ? __pfx_guard_install_set_pte+0x10/0x10 [ 847.765643][T20795] ? __pfx_walk_pgd_range+0x10/0x10 [ 847.765692][T20795] __walk_page_range+0x163/0x820 [ 847.765734][T20795] ? rcu_is_watching+0x12/0xc0 [ 847.765780][T20795] ? trace_pelt_se_tp+0x159/0x1b0 [ 847.765822][T20795] walk_page_range_vma_unsafe+0x209/0x8f0 [ 847.765852][T20795] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 847.765892][T20795] madvise_guard_install+0x43f/0x7c0 [ 847.765929][T20795] ? __pfx_madvise_guard_install+0x10/0x10 [ 847.765963][T20795] ? __pfx_guard_install_pud_entry+0x10/0x10 [ 847.765990][T20795] ? __pfx_guard_install_pmd_entry+0x10/0x10 [ 847.766018][T20795] ? __pfx_guard_install_pte_entry+0x10/0x10 [ 847.766051][T20795] ? __pfx_guard_install_set_pte+0x10/0x10 [ 847.766082][T20795] ? __lock_acquire+0x4a5/0x2630 [ 847.766119][T20795] madvise_vma_behavior+0x11f1/0x3050 [ 847.766154][T20795] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 847.766186][T20795] ? reacquire_held_locks+0xce/0x1e0 [ 847.766219][T20795] ? lock_vma_under_rcu+0x11d/0x590 [ 847.766260][T20795] ? lock_vma_under_rcu+0x17c/0x590 [ 847.766304][T20795] ? lock_vma_under_rcu+0x25/0x590 [ 847.766338][T20795] ? lock_vma_under_rcu+0x1f9/0x590 [ 847.766373][T20795] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 847.766417][T20795] ? __futex_wait+0x256/0x300 [ 847.766463][T20795] madvise_walk_vmas+0x71c/0xa90 [ 847.766499][T20795] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 847.766531][T20795] ? futex_hash+0x2c5/0x380 [ 847.766565][T20795] madvise_do_behavior+0x1ea/0x510 [ 847.766598][T20795] ? __pfx_madvise_do_behavior+0x10/0x10 [ 847.766628][T20795] ? futex_wait+0x125/0x380 [ 847.766676][T20795] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 847.766707][T20795] do_madvise+0x195/0x240 [ 847.766736][T20795] ? __pfx_do_madvise+0x10/0x10 [ 847.766772][T20795] ? do_futex+0x192/0x350 [ 847.766832][T20795] __x64_sys_madvise+0xa9/0x110 [ 847.766863][T20795] ? lockdep_hardirqs_on+0x78/0x100 [ 847.766902][T20795] do_syscall_64+0x106/0xf80 [ 847.766941][T20795] ? clear_bhb_loop+0x40/0x90 [ 847.766971][T20795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.766997][T20795] RIP: 0033:0x7fc20a99c799 [ 847.767018][T20795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 847.767043][T20795] RSP: 002b:00007fc20b814028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 847.767067][T20795] RAX: ffffffffffffffda RBX: 00007fc20ac15fa0 RCX: 00007fc20a99c799 [ 847.767083][T20795] RDX: 0000000000000066 RSI: 0000000002021000 RDI: 0000000000000000 [ 847.767099][T20795] RBP: 00007fc20aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 847.767114][T20795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 847.767129][T20795] R13: 00007fc20ac16038 R14: 00007fc20ac15fa0 R15: 00007ffd31ce00e8 [ 847.767162][T20795] [ 847.771960][T20780] task_work_run+0x150/0x240 [ 848.588535][T20780] exit_to_user_mode_loop+0x100/0x4a0 [ 848.594442][T20780] do_syscall_64+0x668/0xf80 [ 848.599267][T20780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 849.044564][T20810] syz_tun: mtu greater than device maximum [ 851.261786][T20843] Process accounting resumed [ 852.630594][T20883] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input11 [ 853.575899][T20900] FAULT_INJECTION: forcing a failure. [ 853.575899][T20900] name failslab, interval 1, probability 0, space 0, times 0 [ 853.684944][T20900] CPU: 0 UID: 0 PID: 20900 Comm: syz.5.5441 Tainted: G L syzkaller #0 PREEMPT(full) [ 853.684984][T20900] Tainted: [L]=SOFTLOCKUP [ 853.684993][T20900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 853.685008][T20900] Call Trace: [ 853.685016][T20900] [ 853.685025][T20900] dump_stack_lvl+0x100/0x190 [ 853.685069][T20900] should_fail_ex.cold+0x5/0xa [ 853.685100][T20900] should_failslab+0xc2/0x120 [ 853.685127][T20900] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 853.685167][T20900] ? acpi_ut_create_generic_state+0x61/0xc0 [ 853.685280][T20900] acpi_ut_create_generic_state+0x61/0xc0 [ 853.685310][T20900] acpi_ds_scope_stack_push+0x70/0x790 [ 853.685382][T20900] acpi_ds_init_aml_walk+0x2d8/0x680 [ 853.685417][T20900] acpi_ps_execute_method+0x39d/0xe90 [ 853.685475][T20900] acpi_ns_evaluate+0x640/0x1670 [ 853.685534][T20900] acpi_evaluate_object+0x420/0xe00 [ 853.685559][T20900] ? kasan_save_stack+0x30/0x50 [ 853.685600][T20900] ? kasan_save_track+0x14/0x30 [ 853.685628][T20900] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 853.685664][T20900] acpi_evaluate_integer+0xdf/0x220 [ 853.685735][T20900] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 853.685793][T20900] ? __pfx_status_show+0x10/0x10 [ 853.685834][T20900] status_show+0xa0/0x120 [ 853.685860][T20900] ? __pfx_status_show+0x10/0x10 [ 853.685893][T20900] dev_attr_show+0x52/0xa0 [ 853.685966][T20900] ? __pfx_dev_attr_show+0x10/0x10 [ 853.685997][T20900] sysfs_kf_seq_show+0x217/0x3a0 [ 853.686037][T20900] seq_read_iter+0x32f/0x1270 [ 853.686091][T20900] kernfs_fop_read_iter+0x46c/0x610 [ 853.686122][T20900] ? rw_verify_area+0xce/0x6d0 [ 853.686160][T20900] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 853.686192][T20900] vfs_read+0x825/0xb30 [ 853.686219][T20900] ? __pfx_vfs_read+0x10/0x10 [ 853.686262][T20900] ksys_read+0x12a/0x250 [ 853.686285][T20900] ? __pfx_ksys_read+0x10/0x10 [ 853.686318][T20900] do_syscall_64+0x106/0xf80 [ 853.686356][T20900] ? clear_bhb_loop+0x40/0x90 [ 853.686387][T20900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.686413][T20900] RIP: 0033:0x7f25c0d9c799 [ 853.686433][T20900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 853.686458][T20900] RSP: 002b:00007f25c1bdf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 853.686482][T20900] RAX: ffffffffffffffda RBX: 00007f25c1015fa0 RCX: 00007f25c0d9c799 [ 853.686498][T20900] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000004 [ 853.686514][T20900] RBP: 00007f25c0e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 853.686529][T20900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 853.686544][T20900] R13: 00007f25c1016038 R14: 00007f25c1015fa0 R15: 00007ffe86219328 [ 853.686576][T20900] [ 854.263982][T20900] ACPI Error: ffff888026d52000 walk still has a scope list (20251212/dswstate-694) [ 855.012039][ T5837] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 856.427157][T20934] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 857.516750][T20960] binder: 20959:20960 ioctl c0046209 9 returned -22 [ 857.819570][T20965] KVM: debugfs: duplicate directory 20965-3 [ 858.359003][T20975] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5471'. [ 858.521729][T20977] random: crng reseeded on system resumption [ 858.649741][T20983] netlink: 'syz.5.5472': attribute type 1 has an invalid length. [ 858.682796][T20977] RDS: rds_bind could not find a transport for fe80::736d:2f73:7461:626c, load rds_tcp or rds_rdma? [ 858.791723][T20983] netlink: 306 bytes leftover after parsing attributes in process `syz.5.5472'. [ 858.964443][T20983] netlink: 'syz.5.5472': attribute type 1 has an invalid length. [ 859.066632][T20983] netlink: 306 bytes leftover after parsing attributes in process `syz.5.5472'. [ 860.215396][T21012] netlink: 146 bytes leftover after parsing attributes in process `syz.4.5485'. [ 860.408071][T21016] kvm_intel: kvm [21013]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x3 [ 862.593703][T21063] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5503'. [ 862.697029][T21063] ipvlan0: entered promiscuous mode [ 862.736041][T21063] ipvlan0: entered allmulticast mode [ 862.779793][T21063] veth0_vlan: entered allmulticast mode [ 863.867812][T21085] FAULT_INJECTION: forcing a failure. [ 863.867812][T21085] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 863.998886][T21085] CPU: 0 UID: 0 PID: 21085 Comm: syz.4.5513 Tainted: G L syzkaller #0 PREEMPT(full) [ 863.998927][T21085] Tainted: [L]=SOFTLOCKUP [ 863.998936][T21085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 863.998952][T21085] Call Trace: [ 863.998960][T21085] [ 863.998969][T21085] dump_stack_lvl+0x100/0x190 [ 863.999019][T21085] should_fail_ex.cold+0x5/0xa [ 863.999045][T21085] ? prepare_alloc_pages+0x16d/0x5f0 [ 863.999078][T21085] should_fail_alloc_page+0xeb/0x140 [ 863.999108][T21085] prepare_alloc_pages+0x1f0/0x5f0 [ 863.999142][T21085] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 863.999195][T21085] ? find_held_lock+0x2b/0x80 [ 863.999219][T21085] ? is_bpf_text_address+0x8a/0x1a0 [ 863.999258][T21085] ? is_bpf_text_address+0x8a/0x1a0 [ 863.999300][T21085] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 863.999340][T21085] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 863.999371][T21085] ? kernel_text_address+0x8d/0x100 [ 863.999409][T21085] ? __kernel_text_address+0xd/0x30 [ 863.999447][T21085] ? unwind_get_return_address+0x59/0xa0 [ 863.999486][T21085] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 863.999514][T21085] ? policy_nodemask+0xed/0x4f0 [ 863.999543][T21085] alloc_pages_mpol+0x1fb/0x550 [ 863.999572][T21085] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 863.999608][T21085] alloc_pages_noprof+0x131/0x390 [ 863.999637][T21085] __pud_alloc+0x3b/0x6e0 [ 863.999670][T21085] __handle_mm_fault+0x134c/0x2b60 [ 863.999710][T21085] ? mt_find+0x45e/0x8e0 [ 863.999735][T21085] ? __pfx___handle_mm_fault+0x10/0x10 [ 863.999769][T21085] ? __pfx_mt_find+0x10/0x10 [ 863.999815][T21085] handle_mm_fault+0x36d/0xa20 [ 863.999856][T21085] __get_user_pages+0xf9c/0x34d0 [ 863.999900][T21085] ? __pfx___get_user_pages+0x10/0x10 [ 863.999939][T21085] get_user_pages_remote+0x3d2/0xb10 [ 863.999974][T21085] ? __pfx_get_user_pages_remote+0x10/0x10 [ 864.000021][T21085] get_arg_page+0xf4/0x310 [ 864.000059][T21085] ? __pfx_get_arg_page+0x10/0x10 [ 864.000105][T21085] copy_string_kernel+0x17d/0x500 [ 864.000145][T21085] ? alloc_bprm+0x420/0x710 [ 864.000187][T21085] do_execveat_common.isra.0+0x2e6/0x580 [ 864.000234][T21085] __x64_sys_execve+0x93/0xd0 [ 864.000276][T21085] do_syscall_64+0x106/0xf80 [ 864.000313][T21085] ? clear_bhb_loop+0x40/0x90 [ 864.000344][T21085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.000370][T21085] RIP: 0033:0x7fc20a99c799 [ 864.000391][T21085] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.000416][T21085] RSP: 002b:00007fc20b814028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 864.000439][T21085] RAX: ffffffffffffffda RBX: 00007fc20ac15fa0 RCX: 00007fc20a99c799 [ 864.000457][T21085] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 864.000473][T21085] RBP: 00007fc20aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 864.000490][T21085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 864.000506][T21085] R13: 00007fc20ac16038 R14: 00007fc20ac15fa0 R15: 00007ffd31ce00e8 [ 864.000538][T21085] [ 864.865930][T21092] netlink: 326 bytes leftover after parsing attributes in process `syz.4.5517'. [ 864.908561][T21092] bridge0: port 2(bridge_slave_1) entered disabled state [ 864.917219][T21092] bridge0: port 1(bridge_slave_0) entered disabled state [ 866.185564][T21115] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 868.003952][T21137] mkiss: ax0: crc mode is auto. [ 868.583159][T21146] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5540'. [ 868.648551][T21146] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5540'. [ 868.693703][T21147] netlink: 134 bytes leftover after parsing attributes in process `syz.2.5540'. [ 870.327339][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.336480][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.523592][T21174] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5549'. [ 870.610106][T21176] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5550'. [ 871.413316][T21193] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5556'. [ 873.099191][T21228] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5571'. [ 873.426655][T21234] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5573'. [ 873.466998][T21234] netlink: 13 bytes leftover after parsing attributes in process `syz.4.5573'. [ 874.218277][T21256] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5577'. [ 876.035275][T21294] netlink: 290 bytes leftover after parsing attributes in process `syz.2.5589'. [ 876.964496][T21306] Process accounting resumed [ 878.454643][T21340] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5606'. [ 880.552649][T20005] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 880.569693][T20005] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 880.579472][T20005] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 880.587404][T20005] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 880.607853][T20005] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 880.727638][T21372] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5617'. [ 881.449189][T21368] chnl_net:caif_netlink_parms(): no params data found [ 881.780380][T21390] program syz.5.5622 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 881.886980][T21368] bridge0: port 1(bridge_slave_0) entered blocking state [ 881.930494][T21368] bridge0: port 1(bridge_slave_0) entered disabled state [ 881.997414][T21368] bridge_slave_0: entered allmulticast mode [ 882.075091][T21368] bridge_slave_0: entered promiscuous mode [ 882.127819][T21368] bridge0: port 2(bridge_slave_1) entered blocking state [ 882.188828][T21368] bridge0: port 2(bridge_slave_1) entered disabled state [ 882.234912][T21368] bridge_slave_1: entered allmulticast mode [ 882.274202][T21368] bridge_slave_1: entered promiscuous mode [ 882.453059][T21368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 882.566438][T21368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 882.718641][T20005] Bluetooth: hci6: command tx timeout [ 882.755339][T21368] team0: Port device team_slave_0 added [ 882.761922][T21398] bond0: invalid ARP target specified [ 882.795796][T21368] team0: Port device team_slave_1 added [ 883.116204][T21368] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 883.123298][T21368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 883.354455][T21368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 883.464935][T21368] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 883.472152][T21368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 883.674078][T21368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 883.802757][T21409] kvm: kvm [21408]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x4000000e) = 0x4 [ 883.993334][T21368] hsr_slave_0: entered promiscuous mode [ 884.028659][T21368] hsr_slave_1: entered promiscuous mode [ 884.065223][T21368] debugfs: 'hsr0' already exists in 'hsr' [ 884.113798][T21368] Cannot create hsr debugfs directory [ 884.176698][T21413] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5630'. [ 884.244655][T21413] netlink: 25 bytes leftover after parsing attributes in process `syz.5.5630'. [ 884.581057][T21415] sp0: Synchronizing with TNC [ 884.798112][T20005] Bluetooth: hci6: command tx timeout [ 884.906140][T21368] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 884.964261][T21368] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 885.010965][T21368] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 885.077101][T21368] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 885.518650][T21368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 885.574336][T21429] FAULT_INJECTION: forcing a failure. [ 885.574336][T21429] name failslab, interval 1, probability 0, space 0, times 0 [ 885.601113][T21368] 8021q: adding VLAN 0 to HW filter on device team0 [ 885.675020][T21429] CPU: 0 UID: 0 PID: 21429 Comm: syz.5.5633 Tainted: G L syzkaller #0 PREEMPT(full) [ 885.675061][T21429] Tainted: [L]=SOFTLOCKUP [ 885.675071][T21429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 885.675088][T21429] Call Trace: [ 885.675096][T21429] [ 885.675106][T21429] dump_stack_lvl+0x100/0x190 [ 885.675154][T21429] should_fail_ex.cold+0x5/0xa [ 885.675186][T21429] should_failslab+0xc2/0x120 [ 885.675216][T21429] __kmalloc_cache_noprof+0x7a/0x6f0 [ 885.675252][T21429] ? snd_timer_instance_new+0x47/0x2e0 [ 885.675362][T21429] snd_timer_instance_new+0x47/0x2e0 [ 885.675395][T21429] snd_seq_timer_open+0x1d4/0x600 [ 885.675456][T21429] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 885.675505][T21429] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 885.675546][T21429] ? lockdep_hardirqs_on+0x78/0x100 [ 885.675592][T21429] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 885.675634][T21429] queue_use+0xdc/0x1f0 [ 885.675667][T21429] snd_seq_queue_alloc+0x2e5/0x590 [ 885.675707][T21429] snd_seq_ioctl_create_queue+0xa9/0x370 [ 885.675753][T21429] call_seq_client_ctl+0xa3/0x130 [ 885.675780][T21429] snd_seq_kernel_client_ctl+0x77/0xd0 [ 885.675809][T21429] alloc_seq_queue+0xdb/0x180 [ 885.675854][T21429] ? __pfx_alloc_seq_queue+0x10/0x10 [ 885.675898][T21429] ? mark_held_locks+0x40/0x70 [ 885.675933][T21429] ? _raw_spin_unlock_irq+0x23/0x50 [ 885.675968][T21429] ? lockdep_hardirqs_on+0x78/0x100 [ 885.676010][T21429] snd_seq_oss_open+0x2b2/0xa10 [ 885.676044][T21429] odev_open+0x79/0xc0 [ 885.676067][T21429] ? __pfx_odev_open+0x10/0x10 [ 885.676092][T21429] soundcore_open+0x2e3/0x5a0 [ 885.676121][T21429] ? __pfx_soundcore_open+0x10/0x10 [ 885.676148][T21429] chrdev_open+0x234/0x6a0 [ 885.676175][T21429] ? __pfx_apparmor_file_open+0x10/0x10 [ 885.676204][T21429] ? __pfx_chrdev_open+0x10/0x10 [ 885.676233][T21429] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 885.676269][T21429] do_dentry_open+0x6d8/0x1660 [ 885.676295][T21429] ? __pfx_chrdev_open+0x10/0x10 [ 885.676330][T21429] vfs_open+0x82/0x3f0 [ 885.676366][T21429] path_openat+0x208c/0x31a0 [ 885.676404][T21429] ? __pfx_path_openat+0x10/0x10 [ 885.676443][T21429] do_file_open+0x20e/0x430 [ 885.676473][T21429] ? __pfx_do_file_open+0x10/0x10 [ 885.676522][T21429] ? alloc_fd+0x476/0x790 [ 885.676552][T21429] ? do_getname+0x191/0x390 [ 885.676592][T21429] do_sys_openat2+0x10d/0x1e0 [ 885.676628][T21429] ? __pfx_do_sys_openat2+0x10/0x10 [ 885.676666][T21429] ? __fget_files+0x21f/0x3d0 [ 885.676698][T21429] __x64_sys_openat+0x12d/0x210 [ 885.676735][T21429] ? __pfx___x64_sys_openat+0x10/0x10 [ 885.676783][T21429] do_syscall_64+0x106/0xf80 [ 885.676821][T21429] ? clear_bhb_loop+0x40/0x90 [ 885.676853][T21429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.676880][T21429] RIP: 0033:0x7f25c0d9c799 [ 885.676902][T21429] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 885.676927][T21429] RSP: 002b:00007f25c1bdf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 885.676951][T21429] RAX: ffffffffffffffda RBX: 00007f25c1015fa0 RCX: 00007f25c0d9c799 [ 885.676968][T21429] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 885.676985][T21429] RBP: 00007f25c0e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 885.677001][T21429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 885.677017][T21429] R13: 00007f25c1016038 R14: 00007f25c1015fa0 R15: 00007ffe86219328 [ 885.677050][T21429] [ 886.423162][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 886.430365][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 886.473083][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 886.480416][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 886.627818][T21368] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 886.666608][T21368] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 886.944234][T20005] Bluetooth: hci6: command tx timeout [ 887.361025][T21368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 887.414876][T21452] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5634'. [ 888.516399][T21368] veth0_vlan: entered promiscuous mode [ 888.578422][T21368] veth1_vlan: entered promiscuous mode [ 888.670918][T21368] veth0_macvtap: entered promiscuous mode [ 888.694162][T21368] veth1_macvtap: entered promiscuous mode [ 888.748515][T21368] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 888.782995][T21368] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 888.822291][T21431] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.841143][T21431] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.868635][T21431] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.915177][T21431] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.954823][T20005] Bluetooth: hci6: command tx timeout [ 889.143370][T16652] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 889.154110][T16652] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 889.345516][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 889.368191][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 889.774407][T21484] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 889.804265][T21484] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 889.834615][T21484] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 889.896055][T21484] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 889.920538][T21484] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 889.974179][T21484] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 890.014030][T21484] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 890.062224][T21484] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 890.138640][T21484] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 890.169363][T21491] FAULT_INJECTION: forcing a failure. [ 890.169363][T21491] name failslab, interval 1, probability 0, space 0, times 0 [ 890.262942][T21491] CPU: 0 UID: 0 PID: 21491 Comm: syz.6.5650 Tainted: G L syzkaller #0 PREEMPT(full) [ 890.262984][T21491] Tainted: [L]=SOFTLOCKUP [ 890.262994][T21491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 890.263010][T21491] Call Trace: [ 890.263019][T21491] [ 890.263039][T21491] dump_stack_lvl+0x100/0x190 [ 890.263085][T21491] should_fail_ex.cold+0x5/0xa [ 890.263116][T21491] should_failslab+0xc2/0x120 [ 890.263145][T21491] __kmalloc_cache_noprof+0x7a/0x6f0 [ 890.263183][T21491] ? snd_virmidi_output_open+0xc4/0x670 [ 890.263220][T21491] snd_virmidi_output_open+0xc4/0x670 [ 890.263254][T21491] open_substream+0x480/0x9e0 [ 890.263291][T21491] rawmidi_open_priv+0x595/0x6f0 [ 890.263333][T21491] snd_rawmidi_open+0x4c9/0xba0 [ 890.263375][T21491] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 890.263414][T21491] ? __pfx_default_wake_function+0x10/0x10 [ 890.263446][T21491] ? kobject_get_unless_zero+0x156/0x200 [ 890.263478][T21491] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 890.263515][T21491] snd_open+0x22d/0x4c0 [ 890.263544][T21491] ? __pfx_snd_open+0x10/0x10 [ 890.263572][T21491] chrdev_open+0x234/0x6a0 [ 890.263599][T21491] ? __pfx_apparmor_file_open+0x10/0x10 [ 890.263627][T21491] ? __pfx_chrdev_open+0x10/0x10 [ 890.263656][T21491] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 890.263692][T21491] do_dentry_open+0x6d8/0x1660 [ 890.263718][T21491] ? __pfx_chrdev_open+0x10/0x10 [ 890.263753][T21491] vfs_open+0x82/0x3f0 [ 890.263793][T21491] path_openat+0x208c/0x31a0 [ 890.263831][T21491] ? __pfx_path_openat+0x10/0x10 [ 890.263870][T21491] do_file_open+0x20e/0x430 [ 890.263900][T21491] ? __pfx_do_file_open+0x10/0x10 [ 890.263949][T21491] ? alloc_fd+0x476/0x790 [ 890.263978][T21491] ? do_getname+0x191/0x390 [ 890.264015][T21491] do_sys_openat2+0x10d/0x1e0 [ 890.264055][T21491] ? __pfx_do_sys_openat2+0x10/0x10 [ 890.264093][T21491] ? find_held_lock+0x2b/0x80 [ 890.264126][T21491] __x64_sys_openat+0x12d/0x210 [ 890.264163][T21491] ? __pfx___x64_sys_openat+0x10/0x10 [ 890.264211][T21491] do_syscall_64+0x106/0xf80 [ 890.264250][T21491] ? clear_bhb_loop+0x40/0x90 [ 890.264281][T21491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.264308][T21491] RIP: 0033:0x7fa79159c799 [ 890.264329][T21491] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 890.264354][T21491] RSP: 002b:00007fa792376028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 890.264378][T21491] RAX: ffffffffffffffda RBX: 00007fa791815fa0 RCX: 00007fa79159c799 [ 890.264395][T21491] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 890.264412][T21491] RBP: 00007fa791632c99 R08: 0000000000000000 R09: 0000000000000000 [ 890.264428][T21491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 890.264443][T21491] R13: 00007fa791816038 R14: 00007fa791815fa0 R15: 00007ffd277d3828 [ 890.264475][T21491] [ 891.191310][T21500] netlink: 'syz.5.5653': attribute type 1 has an invalid length. [ 891.222952][T21500] netlink: 306 bytes leftover after parsing attributes in process `syz.5.5653'. [ 891.439971][T21503] netlink: 326 bytes leftover after parsing attributes in process `syz.5.5654'. [ 891.764060][T20005] Bluetooth: hci0: command 0x0406 tx timeout [ 891.834129][T20005] Bluetooth: hci1: command 0x0406 tx timeout [ 891.914435][T20005] Bluetooth: hci3: command 0x0406 tx timeout [ 891.921245][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 891.995847][T20005] Bluetooth: hci5: command 0x0c1a tx timeout [ 892.002046][T20005] Bluetooth: hci4: command 0x0c1a tx timeout [ 892.082713][T20005] Bluetooth: hci6: command 0x0c1a tx timeout [ 892.273710][T21513] netlink: 18 bytes leftover after parsing attributes in process `syz.6.5660'. [ 892.479168][T21519] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 892.652317][T21519] File: /dev/nullb0 PID: 21519 Comm: syz.2.5661 [ 894.156301][T20005] Bluetooth: hci6: command 0x0c1a tx timeout [ 894.202191][T21542] futex_wake_op: syz.4.5668 tries to shift op by -2048; fix this program [ 894.343590][T21542] futex_wake_op: syz.4.5668 tries to shift op by -2048; fix this program [ 894.403171][T21546] 0x000000000001-0x000000020000 : "" [ 894.521254][T21546] ftl_cs: FTL header corrupt! [ 895.931131][T21566] binder: 21564:21566 ioctl c0306201 2000000000c0 returned -14 [ 895.981959][T21568] netlink: 346 bytes leftover after parsing attributes in process `syz.4.5676'. [ 896.235334][T20005] Bluetooth: hci6: command 0x0c1a tx timeout [ 896.794426][T21584] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 896.851608][T21584] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5683'. [ 897.166734][T21586] [U] [ 897.962754][T21600] mkiss: ax0: crc mode is auto. [ 898.362181][T21604] netlink: 54 bytes leftover after parsing attributes in process `syz.6.5690'. [ 898.427106][T21607] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5691'. [ 898.686235][T21610] netlink: 342 bytes leftover after parsing attributes in process `syz.6.5693'. [ 898.743142][T21610] netlink: 342 bytes leftover after parsing attributes in process `syz.6.5693'. [ 898.775963][T21615] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 898.800626][T21617] netlink: 110 bytes leftover after parsing attributes in process `syz.6.5693'. [ 898.842774][T21610] netlink: 342 bytes leftover after parsing attributes in process `syz.6.5693'. [ 898.897300][T21610] netlink: 342 bytes leftover after parsing attributes in process `syz.6.5693'. [ 898.958954][T21610] netlink: 342 bytes leftover after parsing attributes in process `syz.6.5693'. [ 900.218837][T21640] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5701'. [ 900.588026][T21649] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 900.877684][T21655] futex_wake_op: syz.2.5705 tries to shift op by -2048; fix this program [ 900.938107][T21655] futex_wake_op: syz.2.5705 tries to shift op by -2048; fix this program [ 900.992987][T21655] 0x000000000001-0x000000020000 : "" [ 901.094263][T21655] ftl_cs: FTL header corrupt! [ 901.412271][T21664] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 902.006542][T21677] __nla_validate_parse: 1 callbacks suppressed [ 902.006562][T21677] netlink: 326 bytes leftover after parsing attributes in process `syz.4.5714'. [ 902.091687][T21675] mkiss: ax0: crc mode is auto. [ 902.101648][T21680] FAULT_INJECTION: forcing a failure. [ 902.101648][T21680] name failslab, interval 1, probability 0, space 0, times 0 [ 902.173423][T21680] CPU: 0 UID: 0 PID: 21680 Comm: syz.5.5715 Tainted: G L syzkaller #0 PREEMPT(full) [ 902.173464][T21680] Tainted: [L]=SOFTLOCKUP [ 902.173474][T21680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 902.173490][T21680] Call Trace: [ 902.173499][T21680] [ 902.173510][T21680] dump_stack_lvl+0x100/0x190 [ 902.173554][T21680] should_fail_ex.cold+0x5/0xa [ 902.173586][T21680] should_failslab+0xc2/0x120 [ 902.173614][T21680] __kmalloc_cache_noprof+0x7a/0x6f0 [ 902.173650][T21680] ? p9_client_create+0xaf/0xd40 [ 902.173772][T21680] p9_client_create+0xaf/0xd40 [ 902.173816][T21680] ? __pfx_p9_client_create+0x10/0x10 [ 902.173865][T21680] ? lockdep_init_map_type+0x5c/0x250 [ 902.173903][T21680] ? __raw_spin_lock_init+0x3a/0x110 [ 902.173947][T21680] v9fs_session_init+0x40/0xce0 [ 902.174037][T21680] ? kasan_save_track+0x14/0x30 [ 902.174064][T21680] v9fs_get_tree+0xb8/0xb50 [ 902.174087][T21680] ? rcu_is_watching+0x12/0xc0 [ 902.174129][T21680] ? __pfx_v9fs_get_tree+0x10/0x10 [ 902.174155][T21680] ? bpf_lsm_capable+0x9/0x10 [ 902.174183][T21680] ? security_capable+0x80/0x260 [ 902.174228][T21680] vfs_get_tree+0x92/0x320 [ 902.174265][T21680] vfs_cmd_create+0xd7/0x2a0 [ 902.174301][T21680] __do_sys_fsconfig+0x55a/0xcb0 [ 902.174338][T21680] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 902.174387][T21680] do_syscall_64+0x106/0xf80 [ 902.174426][T21680] ? clear_bhb_loop+0x40/0x90 [ 902.174457][T21680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.174483][T21680] RIP: 0033:0x7f25c0d9c799 [ 902.174504][T21680] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 902.174529][T21680] RSP: 002b:00007f25c1bdf028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 902.174553][T21680] RAX: ffffffffffffffda RBX: 00007f25c1015fa0 RCX: 00007f25c0d9c799 [ 902.174570][T21680] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 902.174585][T21680] RBP: 00007f25c0e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 902.174601][T21680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 902.174616][T21680] R13: 00007f25c1016038 R14: 00007f25c1015fa0 R15: 00007ffe86219328 [ 902.174648][T21680] [ 902.917951][T21687] FAULT_INJECTION: forcing a failure. [ 902.917951][T21687] name failslab, interval 1, probability 0, space 0, times 0 [ 902.942228][T21687] CPU: 0 UID: 0 PID: 21687 Comm: syz.6.5718 Tainted: G L syzkaller #0 PREEMPT(full) [ 902.942269][T21687] Tainted: [L]=SOFTLOCKUP [ 902.942279][T21687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 902.942294][T21687] Call Trace: [ 902.942303][T21687] [ 902.942313][T21687] dump_stack_lvl+0x100/0x190 [ 902.942357][T21687] should_fail_ex.cold+0x5/0xa [ 902.942389][T21687] should_failslab+0xc2/0x120 [ 902.942418][T21687] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 902.942458][T21687] ? __kernfs_new_node+0xd2/0x960 [ 902.942504][T21687] __kernfs_new_node+0xd2/0x960 [ 902.942545][T21687] ? __pfx___kernfs_new_node+0x10/0x10 [ 902.942602][T21687] ? find_held_lock+0x2b/0x80 [ 902.942627][T21687] ? kernfs_root+0xee/0x2a0 [ 902.942663][T21687] ? kernfs_root+0xee/0x2a0 [ 902.942708][T21687] kernfs_new_node+0x11b/0x1a0 [ 902.942737][T21687] __kernfs_create_file+0x53/0x350 [ 902.942772][T21687] sysfs_add_file_mode_ns+0x207/0x3c0 [ 902.942815][T21687] internal_create_group+0x593/0xf40 [ 902.942862][T21687] ? __pfx_internal_create_group+0x10/0x10 [ 902.942906][T21687] ? kernfs_create_link+0x1bd/0x240 [ 902.942942][T21687] internal_create_groups+0x9d/0x150 [ 902.942985][T21687] device_add+0x7c8/0x1950 [ 902.943098][T21687] ? __pfx_device_add+0x10/0x10 [ 902.943131][T21687] ? lockdep_init_map_type+0x5c/0x250 [ 902.943168][T21687] ? __init_waitqueue_head+0xca/0x150 [ 902.943216][T21687] netdev_register_kobject+0x1a9/0x3d0 [ 902.943283][T21687] register_netdevice+0x12e0/0x2210 [ 902.943330][T21687] ? idr_alloc+0xdd/0x130 [ 902.943392][T21687] ? __pfx_register_netdevice+0x10/0x10 [ 902.943433][T21687] ? net_generic+0xea/0x2a0 [ 902.943485][T21687] ppp_dev_configure+0x986/0xcb0 [ 902.943530][T21687] ppp_ioctl+0x985/0x2800 [ 902.943576][T21687] ? find_held_lock+0x2b/0x80 [ 902.943601][T21687] ? __pfx_ppp_ioctl+0x10/0x10 [ 902.943685][T21687] ? __fget_files+0x21f/0x3d0 [ 902.943715][T21687] ? __pfx_ppp_ioctl+0x10/0x10 [ 902.943757][T21687] __x64_sys_ioctl+0x18e/0x210 [ 902.943799][T21687] do_syscall_64+0x106/0xf80 [ 902.943837][T21687] ? clear_bhb_loop+0x40/0x90 [ 902.943875][T21687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.943903][T21687] RIP: 0033:0x7fa79159c799 [ 902.943924][T21687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 902.943950][T21687] RSP: 002b:00007fa78f7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 902.943976][T21687] RAX: ffffffffffffffda RBX: 00007fa791816090 RCX: 00007fa79159c799 [ 902.943994][T21687] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000006 [ 902.944010][T21687] RBP: 00007fa791632c99 R08: 0000000000000000 R09: 0000000000000000 [ 902.944026][T21687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 902.944042][T21687] R13: 00007fa791816128 R14: 00007fa791816090 R15: 00007ffd277d3828 [ 902.944077][T21687] [ 903.316535][T21689] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 903.889738][T21697] futex_wake_op: syz.5.5721 tries to shift op by -2048; fix this program [ 903.924004][T21697] futex_wake_op: syz.5.5721 tries to shift op by -2048; fix this program [ 903.959677][T21697] 0x000000000001-0x000000020000 : "" [ 903.974224][T21698] syz.2.5722 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 904.024179][T21697] ftl_cs: FTL header corrupt! [ 905.031998][T21716] netlink: 93 bytes leftover after parsing attributes in process `syz.2.5727'. [ 905.151794][T21714] netlink: 93 bytes leftover after parsing attributes in process `syz.2.5727'. [ 905.428886][T21718] sd 0:0:1:0: device reset [ 907.120749][T21744] zswap: compressor not available [ 907.221562][T21747] Process accounting paused [ 907.422162][T21757] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5744'. [ 907.847407][T21761] netlink: 17 bytes leftover after parsing attributes in process `syz.5.5744'. [ 908.416132][T21767] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 909.270331][T21781] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5761'. [ 911.017311][T21804] [U] [ 911.020386][T21804] [U] [ 911.023093][T21804] [U] [ 911.025810][T21804] [U] ó [ 911.108988][T21804] [U] [ 911.111789][T21804] [U] [ 911.114515][T21804] [U] [ 911.117243][T21804] [U] [ 911.211934][T21804] [U] [ 911.626557][T21817] ubi0: attaching mtd0 [ 911.679138][T21817] FAULT_INJECTION: forcing a failure. [ 911.679138][T21817] name failslab, interval 1, probability 0, space 0, times 0 [ 911.792451][T21817] CPU: 0 UID: 0 PID: 21817 Comm: syz.2.5767 Tainted: G L syzkaller #0 PREEMPT(full) [ 911.792492][T21817] Tainted: [L]=SOFTLOCKUP [ 911.792501][T21817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 911.792516][T21817] Call Trace: [ 911.792526][T21817] [ 911.792537][T21817] dump_stack_lvl+0x100/0x190 [ 911.792582][T21817] should_fail_ex.cold+0x5/0xa [ 911.792612][T21817] should_failslab+0xc2/0x120 [ 911.792640][T21817] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 911.792688][T21817] ? add_to_list+0xcb/0x600 [ 911.792800][T21817] add_to_list+0xcb/0x600 [ 911.792843][T21817] ubi_attach+0x2044/0x4d30 [ 911.792878][T21817] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 911.792914][T21817] ? ubi_msg+0x114/0x159 [ 911.792969][T21817] ? __pfx_ubi_msg+0x10/0x10 [ 911.793010][T21817] ? __pfx_ubi_attach+0x10/0x10 [ 911.793034][T21817] ? lockdep_init_map_type+0x5c/0x250 [ 911.793074][T21817] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 911.793100][T21817] ? __vmalloc_node_noprof+0xad/0xf0 [ 911.793132][T21817] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 911.793162][T21817] ubi_attach_mtd_dev+0x139f/0x32a0 [ 911.793201][T21817] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 911.793228][T21817] ? __pfx_get_mtd_device+0x10/0x10 [ 911.793271][T21817] ctrl_cdev_ioctl+0x36a/0x400 [ 911.793298][T21817] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 911.793333][T21817] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 911.793361][T21817] __x64_sys_ioctl+0x18e/0x210 [ 911.793402][T21817] do_syscall_64+0x106/0xf80 [ 911.793441][T21817] ? clear_bhb_loop+0x40/0x90 [ 911.793476][T21817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.793503][T21817] RIP: 0033:0x7f6408b9c799 [ 911.793524][T21817] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 911.793548][T21817] RSP: 002b:00007f6409af4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 911.793573][T21817] RAX: ffffffffffffffda RBX: 00007f6408e15fa0 RCX: 00007f6408b9c799 [ 911.793590][T21817] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000005 [ 911.793606][T21817] RBP: 00007f6408c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 911.793622][T21817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 911.793638][T21817] R13: 00007f6408e16038 R14: 00007f6408e15fa0 R15: 00007fff00d278d8 [ 911.793676][T21817] [ 912.610774][T21828] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5772'. [ 913.145016][T21835] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 913.243813][T21835] File: /dev/nullb0 PID: 21835 Comm: syz.4.5774 [ 913.607230][T21817] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -12 [ 916.481402][T21874] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5784'. [ 917.413271][T21895] netlink: 146 bytes leftover after parsing attributes in process `syz.5.5794'. [ 917.795627][T21901] sock: sock_timestamping_bind_phc: sock not bind to device [ 918.382068][T21913] netlink: 146 bytes leftover after parsing attributes in process `syz.5.5802'. [ 919.380227][T21925] zswap: compressor  not available [ 921.667237][ T5837] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 921.684191][ T5837] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 921.695337][ T5837] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 921.710907][ T5837] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 921.719343][ T5837] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 921.766111][T21975] netlink: 21 bytes leftover after parsing attributes in process `syz.4.5824'. [ 922.411579][T21972] chnl_net:caif_netlink_parms(): no params data found [ 922.551837][T21988] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5829'. [ 922.605267][T21988] unsupported nlmsg_type 40 [ 922.897908][T21972] bridge0: port 1(bridge_slave_0) entered blocking state [ 922.931270][T21972] bridge0: port 1(bridge_slave_0) entered disabled state [ 922.967276][T21972] bridge_slave_0: entered allmulticast mode [ 922.984994][T22000] netlink: 'syz.5.5832': attribute type 10 has an invalid length. [ 923.001063][T21972] bridge_slave_0: entered promiscuous mode [ 923.018388][T22000] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5832'. [ 923.054243][T21972] bridge0: port 2(bridge_slave_1) entered blocking state [ 923.076339][T21972] bridge0: port 2(bridge_slave_1) entered disabled state [ 923.104113][T21972] bridge_slave_1: entered allmulticast mode [ 923.127182][T21972] bridge_slave_1: entered promiscuous mode [ 923.268291][T21972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 923.328251][T21972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 923.492927][T21972] team0: Port device team_slave_0 added [ 923.525772][T21972] team0: Port device team_slave_1 added [ 923.663349][T21972] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 923.703572][T21972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 923.773876][ T5837] Bluetooth: hci7: command tx timeout [ 923.854521][T21972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 923.923987][T21972] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 923.957226][T21972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 924.104759][T21972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 924.389021][T21972] hsr_slave_0: entered promiscuous mode [ 924.422056][T21972] hsr_slave_1: entered promiscuous mode [ 924.466820][T21972] debugfs: 'hsr0' already exists in 'hsr' [ 924.472687][T21972] Cannot create hsr debugfs directory [ 925.672410][T21972] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 925.753982][T21972] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 925.838112][ T5837] Bluetooth: hci7: command tx timeout [ 925.931416][T21972] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 925.972509][T21972] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 926.374424][T21972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 926.439762][T21972] 8021q: adding VLAN 0 to HW filter on device team0 [ 926.506609][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 926.513852][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 926.581778][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 926.589013][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 927.711127][T21972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 927.875781][T22059] mkiss: ax0: crc mode is auto. [ 927.915910][ T5837] Bluetooth: hci7: command tx timeout [ 928.875978][T21972] veth0_vlan: entered promiscuous mode [ 928.927779][T21972] veth1_vlan: entered promiscuous mode [ 929.053400][T21972] veth0_macvtap: entered promiscuous mode [ 929.106060][T21972] veth1_macvtap: entered promiscuous mode [ 929.203074][T21972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 929.288791][T21972] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 929.381439][ T13] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.423842][ T13] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.501393][ T13] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.547790][ T13] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.822572][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 929.888602][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 929.998967][ T5837] Bluetooth: hci7: command tx timeout [ 930.015513][T21431] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 930.083768][T21431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 931.770817][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.778073][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.344773][T22147] netlink: 'syz.7.5879': attribute type 33 has an invalid length. [ 933.426721][T22147] netlink: 322 bytes leftover after parsing attributes in process `syz.7.5879'. [ 933.508757][T22154] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 933.548639][T22154] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 933.976342][T22163] netlink: 314 bytes leftover after parsing attributes in process `syz.7.5885'. [ 935.369260][T22179] FAULT_INJECTION: forcing a failure. [ 935.369260][T22179] name failslab, interval 1, probability 0, space 0, times 0 [ 935.465326][T22179] CPU: 0 UID: 0 PID: 22179 Comm: syz.2.5892 Tainted: G L syzkaller #0 PREEMPT(full) [ 935.465368][T22179] Tainted: [L]=SOFTLOCKUP [ 935.465377][T22179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 935.465393][T22179] Call Trace: [ 935.465401][T22179] [ 935.465412][T22179] dump_stack_lvl+0x100/0x190 [ 935.465457][T22179] should_fail_ex.cold+0x5/0xa [ 935.465488][T22179] should_failslab+0xc2/0x120 [ 935.465517][T22179] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 935.465559][T22179] ? proc_alloc_inode+0x25/0x200 [ 935.465600][T22179] ? __pfx_proc_alloc_inode+0x10/0x10 [ 935.465640][T22179] proc_alloc_inode+0x25/0x200 [ 935.465678][T22179] alloc_inode+0x68/0x250 [ 935.465713][T22179] new_inode+0x22/0x1c0 [ 935.465751][T22179] proc_pid_make_inode+0x22/0x160 [ 935.465790][T22179] proc_pident_instantiate+0x85/0x310 [ 935.465832][T22179] proc_pident_lookup+0x1e3/0x270 [ 935.465878][T22179] __lookup_slow+0x251/0x460 [ 935.465914][T22179] ? __pfx___lookup_slow+0x10/0x10 [ 935.465973][T22179] lookup_slow+0x50/0x70 [ 935.466008][T22179] link_path_walk+0x1377/0x1cc0 [ 935.466068][T22179] path_openat+0x1be/0x31a0 [ 935.466094][T22179] ? kasan_save_stack+0x3f/0x50 [ 935.466143][T22179] ? kasan_save_stack+0x30/0x50 [ 935.466183][T22179] ? kasan_save_track+0x14/0x30 [ 935.466205][T22179] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 935.466253][T22179] ? __pfx_path_openat+0x10/0x10 [ 935.466292][T22179] do_file_open+0x20e/0x430 [ 935.466323][T22179] ? __pfx_do_file_open+0x10/0x10 [ 935.466361][T22179] ? __pfx_kfree_link+0x10/0x10 [ 935.466407][T22179] ? alloc_fd+0x476/0x790 [ 935.466436][T22179] ? do_getname+0x191/0x390 [ 935.466473][T22179] do_sys_openat2+0x10d/0x1e0 [ 935.466508][T22179] ? __pfx_do_sys_openat2+0x10/0x10 [ 935.466554][T22179] __x64_sys_openat+0x12d/0x210 [ 935.466591][T22179] ? __pfx___x64_sys_openat+0x10/0x10 [ 935.466639][T22179] do_syscall_64+0x106/0xf80 [ 935.466678][T22179] ? clear_bhb_loop+0x40/0x90 [ 935.466710][T22179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 935.466737][T22179] RIP: 0033:0x7f6408b5cfce [ 935.466759][T22179] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 935.466785][T22179] RSP: 002b:00007f6409af3ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 935.466809][T22179] RAX: ffffffffffffffda RBX: 00007f6409af46c0 RCX: 00007f6408b5cfce [ 935.466827][T22179] RDX: 0000000000000002 RSI: 00007f6409af3f90 RDI: ffffffffffffff9c [ 935.466843][T22179] RBP: 00007f6408c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 935.466860][T22179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 935.466875][T22179] R13: 00007f6408e16038 R14: 00007f6408e15fa0 R15: 00007fff00d278d8 [ 935.466908][T22179] [ 937.665668][T22195] Process accounting resumed [ 938.389211][T22223] netlink: 354 bytes leftover after parsing attributes in process `syz.5.5908'. [ 938.730760][T22226] netlink: 'syz.2.5909': attribute type 33 has an invalid length. [ 938.984019][T22234] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5912'. [ 938.993274][T22234] unsupported nla_type 65535 [ 939.923636][T22247] FAULT_INJECTION: forcing a failure. [ 939.923636][T22247] name failslab, interval 1, probability 0, space 0, times 0 [ 939.969026][T22247] CPU: 0 UID: 0 PID: 22247 Comm: syz.4.5926 Tainted: G L syzkaller #0 PREEMPT(full) [ 939.969066][T22247] Tainted: [L]=SOFTLOCKUP [ 939.969076][T22247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 939.969092][T22247] Call Trace: [ 939.969101][T22247] [ 939.969111][T22247] dump_stack_lvl+0x100/0x190 [ 939.969157][T22247] should_fail_ex.cold+0x5/0xa [ 939.969187][T22247] should_failslab+0xc2/0x120 [ 939.969216][T22247] __kmalloc_cache_noprof+0x7a/0x6f0 [ 939.969252][T22247] ? alloc_netdev_mqs+0xe01/0x14f0 [ 939.969297][T22247] alloc_netdev_mqs+0xe01/0x14f0 [ 939.969344][T22247] ppp_ioctl+0x906/0x2800 [ 939.969386][T22247] ? find_held_lock+0x2b/0x80 [ 939.969411][T22247] ? __pfx_ppp_ioctl+0x10/0x10 [ 939.969454][T22247] ? __fget_files+0x21f/0x3d0 [ 939.969484][T22247] ? __pfx_ppp_ioctl+0x10/0x10 [ 939.969524][T22247] __x64_sys_ioctl+0x18e/0x210 [ 939.969569][T22247] do_syscall_64+0x106/0xf80 [ 939.969614][T22247] ? clear_bhb_loop+0x40/0x90 [ 939.969646][T22247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.969673][T22247] RIP: 0033:0x7fc20a99c799 [ 939.969694][T22247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 939.969720][T22247] RSP: 002b:00007fc20b814028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 939.969744][T22247] RAX: ffffffffffffffda RBX: 00007fc20ac15fa0 RCX: 00007fc20a99c799 [ 939.969762][T22247] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003 [ 939.969778][T22247] RBP: 00007fc20aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 939.969794][T22247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 939.969810][T22247] R13: 00007fc20ac16038 R14: 00007fc20ac15fa0 R15: 00007ffd31ce00e8 [ 939.969848][T22247] [ 941.252430][T22267] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5924'. [ 941.684557][T22264] FAULT_INJECTION: forcing a failure. [ 941.684557][T22264] name failslab, interval 1, probability 0, space 0, times 0 [ 941.820838][T22264] CPU: 0 UID: 0 PID: 22264 Comm: syz.2.5922 Tainted: G L syzkaller #0 PREEMPT(full) [ 941.820880][T22264] Tainted: [L]=SOFTLOCKUP [ 941.820889][T22264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 941.820905][T22264] Call Trace: [ 941.820913][T22264] [ 941.820923][T22264] dump_stack_lvl+0x100/0x190 [ 941.820975][T22264] should_fail_ex.cold+0x5/0xa [ 941.821006][T22264] should_failslab+0xc2/0x120 [ 941.821046][T22264] __kvmalloc_node_noprof+0xfa/0xa00 [ 941.821094][T22264] ? io_uring_setup.cold+0x171/0x1d79 [ 941.821140][T22264] ? lockdep_init_map_type+0x5c/0x250 [ 941.821180][T22264] io_uring_setup.cold+0x171/0x1d79 [ 941.821229][T22264] ? ksys_write+0x190/0x250 [ 941.821256][T22264] ? __pfx_io_uring_setup+0x10/0x10 [ 941.821372][T22264] ? do_futex+0x192/0x350 [ 941.821408][T22264] ? __pfx_do_futex+0x10/0x10 [ 941.821456][T22264] ? xfd_validate_state+0x129/0x190 [ 941.821504][T22264] __x64_sys_io_uring_setup+0xc2/0x170 [ 941.821543][T22264] do_syscall_64+0x106/0xf80 [ 941.821587][T22264] ? clear_bhb_loop+0x40/0x90 [ 941.821619][T22264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.821646][T22264] RIP: 0033:0x7f6408b9c799 [ 941.821667][T22264] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 941.821693][T22264] RSP: 002b:00007f6409ad3028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 941.821718][T22264] RAX: ffffffffffffffda RBX: 00007f6408e16090 RCX: 00007f6408b9c799 [ 941.821736][T22264] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 941.821751][T22264] RBP: 00007f6408c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 941.821768][T22264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 941.821783][T22264] R13: 00007f6408e16128 R14: 00007f6408e16090 R15: 00007fff00d278d8 [ 941.821814][T22264] [ 943.430098][T22294] FAULT_INJECTION: forcing a failure. [ 943.430098][T22294] name failslab, interval 1, probability 0, space 0, times 0 [ 943.503862][T22294] CPU: 0 UID: 0 PID: 22294 Comm: syz.5.5936 Tainted: G L syzkaller #0 PREEMPT(full) [ 943.503904][T22294] Tainted: [L]=SOFTLOCKUP [ 943.503914][T22294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 943.503929][T22294] Call Trace: [ 943.503938][T22294] [ 943.503948][T22294] dump_stack_lvl+0x100/0x190 [ 943.503993][T22294] should_fail_ex.cold+0x5/0xa [ 943.504024][T22294] should_failslab+0xc2/0x120 [ 943.504053][T22294] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 943.504092][T22294] ? security_inode_alloc+0x3b/0x2c0 [ 943.504132][T22294] ? lockdep_init_map_type+0x5c/0x250 [ 943.504172][T22294] security_inode_alloc+0x3b/0x2c0 [ 943.504200][T22294] inode_init_always_gfp+0xced/0x1040 [ 943.504232][T22294] alloc_inode+0x8e/0x250 [ 943.504267][T22294] path_from_stashed+0x25b/0x750 [ 943.504296][T22294] ? do_raw_spin_unlock+0x145/0x1e0 [ 943.504341][T22294] ns_get_path+0x60/0x80 [ 943.504367][T22294] proc_ns_get_link+0x121/0x230 [ 943.504412][T22294] ? __pfx_proc_ns_get_link+0x10/0x10 [ 943.504454][T22294] ? atime_needs_update+0x8b/0x6b0 [ 943.504495][T22294] pick_link+0xd17/0x13c0 [ 943.504533][T22294] ? __pfx_proc_ns_get_link+0x10/0x10 [ 943.504574][T22294] step_into_slowpath+0x9ba/0xf90 [ 943.504620][T22294] ? __pfx_step_into_slowpath+0x10/0x10 [ 943.504660][T22294] ? find_held_lock+0x2b/0x80 [ 943.504695][T22294] path_openat+0xf95/0x31a0 [ 943.504732][T22294] ? __pfx_path_openat+0x10/0x10 [ 943.504770][T22294] do_file_open+0x20e/0x430 [ 943.504808][T22294] ? __pfx_do_file_open+0x10/0x10 [ 943.504857][T22294] ? alloc_fd+0x476/0x790 [ 943.504886][T22294] ? do_getname+0x191/0x390 [ 943.504923][T22294] do_sys_openat2+0x10d/0x1e0 [ 943.504959][T22294] ? __pfx_do_sys_openat2+0x10/0x10 [ 943.504997][T22294] ? __fget_files+0x21f/0x3d0 [ 943.505028][T22294] __x64_sys_openat+0x12d/0x210 [ 943.505064][T22294] ? __pfx___x64_sys_openat+0x10/0x10 [ 943.505112][T22294] do_syscall_64+0x106/0xf80 [ 943.505151][T22294] ? clear_bhb_loop+0x40/0x90 [ 943.505183][T22294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.505209][T22294] RIP: 0033:0x7f25c0d5cfce [ 943.505230][T22294] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 943.505256][T22294] RSP: 002b:00007f25c1bdeec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 943.505280][T22294] RAX: ffffffffffffffda RBX: 00007f25c1bdf6c0 RCX: 00007f25c0d5cfce [ 943.505297][T22294] RDX: 0000000000000002 RSI: 00007f25c1bdef90 RDI: ffffffffffffff9c [ 943.505313][T22294] RBP: 00007f25c0e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 943.505329][T22294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.505345][T22294] R13: 00007f25c1016038 R14: 00007f25c1015fa0 R15: 00007ffe86219328 [ 943.505383][T22294] [ 944.543876][T22308] serio: Serial port ttyS0 [ 945.308518][T22318] FAULT_INJECTION: forcing a failure. [ 945.308518][T22318] name failslab, interval 1, probability 0, space 0, times 0 [ 945.378276][T22318] CPU: 0 UID: 0 PID: 22318 Comm: syz.4.5940 Tainted: G L syzkaller #0 PREEMPT(full) [ 945.378317][T22318] Tainted: [L]=SOFTLOCKUP [ 945.378326][T22318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 945.378342][T22318] Call Trace: [ 945.378350][T22318] [ 945.378360][T22318] dump_stack_lvl+0x100/0x190 [ 945.378405][T22318] should_fail_ex.cold+0x5/0xa [ 945.378435][T22318] ? process_preds+0x4c2/0x1d90 [ 945.378474][T22318] should_failslab+0xc2/0x120 [ 945.378503][T22318] __kmalloc_noprof+0xe0/0x850 [ 945.378550][T22318] process_preds+0x4c2/0x1d90 [ 945.378596][T22318] ? create_filter_start.constprop.0+0x134/0x310 [ 945.378643][T22318] create_filter+0x140/0x210 [ 945.378684][T22318] ? __pfx_create_filter+0x10/0x10 [ 945.378728][T22318] ? find_held_lock+0x2b/0x80 [ 945.378757][T22318] apply_event_filter+0x220/0x500 [ 945.378800][T22318] ? __pfx_apply_event_filter+0x10/0x10 [ 945.378850][T22318] event_filter_write+0x16d/0x290 [ 945.378884][T22318] vfs_write+0x2aa/0x1070 [ 945.378910][T22318] ? __pfx_event_filter_write+0x10/0x10 [ 945.378945][T22318] ? __pfx_vfs_write+0x10/0x10 [ 945.378969][T22318] ? __fget_files+0x215/0x3d0 [ 945.379007][T22318] ? __fget_files+0x21f/0x3d0 [ 945.379041][T22318] ksys_write+0x12a/0x250 [ 945.379066][T22318] ? __pfx_ksys_write+0x10/0x10 [ 945.379100][T22318] do_syscall_64+0x106/0xf80 [ 945.379140][T22318] ? clear_bhb_loop+0x40/0x90 [ 945.379172][T22318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.379199][T22318] RIP: 0033:0x7fc20a99c799 [ 945.379220][T22318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 945.379246][T22318] RSP: 002b:00007fc20b814028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 945.379270][T22318] RAX: ffffffffffffffda RBX: 00007fc20ac15fa0 RCX: 00007fc20a99c799 [ 945.379287][T22318] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 945.379303][T22318] RBP: 00007fc20aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 945.379318][T22318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.379334][T22318] R13: 00007fc20ac16038 R14: 00007fc20ac15fa0 R15: 00007ffd31ce00e8 [ 945.379367][T22318] [ 946.686434][T22337] sd 0:0:1:0: device reset [ 949.962883][T22391] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5980'. [ 950.209681][T22395] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 950.295786][T22395] File: /dev/nullb0 PID: 22395 Comm: syz.7.5972 [ 950.314256][ T31] INFO: task syz.0.4765:18818 blocked for more than 143 seconds. [ 950.332590][ T31] Tainted: G L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 950.358200][ T31] Blocked by coredump. [ 950.388725][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 950.431581][ T31] task:syz.0.4765 state:D stack:27320 pid:18818 tgid:18818 ppid:5824 task_flags:0x40044c flags:0x00080003 [ 950.494974][ T31] Call Trace: [ 950.510801][ T31] [ 950.529898][ T31] __schedule+0xfee/0x6120 [ 950.547323][T22400] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5975'. [ 950.563811][ T31] ? __lock_acquire+0x4a5/0x2630 [ 950.581421][ T31] ? __pfx___schedule+0x10/0x10 [ 950.599968][ T31] ? find_held_lock+0x2b/0x80 [ 950.623632][ T31] ? schedule+0x2bf/0x390 [ 950.645126][ T31] schedule+0xdd/0x390 [ 950.667198][ T31] schedule_preempt_disabled+0x13/0x30 [ 950.696182][ T31] __mutex_lock+0xc9a/0x1b90 [ 950.725099][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 950.757910][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 950.778193][ T31] ? net_generic+0xea/0x2a0 [ 950.794289][ T31] ? net_generic+0xea/0x2a0 [ 950.809542][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 950.830533][ T31] nfsd_shutdown_threads+0x5b/0xf0 [ 950.847626][ T31] nfsd_umount+0x3b/0x60 [ 950.866007][ T31] deactivate_locked_super+0xc1/0x1b0 [ 950.887169][ T31] deactivate_super+0xe7/0x110 [ 950.904845][ T31] cleanup_mnt+0x21f/0x450 [ 950.920744][ T31] task_work_run+0x150/0x240 [ 950.936524][ T31] ? __pfx_task_work_run+0x10/0x10 [ 950.953515][ T31] do_exit+0x8b8/0x2b60 [ 950.972853][ T31] ? __pfx_do_exit+0x10/0x10 [ 950.989378][ T31] ? cgroup_update_frozen_flag+0x107/0x210 [ 951.013615][ T31] ? find_held_lock+0x2b/0x80 [ 951.032506][ T31] ? get_signal+0x184f/0x21e0 [ 951.079083][ T31] do_group_exit+0xd5/0x2a0 [ 951.083670][ T31] get_signal+0x1ec7/0x21e0 [ 951.089256][ T31] ? __asan_memset+0x23/0x50 [ 951.163785][ T31] ? __pfx_get_signal+0x10/0x10 [ 951.168728][ T31] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 951.263175][ T31] arch_do_signal_or_restart+0x91/0x770 [ 951.327874][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 951.375383][ T31] ? __x64_sys_clock_nanosleep+0x347/0x480 [ 951.381297][ T31] exit_to_user_mode_loop+0x86/0x4a0 [ 951.429735][ T31] do_syscall_64+0x668/0xf80 [ 951.454218][ T31] ? clear_bhb_loop+0x40/0x90 [ 951.459059][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 951.503821][ T31] RIP: 0033:0x7fbcb9b5cfce [ 951.508303][ T31] RSP: 002b:00007fbcbaa0af58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 951.574242][ T31] RAX: fffffffffffffdfc RBX: 00007fbcbaa0b6c0 RCX: 00007fbcb9b5cfce [ 951.582384][ T31] RDX: 00007fbcbaa0afb0 RSI: 0000000000000000 RDI: 0000000000000000 [ 951.648327][ T31] RBP: 00007fbcb9c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 951.670042][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 951.693423][ T31] R13: 00007fbcb9e16038 R14: 00007fbcb9e15fa0 R15: 00007ffcc78c03c8 [ 951.713771][ T31] [ 951.718281][ T31] [ 951.718281][ T31] Showing all locks held in the system: [ 951.811186][ T31] 1 lock held by pool_workqueue_/3: [ 951.834228][ T31] #0: ffff8880b843b360 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x140 [ 951.863816][ T31] 3 locks held by kworker/u8:0/12: [ 951.869064][ T31] #0: ffff88813fea4148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 951.898280][ T31] #1: ffffc90000117d08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 951.923125][ T31] #2: ffffffff906152e8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 951.943779][ T31] 1 lock held by khungtaskd/31: [ 951.948696][ T31] #0: ffffffff8e7e7720 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 951.973785][ T31] 2 locks held by syz-executor/5826: [ 951.979154][ T31] #0: ffff88807f16e0e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 952.014573][ T31] #1: ffffffff8ec585a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 952.034249][ T31] 2 locks held by syz.0.4765/18818: [ 952.039491][ T31] #0: ffff88805916c0e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 952.088360][ T31] #1: ffffffff8ec585a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 952.127922][ T31] 2 locks held by syz.1.4980/19466: [ 952.133257][ T31] #0: ffffffff906c1610 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 952.155544][ T31] #1: ffffffff8ec585a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1a80 [ 952.185191][ T31] 2 locks held by syz-executor/19725: [ 952.190607][ T31] #0: ffff88805741e0e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 952.201391][ T31] #1: ffffffff8ec585a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 952.213148][ T31] 2 locks held by syz-executor/20108: [ 952.218872][ T31] #0: ffffffff906152e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 952.239434][ T31] #1: ffffffff8e7f3338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 952.252754][ T31] 1 lock held by syz.2.5378/20730: [ 952.258681][ T31] #0: ffffffff906152e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 952.269924][ T31] 2 locks held by syz-executor/21368: [ 952.276034][ T31] #0: ffff88807cb2a0e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 952.286683][ T31] #1: ffffffff8ec585a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 952.296601][ T31] 1 lock held by syz.7.5972/22395: [ 952.301733][ T31] #0: ffffffff8e7f3338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 952.380252][ T31] [ 952.382644][ T31] ============================================= [ 952.382644][ T31] [ 952.434286][ T31] NMI backtrace for cpu 0 [ 952.434310][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 952.434344][ T31] Tainted: [L]=SOFTLOCKUP [ 952.434352][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 952.434372][ T31] Call Trace: [ 952.434380][ T31] [ 952.434389][ T31] dump_stack_lvl+0x100/0x190 [ 952.434432][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 952.434472][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 952.434509][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 952.434543][ T31] sys_info+0x141/0x190 [ 952.434567][ T31] watchdog+0xd25/0x1050 [ 952.434599][ T31] ? __pfx_watchdog+0x10/0x10 [ 952.434624][ T31] ? __kthread_parkme+0x18c/0x230 [ 952.434655][ T31] ? kthread+0x13a/0x450 [ 952.434686][ T31] ? __pfx_watchdog+0x10/0x10 [ 952.434707][ T31] kthread+0x370/0x450 [ 952.434738][ T31] ? __pfx_kthread+0x10/0x10 [ 952.434779][ T31] ret_from_fork+0x754/0xd80 [ 952.434817][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 952.434855][ T31] ? __switch_to+0x7b4/0x1120 [ 952.434883][ T31] ? __pfx_kthread+0x10/0x10 [ 952.434918][ T31] ret_from_fork_asm+0x1a/0x30 [ 952.434958][ T31] [ 952.967126][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 952.974122][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 952.984906][ T31] Tainted: [L]=SOFTLOCKUP [ 952.989237][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 952.999387][ T31] Call Trace: [ 953.002680][ T31] [ 953.005620][ T31] dump_stack_lvl+0x100/0x190 [ 953.010335][ T31] vpanic+0x552/0x970 [ 953.014353][ T31] ? __pfx_vpanic+0x10/0x10 [ 953.018873][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 953.025149][ T31] panic+0xd1/0xe0 [ 953.029140][ T31] ? __pfx_panic+0x10/0x10 [ 953.033853][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 953.040050][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 953.046234][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 953.052535][ T31] ? watchdog.cold+0x198/0x1ca [ 953.057317][ T31] ? watchdog+0xd35/0x1050 [ 953.061800][ T31] watchdog.cold+0x1a9/0x1ca [ 953.066417][ T31] ? __pfx_watchdog+0x10/0x10 [ 953.071106][ T31] ? __kthread_parkme+0x18c/0x230 [ 953.076151][ T31] ? kthread+0x13a/0x450 [ 953.080416][ T31] ? __pfx_watchdog+0x10/0x10 [ 953.085104][ T31] kthread+0x370/0x450 [ 953.089286][ T31] ? __pfx_kthread+0x10/0x10 [ 953.093942][ T31] ret_from_fork+0x754/0xd80 [ 953.098593][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 953.103839][ T31] ? __switch_to+0x7b4/0x1120 [ 953.108545][ T31] ? __pfx_kthread+0x10/0x10 [ 953.113174][ T31] ret_from_fork_asm+0x1a/0x30 [ 953.117986][ T31] [ 953.121118][ T31] Kernel Offset: disabled [ 953.125472][ T31] Rebooting in 86400 seconds..