last executing test programs: 10.745610886s ago: executing program 3 (id=2570): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x1f, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)={0x20, r2, 0x1, 0x70bd31, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x5}]}]}]}, 0x20}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kfence/parameters/sample_interval\x00', 0x102, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) bpf$auto(0x2, 0x0, 0x1) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 4.695689481s ago: executing program 1 (id=2588): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xfffffffffffffff9, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc080aebe, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x2a, 0x2, 0xb) mmap$auto(0x0, 0x20009, 0x7e03, 0xeb1, 0x401, 0xce) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) pipe$auto(0x0) fcntl$auto(r2, 0x5, 0x6) r3 = socket(0x2, 0x5, 0x0) setsockopt$auto(r3, 0x0, 0x10, 0x0, 0x17) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mbind$auto(0xfffffffffffffffb, 0x4, 0x0, &(0x7f0000000000)=0x80000001, 0x2, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/mm/lru_gen/enabled\x00', 0x2063, 0x0) 4.38405688s ago: executing program 3 (id=2592): socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) sendmsg$auto_WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x60bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000811}, 0x810) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async) mmap$auto(0x0, 0x9d90, 0xdf, 0xeb1, 0x401, 0x8000) (async) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x11a0}, 0x1, 0x0, 0x0, 0x90}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRESOCT=r0, @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) ioctl$auto(r0, 0xc0c0128e, r1) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) socket(0x2, 0x80002, 0x73) (async, rerun: 32) socket(0xa, 0x1, 0x84) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) ioctl$auto_IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000000c0)={0x101, 0x21b}) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) access$auto(&(0x7f00000002c0)='./file0\x00', 0x5) (async) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x60800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) (async) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, 0x0, 0x80) (async) lstat$auto(&(0x7f0000000100)='./file0\x00', &(0x7f0000000300)={0xfff, 0xfffffffffffffff4, 0x85, 0x0, 0xee01, 0xee01, 0x0, 0x7, 0x80000000, 0x6, 0x1, 0x6, 0x2, 0x0, 0x7, 0x3, 0x7}) setfsuid$auto(r4) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 4.137081712s ago: executing program 1 (id=2593): openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (fail_nth: 6) 3.490406453s ago: executing program 0 (id=2594): ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000100)={0x60, 0x2, 0x110000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x0, 0x7f, 0x0, 0x2, 0x0, 0x2}) r0 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/open_files\x00', 0x502, 0x0) pread64$auto(r1, 0x0, 0x100000001, 0x100) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x787a06, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r2, 0x4, 0x7ff) ptrace$auto_PTRACE_DETACH(0x11, r2, 0x3, 0x28e2) r3 = io_uring_setup$auto(0x6, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r6 = ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(r6, 0xae41, r6) ioctl$auto_KVM_CREATE_VM(r4, 0xae80, 0x0) socket(0x2, 0x5, 0x0) r7 = getpid() process_vm_readv$auto(r7, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r8 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ca622b6b", @ANYRES16=0x0, @ANYRES8=r2, @ANYRES64=r3, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000100000000000000000008000200", @ANYRES32=r10, @ANYBLOB="08000300080000000a0001000000000000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(r8, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r0, 0x10000000084, 0x9, 0x0, 0x9c) 3.357596446s ago: executing program 3 (id=2595): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x4000000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open$dir(&(0x7f00000001c0)='./file0\x00', 0x201, 0x14) syz_genetlink_get_family_id$auto_ila(0x0, 0xffffffffffffffff) open(&(0x7f00000002c0)='./file0\x00', 0x200, 0x1c7) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_MON_GET(r2, 0x0, 0x8080) shmctl$auto_IPC_RMID(0xa, 0x0, &(0x7f0000000200)={{0x9, 0xffffffffffffffff, 0xee01, 0x4, 0x100, 0xb1fffffd}, 0x400, 0x400000006, 0x8, 0x0, @inferred=0x0, @raw=0x7, 0x2, 0x0, 0x0, &(0x7f0000000740)="2e55e9ee5f293332e76b54634eea61dc2187145174aefcc713bfe59fa80a1971082349a14a5764ebef929a0070d08b7fc4764d868c484d3b33cf35999dddba58bc3c912d44653ee2a07d6fb5fce6cf876f8c881161ee593715c3446b2754c9472c0d80ae944cf2cb1cdbfbe3e96a113bb70487a1ffc871b90a5f449cb57223f4567195f4908eaeae629e8565823508cc0ef60f13baf5feddc5c36dec32c6dff8616368b87c38e2a6cdb93c7bb9a02f07"}) syz_clone3(&(0x7f0000000940)={0x40080000, 0x0, &(0x7f0000000380), &(0x7f00000003c0), {0x4}, &(0x7f0000000440)=""/231, 0xe7, 0x0, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, r3], 0x7, {r1}}, 0x58) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_NCSI_CMD_PKG_INFO(0xffffffffffffffff, 0x0, 0x811) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) write$auto(r4, &(0x7f0000004240)='\x01', 0x10000000004) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0xd, 0x1, 0x948d, 0x1ff, 0x15f4da07, 0x3, 0x8003, 0x65, 0x8000001f, 0x1000, 0x100000000006d3e, 0x9, 0x1, 0x8]}, 0x0) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x64, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x4303, 0x1, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0xfffffffffffffff8, &(0x7f0000000140)=0x2) syz_clone(0x280, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = socketcall$auto(0x8000, 0x0) r6 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC1D0c\x00', 0x20000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_DROP2(r6, 0x4143, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) 3.256177159s ago: executing program 1 (id=2596): r0 = set_tid_address$auto(&(0x7f0000000080)=0x2) prctl$auto(0x0, 0x2, r0, 0x1, 0x2ce) socket(0x2, 0x2, 0x1) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x48800) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x23, &(0x7f00000000c0), 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/icmp\x00', 0xc0880, 0x0) read$auto(r1, &(0x7f0000000040)='/proc/self/net/icmp\x00', 0x80000001) 2.924338167s ago: executing program 0 (id=2597): socket(0x1d, 0x3, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) io_uring_setup$auto(0x6, 0x0) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8000, 0x2000) io_uring_setup$auto(0x6, 0x0) open(0x0, 0x22240, 0x155) 2.872316788s ago: executing program 1 (id=2598): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setresuid$auto(0x2, 0x7, 0x0) setdomainname$auto(0x0, 0x8) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) madvise$auto(0x1afd, 0x7fffffff, 0x4) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xa8}, 0x1, 0x0, 0x0, 0x80}, 0x4c000) mmap$auto(0x800000000000, 0x2020009, 0x3, 0xfffffffffffffffd, 0xffffffffffffffff, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/wakeup/wakeup7/wakeup_count\x00', 0xc0000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r2, 0x7cb, 0x0) close_range$auto(0x2, 0xa, 0x0) madvise$auto(0x0, 0x7f, 0x19) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0x2, 0x2000b, 0x4800000000df, 0xeb1, r1, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x13, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) bpf$auto(0x2, &(0x7f0000000380)=@enable_stats={0xffffffff}, 0x3) read$auto(0x3, 0x0, 0x80) 2.022847212s ago: executing program 2 (id=2600): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x406, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x1e, 0x5, 0x0) setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140)=';') get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xc0002, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop4/queue/discard_max_hw_bytes\x00', 0x22180, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) close_range$auto(0x2, 0xa, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) r4 = epoll_create$auto(0x20009) r5 = epoll_create$auto(0x3e) epoll_ctl$auto(r5, 0x1, r4, 0x0) 1.956798291s ago: executing program 0 (id=2601): r0 = socket(0x1d, 0x3, 0x1) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/pressure/memory\x00', 0xa2102, 0x0) write$auto(r1, &(0x7f0000000180)='/dev/vmci\x00', 0xffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) io_uring_setup$auto(0x6, 0x0) r2 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000040), r0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_CQM(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="60120000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fddbdf253f00000042125e80120157803b38694e6b0fca720453224d88a2393983143415c642e3c360ab48d694e21204e89b4c8ab7d4be6f1bd65055c54d3fedb9b4591e6ee6576b1f011e23c80c6ea478e8f3da21f26ade35148398f2ef3e09640a60c3c91182270b133cd2c31dc32b05b5ee01b088c4974eef13d2e4f95cb2ac0310e4be67d9c413ba544ba9032697b70cfabb60ec8054e108535328bdec1e0b739a64b91ce719be7daf4bef038618c8fccd0944385a98747f2a7268f08864bda87a2213c48acc5e6c42979968e0f3768eb883808e04e10e569b844eaaeaa3189ba059a1cceea2c7c642a436757dd6815ec3f1582f74e9dee4e0f7e472575ed6621d42aeaa18af25da7d3268e408003100", @ANYRES32=0x0, @ANYBLOB="080081000700000000000400058008002600", @ANYRES32=0x0, @ANYBLOB="67a34f3643a24c499e4c63b8933bc03715b91d650cbaa8940368ce12126cb0aac0004ecf7aa17f73a3580b834e2e6b914d225f52f74ac0fea28df7265abd3ee736be519502d1717de6cd8673330df94952258d016e7ea44db5c61bf50173c5f714008eb6ba9a3ec87482ad4433f20ae1aeaef535a29b40dc43a545955f7c53b5bc1c64e04a1f25edacecc1e88d36cbcfde4c02e45b5a5d96c28b396e509d080083007f000001140083000000000000000000000000000000000164100080081001800400e6804f9d3286f5dc37e371f2459a3d66ebdfbc0ffda4cd833e918c26af5fd11a1099cf1bafb1021a26bac24ecbd707760cd870c1561769fa8c7e9a939af2db3a623ac30c74e2d416fb9af4b9f936e69756ea46e2ca2b5fd29901458eba4ec4f39bec5c9948a29368c214eec7410d0117d0eeb576c3a522600b452fb976eb7e0fa7d306778d000bc42187176a9921361dd2a35d73b58cfc18c6692d74059fda389d16c17708dda577c841913e44028f9421866c3b5f2fdfe6cec6dca9949c9565b7819064e6d58eb88c6f3206013985acbc070726d3a18ede631b42b63e48e22bb3eb3310ce27ed3d87788dadd5b689768f5d9a1851f571a532595e242e8193fb161d541cf6cf8b33d1ac2f50cb54486d88af170aaad39514a106b69034e566a8683dee50b27ad1197cd43d4e1f86a11056f50af8a2a22712534dddb5038f30e7f9ed9931d73f18a01c2ae5be38a9d7997e9ce58d870cb1053a892e1b121f1a3ddc5f77d0e8732f2831d4cdc963f0914b6571a42c8f84b3f5f56b00903a820a383aae4d18152b4971974fe87c021438e2c83a0fc7aea2b928292d41bffe9c8a0530e5100e1d758d4ae7400bade7a8f8e5bcec452c0956ff05cac08c513de68f87ba7c43ab2296ee307bd1974d277b6a1bd9ea8e8aae39fa1cbafaedd754b6ffa0a1be7bcd1ee8a21d951eb5817fb3cb8f6fe6de3ef17cd5e2732914ce89185bce0cefdaeecd0d11d6857d798411db6e54e4a4541fecd51b8e182d068ce78ee082dcd94c0d82533dfde08ec897128faad32bb46685ddc3ec95472aba2dfb8a9b74352bd81faeb23cdc62115b88c4d48f65c5039e333c02dfbfcd742852cc9ad54274cd3917137de8e8e9ab7b73b64f86051d996f7574b5f66eb9bdfa7c28350aa1e5358c54de919fd9b0b8b9cb6742f91611ab6fa32f7e26d5f031e3826edd4e9a1d8b4683a983b9b5c31ee73bf5e534e0f076c7da397d47274c2ccfc5fbac9c94d219858ecf9cbec11ab987cd5e3efe607670f2075045f7fa76aa8b0e39a58b11efdf611c8ab9fe1ca4d16487f88bd4d144fe32315a1b006986c392bb2159ec69a6315ee61b97f49e24046859d019ac7d55782a3a1eacf3e09c61270e20a74125d574083bf57a8ea7fd4b3408c66d3a9d8ae40020ae1032a119234507dff4bb5dbf5fc434adcb01730ed5d88fe385012bd2d043291420576e36c0368a0a57cfa58319209402c836b06bfcc5f3a715075df18cd8e4eba8918aefa03bb0581df7ef430ce922f046cf7342f70b1902c9456196ef2e2ef606a4f2278d6ebc5b982af304aadc47e3481e4300d5ef1c2c4677cd370219ce8f5b88f33ff139fa5a102311406746af4d69a579fb19f633b58cf80205774514138392b42d1a49c24f6976380fc388073299b78e495e278d227288534bfea710bf44e2284ae5906324839004b6540d4fa7e866e8aa91707a63193fa955ec5d673c1a9cbe5eb056a53f60a067f998234dd10cdd6eb234af4e898bc31a0f64ffb774f09748a2eb2289bec50ddb5b06b11e08512dc7bfcfa4c4bbaa842a439d9db5b182ad749d23a461a83f530d1aadbe103726f6dcebb044486578acb34ad7390c691e564fde7289ad818797e4363d995a3828a67218b7374e3f02f023a3aa92c7e5dcdc179efc2407a49d3e7a8c6e0edde033e3060482163291eafdeff6a2dd194ac208ebb82827bcb60188ec9b71192c4b7843729fbb65f049e11640aab0ddbb6544d75f36f5961e68c02edd3892cb24a6b25c426ce7e6b104498087e47f67b786596fa7c02ce1956b710ca5df9282509378faa646312186495863807b7e2f47cdef0fb21579576b2700ae11c2db7b2d04fbdcb677e67db4e33dc017d7eba07392c80653193d42e9f4159db3fa71808971730c3b1906721b14939751da8d370c3909bab48a518ac61da7132b5ba284b94ca521d178057c747b55bca88545e7dcbc2a06933e12be65efa79d822853132e87f7c6539a127a501abb2421c8365e486b6ac9bf955dbe1643fa5faf8267de3f92e64feaed768b088ca5c8104bd09823fd38a119c73b0d208a608f80091736e0e1817373e87d1bcfd1be5e7a78735505d5dc023312da6cbd0d41d0594c94d2cd0235b81a56420f98e8ae22c4cd66c0c22a4aa584cfdaa441492e3c8432c0c64b00a59c6f7daf490ddce33e44a7f86012ab1c6c3a97802c7b966c6aa4e8c22d7db072680bcb0bad0cf81f03b48908ef8eb096af0ad1c1a8cd1e5a76cfda5ff3d30c4a5750b241ca655b7c68e9b1a1813fce539b5621aa6a969ea4984ea6e8dddff49ff16446fbcceee05d516917b90ac1d4e9638081ceaabbd41cbcb541a993b8e89999b9c8ee6148f1b2c1ade6270a871f1f3f683ebd9b391628977f27795566999932898f3a227ac1c725a34c201d8fc1405bed0d91d83348e0b3e3be09e0cf49f4148dca0c8373983714da584224a0ff37d051e6722b9c5669a295b812ce8d2e7b4f1bea4a28acc0fd647304de5bb8a9de4d56167b4ab4362729ae33dc43a1f50d51aa07e60d352b471d332610d9110d08905497a56cff0e65cfdab5c125ab8bef8e0bf6fc70755dacac1454c57e93c188d29f00612a15cd26fc3b46552c95410dd81bf1b772ac179ee25a4f4117792c7bf2177d93d636d66822487b34f215b8c9fae1884230b3ee022414ccd52faace045206de9d67f3ef8e6e134492e70ebcb0a0db67ff838ef9943393a1e21c2681efedb3f60ad7555d8e65bb1e67b17bfb2b5a596fb0d9afccad7a720d5f868e6f534dbddb19004021d5f28146d1d96a35e311d3f28a05538904893929a5e69dfa508753a08871721a35b93c2d6b71ab97c58b6a6460c246587a8a6acc165a39f8f83be478a9616ba720ade7dbe21eee9ff9c83acca284d75aff38747ecbff40d9972718e514069895bbc8264a5df1ba92817c79d2b2743dbe6ddf484d0bc6fa888d22a1e562ba7eb72d06f9a8269280c87aa228e110fa12c3efebcaa2061857e0e791a8f696f8bcdb5322151a158c181ec9eb6fc6c6a1b21915acc940dc479d3124039162b4bec71f59a60dd6fa52e01d370f1d128baa6013f242f81b342097a46bbb719c0fcda1e96f640df394b52970d83f9ff4c17032d2c678175ca0a67fcf96827c03d947775465fb215aeb3e7a2e61b894b8a708e19d723e0a3b5092ad53996493a19d45da7045bacae2bc5ece379309504101d06225dbe2a06338f390cad72dca28ff9ad86eeffab2e4217df4d22a81cb1f9a232233ccc4fa07f972e02efae6d6cca4d6ccb70de3f67d5f9a4935ee24f12468879fcfaa9521696efdf0f262d362ecfd4fcaa66102985b1b99f576d7a80deb0e0e7a7b1ca10ad804df3c5e15d0b9a42cc5313aec9e1fa6e5a80d653291988f03cb2404f8874925f4279a20af1d821533c6af18e9ef618b6588d28dc030f98ed32a1b74cc6dfad2548d1469efd6107f3ca178870f2e894d48c962a57d87ad290fbce440ccc9b34f0b0ee2a562efbc33cbf7469af40ef44c4eb55f48c9780bbf338d367a7979c8f689960d7f80689631209bf7700c86839c225e4e5ef374cb92252c3e6ea3d95badfee2e0bd2546005a19572ef18b97010714b3eebc25309d7b01af6786e96208126ab0ec4820e75ce420db45f8264e0acbe063a7c340ced860d2f85fd140460c9b64fd949abd41c47a96dba2d589e6c38dda1a94b67dcd37c3af44a84531cbceafb65591edb2bc21b74d79b59a29037dedf6f37e3527509d5b28031f3072611deaa62682a58c4a77ad959b61dfcd1fd2a617afb91c9d29ef358a70841df7313c6d52601160b061165c4851e1497ac6162165d4558e0c18b8217a4f656873dad090659faa4936267d4322cc973762e1e4c9dc232dab90d2b682d57d115b47be4fd093ece7844b5bdac07efbad8f21864fc2496ab3448e9e7a22dc80aeeab304a1b7bdba03ba196511da60c615aed3b1ccf0622852b8fdc53ac1ca4b29f469a2f4a2ae9482853fa23377c27903cc820abcf350e5df4e00b4a004ed0178b837308a5a5d8eb74027d37076a6ac68a48b0b28c8fa333528a40d83c64bf9017db8294afb806be56be448f5375d88b3983fe4b0f02caa27bb6e7ddbbcdb70ad825e230b765fd621791cfe1c4231f5ba2c1368df7d85f05b71ca7e6fe034356a0b75ee8841a308a11cefff15ed855417e51f908c580647d7e808be4d246ac3cdfeeb859e1a01a1336b5ec5bce4e6ab8952069280b6387304dcdbcfb5810e46d090bfab07d9f07744ddc913e7e9488496fa4ba849b458667aa7b445e9aeea9a6f79fc1c58a44f5dd3a21b9e1eb7c35407be193c51e98120608142c68e21974406e1778701d7ff45ceb5a8b9f905b811e61e035def42570ddc4cfd4a616704f8f37d454a0146895e6460b696e5c0a0e471843ebacdadb9acecaab4f26695a2e51b0c7de7b827aadaf15b6fa4689c1d79eb8c15b9305fae6f280a9c81c3f6e6c40e9cfa48f61ba119f247a3cb62fb972168d3d169efecda069a6247f55fee3a91c6fb732004437b1a8a19b38ef806bbd70af4f2387b635b37be1fe926c3c5312d9a48b1ee3f43ae973489a52a759a9e205ef6016973950e80d75bbbfc21e5e705dcfbb3247d26dcbb189127527c4b1c70259eb091511e88aa93e106b948715acca28d2b88169c156ac62a09caa132ffcce3ea40123dbe79a5ecdfbbd3bf980728bc7b98e9ccb7892b6996a8c009b0ed2f7c69c35c50ddfb2df05e875e3bce83c96d2ddd522e822f3f9128a7d80adf62b1871403950c4ab03da3f2fe31b8c1414ecf2489e0718b68bd660510c6cdc65bb893eebd4ad81b4ffd93ee20aa6533e8476e542f095bdff331f467accff8866fea9191a7b73b47008067f2fc43cf4ffc0fdaa0035bc44c7a9147c136b76b059ba33551069be8fe76b0422e26365443ffbd54c21d3c33fccf41a3a267de5d204de4c5da2c62df6bedd553a20780e6510a4ba3bc1a0cdfd26b2ff9f359d83e53daa232f06392a10217382ce20f9732b181877b9a8c39d2f52629c682e11ca6cec671b2c11eb8e11ce3ec52cfe857ee0cf6cccacf70de2d3f5fad104ba578b7a543907ac30d19a0042a8d0844665e4118f6bec03b15cb3541553f0aba726f4884521ac4b8d6270787e9a9e6466e9186f579d22b84305c3a5ba884e0be911ce87c16490de860dbcaf3abc83ea9cc9ee7650b629a0a75bf21d7601eb23ba719b01e44cf6571b21e4cb3ecd07ef2b20e37fd7f6367d6dba9fec5a565e01d89e1046f346e94185ad1097df8663cfbb49c4c0deab6afb339bfc393d9670bb2d38ed372bdea496a7c4e9be26bf74b3f242bd544e55c81c022237d8084df1df66e697c7e72731e752609f8bad9059241e8b8c778e4a19da51067d61c1da151df71089dee888b7b6dd2079c2e2de548b0a9a4e1d8fb61ba64b05dfb8fb31875f8f95df18c2c54c3cc38e3733bbf3608cc47c65d9fab1f8c2ee78a407dc0431e3097e2a95e881c5c70cd66e9bdece8201173bbe1a251f5a7ef40ecc31cf1b0d3f0100fc486c25dbc6b976e1ab30194639b9250b5efa4d2c4a6d22d92541e155ee669d54fd59487cc5d67c69c1c05517c399ae3e734e8b1fd43c4e1a17bf27ef926cabdee9aaf06776b6ce7f3ae034958df4e41a346be04931df9cc5c713a5f6c4cc28263a8c57da46dfd11da13906d562c5c38c1bcb92b3f7873d72d8f14605ff80f1db1452f76ed29775e6a7e01ecd21a3a3db9798d4c1322d1ea55724b20c7c8f853be621c1af3a440f8664ccd9dabdd4d99aa06046c70d088b08f07c52fbdc13be7c68fc9e96507ba7d78e0affcd8d011ddd818b6df6bb92a62a485193841dd0ff0c0888d57b6ec262ec7ca942ae603b7e9a9a05c10e7b36b0c00548008007900e0000002000008000300", @ANYRES32=r6], 0x1260}, 0x1, 0x0, 0x0, 0x1}, 0x8000000) sendmsg$auto_IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000180)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x54, r2, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEST_HW_ADDR={0xc, 0xf, 0x7}, @IEEE802154_ATTR_SRC_PAN_ID={0x6, 0xd, 0x6}, @IEEE802154_ATTR_SRC_SHORT_ADDR={0x6, 0xb, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, 0xb4}, @IEEE802154_ATTR_LBT_ENABLED={0x5}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0xe}]}, 0x54}}, 0x4000810) read$auto(0x3, 0x0, 0x80) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) stat$auto(&(0x7f00000000c0)='./file0\x00', 0x0) write$auto(r7, 0x0, 0x4) ioctl$auto_SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f00000000c0)) ioctl$auto_SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f00000001c0)) close_range$auto(0x2, 0x8000, 0x0) 1.907161777s ago: executing program 3 (id=2602): rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r0 = getpid() r1 = gettid() r2 = getpid() rt_tgsigqueueinfo$auto(r2, r1, 0x21, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x9, 0xcce3, @_sigfault={0x0, @_trapno=0x3}}}) rt_tgsigqueueinfo$auto(r0, r1, 0x1f, &(0x7f0000000040)={@siginfo_0_0={0xb3, 0xffff, 0x6}}) rt_sigprocmask$auto_SIG_SETMASK(0x2, &(0x7f00000000c0)={0x8000000000000000}, 0x0, 0x8) (fail_nth: 6) 1.488316508s ago: executing program 3 (id=2603): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) io_uring_setup$auto(0x401, 0x0) read$auto(0x3, 0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x11, 0x2, 0x8000) socket(0x2, 0x1, 0x0) socket(0x29, 0x2, 0x0) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0xc, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(0x2, 0x8, 0x0) 1.464811887s ago: executing program 2 (id=2604): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) landlock_restrict_self$auto(0xffffffffffffffff, 0x4) syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x2, 0x1, 0x0) r1 = socketpair$auto(0x3, 0x5, 0x7, 0x0) mprotect$auto(0x200000000000, 0x806124, 0x8) utimensat$auto(0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x7, 0x9}, 0xfffff000) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0xb) r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r3 = io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x88, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x10000052, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="130026bd7000dddbdf250200000008000300", @ANYRES32=0x0, @ANYRESDEC=r4], 0x24}, 0x1, 0x0, 0x0, 0x8880}, 0x20040894) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r5 = socket(0x2d, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r5, &(0x7f0000000180)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x42804) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000640)=ANY=[@ANYBLOB="6401450000", @ANYRESHEX=r1, @ANYBLOB="02002dbd7000fcdbdf258300000093003601f51d691106d29d8222ae706813e491e1430c0f5cbc6a41715679b6261f420fea04acc311da95e01fb744e9e67b3e5634d2e244e2a8c920da5107601175df33e46424ce7607228a0967315813a7f8a3f4459adcb21e47630009f061a7b3835a290efb5a360efdc3f35a1f70469d6dc6dbe522ac010bb672dde58f940342411776db35723105fc402a6e22251fcd75c90005003001000000008a00f30042b73072542b290cb36e109a6685f372510a9610a15f27c9b717f1d89817016bbb24096f565764c3a619e672712b4ce4cf3085e5f3582cb16138b0ae43f96df824b1e93525184474f2ec97107b56681f1ccec80cd5d4e002a0f02905e6d1a0945fa6a733059ff04364f0e563bf4ca0988c4ab79b590759280e2f8b9780baf797314f909c167300002500fd00533f407d6069eec882c68e9f8ad88161d7588ef2ec7191969e7e45572325ce0d28000000"], 0x164}, 0x1, 0x0, 0x0, 0x4040000}, 0x811) ioctl$auto_USB_RAW_IOCTL_INIT(r2, 0x41015500, &(0x7f0000000080)={"e9d144e9286b02d7614034471632425bcf291e2030195c98ebe4cff66ce172219d3e402d0bb82c8f328acaff0d9c11af99f69552d06449eb27419b7f6eedd80c755e6875cfef88ea0b44562e2daad4a90dcd632c73a73e2965a736e70f9f1eb76f22b49967323657ea8d9df7158eabc36c4b1e8afa71d455d2741e3100", "dc577de26a0bdc90961341cbaaf1b01da40479330d1d5efcbca32a7530d824a7c742b36fe3ae3d24fe14d74d283c295e63c4b1a686e589c93e6df8da9e7f686c3cb0f98261478e86fed329461e224ad18baa41696559efbc90f3bb3bccf790968d9faeb247fad13965f034cefdb47efd86659c8a08350391de4fc6e1d2543dac", 0x1}) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0x2000000}, 0x68) 1.372693471s ago: executing program 1 (id=2605): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_RTC_AIE_ON(r1, 0x7001, 0x0) ioctl$auto_SG_SET_TIMEOUT2(r0, 0x2201, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/fs/netfs/volumes\x00', 0x40080, 0x0) pread64$auto(r2, 0x0, 0x8100000041, 0x413e) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), r3) fcntl$auto_F_GETLK(r2, 0x5, 0xd0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000140), r4) sendmsg$auto_KSMBD_EVENT_TREE_CONNECT_RESPONSE(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x40) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) io_uring_setup$auto(0x101, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x1, {{0x1, 0x2}, 0x1}}, 0x6a) io_uring_setup$auto(0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x2, 0x2, 0x1) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @local}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xffeb}, 0x1, 0x0, 0x5, 0x7}, 0x8}, 0xffffffff, 0xb00) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sg1\x00', 0x185041, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f00000000c0)={0x0, 0x4b, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c865d00", @ANYRES16=r5, @ANYBLOB="13002cbd7000dddbdf250200000008000300", @ANYRES32=r7, @ANYBLOB="08006100040000000800620000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) getdents$auto(r4, 0x0, 0x400018) 1.243239596s ago: executing program 0 (id=2606): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_RTC_AIE_ON(r1, 0x7001, 0x0) ioctl$auto_SG_SET_TIMEOUT2(r0, 0x2201, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/fs/netfs/volumes\x00', 0x40080, 0x0) pread64$auto(r2, 0x0, 0x8100000041, 0x413e) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), r3) fcntl$auto_F_GETLK(r2, 0x5, 0xd0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000140), r4) sendmsg$auto_KSMBD_EVENT_TREE_CONNECT_RESPONSE(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x40) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) io_uring_setup$auto(0x101, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x1, {{0x1, 0x2}, 0x1}}, 0x6a) io_uring_setup$auto(0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x2, 0x2, 0x1) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @local}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xffeb}, 0x1, 0x0, 0x5, 0x7}, 0x8}, 0xffffffff, 0xb00) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sg1\x00', 0x185041, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f00000000c0)={0x0, 0x4b, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c865d00", @ANYRES16=r5, @ANYBLOB="13002cbd7000dddbdf250200000008000300", @ANYRES32=r7, @ANYBLOB="08006100040000000800620000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) bpf$auto_BPF_BTF_LOAD(0x12, &(0x7f00000001c0)=@enable_stats={0xa}, 0x5) 1.206549033s ago: executing program 1 (id=2607): write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/net/tls_stat\x00', 0x500, 0x0) pread64$auto(r0, 0x0, 0x1ff, 0x8800000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r1, 0x6) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x20, 0x0) fsopen$auto(0x0, 0x1) shmget$auto(0x8, 0x10563, 0x568d1af2) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_setup$auto(0x2, 0x0) mlockall$auto(0x7) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) mmap$auto(0xfffffffffffff25c, 0x3, 0x121, 0x16, r3, 0x8) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000000100)={{@raw=0x2, 0x85, 0x20e, 0x1, "669cbbd9e9756f22fdffa199e0f106000000000000000b2f4ab8633824f2d2252ca5f200", @raw=0x101}, 0x0, @integer=@value_ptr=&(0x7f0000000600)=0xdc53, "282f77b07e718e11749a346177741dc299a28a585e87e0d908e2c8e50de501951d8fcdc4f791a11996aad5af504c0d9927e62ef70b23a13735a4fe805c1ce1b6b1d83d21bb42794ec925b4547a3d52d4b5210392111e181719fef9d685b6534b171d76ad633f94a608b818600a6c8500"}) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000640), 0x4c4ac3, 0x0) 1.171939139s ago: executing program 2 (id=2608): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x2) getcwd$auto(0x0, 0xffffffffffffffff) fanotify_init$auto(0xc00, 0x2000000000002) open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) socket(0xa, 0x5, 0x0) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0xe6e) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0x0) read$auto_dai_list_fops_(r0, &(0x7f0000000780)=""/59, 0x3b) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = fcntl$auto(0x3, 0x4, 0xa553) swapon$auto(&(0x7f0000000000)='/dev/loop7\x00', 0x4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) read$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) 1.019370301s ago: executing program 0 (id=2609): r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6a) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = setfsuid$auto(0xee00) setresuid$auto(0xffffffffffffffff, r2, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x0, 0xdf, 0x9b72, r1, 0x8000) io_uring_setup$auto(0x6, 0x0) mlockall$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x11, 0x3, 0x2) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/net/rpc/auth.unix.gid/channel\x00', 0x8f3b7a51b80ebd01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000040)="20edd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) sendmsg$auto_NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x810}, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) fstatfs$auto(0x3, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$auto(r4, 0x4b66, 0x1) 951.964526ms ago: executing program 2 (id=2610): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xfffffffffffffff9, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc080aebe, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x2a, 0x2, 0xb) mmap$auto(0x0, 0x20009, 0x7e03, 0xeb1, 0x401, 0xce) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) pipe$auto(0x0) fcntl$auto(r2, 0x5, 0x6) r3 = socket(0x2, 0x5, 0x0) setsockopt$auto(r3, 0x0, 0x10, 0x0, 0x17) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, 0x55) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8}, 0x1) mbind$auto(0xfffffffffffffffb, 0x4, 0x0, &(0x7f0000000000)=0x80000001, 0x2, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/mm/lru_gen/enabled\x00', 0x2063, 0x0) 500.589556ms ago: executing program 3 (id=2611): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) connect$auto(0x3, 0x0, 0x54) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000080), r0) sendmsg$auto_ILA_CMD_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x9, 0x70bd2d, 0x25dfdbfb, {}, [@ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x20048840) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open$dir(&(0x7f00000001c0)='./file0\x00', 0x201, 0x14) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0) syz_genetlink_get_family_id$auto_ila(0x0, 0xffffffffffffffff) open(&(0x7f00000002c0)='./file0\x00', 0x200, 0x1c7) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) shmctl$auto_IPC_RMID(0xa, 0x0, &(0x7f0000000200)={{0x9, 0xffffffffffffffff, 0xee01, 0x4, 0x100, 0xb1fffffd}, 0x400, 0x400000006, 0x8, 0x0, @inferred=0x0, @raw=0x7, 0x2, 0x0, 0x0, 0x0}) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0xd, 0x1, 0x948d, 0x1ff, 0x15f4da07, 0x3, 0x8003, 0x65, 0x8000001f, 0x1000, 0x100000000006d3e, 0x9, 0x1, 0x8]}, 0x0) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x8000000000003, 0x3, 0x4618ecd2, 0x3, 0x4303, 0x2, 0x109a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) migrate_pages$auto(r3, 0xa, &(0x7f0000000080)=0x6, &(0x7f0000000140)=0x2) syz_clone(0x280, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) 456.038856ms ago: executing program 2 (id=2612): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000080)={0x80, 0x6, 0x300, 0x3, 0x3, 0x4000000, &(0x7f0000000240)='C2&'}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop5\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, 0x0) mmap$auto(0x8, 0x6, 0x3, 0x13, 0xffffffffffffffff, 0x400) prctl$auto(0x3d, 0x40005, 0x0, 0x6, 0x0) 187.314558ms ago: executing program 2 (id=2613): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x406, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x1e, 0x5, 0x0) setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140)=';') get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xc0002, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop4/queue/discard_max_hw_bytes\x00', 0x22180, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c8020000", @ANYRES16, @ANYBLOB="010028bd7000fcdbdf256300000006004f010800000090021d802800008005000c000300000005000900000000000c000300080000000000000005000c00030000001800008014000d80050004000100000005000400fe0000001800008005000b000400000005000b000f00000004000400d4010080a0010d80050004000c000000e4000300c726330eea573eb7a23d701f34dc8bd1f47e50238c9731f6f220a864a1b318941cad6fa012989826295184c5f859afb99bc4564bec87ab1bb349a253d30d13425200a4e0d668b9916a05222ae76b99df209d3de90d33a75f328493ed90c93a6d34edd577d4eee0f62ee69ac47bbd4c37d2b45d976a78ee8a88aabff7c8e5aa146954ce07c72faf82708fed6bfbd7ba0889f63e8af8e589bec57a08c104b71fa09094b2ccdacb73ebaaebfcc9825225df4934c8d8d61bc7db2d2db26cf7b30cb04c9e401ae0254b79d1d8378f09955a8838ee331ed05db7f11014e2441233e26f0500060004000000090001002c9f2dd87900000005000600510000004d000300174db1eadfa07cf32893f9e7f8649fdb4b7fedbf4057c51ecce09b549e61801d85461f66866b2bd77bd33594007a12d249ad8f20f96bdc012ed2c7e6ec1ae51686c9c2f7e674dd4aac7625420034e2a2f28c00000005000400050000003c000200ac37ec0c215be8531a3cd1fece589f0452e02294e5c1e5439b6dead004c9a72fee2ec5b8486f0de2d34544c98343c550ba57bcdcca8b1256040004000c000300020000000000000005000c000100000005000900fe00000005000b000400000001000800100000003800008005046dea6e4ae8b4f35107000400000005000800060000000c0002000600000000000000050007000000000005000b00020000001c0000800c00030004000000000000000c00030001000000000000000c00008005000700000000001c00e7005083dc22c4b1246d9b06d789b29426011fba3c1a710a168a000000049b87c044f4841ecb06e6c2c2883bc40e45bd68a02807f924bea1c254e96b0ebc7ba03f7d76ff004fff56ef5e2bc94fcae7089a5526df416c1cd61ce2196019b51293d8c356bb41efd297a21a221a24cad96517189da7450e8177fd6ce311d45bab5b853d481a9a9677c2"], 0x2c8}, 0x1, 0x0, 0x0, 0x44800}, 0x2000000) r4 = epoll_create$auto(0x20009) r5 = epoll_create$auto(0x3e) epoll_ctl$auto(r5, 0x1, r4, 0x0) 0s ago: executing program 0 (id=2614): rename$auto(&(0x7f0000000500)=']\x00', &(0x7f0000000540)='.\x00') openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, 0x0, 0x80) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x105000, 0x0) clock_nanosleep$auto(0x2, 0x6, &(0x7f0000000840)={0x0, 0xc025}, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x40bc2, 0x1c0) write$auto(r0, &(0x7f0000000100)='\xea\x85\x92\x06(#\xc4\xb6(\x9e\xfcKG\xc2\xd4\xc0\v\x02\x9f%C\x00\x01\x00@!\xa9\xce\x10Y\xd0\xeb\xed\x7f\xc8\xdc(\xd3\xe9\xf3\xddT\x18\x16#\xfdQ5\xaeA\xc3\xeay\x7f\xa2TR|js\xfd\n\xa3\x98\xc8\x91\xdd\x9e\x99}s\xe0x\a\x00\x00\x00\x00\x00\x00\x00.\xa8\xc5\xdbKx\x14l\xe6\x868\xb3\xd2\x00\xea\xf9\xd1z\x8f\xd9\x877J\"\xab\xf9\xdf\xbf\xa1\xa1ms\xaf\xd9&R\x03\x00\xc0u \xc3\xc2\xd61\x97V\xcah\r\x97M\xdb\xf9\x06\x95Z\xdfK\xbeY#/\xf5g\n\x10#\x10@Ft\x9c\xd9\xd3s\x94\x8aV\xeb\xee`e9(\xe0\x88\x06\xa6-;ZM\x9b\xe1-', 0x9) sendfile$auto(r0, r0, 0x0, 0xb5d) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0x0, 0x6, 0x17, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000380)=',{5,\x00', 0x4000000) getsockopt$auto_SO_KEEPALIVE(r3, 0x0, 0x9, &(0x7f0000000280)='\x00', 0x0) ioctl$auto_BTRFS_IOC_SEND_32(r3, 0x40449426, 0x0) fsconfig$auto_XFS_DAX_NEVER(r1, 0x279ff47, 0x0, &(0x7f0000000080), 0x2) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) r4 = timerfd_create$auto(0x8, 0x800) read$auto_ppp_device_fops_ppp_generic(r4, 0x0, 0x0) fsetxattr$auto(0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x832, 0x5) kernel console output (not intermixed with test programs): K> [ 713.400660][T20328] dump_stack_lvl+0x16c/0x1f0 [ 713.400687][T20328] should_fail_ex+0x512/0x640 [ 713.400710][T20328] ? kmem_cache_alloc_node_noprof+0x65/0x7f0 [ 713.400733][T20328] should_failslab+0xc2/0x120 [ 713.400749][T20328] kmem_cache_alloc_node_noprof+0x78/0x7f0 [ 713.400768][T20328] ? is_bpf_text_address+0x94/0x1a0 [ 713.400787][T20328] ? __alloc_skb+0x156/0x410 [ 713.400806][T20328] ? __alloc_skb+0x156/0x410 [ 713.400819][T20328] __alloc_skb+0x156/0x410 [ 713.400833][T20328] ? __pfx___alloc_skb+0x10/0x10 [ 713.400855][T20328] tipc_buf_acquire+0x26/0xe0 [ 713.400873][T20328] tipc_msg_build+0x112/0x1150 [ 713.400896][T20328] ? __pfx_tipc_msg_build+0x10/0x10 [ 713.400923][T20328] tipc_send_group_bcast+0x7cc/0xa50 [ 713.400945][T20328] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 713.400959][T20328] ? find_held_lock+0x2b/0x80 [ 713.400981][T20328] ? __pfx_woken_wake_function+0x10/0x10 [ 713.401009][T20328] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 713.401030][T20328] __tipc_sendmsg+0x4ab/0x1970 [ 713.401052][T20328] ? __pfx___tipc_sendmsg+0x10/0x10 [ 713.401070][T20328] ? __lock_acquire+0x433/0x22f0 [ 713.401085][T20328] ? __lock_acquire+0x433/0x22f0 [ 713.401114][T20328] ? __local_bh_enable_ip+0xa4/0x120 [ 713.401138][T20328] tipc_sendmsg+0x4f/0x70 [ 713.401154][T20328] ____sys_sendmsg+0xa5d/0xc30 [ 713.401175][T20328] ? copy_msghdr_from_user+0x10a/0x160 [ 713.401192][T20328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 713.401215][T20328] ? __pfx__kstrtoull+0x10/0x10 [ 713.401236][T20328] ___sys_sendmsg+0x134/0x1d0 [ 713.401254][T20328] ? __pfx____sys_sendmsg+0x10/0x10 [ 713.401280][T20328] ? find_held_lock+0x2b/0x80 [ 713.401311][T20328] __sys_sendmmsg+0x200/0x420 [ 713.401330][T20328] ? __pfx___sys_sendmmsg+0x10/0x10 [ 713.401353][T20328] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 713.401376][T20328] ? fput+0x70/0xf0 [ 713.401393][T20328] ? ksys_write+0x1ac/0x250 [ 713.401406][T20328] ? __pfx_ksys_write+0x10/0x10 [ 713.401423][T20328] __x64_sys_sendmmsg+0x9c/0x100 [ 713.401439][T20328] ? lockdep_hardirqs_on+0x7c/0x110 [ 713.401455][T20328] do_syscall_64+0xcd/0xf80 [ 713.401470][T20328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.401484][T20328] RIP: 0033:0x7f76e6b8f7c9 [ 713.401496][T20328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 713.401510][T20328] RSP: 002b:00007f76e79e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 713.401524][T20328] RAX: ffffffffffffffda RBX: 00007f76e6de6090 RCX: 00007f76e6b8f7c9 [ 713.401533][T20328] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 713.401541][T20328] RBP: 00007f76e79e2090 R08: 0000000000000000 R09: 0000000000000000 [ 713.401549][T20328] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000001 [ 713.401557][T20328] R13: 00007f76e6de6128 R14: 00007f76e6de6090 R15: 00007fff9f1e7588 [ 713.401576][T20328] [ 713.871488][T20330] Invalid ELF header magic: != ELF [ 714.177229][T20345] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2270'. [ 714.320430][T20349] FAULT_INJECTION: forcing a failure. [ 714.320430][T20349] name failslab, interval 1, probability 393216, space 0, times 0 [ 714.371784][T20349] CPU: 1 UID: 0 PID: 20349 Comm: syz.0.2269 Not tainted syzkaller #0 PREEMPT(full) [ 714.371814][T20349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 714.371827][T20349] Call Trace: [ 714.371835][T20349] [ 714.371844][T20349] dump_stack_lvl+0x16c/0x1f0 [ 714.371874][T20349] should_fail_ex+0x512/0x640 [ 714.371904][T20349] should_failslab+0xc2/0x120 [ 714.371934][T20349] kmem_cache_alloc_lru_noprof+0x79/0x760 [ 714.371970][T20349] ? xas_split_alloc+0x11c/0x490 [ 714.372002][T20349] ? xas_split_alloc+0x11c/0x490 [ 714.372024][T20349] xas_split_alloc+0x11c/0x490 [ 714.372059][T20349] __folio_split+0xcfb/0x4860 [ 714.372121][T20349] ? __mem_cgroup_try_charge_swap+0x8c/0x340 [ 714.372153][T20349] ? __pfx___mem_cgroup_try_charge_swap+0x10/0x10 [ 714.372184][T20349] ? __pfx___folio_split+0x10/0x10 [ 714.372224][T20349] ? folio_alloc_swap+0x8af/0xcf0 [ 714.372259][T20349] shmem_writeout+0x42e/0x1140 [ 714.372344][T20349] ? __pfx_shmem_writeout+0x10/0x10 [ 714.372373][T20349] ? __pfx_try_to_unmap+0x10/0x10 [ 714.372404][T20349] ? find_held_lock+0x2b/0x80 [ 714.372443][T20349] ? inode_to_bdi+0x9e/0x160 [ 714.372477][T20349] ? folio_clear_dirty_for_io+0x112/0x790 [ 714.372522][T20349] shrink_folio_list+0x2f4e/0x47e0 [ 714.372563][T20349] ? __pfx_shrink_folio_list+0x10/0x10 [ 714.372593][T20349] ? __lock_acquire+0x433/0x22f0 [ 714.372638][T20349] ? find_held_lock+0x2b/0x80 [ 714.372672][T20349] ? is_bpf_text_address+0x8a/0x1a0 [ 714.372707][T20349] ? bpf_ksym_find+0x124/0x1c0 [ 714.372779][T20349] reclaim_folio_list+0xda/0x5a0 [ 714.372806][T20349] ? __pfx_css_rstat_updated+0x10/0x10 [ 714.372834][T20349] ? __lock_acquire+0x433/0x22f0 [ 714.372864][T20349] ? __pfx_reclaim_folio_list+0x10/0x10 [ 714.372908][T20349] ? lru_gen_update_size+0x543/0xe10 [ 714.372945][T20349] ? lru_gen_del_folio+0x32b/0x540 [ 714.372976][T20349] reclaim_pages+0x3ec/0x570 [ 714.373009][T20349] ? __pfx_reclaim_pages+0x10/0x10 [ 714.373039][T20349] ? madvise_cold_or_pageout_pte_range+0x1e2f/0x20d0 [ 714.373077][T20349] madvise_cold_or_pageout_pte_range+0x14d1/0x20d0 [ 714.373122][T20349] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 714.373154][T20349] ? pgd_bad+0xad/0xf0 [ 714.373184][T20349] ? __pfx_pgd_bad+0x10/0x10 [ 714.373220][T20349] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 714.373251][T20349] walk_pgd_range+0xcdc/0x1f40 [ 714.373316][T20349] ? __pfx_walk_pgd_range+0x10/0x10 [ 714.373361][T20349] __walk_page_range+0x163/0x820 [ 714.373395][T20349] ? process_measurement+0x4a6/0x22d0 [ 714.373432][T20349] ? down_write+0x14d/0x200 [ 714.373463][T20349] ? __lock_acquire+0x433/0x22f0 [ 714.373499][T20349] walk_page_range_vma+0x2c7/0xa20 [ 714.373538][T20349] ? __pfx_walk_page_range_vma+0x10/0x10 [ 714.373572][T20349] ? find_held_lock+0x2b/0x80 [ 714.373622][T20349] madvise_pageout+0x257/0x540 [ 714.373650][T20349] ? __pfx_madvise_pageout+0x10/0x10 [ 714.373705][T20349] madvise_vma_behavior+0xb14/0x2d00 [ 714.373738][T20349] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 714.373763][T20349] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 714.373793][T20349] ? mas_prev+0x9b/0xf0 [ 714.373817][T20349] ? __pfx_mas_prev+0x10/0x10 [ 714.373853][T20349] ? find_vma_prev+0xd3/0x150 [ 714.373877][T20349] ? __pfx_find_vma_prev+0x10/0x10 [ 714.373922][T20349] madvise_walk_vmas+0x31f/0x9c0 [ 714.373957][T20349] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 714.373996][T20349] madvise_do_behavior+0x1e2/0x530 [ 714.374029][T20349] ? __pfx_madvise_do_behavior+0x10/0x10 [ 714.374058][T20349] ? down_read+0x13d/0x460 [ 714.374104][T20349] do_madvise+0x176/0x240 [ 714.374131][T20349] ? __pfx_do_madvise+0x10/0x10 [ 714.374156][T20349] ? __mutex_unlock_slowpath+0x161/0x790 [ 714.374194][T20349] ? __fget_files+0x20e/0x3c0 [ 714.374233][T20349] ? syscall_user_dispatch+0x78/0x140 [ 714.374274][T20349] __x64_sys_madvise+0xa9/0x110 [ 714.374310][T20349] do_syscall_64+0xcd/0xf80 [ 714.374339][T20349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.374364][T20349] RIP: 0033:0x7f168178f7c9 [ 714.374384][T20349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 714.374408][T20349] RSP: 002b:00007f1682685038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 714.374430][T20349] RAX: ffffffffffffffda RBX: 00007f16819e6180 RCX: 00007f168178f7c9 [ 714.374446][T20349] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 714.374459][T20349] RBP: 00007f1682685090 R08: 0000000000000000 R09: 0000000000000000 [ 714.374474][T20349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 714.374486][T20349] R13: 00007f16819e6218 R14: 00007f16819e6180 R15: 00007ffe836ab288 [ 714.374522][T20349] [ 715.428209][T20361] Process accounting paused [ 715.576073][T20377] random: crng reseeded on system resumption [ 715.624344][T20375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2275'. [ 715.639494][T20378] usb usb36: usbfs: process 20378 (syz.0.2276) did not claim interface 0 before use [ 717.012538][T20402] FAULT_INJECTION: forcing a failure. [ 717.012538][T20402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 717.045934][T20402] CPU: 1 UID: 0 PID: 20402 Comm: syz.0.2279 Not tainted syzkaller #0 PREEMPT(full) [ 717.045965][T20402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 717.045977][T20402] Call Trace: [ 717.045985][T20402] [ 717.045995][T20402] dump_stack_lvl+0x16c/0x1f0 [ 717.046025][T20402] should_fail_ex+0x512/0x640 [ 717.046055][T20402] _copy_from_iter+0x43b/0x16c0 [ 717.046095][T20402] ? __pfx__copy_from_iter+0x10/0x10 [ 717.046122][T20402] ? rcu_is_watching+0x12/0xc0 [ 717.046146][T20402] ? trace_kmalloc+0x2b/0xb0 [ 717.046168][T20402] ? __kmalloc_noprof+0x34f/0x8f0 [ 717.046198][T20402] ? __pfx_aa_file_perm+0x10/0x10 [ 717.046235][T20402] ? kernfs_fop_write_iter+0x237/0x570 [ 717.046270][T20402] kernfs_fop_write_iter+0x19a/0x570 [ 717.046297][T20402] ? __lock_acquire+0x433/0x22f0 [ 717.046328][T20402] do_iter_readv_writev+0x662/0x9e0 [ 717.046368][T20402] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 717.046422][T20402] vfs_writev+0x35f/0xde0 [ 717.046445][T20402] ? rcu_is_watching+0x12/0xc0 [ 717.046476][T20402] ? __pfx_vfs_writev+0x10/0x10 [ 717.046498][T20402] ? fdget_pos+0x2a2/0x370 [ 717.046550][T20402] ? __fget_files+0x20e/0x3c0 [ 717.046572][T20402] ? __fget_files+0x110/0x3c0 [ 717.046606][T20402] ? do_writev+0x132/0x340 [ 717.046625][T20402] do_writev+0x132/0x340 [ 717.046647][T20402] ? __pfx_do_writev+0x10/0x10 [ 717.046681][T20402] do_syscall_64+0xcd/0xf80 [ 717.046709][T20402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.046734][T20402] RIP: 0033:0x7f168178f7c9 [ 717.046754][T20402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 717.046778][T20402] RSP: 002b:00007f16826a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 717.046801][T20402] RAX: ffffffffffffffda RBX: 00007f16819e6090 RCX: 00007f168178f7c9 [ 717.046817][T20402] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000004 [ 717.046832][T20402] RBP: 00007f16826a6090 R08: 0000000000000000 R09: 0000000000000000 [ 717.046847][T20402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 717.046861][T20402] R13: 00007f16819e6128 R14: 00007f16819e6090 R15: 00007ffe836ab288 [ 717.046898][T20402] [ 717.941161][T20411] netlink: 'syz.0.2282': attribute type 15 has an invalid length. [ 717.957496][T20409] binder: 20408:20409 ioctl c018620c 0 returned -22 [ 717.978762][T20411] netlink: 'syz.0.2282': attribute type 16 has an invalid length. [ 718.020813][T20411] netlink: 194 bytes leftover after parsing attributes in process `syz.0.2282'. [ 718.366391][T20419] capability: warning: `syz.0.2283' uses 32-bit capabilities (legacy support in use) [ 718.443705][T20422] FAULT_INJECTION: forcing a failure. [ 718.443705][T20422] name failslab, interval 1, probability 393216, space 0, times 0 [ 718.473225][T20422] CPU: 1 UID: 0 PID: 20422 Comm: syz.1.2285 Not tainted syzkaller #0 PREEMPT(full) [ 718.473257][T20422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 718.473271][T20422] Call Trace: [ 718.473278][T20422] [ 718.473286][T20422] dump_stack_lvl+0x16c/0x1f0 [ 718.473314][T20422] should_fail_ex+0x512/0x640 [ 718.473337][T20422] ? fs_reclaim_acquire+0xae/0x150 [ 718.473365][T20422] should_failslab+0xc2/0x120 [ 718.473393][T20422] __kmalloc_noprof+0xdd/0x8f0 [ 718.473419][T20422] ? tomoyo_encode2+0x100/0x3e0 [ 718.473452][T20422] ? tomoyo_encode2+0x100/0x3e0 [ 718.473480][T20422] tomoyo_encode2+0x100/0x3e0 [ 718.473512][T20422] tomoyo_encode+0x29/0x50 [ 718.473540][T20422] tomoyo_realpath_from_path+0x18f/0x6e0 [ 718.473573][T20422] ? tomoyo_profile+0x47/0x60 [ 718.473608][T20422] tomoyo_path_number_perm+0x245/0x580 [ 718.473632][T20422] ? tomoyo_path_number_perm+0x237/0x580 [ 718.473660][T20422] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 718.473689][T20422] ? find_held_lock+0x2b/0x80 [ 718.473753][T20422] ? find_held_lock+0x2b/0x80 [ 718.473786][T20422] ? hook_file_ioctl_common+0x144/0x410 [ 718.473818][T20422] ? __fget_files+0x20e/0x3c0 [ 718.473846][T20422] security_file_ioctl+0x9b/0x240 [ 718.473869][T20422] __x64_sys_ioctl+0xb7/0x210 [ 718.473899][T20422] do_syscall_64+0xcd/0xf80 [ 718.473922][T20422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.473944][T20422] RIP: 0033:0x7f76e6b8f7c9 [ 718.473962][T20422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 718.473985][T20422] RSP: 002b:00007f76e7a03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 718.474008][T20422] RAX: ffffffffffffffda RBX: 00007f76e6de5fa0 RCX: 00007f76e6b8f7c9 [ 718.474025][T20422] RDX: 0000000000000000 RSI: 000000004008ae89 RDI: 0000000000000004 [ 718.474039][T20422] RBP: 00007f76e7a03090 R08: 0000000000000000 R09: 0000000000000000 [ 718.474052][T20422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 718.474066][T20422] R13: 00007f76e6de6038 R14: 00007f76e6de5fa0 R15: 00007fff9f1e7588 [ 718.474107][T20422] [ 718.474129][T20422] ERROR: Out of memory at tomoyo_realpath_from_path. [ 718.706574][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 719.032037][T20431] random: crng reseeded on system resumption [ 719.116917][T20434] sctp: Failed to create the SCTP UDP tunneling v4 sock [ 720.044646][T20446] FAULT_INJECTION: forcing a failure. [ 720.044646][T20446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 720.231681][T20446] CPU: 1 UID: 0 PID: 20446 Comm: syz.0.2290 Not tainted syzkaller #0 PREEMPT(full) [ 720.231703][T20446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 720.231712][T20446] Call Trace: [ 720.231717][T20446] [ 720.231722][T20446] dump_stack_lvl+0x16c/0x1f0 [ 720.231743][T20446] should_fail_ex+0x512/0x640 [ 720.231762][T20446] set_fd_set.part.0+0x36/0xc0 [ 720.231777][T20446] core_sys_select+0x4c3/0xae0 [ 720.231795][T20446] ? __pfx_core_sys_select+0x10/0x10 [ 720.231813][T20446] ? proc_fail_nth_write+0x9f/0x220 [ 720.231845][T20446] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 720.231865][T20446] kern_select+0x15d/0x1e0 [ 720.231878][T20446] ? __pfx_kern_select+0x10/0x10 [ 720.231900][T20446] ? __pfx_ksys_write+0x10/0x10 [ 720.231917][T20446] __x64_sys_select+0xbd/0x160 [ 720.231930][T20446] ? do_syscall_64+0x91/0xf80 [ 720.231943][T20446] ? lockdep_hardirqs_on+0x7c/0x110 [ 720.231957][T20446] do_syscall_64+0xcd/0xf80 [ 720.231972][T20446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.231986][T20446] RIP: 0033:0x7f168178f7c9 [ 720.231998][T20446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.232012][T20446] RSP: 002b:00007f16826a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 720.232025][T20446] RAX: ffffffffffffffda RBX: 00007f16819e6090 RCX: 00007f168178f7c9 [ 720.232034][T20446] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010 [ 720.232042][T20446] RBP: 00007f16826a6090 R08: 0000000000000000 R09: 0000000000000000 [ 720.232050][T20446] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 720.232058][T20446] R13: 00007f16819e6128 R14: 00007f16819e6090 R15: 00007ffe836ab288 [ 720.232076][T20446] [ 721.018633][T20457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2291'. [ 721.101876][T20463] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2292'. [ 721.905902][T20483] FAULT_INJECTION: forcing a failure. [ 721.905902][T20483] name failslab, interval 1, probability 393216, space 0, times 0 [ 721.956180][T20483] CPU: 0 UID: 0 PID: 20483 Comm: syz.1.2298 Not tainted syzkaller #0 PREEMPT(full) [ 721.956212][T20483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 721.956224][T20483] Call Trace: [ 721.956232][T20483] [ 721.956240][T20483] dump_stack_lvl+0x16c/0x1f0 [ 721.956268][T20483] should_fail_ex+0x512/0x640 [ 721.956291][T20483] ? kmem_cache_alloc_noprof+0x62/0x760 [ 721.956324][T20483] should_failslab+0xc2/0x120 [ 721.956348][T20483] kmem_cache_alloc_noprof+0x75/0x760 [ 721.956377][T20483] ? stack_depot_save_flags+0x29/0x9b0 [ 721.956400][T20483] ? alloc_empty_file+0x55/0x1e0 [ 721.956433][T20483] ? alloc_empty_file+0x55/0x1e0 [ 721.956457][T20483] ? kasan_save_track+0x14/0x30 [ 721.956489][T20483] alloc_empty_file+0x55/0x1e0 [ 721.956518][T20483] path_openat+0xde/0x3140 [ 721.956540][T20483] ? do_syscall_64+0xcd/0xf80 [ 721.956561][T20483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.956594][T20483] ? __pfx_path_openat+0x10/0x10 [ 721.956629][T20483] do_filp_open+0x20b/0x470 [ 721.956655][T20483] ? __pfx_do_filp_open+0x10/0x10 [ 721.956707][T20483] ? alloc_fd+0x471/0x7d0 [ 721.956739][T20483] do_sys_openat2+0x11f/0x280 [ 721.956772][T20483] ? __pfx_do_sys_openat2+0x10/0x10 [ 721.956807][T20483] ? __fget_files+0x20e/0x3c0 [ 721.956835][T20483] __x64_sys_openat+0x174/0x210 [ 721.956865][T20483] ? __pfx___x64_sys_openat+0x10/0x10 [ 721.956895][T20483] ? ksys_write+0x1ac/0x250 [ 721.956928][T20483] do_syscall_64+0xcd/0xf80 [ 721.956952][T20483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.956974][T20483] RIP: 0033:0x7f76e6b8f7c9 [ 721.956993][T20483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.957014][T20483] RSP: 002b:00007f76e7a03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 721.957035][T20483] RAX: ffffffffffffffda RBX: 00007f76e6de5fa0 RCX: 00007f76e6b8f7c9 [ 721.957050][T20483] RDX: 00000000000a8441 RSI: 0000200000000f80 RDI: ffffffffffffff9c [ 721.957064][T20483] RBP: 00007f76e7a03090 R08: 0000000000000000 R09: 0000000000000000 [ 721.957076][T20483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.957086][T20483] R13: 00007f76e6de6038 R14: 00007f76e6de5fa0 R15: 00007fff9f1e7588 [ 721.957105][T20483] [ 722.470290][T20491] WARNING! power/level is deprecated; use power/control instead [ 723.765558][T20507] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2301'. [ 724.073749][T20514] usb usb3: usbfs: process 20514 (syz.3.2303) did not claim interface 2 before use [ 725.048533][ T5847] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 725.048572][ T5847] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 725.063589][ T5847] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 725.063716][ T5847] Bluetooth: hci3: adv larger than maximum supported [ 725.071294][ T5847] Bluetooth: hci3: adv larger than maximum supported [ 725.078143][ T5847] Bluetooth: hci3: Malformed LE Event: 0x0d [ 725.154445][T20531] zswap: compressor not available [ 726.048119][T20552] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input88 [ 726.389065][T20558] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input89 [ 726.653783][T20560] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input90 [ 726.988997][T20562] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input91 [ 727.175518][T20567] FAULT_INJECTION: forcing a failure. [ 727.175518][T20567] name failslab, interval 1, probability 393216, space 0, times 0 [ 727.188812][T20567] CPU: 1 UID: 0 PID: 20567 Comm: syz.0.2314 Not tainted syzkaller #0 PREEMPT(full) [ 727.188842][T20567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 727.188854][T20567] Call Trace: [ 727.188861][T20567] [ 727.188869][T20567] dump_stack_lvl+0x16c/0x1f0 [ 727.188898][T20567] should_fail_ex+0x512/0x640 [ 727.188922][T20567] ? kmem_cache_alloc_noprof+0x62/0x760 [ 727.188955][T20567] should_failslab+0xc2/0x120 [ 727.189011][T20567] kmem_cache_alloc_noprof+0x75/0x760 [ 727.189038][T20567] ? find_held_lock+0x2b/0x80 [ 727.189069][T20567] ? seq_open+0x55/0x170 [ 727.189106][T20567] ? seq_open+0x55/0x170 [ 727.189133][T20567] seq_open+0x55/0x170 [ 727.189167][T20567] dyn_event_open+0xdd/0x120 [ 727.189197][T20567] do_dentry_open+0x748/0x1590 [ 727.189218][T20567] ? __pfx_dyn_event_open+0x10/0x10 [ 727.189253][T20567] vfs_open+0x82/0x3f0 [ 727.189285][T20567] path_openat+0x2078/0x3140 [ 727.189319][T20567] ? __pfx_path_openat+0x10/0x10 [ 727.189354][T20567] do_filp_open+0x20b/0x470 [ 727.189380][T20567] ? __pfx_do_filp_open+0x10/0x10 [ 727.189430][T20567] ? alloc_fd+0x471/0x7d0 [ 727.189466][T20567] do_sys_openat2+0x11f/0x280 [ 727.189497][T20567] ? __pfx_do_sys_openat2+0x10/0x10 [ 727.189539][T20567] __x64_sys_openat+0x174/0x210 [ 727.189569][T20567] ? __pfx___x64_sys_openat+0x10/0x10 [ 727.189611][T20567] do_syscall_64+0xcd/0xf80 [ 727.189636][T20567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.189660][T20567] RIP: 0033:0x7f168178f7c9 [ 727.189679][T20567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 727.189702][T20567] RSP: 002b:00007f16826c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 727.189724][T20567] RAX: ffffffffffffffda RBX: 00007f16819e5fa0 RCX: 00007f168178f7c9 [ 727.189740][T20567] RDX: 0000000000000001 RSI: 0000200000000bc0 RDI: ffffffffffffff9c [ 727.189755][T20567] RBP: 00007f1681813f91 R08: 0000000000000000 R09: 0000000000000000 [ 727.189769][T20567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 727.189782][T20567] R13: 00007f16819e6038 R14: 00007f16819e5fa0 R15: 00007ffe836ab288 [ 727.189817][T20567] [ 727.775681][T20579] FAULT_INJECTION: forcing a failure. [ 727.775681][T20579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 727.790266][T20579] CPU: 0 UID: 0 PID: 20579 Comm: syz.3.2318 Not tainted syzkaller #0 PREEMPT(full) [ 727.790299][T20579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 727.790313][T20579] Call Trace: [ 727.790322][T20579] [ 727.790331][T20579] dump_stack_lvl+0x16c/0x1f0 [ 727.790362][T20579] should_fail_ex+0x512/0x640 [ 727.790395][T20579] _copy_to_user+0x32/0xd0 [ 727.790423][T20579] simple_read_from_buffer+0xcb/0x170 [ 727.790465][T20579] proc_fail_nth_read+0x197/0x240 [ 727.790498][T20579] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 727.790532][T20579] ? rw_verify_area+0xcf/0x6c0 [ 727.790566][T20579] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 727.790597][T20579] vfs_read+0x1e4/0xcf0 [ 727.790623][T20579] ? __pfx___mutex_lock+0x10/0x10 [ 727.790652][T20579] ? __pfx_vfs_read+0x10/0x10 [ 727.790686][T20579] ? __fget_files+0x20e/0x3c0 [ 727.790740][T20579] ksys_read+0x12a/0x250 [ 727.790764][T20579] ? __pfx_ksys_read+0x10/0x10 [ 727.790799][T20579] do_syscall_64+0xcd/0xf80 [ 727.790827][T20579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.790852][T20579] RIP: 0033:0x7f678b58e1dc [ 727.790871][T20579] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 727.790895][T20579] RSP: 002b:00007f678c392030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 727.790916][T20579] RAX: ffffffffffffffda RBX: 00007f678b7e5fa0 RCX: 00007f678b58e1dc [ 727.790929][T20579] RDX: 000000000000000f RSI: 00007f678c3920a0 RDI: 0000000000000003 [ 727.790940][T20579] RBP: 00007f678c392090 R08: 0000000000000000 R09: 0000000000000000 [ 727.790951][T20579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 727.790962][T20579] R13: 00007f678b7e6038 R14: 00007f678b7e5fa0 R15: 00007ffdd404dff8 [ 727.790994][T20579] [ 728.246570][ T30] audit: type=1800 audit(1764932743.139:4): pid=20584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2319" name="dbroot" dev="configfs" ino=139842 res=0 errno=0 [ 728.779036][T20586] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input92 [ 729.531080][T20593] FAULT_INJECTION: forcing a failure. [ 729.531080][T20593] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 729.574370][T20574] Process accounting resumed [ 729.628732][T20593] CPU: 1 UID: 0 PID: 20593 Comm: syz.1.2320 Not tainted syzkaller #0 PREEMPT(full) [ 729.628765][T20593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 729.628778][T20593] Call Trace: [ 729.628786][T20593] [ 729.628795][T20593] dump_stack_lvl+0x16c/0x1f0 [ 729.628827][T20593] should_fail_ex+0x512/0x640 [ 729.628860][T20593] _copy_to_user+0x32/0xd0 [ 729.628889][T20593] simple_read_from_buffer+0xcb/0x170 [ 729.628931][T20593] proc_fail_nth_read+0x197/0x240 [ 729.628963][T20593] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 729.628997][T20593] ? rw_verify_area+0xcf/0x6c0 [ 729.629039][T20593] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 729.629070][T20593] vfs_read+0x1e4/0xcf0 [ 729.629096][T20593] ? __pfx___mutex_lock+0x10/0x10 [ 729.629126][T20593] ? __pfx_vfs_read+0x10/0x10 [ 729.629161][T20593] ? __fget_files+0x20e/0x3c0 [ 729.629197][T20593] ksys_read+0x12a/0x250 [ 729.629221][T20593] ? __pfx_ksys_read+0x10/0x10 [ 729.629256][T20593] do_syscall_64+0xcd/0xf80 [ 729.629285][T20593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 729.629310][T20593] RIP: 0033:0x7f76e6b8e1dc [ 729.629329][T20593] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 729.629353][T20593] RSP: 002b:00007f76e7a03030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 729.629376][T20593] RAX: ffffffffffffffda RBX: 00007f76e6de5fa0 RCX: 00007f76e6b8e1dc [ 729.629392][T20593] RDX: 000000000000000f RSI: 00007f76e7a030a0 RDI: 0000000000000004 [ 729.629406][T20593] RBP: 00007f76e7a03090 R08: 0000000000000000 R09: 0000000000000000 [ 729.629419][T20593] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 729.629432][T20593] R13: 00007f76e6de6038 R14: 00007f76e6de5fa0 R15: 00007fff9f1e7588 [ 729.629463][T20593] [ 729.841203][T20595] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input93 [ 730.055360][T20601] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input94 [ 730.643745][T20602] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input95 [ 731.292106][T20619] Line length is too long: Should be less than 4094 [ 731.843391][T20630] FAULT_INJECTION: forcing a failure. [ 731.843391][T20630] name failslab, interval 1, probability 393216, space 0, times 0 [ 731.929866][T20630] CPU: 1 UID: 0 PID: 20630 Comm: syz.0.2326 Not tainted syzkaller #0 PREEMPT(full) [ 731.929888][T20630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 731.929896][T20630] Call Trace: [ 731.929902][T20630] [ 731.929907][T20630] dump_stack_lvl+0x16c/0x1f0 [ 731.929926][T20630] should_fail_ex+0x512/0x640 [ 731.929942][T20630] ? kmem_cache_alloc_noprof+0x62/0x760 [ 731.929963][T20630] should_failslab+0xc2/0x120 [ 731.929980][T20630] kmem_cache_alloc_noprof+0x75/0x760 [ 731.929997][T20630] ? stack_depot_save_flags+0x29/0x9b0 [ 731.930012][T20630] ? alloc_empty_file+0x55/0x1e0 [ 731.930034][T20630] ? alloc_empty_file+0x55/0x1e0 [ 731.930049][T20630] ? kasan_save_track+0x14/0x30 [ 731.930061][T20630] alloc_empty_file+0x55/0x1e0 [ 731.930079][T20630] path_openat+0xde/0x3140 [ 731.930093][T20630] ? do_syscall_64+0xcd/0xf80 [ 731.930106][T20630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.930126][T20630] ? __pfx_path_openat+0x10/0x10 [ 731.930147][T20630] do_filp_open+0x20b/0x470 [ 731.930163][T20630] ? __pfx_do_filp_open+0x10/0x10 [ 731.930191][T20630] ? alloc_fd+0x471/0x7d0 [ 731.930210][T20630] do_sys_openat2+0x11f/0x280 [ 731.930229][T20630] ? __pfx_do_sys_openat2+0x10/0x10 [ 731.930249][T20630] ? __fget_files+0x20e/0x3c0 [ 731.930266][T20630] __x64_sys_openat+0x174/0x210 [ 731.930302][T20630] ? __pfx___x64_sys_openat+0x10/0x10 [ 731.930320][T20630] ? ksys_write+0x1ac/0x250 [ 731.930339][T20630] do_syscall_64+0xcd/0xf80 [ 731.930354][T20630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.930367][T20630] RIP: 0033:0x7f168178f7c9 [ 731.930379][T20630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.930393][T20630] RSP: 002b:00007f16826c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 731.930407][T20630] RAX: ffffffffffffffda RBX: 00007f16819e5fa0 RCX: 00007f168178f7c9 [ 731.930416][T20630] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 731.930424][T20630] RBP: 00007f16826c7090 R08: 0000000000000000 R09: 0000000000000000 [ 731.930432][T20630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 731.930440][T20630] R13: 00007f16819e6038 R14: 00007f16819e5fa0 R15: 00007ffe836ab288 [ 731.930458][T20630] [ 732.463325][ T30] audit: type=1800 audit(1764932747.307:5): pid=20631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2328" name="lu_gp_id" dev="configfs" ino=141087 res=0 errno=0 [ 733.071640][T20659] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input96 [ 734.064778][T20677] random: crng reseeded on system resumption [ 735.242521][T20694] FAULT_INJECTION: forcing a failure. [ 735.242521][T20694] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 735.342516][T20694] CPU: 0 UID: 0 PID: 20694 Comm: syz.1.2347 Not tainted syzkaller #0 PREEMPT(full) [ 735.342538][T20694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 735.342546][T20694] Call Trace: [ 735.342551][T20694] [ 735.342557][T20694] dump_stack_lvl+0x16c/0x1f0 [ 735.342576][T20694] should_fail_ex+0x512/0x640 [ 735.342595][T20694] _copy_to_user+0x32/0xd0 [ 735.342612][T20694] copy_siginfo_to_user+0x27/0xc0 [ 735.342628][T20694] x64_setup_rt_frame+0xa1c/0xcf0 [ 735.342653][T20694] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 735.342673][T20694] ? rcu_is_watching+0x12/0xc0 [ 735.342689][T20694] arch_do_signal_or_restart+0x5c2/0x7a0 [ 735.342712][T20694] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 735.342735][T20694] ? __x64_sys_rt_sigprocmask+0x1fd/0x290 [ 735.342755][T20694] ? __pfx___x64_sys_rt_sigprocmask+0x10/0x10 [ 735.342777][T20694] exit_to_user_mode_loop+0x8c/0x540 [ 735.342800][T20694] do_syscall_64+0x4ee/0xf80 [ 735.342816][T20694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.342830][T20694] RIP: 0033:0x7f76e6b8f7c9 [ 735.342842][T20694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.342855][T20694] RSP: 002b:00007f76e7a03038 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 735.342868][T20694] RAX: 0000000000000000 RBX: 00007f76e6de5fa0 RCX: 00007f76e6b8f7c9 [ 735.342877][T20694] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000002 [ 735.342885][T20694] RBP: 00007f76e7a03090 R08: 0000000000000000 R09: 0000000000000000 [ 735.342893][T20694] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 735.342901][T20694] R13: 00007f76e6de6038 R14: 00007f76e6de5fa0 R15: 00007fff9f1e7588 [ 735.342919][T20694] [ 735.646929][T20703] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2349'. [ 737.192868][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 737.575571][T20733] FAULT_INJECTION: forcing a failure. [ 737.575571][T20733] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 737.589047][T20733] CPU: 0 UID: 0 PID: 20733 Comm: syz.0.2354 Not tainted syzkaller #0 PREEMPT(full) [ 737.589078][T20733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 737.589091][T20733] Call Trace: [ 737.589100][T20733] [ 737.589108][T20733] dump_stack_lvl+0x16c/0x1f0 [ 737.589138][T20733] should_fail_ex+0x512/0x640 [ 737.589168][T20733] should_fail_alloc_page+0xe7/0x130 [ 737.589197][T20733] prepare_alloc_pages+0x3c2/0x610 [ 737.589230][T20733] __alloc_frozen_pages_noprof+0x18b/0x2440 [ 737.589264][T20733] ? lru_gen_update_size+0x543/0xe10 [ 737.589299][T20733] ? lru_gen_del_folio+0x32b/0x540 [ 737.589316][T20733] ? find_held_lock+0x2b/0x80 [ 737.589336][T20733] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 737.589356][T20733] ? mark_held_locks+0x49/0x80 [ 737.589375][T20733] ? find_held_lock+0x2b/0x80 [ 737.589394][T20733] ? __pfx___might_resched+0x10/0x10 [ 737.589407][T20733] ? queue_folios_pte_range+0x9bb/0x1150 [ 737.589431][T20733] __folio_alloc_noprof+0x11/0xa0 [ 737.589450][T20733] alloc_migration_target+0x24a/0x660 [ 737.589469][T20733] migrate_pages_batch+0x3bc/0x3bb0 [ 737.589488][T20733] ? walk_pgd_range+0x120e/0x1f40 [ 737.589506][T20733] ? __pfx_alloc_migration_target+0x10/0x10 [ 737.589530][T20733] ? __pfx_migrate_pages_batch+0x10/0x10 [ 737.589551][T20733] ? __pfx_walk_pgd_range+0x10/0x10 [ 737.589572][T20733] migrate_pages_sync+0x12d/0x8a0 [ 737.589590][T20733] ? __pfx_alloc_migration_target+0x10/0x10 [ 737.589610][T20733] ? queue_pages_test_walk+0x279/0x410 [ 737.589626][T20733] ? __pfx_migrate_pages_sync+0x10/0x10 [ 737.589644][T20733] ? walk_page_test+0x9b/0x180 [ 737.589664][T20733] ? walk_page_range_mm+0x235/0xb40 [ 737.589705][T20733] migrate_pages+0x1b0b/0x2350 [ 737.589724][T20733] ? __pfx_alloc_migration_target+0x10/0x10 [ 737.589746][T20733] ? __pfx_migrate_pages+0x10/0x10 [ 737.589764][T20733] ? queue_pages_range+0x11e/0x180 [ 737.589780][T20733] ? __pfx___up_read+0x10/0x10 [ 737.589798][T20733] ? do_migrate_pages+0x458/0x750 [ 737.589816][T20733] do_migrate_pages+0x48e/0x750 [ 737.589836][T20733] ? __pfx_do_migrate_pages+0x10/0x10 [ 737.589859][T20733] ? rcu_is_watching+0x12/0xc0 [ 737.589873][T20733] ? cap_capable+0x10d/0x3f0 [ 737.589893][T20733] ? get_task_mm+0xc2/0xf0 [ 737.589914][T20733] ? security_capable+0x250/0x260 [ 737.589936][T20733] kernel_migrate_pages+0x55b/0x700 [ 737.589951][T20733] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 737.589966][T20733] ? ksys_write+0x1ac/0x250 [ 737.589980][T20733] ? __pfx_ksys_write+0x10/0x10 [ 737.589997][T20733] __x64_sys_migrate_pages+0x96/0x100 [ 737.590012][T20733] ? lockdep_hardirqs_on+0x7c/0x110 [ 737.590026][T20733] do_syscall_64+0xcd/0xf80 [ 737.590041][T20733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.590056][T20733] RIP: 0033:0x7f168178f7c9 [ 737.590068][T20733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.590081][T20733] RSP: 002b:00007f1682664038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 737.590095][T20733] RAX: ffffffffffffffda RBX: 00007f16819e6270 RCX: 00007f168178f7c9 [ 737.590106][T20733] RDX: 0000200000000100 RSI: 000000000000000a RDI: 0000000000000000 [ 737.590115][T20733] RBP: 00007f1682664090 R08: 0000000000000000 R09: 0000000000000000 [ 737.590123][T20733] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 737.590131][T20733] R13: 00007f16819e6308 R14: 00007f16819e6270 R15: 00007ffe836ab288 [ 737.590149][T20733] [ 738.133827][T20738] FAULT_INJECTION: forcing a failure. [ 738.133827][T20738] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 738.196486][T20738] CPU: 0 UID: 0 PID: 20738 Comm: syz.3.2355 Not tainted syzkaller #0 PREEMPT(full) [ 738.196524][T20738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 738.196541][T20738] Call Trace: [ 738.196550][T20738] [ 738.196561][T20738] dump_stack_lvl+0x16c/0x1f0 [ 738.196596][T20738] should_fail_ex+0x512/0x640 [ 738.196630][T20738] should_fail_alloc_page+0xe7/0x130 [ 738.196663][T20738] prepare_alloc_pages+0x3c2/0x610 [ 738.196698][T20738] __alloc_frozen_pages_noprof+0x18b/0x2440 [ 738.196744][T20738] ? irqentry_exit+0x1dd/0x8c0 [ 738.196770][T20738] ? lockdep_hardirqs_on+0x7c/0x110 [ 738.196809][T20738] ? irqentry_exit+0x1dd/0x8c0 [ 738.196835][T20738] ? trace_irq_disable.constprop.0+0xd4/0x110 [ 738.196869][T20738] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 738.196916][T20738] ? rep_movs_alternative+0x4a/0x90 [ 738.196950][T20738] ? _copy_from_iter+0x161/0x16c0 [ 738.196981][T20738] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 738.197010][T20738] ? policy_nodemask+0xea/0x4e0 [ 738.197040][T20738] alloc_pages_mpol+0x1fb/0x550 [ 738.197070][T20738] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 738.197109][T20738] alloc_pages_noprof+0x12d/0x180 [ 738.197139][T20738] anon_pipe_write+0xecb/0x1990 [ 738.197183][T20738] ? __pfx_anon_pipe_write+0x10/0x10 [ 738.197211][T20738] ? common_file_perm+0x1b1/0x500 [ 738.197244][T20738] ? bpf_lsm_file_permission+0x9/0x10 [ 738.197279][T20738] ? security_file_permission+0x71/0x210 [ 738.197311][T20738] ? rw_verify_area+0xcf/0x6c0 [ 738.197353][T20738] vfs_write+0x7d3/0x11d0 [ 738.197381][T20738] ? __pfx_anon_pipe_write+0x10/0x10 [ 738.197413][T20738] ? __pfx_vfs_write+0x10/0x10 [ 738.197433][T20738] ? find_held_lock+0x2b/0x80 [ 738.197488][T20738] ksys_write+0x1f8/0x250 [ 738.197511][T20738] ? __pfx_ksys_write+0x10/0x10 [ 738.197532][T20738] ? syscall_user_dispatch+0x78/0x140 [ 738.197577][T20738] do_syscall_64+0xcd/0xf80 [ 738.197604][T20738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 738.197631][T20738] RIP: 0033:0x7f678b58f7c9 [ 738.197652][T20738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 738.197675][T20738] RSP: 002b:00007f678c392038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 738.197700][T20738] RAX: ffffffffffffffda RBX: 00007f678b7e5fa0 RCX: 00007f678b58f7c9 [ 738.197717][T20738] RDX: 0000000004000000 RSI: 0000200000000380 RDI: 0000000000000000 [ 738.197734][T20738] RBP: 00007f678b613f91 R08: 0000000000000000 R09: 0000000000000000 [ 738.197749][T20738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 738.197764][T20738] R13: 00007f678b7e6038 R14: 00007f678b7e5fa0 R15: 00007ffdd404dff8 [ 738.197814][T20738] [ 738.872879][T20746] FAULT_INJECTION: forcing a failure. [ 738.872879][T20746] name fail_futex, interval 1, probability 0, space 0, times 1 [ 738.917661][T20746] CPU: 0 UID: 0 PID: 20746 Comm: syz.3.2358 Not tainted syzkaller #0 PREEMPT(full) [ 738.917696][T20746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 738.917710][T20746] Call Trace: [ 738.917718][T20746] [ 738.917727][T20746] dump_stack_lvl+0x16c/0x1f0 [ 738.917758][T20746] should_fail_ex+0x512/0x640 [ 738.917793][T20746] get_futex_key+0x1d0/0x15f0 [ 738.917827][T20746] ? __pfx_get_futex_key+0x10/0x10 [ 738.917869][T20746] futex_wake+0xea/0x530 [ 738.917909][T20746] ? __pfx_futex_wake+0x10/0x10 [ 738.917956][T20746] ? kmem_cache_free+0x171/0x770 [ 738.917997][T20746] do_futex+0x1e3/0x350 [ 738.918039][T20746] ? __pfx_do_futex+0x10/0x10 [ 738.918072][T20746] ? __pfx___might_resched+0x10/0x10 [ 738.918101][T20746] ? blkcg_maybe_throttle_current+0x650/0xf30 [ 738.918131][T20746] ? _raw_spin_unlock_irq+0x23/0x50 [ 738.918175][T20746] __x64_sys_futex+0x1e0/0x4c0 [ 738.918210][T20746] ? __pfx___x64_sys_futex+0x10/0x10 [ 738.918244][T20746] ? rcu_is_watching+0x12/0xc0 [ 738.918279][T20746] do_syscall_64+0xcd/0xf80 [ 738.918307][T20746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 738.918331][T20746] RIP: 0033:0x7f678b58f7c9 [ 738.918353][T20746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 738.918378][T20746] RSP: 002b:00007f678c3920e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 738.918403][T20746] RAX: ffffffffffffffda RBX: 00007f678b7e5fa8 RCX: 00007f678b58f7c9 [ 738.918421][T20746] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f678b7e5fac [ 738.918438][T20746] RBP: 00007f678b7e5fa0 R08: 00007f678c393000 R09: 0000000000000000 [ 738.918454][T20746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 738.918469][T20746] R13: 00007f678b7e6038 R14: 00007ffdd404df10 R15: 00007ffdd404dff8 [ 738.918505][T20746] [ 739.328838][T20755] FAULT_INJECTION: forcing a failure. [ 739.328838][T20755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 739.361457][T20755] CPU: 1 UID: 0 PID: 20755 Comm: syz.0.2362 Not tainted syzkaller #0 PREEMPT(full) [ 739.361483][T20755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 739.361492][T20755] Call Trace: [ 739.361497][T20755] [ 739.361503][T20755] dump_stack_lvl+0x16c/0x1f0 [ 739.361525][T20755] should_fail_ex+0x512/0x640 [ 739.361545][T20755] _copy_from_iter+0x2a4/0x16c0 [ 739.361564][T20755] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 739.361582][T20755] ? __pfx__copy_from_iter+0x10/0x10 [ 739.361599][T20755] ? alloc_pages_mpol+0x25a/0x550 [ 739.361617][T20755] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 739.361636][T20755] copy_page_from_iter+0xde/0x180 [ 739.361655][T20755] anon_pipe_write+0xef0/0x1990 [ 739.361679][T20755] ? __pfx_anon_pipe_write+0x10/0x10 [ 739.361696][T20755] ? common_file_perm+0x1b1/0x500 [ 739.361712][T20755] ? futex_wake+0x1ad/0x530 [ 739.361743][T20755] ? bpf_lsm_file_permission+0x9/0x10 [ 739.361767][T20755] ? security_file_permission+0x71/0x210 [ 739.361785][T20755] ? rw_verify_area+0xcf/0x6c0 [ 739.361809][T20755] vfs_write+0x7d3/0x11d0 [ 739.361825][T20755] ? __pfx_anon_pipe_write+0x10/0x10 [ 739.361844][T20755] ? __pfx_vfs_write+0x10/0x10 [ 739.361858][T20755] ? find_held_lock+0x2b/0x80 [ 739.361892][T20755] ksys_write+0x1f8/0x250 [ 739.361907][T20755] ? __pfx_ksys_write+0x10/0x10 [ 739.361921][T20755] ? syscall_user_dispatch+0x78/0x140 [ 739.361948][T20755] do_syscall_64+0xcd/0xf80 [ 739.361966][T20755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.361985][T20755] RIP: 0033:0x7f168178f7c9 [ 739.362000][T20755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.362014][T20755] RSP: 002b:00007f16826c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 739.362030][T20755] RAX: ffffffffffffffda RBX: 00007f16819e5fa0 RCX: 00007f168178f7c9 [ 739.362040][T20755] RDX: 0000000004000000 RSI: 0000200000000380 RDI: 0000000000000000 [ 739.362049][T20755] RBP: 00007f1681813f91 R08: 0000000000000000 R09: 0000000000000000 [ 739.362058][T20755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.362066][T20755] R13: 00007f16819e6038 R14: 00007f16819e5fa0 R15: 00007ffe836ab288 [ 739.362086][T20755] [ 740.188274][T20773] netlink: 114 bytes leftover after parsing attributes in process `syz.2.2366'. [ 740.841499][T20781] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2368'. [ 745.275970][T20848] FAULT_INJECTION: forcing a failure. [ 745.275970][T20848] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 745.311418][T20848] CPU: 1 UID: 0 PID: 20848 Comm: syz.2.2381 Not tainted syzkaller #0 PREEMPT(full) [ 745.311448][T20848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 745.311462][T20848] Call Trace: [ 745.311469][T20848] [ 745.311478][T20848] dump_stack_lvl+0x16c/0x1f0 [ 745.311507][T20848] should_fail_ex+0x512/0x640 [ 745.311537][T20848] _copy_from_user+0x2e/0xd0 [ 745.311564][T20848] kstrtouint_from_user+0xd6/0x1d0 [ 745.311597][T20848] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 745.311636][T20848] ? lock_acquire+0x179/0x330 [ 745.311674][T20848] proc_fail_nth_write+0x83/0x220 [ 745.311705][T20848] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 745.311745][T20848] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 745.311773][T20848] vfs_write+0x2a0/0x11d0 [ 745.311800][T20848] ? __pfx___mutex_lock+0x10/0x10 [ 745.311829][T20848] ? __pfx_vfs_write+0x10/0x10 [ 745.311863][T20848] ? __fget_files+0x20e/0x3c0 [ 745.311898][T20848] ksys_write+0x12a/0x250 [ 745.311923][T20848] ? __pfx_ksys_write+0x10/0x10 [ 745.311959][T20848] do_syscall_64+0xcd/0xf80 [ 745.311987][T20848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.312012][T20848] RIP: 0033:0x7fd7f978e27f [ 745.312041][T20848] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 745.312064][T20848] RSP: 002b:00007fd7f79f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 745.312088][T20848] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd7f978e27f [ 745.312103][T20848] RDX: 0000000000000001 RSI: 00007fd7f79f60a0 RDI: 0000000000000005 [ 745.312117][T20848] RBP: 00007fd7f79f6090 R08: 0000000000000000 R09: 0000000000000000 [ 745.312132][T20848] R10: 0000000007000000 R11: 0000000000000293 R12: 0000000000000001 [ 745.312147][T20848] R13: 00007fd7f99e6038 R14: 00007fd7f99e5fa0 R15: 00007ffc89175628 [ 745.312183][T20848] [ 745.655499][T20855] Process accounting resumed [ 746.221907][T20868] FAULT_INJECTION: forcing a failure. [ 746.221907][T20868] name failslab, interval 1, probability 393216, space 0, times 0 [ 746.293998][T20868] CPU: 0 UID: 0 PID: 20868 Comm: syz.2.2384 Not tainted syzkaller #0 PREEMPT(full) [ 746.294020][T20868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 746.294029][T20868] Call Trace: [ 746.294034][T20868] [ 746.294040][T20868] dump_stack_lvl+0x16c/0x1f0 [ 746.294059][T20868] should_fail_ex+0x512/0x640 [ 746.294078][T20868] should_failslab+0xc2/0x120 [ 746.294095][T20868] kmem_cache_alloc_lru_noprof+0x79/0x760 [ 746.294116][T20868] ? xas_split_alloc+0x11c/0x490 [ 746.294133][T20868] ? xas_split_alloc+0x11c/0x490 [ 746.294146][T20868] xas_split_alloc+0x11c/0x490 [ 746.294165][T20868] __folio_split+0xcfb/0x4860 [ 746.294194][T20868] ? __mem_cgroup_try_charge_swap+0x8c/0x340 [ 746.294214][T20868] ? __pfx___mem_cgroup_try_charge_swap+0x10/0x10 [ 746.294233][T20868] ? __pfx___folio_split+0x10/0x10 [ 746.294256][T20868] ? folio_alloc_swap+0x8af/0xcf0 [ 746.294275][T20868] shmem_writeout+0x42e/0x1140 [ 746.294296][T20868] ? __pfx_shmem_writeout+0x10/0x10 [ 746.294311][T20868] ? __pfx_try_to_unmap+0x10/0x10 [ 746.294329][T20868] ? find_held_lock+0x2b/0x80 [ 746.294351][T20868] ? inode_to_bdi+0x9e/0x160 [ 746.294370][T20868] ? folio_clear_dirty_for_io+0x112/0x790 [ 746.294395][T20868] shrink_folio_list+0x2f4e/0x47e0 [ 746.294418][T20868] ? __pfx_shrink_folio_list+0x10/0x10 [ 746.294437][T20868] ? __lock_acquire+0x433/0x22f0 [ 746.294453][T20868] ? stack_trace_save+0x8e/0xc0 [ 746.294474][T20868] ? __lock_acquire+0x433/0x22f0 [ 746.294490][T20868] ? find_held_lock+0x2b/0x80 [ 746.294526][T20868] ? __pfx___page_table_check_zero+0x10/0x10 [ 746.294545][T20868] reclaim_folio_list+0xda/0x5a0 [ 746.294560][T20868] ? __pfx_css_rstat_updated+0x10/0x10 [ 746.294576][T20868] ? __lock_acquire+0x433/0x22f0 [ 746.294592][T20868] ? __pfx_reclaim_folio_list+0x10/0x10 [ 746.294616][T20868] ? lru_gen_update_size+0x543/0xe10 [ 746.294635][T20868] ? lru_gen_del_folio+0x32b/0x540 [ 746.294652][T20868] reclaim_pages+0x3ec/0x570 [ 746.294670][T20868] ? __pfx_reclaim_pages+0x10/0x10 [ 746.294686][T20868] ? madvise_cold_or_pageout_pte_range+0x1e2f/0x20d0 [ 746.294707][T20868] madvise_cold_or_pageout_pte_range+0x14d1/0x20d0 [ 746.294732][T20868] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 746.294751][T20868] ? pgd_bad+0xad/0xf0 [ 746.294769][T20868] ? __pfx_pgd_bad+0x10/0x10 [ 746.294788][T20868] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 746.294805][T20868] walk_pgd_range+0xcdc/0x1f40 [ 746.294837][T20868] ? __pfx_walk_pgd_range+0x10/0x10 [ 746.294861][T20868] __walk_page_range+0x163/0x820 [ 746.294881][T20868] ? process_measurement+0x4a6/0x22d0 [ 746.294901][T20868] ? down_write+0x14d/0x200 [ 746.294924][T20868] ? __lock_acquire+0x433/0x22f0 [ 746.294943][T20868] walk_page_range_vma+0x2c7/0xa20 [ 746.294965][T20868] ? __pfx_walk_page_range_vma+0x10/0x10 [ 746.294985][T20868] ? find_held_lock+0x2b/0x80 [ 746.295012][T20868] madvise_pageout+0x257/0x540 [ 746.295027][T20868] ? __pfx_madvise_pageout+0x10/0x10 [ 746.295056][T20868] madvise_vma_behavior+0xb14/0x2d00 [ 746.295074][T20868] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 746.295089][T20868] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 746.295105][T20868] ? mas_prev+0x9b/0xf0 [ 746.295119][T20868] ? __pfx_mas_prev+0x10/0x10 [ 746.295138][T20868] ? find_vma_prev+0xd3/0x150 [ 746.295151][T20868] ? __pfx_find_vma_prev+0x10/0x10 [ 746.295175][T20868] madvise_walk_vmas+0x31f/0x9c0 [ 746.295193][T20868] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 746.295215][T20868] madvise_do_behavior+0x1e2/0x530 [ 746.295232][T20868] ? __pfx_madvise_do_behavior+0x10/0x10 [ 746.295249][T20868] ? down_read+0x13d/0x460 [ 746.295273][T20868] do_madvise+0x176/0x240 [ 746.295289][T20868] ? __pfx_do_madvise+0x10/0x10 [ 746.295302][T20868] ? __mutex_unlock_slowpath+0x161/0x790 [ 746.295323][T20868] ? __fget_files+0x20e/0x3c0 [ 746.295344][T20868] ? syscall_user_dispatch+0x78/0x140 [ 746.295368][T20868] __x64_sys_madvise+0xa9/0x110 [ 746.295384][T20868] do_syscall_64+0xcd/0xf80 [ 746.295399][T20868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.295414][T20868] RIP: 0033:0x7fd7f978f7c9 [ 746.295425][T20868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 746.295438][T20868] RSP: 002b:00007fd7f79b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 746.295452][T20868] RAX: ffffffffffffffda RBX: 00007fd7f99e6180 RCX: 00007fd7f978f7c9 [ 746.295461][T20868] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 746.295469][T20868] RBP: 00007fd7f79b4090 R08: 0000000000000000 R09: 0000000000000000 [ 746.295477][T20868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 746.295486][T20868] R13: 00007fd7f99e6218 R14: 00007fd7f99e6180 R15: 00007ffc89175628 [ 746.295504][T20868] [ 748.251834][T20891] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2389'. [ 748.474650][T20894] ttyS ttyS2: ldisc open failed (-12), clearing slot 2 [ 749.657067][T20394] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 749.666240][T20394] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 749.674503][T20394] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 749.683525][T20394] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 749.700613][T20394] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 750.414531][T20908] chnl_net:caif_netlink_parms(): no params data found [ 750.686501][T20908] bridge0: port 1(bridge_slave_0) entered blocking state [ 750.705255][T20908] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.723754][T20908] bridge_slave_0: entered allmulticast mode [ 750.746018][T20908] bridge_slave_0: entered promiscuous mode [ 750.838206][T20908] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.857796][T20908] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.866191][T20908] bridge_slave_1: entered allmulticast mode [ 750.872425][T20919] vhci_hcd: invalid port number 16 [ 750.897595][T20908] bridge_slave_1: entered promiscuous mode [ 751.060778][T20908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 751.147963][T20908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 751.236673][T20948] random: crng reseeded on system resumption [ 751.342554][T20908] team0: Port device team_slave_0 added [ 751.372956][T20908] team0: Port device team_slave_1 added [ 751.601772][T20908] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 751.608757][T20908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 751.635030][T20908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 751.654517][T20908] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 751.661714][T20908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 751.688002][T20908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 751.759778][T20394] Bluetooth: hci3: command tx timeout [ 751.916042][T20908] hsr_slave_0: entered promiscuous mode [ 751.936425][T20953] svc: failed to register nfsdv3 RPC service (errno 111). [ 751.952379][T20908] hsr_slave_1: entered promiscuous mode [ 751.977539][T20908] debugfs: 'hsr0' already exists in 'hsr' [ 751.980786][T20953] svc: failed to register nfsaclv3 RPC service (errno 111). [ 751.998648][T20908] Cannot create hsr debugfs directory [ 752.155645][T20959] FAULT_INJECTION: forcing a failure. [ 752.155645][T20959] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 752.190043][T20959] CPU: 0 UID: 0 PID: 20959 Comm: syz.2.2403 Tainted: G L syzkaller #0 PREEMPT(full) [ 752.190081][T20959] Tainted: [L]=SOFTLOCKUP [ 752.190090][T20959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 752.190104][T20959] Call Trace: [ 752.190113][T20959] [ 752.190122][T20959] dump_stack_lvl+0x16c/0x1f0 [ 752.190152][T20959] should_fail_ex+0x512/0x640 [ 752.190184][T20959] _copy_from_user+0x2e/0xd0 [ 752.190212][T20959] msr_io+0x93/0x480 [ 752.190239][T20959] ? __pfx_do_set_msr+0x10/0x10 [ 752.190284][T20959] ? __pfx_msr_io+0x10/0x10 [ 752.190322][T20959] kvm_arch_vcpu_ioctl+0x1455/0x54b0 [ 752.190351][T20959] ? kvm_arch_vcpu_ioctl+0x1430/0x54b0 [ 752.190382][T20959] ? stack_trace_save+0x8e/0xc0 [ 752.190409][T20959] ? __pfx_stack_trace_save+0x10/0x10 [ 752.190437][T20959] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 752.190474][T20959] ? kasan_save_stack+0x42/0x60 [ 752.190496][T20959] ? kasan_save_stack+0x33/0x60 [ 752.190516][T20959] ? kasan_save_track+0x14/0x30 [ 752.190536][T20959] ? __kasan_save_free_info+0x3b/0x60 [ 752.190567][T20959] ? __kasan_slab_free+0x5f/0x80 [ 752.190589][T20959] ? kfree+0x2f8/0x6e0 [ 752.190618][T20959] ? security_file_ioctl+0x9b/0x240 [ 752.190649][T20959] ? __lock_acquire+0x433/0x22f0 [ 752.190690][T20959] ? lock_acquire+0x179/0x330 [ 752.190722][T20959] ? __pfx___might_resched+0x10/0x10 [ 752.190747][T20959] ? rcu_is_watching+0x12/0xc0 [ 752.190770][T20959] ? trace_contention_end+0xdd/0x110 [ 752.190800][T20959] ? __mutex_lock+0x27b/0x1b10 [ 752.190829][T20959] ? kvm_vcpu_ioctl+0x280/0x1660 [ 752.190870][T20959] ? __pfx___mutex_lock+0x10/0x10 [ 752.190914][T20959] ? tomoyo_path_number_perm+0x18d/0x580 [ 752.190947][T20959] ? kvm_vcpu_ioctl+0x1235/0x1660 [ 752.190978][T20959] kvm_vcpu_ioctl+0x1235/0x1660 [ 752.191017][T20959] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 752.191053][T20959] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 752.191081][T20959] ? do_vfs_ioctl+0x128/0x14f0 [ 752.191116][T20959] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 752.191162][T20959] ? find_held_lock+0x2b/0x80 [ 752.191196][T20959] ? hook_file_ioctl_common+0x144/0x410 [ 752.191231][T20959] ? __fget_files+0x20e/0x3c0 [ 752.191261][T20959] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 752.191304][T20959] __x64_sys_ioctl+0x18e/0x210 [ 752.191342][T20959] do_syscall_64+0xcd/0xf80 [ 752.191370][T20959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.191395][T20959] RIP: 0033:0x7fd7f978f7c9 [ 752.191415][T20959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.191438][T20959] RSP: 002b:00007fd7f79f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 752.191461][T20959] RAX: ffffffffffffffda RBX: 00007fd7f99e5fa0 RCX: 00007fd7f978f7c9 [ 752.191477][T20959] RDX: 0000000000000000 RSI: 000000004008ae89 RDI: 0000000000000004 [ 752.191492][T20959] RBP: 00007fd7f79f6090 R08: 0000000000000000 R09: 0000000000000000 [ 752.191506][T20959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 752.191520][T20959] R13: 00007fd7f99e6038 R14: 00007fd7f99e5fa0 R15: 00007ffc89175628 [ 752.191557][T20959] [ 752.565075][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.571486][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.699301][T20964] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input97 [ 752.838802][T20908] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.898848][T20965] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input98 [ 752.983539][T20908] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.193840][T20908] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.328610][T20908] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.496136][T20908] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 753.577305][T20908] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 753.714095][T20908] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 753.746089][T20908] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 753.841670][T20394] Bluetooth: hci3: command tx timeout [ 753.939290][T20984] can0: slcan on ptm0. [ 754.099989][T20908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 754.204613][T20908] 8021q: adding VLAN 0 to HW filter on device team0 [ 754.222369][T20975] can0 (unregistered): slcan off ptm0. [ 754.228885][T15998] bridge0: port 1(bridge_slave_0) entered blocking state [ 754.236008][T15998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 754.297310][T15998] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.304569][T15998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 754.465200][T20998] FAULT_INJECTION: forcing a failure. [ 754.465200][T20998] name failslab, interval 1, probability 393216, space 0, times 0 [ 754.523550][T20998] CPU: 1 UID: 0 PID: 20998 Comm: syz.0.2409 Tainted: G L syzkaller #0 PREEMPT(full) [ 754.523576][T20998] Tainted: [L]=SOFTLOCKUP [ 754.523581][T20998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 754.523589][T20998] Call Trace: [ 754.523594][T20998] [ 754.523599][T20998] dump_stack_lvl+0x16c/0x1f0 [ 754.523619][T20998] should_fail_ex+0x512/0x640 [ 754.523635][T20998] ? kmem_cache_alloc_noprof+0x62/0x760 [ 754.523657][T20998] should_failslab+0xc2/0x120 [ 754.523673][T20998] kmem_cache_alloc_noprof+0x75/0x760 [ 754.523691][T20998] ? stack_depot_save_flags+0x29/0x9b0 [ 754.523705][T20998] ? alloc_empty_file+0x55/0x1e0 [ 754.523727][T20998] ? alloc_empty_file+0x55/0x1e0 [ 754.523742][T20998] ? kasan_save_track+0x14/0x30 [ 754.523754][T20998] alloc_empty_file+0x55/0x1e0 [ 754.523773][T20998] path_openat+0xde/0x3140 [ 754.523787][T20998] ? do_syscall_64+0xcd/0xf80 [ 754.523800][T20998] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.523820][T20998] ? __pfx_path_openat+0x10/0x10 [ 754.523841][T20998] do_filp_open+0x20b/0x470 [ 754.523857][T20998] ? __pfx_do_filp_open+0x10/0x10 [ 754.523885][T20998] ? alloc_fd+0x471/0x7d0 [ 754.523905][T20998] do_sys_openat2+0x11f/0x280 [ 754.523924][T20998] ? __pfx_do_sys_openat2+0x10/0x10 [ 754.523944][T20998] ? __fget_files+0x20e/0x3c0 [ 754.523961][T20998] __x64_sys_openat+0x174/0x210 [ 754.523980][T20998] ? __pfx___x64_sys_openat+0x10/0x10 [ 754.523998][T20998] ? ksys_write+0x1ac/0x250 [ 754.524018][T20998] do_syscall_64+0xcd/0xf80 [ 754.524032][T20998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.524046][T20998] RIP: 0033:0x7f168178f7c9 [ 754.524057][T20998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 754.524071][T20998] RSP: 002b:00007f16826c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 754.524084][T20998] RAX: ffffffffffffffda RBX: 00007f16819e5fa0 RCX: 00007f168178f7c9 [ 754.524103][T20998] RDX: 0000000000121d02 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 754.524112][T20998] RBP: 00007f16826c7090 R08: 0000000000000000 R09: 0000000000000000 [ 754.524119][T20998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 754.524127][T20998] R13: 00007f16819e6038 R14: 00007f16819e5fa0 R15: 00007ffe836ab288 [ 754.524146][T20998] [ 754.844678][T20908] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 754.863247][T20908] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 755.113886][T21010] FAULT_INJECTION: forcing a failure. [ 755.113886][T21010] name failslab, interval 1, probability 393216, space 0, times 0 [ 755.191639][T21010] CPU: 1 UID: 0 PID: 21010 Comm: syz.0.2412 Tainted: G L syzkaller #0 PREEMPT(full) [ 755.191679][T21010] Tainted: [L]=SOFTLOCKUP [ 755.191688][T21010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 755.191700][T21010] Call Trace: [ 755.191708][T21010] [ 755.191717][T21010] dump_stack_lvl+0x16c/0x1f0 [ 755.191746][T21010] should_fail_ex+0x512/0x640 [ 755.191770][T21010] ? kmem_cache_alloc_noprof+0x62/0x760 [ 755.191804][T21010] should_failslab+0xc2/0x120 [ 755.191831][T21010] kmem_cache_alloc_noprof+0x75/0x760 [ 755.191864][T21010] ? security_file_alloc+0x34/0x2b0 [ 755.191897][T21010] ? security_file_alloc+0x34/0x2b0 [ 755.191923][T21010] security_file_alloc+0x34/0x2b0 [ 755.191949][T21010] init_file+0x93/0x4c0 [ 755.191988][T21010] alloc_empty_file+0x73/0x1e0 [ 755.192021][T21010] path_openat+0xde/0x3140 [ 755.192046][T21010] ? do_syscall_64+0xcd/0xf80 [ 755.192068][T21010] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.192101][T21010] ? __pfx_path_openat+0x10/0x10 [ 755.192132][T21010] do_filp_open+0x20b/0x470 [ 755.192148][T21010] ? __pfx_do_filp_open+0x10/0x10 [ 755.192176][T21010] ? alloc_fd+0x471/0x7d0 [ 755.192196][T21010] do_sys_openat2+0x11f/0x280 [ 755.192215][T21010] ? __pfx_do_sys_openat2+0x10/0x10 [ 755.192235][T21010] ? __fget_files+0x20e/0x3c0 [ 755.192248][T21010] ? warn_bogus_irq_restore+0x20/0x20 [ 755.192265][T21010] __x64_sys_openat+0x174/0x210 [ 755.192284][T21010] ? __pfx___x64_sys_openat+0x10/0x10 [ 755.192302][T21010] ? ksys_write+0x1ac/0x250 [ 755.192321][T21010] do_syscall_64+0xcd/0xf80 [ 755.192336][T21010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.192350][T21010] RIP: 0033:0x7f168178f7c9 [ 755.192361][T21010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 755.192375][T21010] RSP: 002b:00007f16826c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 755.192389][T21010] RAX: ffffffffffffffda RBX: 00007f16819e5fa0 RCX: 00007f168178f7c9 [ 755.192398][T21010] RDX: 00000000000a8441 RSI: 0000200000000f80 RDI: ffffffffffffff9c [ 755.192411][T21010] RBP: 00007f16826c7090 R08: 0000000000000000 R09: 0000000000000000 [ 755.192419][T21010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 755.192426][T21010] R13: 00007f16819e6038 R14: 00007f16819e5fa0 R15: 00007ffe836ab288 [ 755.192445][T21010] [ 755.832242][T20908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 755.922274][T20394] Bluetooth: hci3: command tx timeout [ 756.037939][T20908] veth0_vlan: entered promiscuous mode [ 756.098630][T20908] veth1_vlan: entered promiscuous mode [ 756.239870][T20908] veth0_macvtap: entered promiscuous mode [ 756.290701][T20908] veth1_macvtap: entered promiscuous mode [ 756.378686][T20908] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 756.393998][T21038] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input99 [ 756.439276][T20908] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 756.505699][ T4979] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.048126][T21041] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input100 [ 757.085438][ T4979] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.250086][ T4979] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.364981][ T4979] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.628563][ T4979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 757.651337][ T4979] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 757.863307][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 757.887406][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 758.003591][T20394] Bluetooth: hci3: command tx timeout [ 759.410883][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 759.423571][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 759.434641][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 759.443273][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 759.455265][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 759.673700][ T30] audit: type=1800 audit(1764932774.554:6): pid=21091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2422" name="dbroot" dev="configfs" ino=144592 res=0 errno=0 [ 760.019588][T21094] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input101 [ 760.211965][T21095] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input102 [ 760.648476][ T1331] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 760.794407][ T1331] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 760.947692][ T1331] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 761.190375][ T1331] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 761.245981][T21088] chnl_net:caif_netlink_parms(): no params data found [ 761.524760][T20394] Bluetooth: hci4: command tx timeout [ 761.622041][T21088] bridge0: port 1(bridge_slave_0) entered blocking state [ 761.631732][T21088] bridge0: port 1(bridge_slave_0) entered disabled state [ 761.640014][T21088] bridge_slave_0: entered allmulticast mode [ 761.649062][T21088] bridge_slave_0: entered promiscuous mode [ 761.680384][ T1331] bridge_slave_1: left allmulticast mode [ 761.704807][ T1331] bridge_slave_1: left promiscuous mode [ 761.713676][ T1331] bridge0: port 2(bridge_slave_1) entered disabled state [ 761.749553][ T1331] bridge_slave_0: left allmulticast mode [ 761.768777][ T1331] bridge_slave_0: left promiscuous mode [ 761.785463][ T1331] bridge0: port 1(bridge_slave_0) entered disabled state [ 761.828219][T21141] FAULT_INJECTION: forcing a failure. [ 761.828219][T21141] name failslab, interval 1, probability 393216, space 0, times 0 [ 761.866681][T21141] CPU: 1 UID: 0 PID: 21141 Comm: syz.0.2434 Tainted: G L syzkaller #0 PREEMPT(full) [ 761.866722][T21141] Tainted: [L]=SOFTLOCKUP [ 761.866730][T21141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 761.866743][T21141] Call Trace: [ 761.866751][T21141] [ 761.866761][T21141] dump_stack_lvl+0x16c/0x1f0 [ 761.866791][T21141] should_fail_ex+0x512/0x640 [ 761.866815][T21141] ? kmem_cache_alloc_noprof+0x62/0x760 [ 761.866851][T21141] should_failslab+0xc2/0x120 [ 761.866878][T21141] kmem_cache_alloc_noprof+0x75/0x760 [ 761.866908][T21141] ? security_file_alloc+0x34/0x2b0 [ 761.866943][T21141] ? security_file_alloc+0x34/0x2b0 [ 761.866969][T21141] security_file_alloc+0x34/0x2b0 [ 761.866996][T21141] init_file+0x93/0x4c0 [ 761.867025][T21141] alloc_empty_file+0x73/0x1e0 [ 761.867056][T21141] path_openat+0xde/0x3140 [ 761.867079][T21141] ? do_syscall_64+0xcd/0xf80 [ 761.867102][T21141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.867158][T21141] ? __pfx_path_openat+0x10/0x10 [ 761.867196][T21141] do_filp_open+0x20b/0x470 [ 761.867222][T21141] ? __pfx_do_filp_open+0x10/0x10 [ 761.867271][T21141] ? alloc_fd+0x471/0x7d0 [ 761.867305][T21141] do_sys_openat2+0x11f/0x280 [ 761.867342][T21141] ? __pfx_do_sys_openat2+0x10/0x10 [ 761.867376][T21141] ? __fget_files+0x20e/0x3c0 [ 761.867405][T21141] __x64_sys_openat+0x174/0x210 [ 761.867435][T21141] ? __pfx___x64_sys_openat+0x10/0x10 [ 761.867465][T21141] ? ksys_write+0x1ac/0x250 [ 761.867501][T21141] do_syscall_64+0xcd/0xf80 [ 761.867527][T21141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.867550][T21141] RIP: 0033:0x7f168178f7c9 [ 761.867569][T21141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.867591][T21141] RSP: 002b:00007f16826c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 761.867613][T21141] RAX: ffffffffffffffda RBX: 00007f16819e5fa0 RCX: 00007f168178f7c9 [ 761.867628][T21141] RDX: 0000000000040080 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 761.867642][T21141] RBP: 00007f16826c7090 R08: 0000000000000000 R09: 0000000000000000 [ 761.867656][T21141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 761.867670][T21141] R13: 00007f16819e6038 R14: 00007f16819e5fa0 R15: 00007ffe836ab288 [ 761.867703][T21141] [ 762.658383][ T1331] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 762.695508][ T1331] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 762.745905][ T1331] bond0 (unregistering): Released all slaves [ 762.957712][T21088] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.985781][T21088] bridge0: port 2(bridge_slave_1) entered disabled state [ 762.993480][T21088] bridge_slave_1: entered allmulticast mode [ 763.011796][T21088] bridge_slave_1: entered promiscuous mode [ 763.057050][T21148] FAULT_INJECTION: forcing a failure. [ 763.057050][T21148] name failslab, interval 1, probability 393216, space 0, times 0 [ 763.057116][T21148] CPU: 0 UID: 0 PID: 21148 Comm: syz.0.2436 Tainted: G L syzkaller #0 PREEMPT(full) [ 763.057154][T21148] Tainted: [L]=SOFTLOCKUP [ 763.057163][T21148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 763.057177][T21148] Call Trace: [ 763.057186][T21148] [ 763.057196][T21148] dump_stack_lvl+0x16c/0x1f0 [ 763.057238][T21148] should_fail_ex+0x512/0x640 [ 763.057266][T21148] ? __kmalloc_noprof+0xca/0x8f0 [ 763.057304][T21148] should_failslab+0xc2/0x120 [ 763.057335][T21148] __kmalloc_noprof+0xdd/0x8f0 [ 763.057365][T21148] ? vgacon_init+0x303/0x440 [ 763.057398][T21148] ? vc_allocate+0x489/0x880 [ 763.057436][T21148] ? vc_allocate+0x489/0x880 [ 763.057462][T21148] vc_allocate+0x489/0x880 [ 763.057491][T21148] ? __pfx_vc_allocate+0x10/0x10 [ 763.057524][T21148] con_install+0xa1/0x600 [ 763.057544][T21148] ? __pfx_con_install+0x10/0x10 [ 763.057567][T21148] ? __pfx_con_install+0x10/0x10 [ 763.057586][T21148] tty_init_dev.part.0+0x9c/0x500 [ 763.057609][T21148] tty_open+0xa4f/0xf90 [ 763.057632][T21148] ? __pfx_tty_open+0x10/0x10 [ 763.057653][T21148] ? chrdev_open+0x58c/0x6a0 [ 763.057672][T21148] ? __pfx_tty_open+0x10/0x10 [ 763.057692][T21148] chrdev_open+0x234/0x6a0 [ 763.057708][T21148] ? __pfx_chrdev_open+0x10/0x10 [ 763.057724][T21148] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 763.057745][T21148] do_dentry_open+0x748/0x1590 [ 763.057759][T21148] ? __pfx_chrdev_open+0x10/0x10 [ 763.057780][T21148] vfs_open+0x82/0x3f0 [ 763.057800][T21148] path_openat+0x2078/0x3140 [ 763.057822][T21148] ? __pfx_path_openat+0x10/0x10 [ 763.057844][T21148] do_filp_open+0x20b/0x470 [ 763.057859][T21148] ? __pfx_do_filp_open+0x10/0x10 [ 763.057889][T21148] ? alloc_fd+0x471/0x7d0 [ 763.057910][T21148] do_sys_openat2+0x11f/0x280 [ 763.057928][T21148] ? __pfx_do_sys_openat2+0x10/0x10 [ 763.057955][T21148] __x64_sys_openat+0x174/0x210 [ 763.057974][T21148] ? __pfx___x64_sys_openat+0x10/0x10 [ 763.058001][T21148] do_syscall_64+0xcd/0xf80 [ 763.058017][T21148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.058031][T21148] RIP: 0033:0x7f168178f7c9 [ 763.058044][T21148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.058058][T21148] RSP: 002b:00007f1682685038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 763.058072][T21148] RAX: ffffffffffffffda RBX: 00007f16819e6180 RCX: 00007f168178f7c9 [ 763.058081][T21148] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 763.058090][T21148] RBP: 00007f1681813f91 R08: 0000000000000000 R09: 0000000000000000 [ 763.058098][T21148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.058106][T21148] R13: 00007f16819e6218 R14: 00007f16819e6180 R15: 00007ffe836ab288 [ 763.058127][T21148] [ 763.153324][T21088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 763.180096][T21088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 763.576964][T21088] team0: Port device team_slave_0 added [ 763.579016][T21088] team0: Port device team_slave_1 added [ 763.605719][T20394] Bluetooth: hci4: command tx timeout [ 763.619467][T21088] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 763.619489][T21088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 763.619512][T21088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.620671][T21088] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.620686][T21088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 763.620713][T21088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.795098][T21088] hsr_slave_0: entered promiscuous mode [ 763.796534][T21088] hsr_slave_1: entered promiscuous mode [ 763.797293][T21088] debugfs: 'hsr0' already exists in 'hsr' [ 763.797317][T21088] Cannot create hsr debugfs directory [ 764.155454][ T1331] hsr_slave_0: left promiscuous mode [ 764.190074][ T1331] hsr_slave_1: left promiscuous mode [ 764.191005][ T1331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 764.191047][ T1331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 764.200101][ T1331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 764.200129][ T1331] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 764.253158][ T1331] veth1_macvtap: left promiscuous mode [ 764.253257][ T1331] veth0_macvtap: left promiscuous mode [ 764.253372][ T1331] veth1_vlan: left promiscuous mode [ 764.253474][ T1331] veth0_vlan: left promiscuous mode [ 765.080405][T21153] tty tty12: ldisc open failed (-12), clearing slot 11 [ 765.106974][T21154] tty tty12: ldisc open failed (-12), clearing slot 11 [ 765.686829][T20394] Bluetooth: hci4: command tx timeout [ 765.780006][ T1331] team0 (unregistering): Port device team_slave_1 removed [ 765.881852][ T1331] team0 (unregistering): Port device team_slave_0 removed [ 767.769306][T20394] Bluetooth: hci4: command tx timeout [ 767.800161][T21205] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2444'. [ 767.892644][T21205] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.013053][T21205] bridge_slave_1 (unregistering): left allmulticast mode [ 768.042216][T21205] bridge_slave_1 (unregistering): left promiscuous mode [ 768.067987][T21205] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.176942][T21212] netlink: 'syz.3.2445': attribute type 5 has an invalid length. [ 768.501582][T21088] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 768.545824][T21088] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 768.582097][T21088] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 768.647140][T21088] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 768.691146][T21226] FAULT_INJECTION: forcing a failure. [ 768.691146][T21226] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 768.721706][T21226] CPU: 1 UID: 0 PID: 21226 Comm: syz.3.2447 Tainted: G L syzkaller #0 PREEMPT(full) [ 768.721746][T21226] Tainted: [L]=SOFTLOCKUP [ 768.721754][T21226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 768.721767][T21226] Call Trace: [ 768.721775][T21226] [ 768.721784][T21226] dump_stack_lvl+0x16c/0x1f0 [ 768.721814][T21226] should_fail_ex+0x512/0x640 [ 768.721847][T21226] _copy_to_user+0x32/0xd0 [ 768.721873][T21226] simple_read_from_buffer+0xcb/0x170 [ 768.721912][T21226] proc_fail_nth_read+0x197/0x240 [ 768.721941][T21226] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 768.721972][T21226] ? rw_verify_area+0xcf/0x6c0 [ 768.722006][T21226] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 768.722036][T21226] vfs_read+0x1e4/0xcf0 [ 768.722062][T21226] ? __pfx___mutex_lock+0x10/0x10 [ 768.722093][T21226] ? __pfx_vfs_read+0x10/0x10 [ 768.722126][T21226] ? __fget_files+0x20e/0x3c0 [ 768.722161][T21226] ksys_read+0x12a/0x250 [ 768.722184][T21226] ? __pfx_ksys_read+0x10/0x10 [ 768.722219][T21226] do_syscall_64+0xcd/0xf80 [ 768.722246][T21226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.722270][T21226] RIP: 0033:0x7f678b58e1dc [ 768.722289][T21226] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 768.722312][T21226] RSP: 002b:00007f678c392030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 768.722335][T21226] RAX: ffffffffffffffda RBX: 00007f678b7e5fa0 RCX: 00007f678b58e1dc [ 768.722351][T21226] RDX: 000000000000000f RSI: 00007f678c3920a0 RDI: 0000000000000004 [ 768.722366][T21226] RBP: 00007f678c392090 R08: 0000000000000000 R09: 0000000000000000 [ 768.722380][T21226] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 768.722394][T21226] R13: 00007f678b7e6038 R14: 00007f678b7e5fa0 R15: 00007ffdd404dff8 [ 768.722436][T21226] [ 768.986789][T21088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 769.010829][T21088] 8021q: adding VLAN 0 to HW filter on device team0 [ 769.032252][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 769.040107][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 769.139236][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 769.146407][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 769.892713][T21245] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 769.924233][T21245] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 770.076950][T21088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 770.137149][T21251] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2451'. [ 770.398175][T21088] veth0_vlan: entered promiscuous mode [ 770.417440][T21088] veth1_vlan: entered promiscuous mode [ 770.555645][T21088] veth0_macvtap: entered promiscuous mode [ 770.619533][T21088] veth1_macvtap: entered promiscuous mode [ 770.726538][T21088] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 770.750446][T21088] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 770.775309][ T1081] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.814450][ T1081] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.857717][ T1081] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.933526][ T1081] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 771.435851][ T1081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 771.469677][ T1081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 771.576137][T15998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 771.629813][T15998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 772.126041][T21293] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2454'. [ 773.037137][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 773.046453][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 773.055576][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 773.064493][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 773.072044][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 774.356899][ T1152] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.745850][ T1152] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.934056][T21311] chnl_net:caif_netlink_parms(): no params data found [ 775.133044][ T5847] Bluetooth: hci1: command tx timeout [ 775.574158][ T1152] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 775.705973][T21330] kexec: Could not allocate control_code_buffer [ 775.805260][ T1152] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 775.853035][T21311] bridge0: port 1(bridge_slave_0) entered blocking state [ 775.860400][T21311] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.867998][T21311] bridge_slave_0: entered allmulticast mode [ 775.876516][T21311] bridge_slave_0: entered promiscuous mode [ 775.974192][T21311] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.984047][T21311] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.991331][T21311] bridge_slave_1: entered allmulticast mode [ 776.008966][T21311] bridge_slave_1: entered promiscuous mode [ 776.127301][T21311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 776.188206][T21311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 776.335947][T21311] team0: Port device team_slave_0 added [ 776.384706][T21311] team0: Port device team_slave_1 added [ 776.508342][ T1152] bridge_slave_1: left allmulticast mode [ 776.521605][ T1152] bridge_slave_1: left promiscuous mode [ 776.545499][ T1152] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.577700][ T1152] bridge_slave_0: left allmulticast mode [ 776.598125][ T1152] bridge_slave_0: left promiscuous mode [ 776.628508][ T1152] bridge0: port 1(bridge_slave_0) entered disabled state [ 777.222967][ T5847] Bluetooth: hci1: command tx timeout [ 777.806586][ T1152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 777.833645][ T1152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 777.848523][ T1152] bond0 (unregistering): Released all slaves [ 777.928720][T21311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 777.947246][T21311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 778.002921][T21311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 778.016941][T21311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 778.026595][T21311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 778.060973][T21311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 778.481226][T21311] hsr_slave_0: entered promiscuous mode [ 778.497995][T21311] hsr_slave_1: entered promiscuous mode [ 778.517695][T21311] debugfs: 'hsr0' already exists in 'hsr' [ 778.525977][T21311] Cannot create hsr debugfs directory [ 779.293690][ T5847] Bluetooth: hci1: command tx timeout [ 779.350592][ T1152] hsr_slave_0: left promiscuous mode [ 779.380733][ T1152] hsr_slave_1: left promiscuous mode [ 779.407859][ T1152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 779.452769][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 779.520053][ T1152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 779.527936][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 779.570189][ T1152] veth1_macvtap: left promiscuous mode [ 779.598507][ T1152] veth0_macvtap: left promiscuous mode [ 779.618513][ T1152] veth1_vlan: left promiscuous mode [ 779.624040][ T1152] veth0_vlan: left promiscuous mode [ 780.576604][ T1152] team0 (unregistering): Port device team_slave_1 removed [ 780.648900][ T1152] team0 (unregistering): Port device team_slave_0 removed [ 781.382971][ T5847] Bluetooth: hci1: command tx timeout [ 783.251772][T21311] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 783.394149][T21311] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 783.426034][T21311] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 783.556368][T21311] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 785.243495][T21311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 785.384803][T21311] 8021q: adding VLAN 0 to HW filter on device team0 [ 785.480126][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 785.487279][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 785.588617][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 785.595817][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 785.718003][T21486] FAULT_INJECTION: forcing a failure. [ 785.718003][T21486] name failslab, interval 1, probability 393216, space 0, times 0 [ 785.768327][T21486] CPU: 0 UID: 0 PID: 21486 Comm: syz.2.2479 Tainted: G L syzkaller #0 PREEMPT(full) [ 785.768362][T21486] Tainted: [L]=SOFTLOCKUP [ 785.768370][T21486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 785.768383][T21486] Call Trace: [ 785.768390][T21486] [ 785.768399][T21486] dump_stack_lvl+0x16c/0x1f0 [ 785.768430][T21486] should_fail_ex+0x512/0x640 [ 785.768456][T21486] ? kmem_cache_alloc_noprof+0x62/0x760 [ 785.768492][T21486] should_failslab+0xc2/0x120 [ 785.768518][T21486] kmem_cache_alloc_noprof+0x75/0x760 [ 785.768549][T21486] ? security_file_alloc+0x34/0x2b0 [ 785.768584][T21486] ? security_file_alloc+0x34/0x2b0 [ 785.768610][T21486] security_file_alloc+0x34/0x2b0 [ 785.768631][T21486] init_file+0x93/0x4c0 [ 785.768650][T21486] alloc_empty_file+0x73/0x1e0 [ 785.768668][T21486] path_openat+0xde/0x3140 [ 785.768682][T21486] ? do_syscall_64+0xcd/0xf80 [ 785.768695][T21486] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 785.768715][T21486] ? __pfx_path_openat+0x10/0x10 [ 785.768736][T21486] do_filp_open+0x20b/0x470 [ 785.768752][T21486] ? __pfx_do_filp_open+0x10/0x10 [ 785.768779][T21486] ? alloc_fd+0x471/0x7d0 [ 785.768800][T21486] do_sys_openat2+0x11f/0x280 [ 785.768818][T21486] ? __pfx_do_sys_openat2+0x10/0x10 [ 785.768838][T21486] ? __fget_files+0x20e/0x3c0 [ 785.768855][T21486] __x64_sys_openat+0x174/0x210 [ 785.768874][T21486] ? __pfx___x64_sys_openat+0x10/0x10 [ 785.768892][T21486] ? ksys_write+0x1ac/0x250 [ 785.768912][T21486] do_syscall_64+0xcd/0xf80 [ 785.768927][T21486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 785.768940][T21486] RIP: 0033:0x7f46cdb8f7c9 [ 785.768952][T21486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 785.768965][T21486] RSP: 002b:00007f46cbdd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 785.768979][T21486] RAX: ffffffffffffffda RBX: 00007f46cdde6180 RCX: 00007f46cdb8f7c9 [ 785.768988][T21486] RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 785.768997][T21486] RBP: 00007f46cbdd5090 R08: 0000000000000000 R09: 0000000000000000 [ 785.769005][T21486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 785.769013][T21486] R13: 00007f46cdde6218 R14: 00007f46cdde6180 R15: 00007ffc6f0b1af8 [ 785.769031][T21486] [ 786.603974][T21500] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input103 [ 786.704442][T21311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 786.884046][T21311] veth0_vlan: entered promiscuous mode [ 786.945505][T21311] veth1_vlan: entered promiscuous mode [ 787.148208][T21502] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input104 [ 787.270373][T21311] veth0_macvtap: entered promiscuous mode [ 787.286647][T21311] veth1_macvtap: entered promiscuous mode [ 787.421882][T21311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 787.482767][T21311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 787.528041][ T1331] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.537277][ T1331] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.585070][ T1331] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.641381][ T1331] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.876978][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 787.915879][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 787.981935][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 787.999208][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 789.813965][T21539] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 790.022655][T21544] can0: slcan on pty238. [ 790.223964][T20394] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 790.232781][T20394] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 790.241090][T20394] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 790.250169][T20394] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 790.257936][T20394] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 790.367562][T21550] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 790.754171][T21548] chnl_net:caif_netlink_parms(): no params data found [ 791.424096][T21540] can0 (unregistered): slcan off pty238. [ 791.483697][T21548] bridge0: port 1(bridge_slave_0) entered blocking state [ 791.501625][T21548] bridge0: port 1(bridge_slave_0) entered disabled state [ 791.509268][T21548] bridge_slave_0: entered allmulticast mode [ 791.517762][T21548] bridge_slave_0: entered promiscuous mode [ 791.526915][T21548] bridge0: port 2(bridge_slave_1) entered blocking state [ 791.535820][T21548] bridge0: port 2(bridge_slave_1) entered disabled state [ 791.548506][T21548] bridge_slave_1: entered allmulticast mode [ 791.556733][T21548] bridge_slave_1: entered promiscuous mode [ 791.739477][T21581] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2830524961 (2830524961 ns) > initial count (1971299731 ns). Using initial count to start timer. [ 791.812099][T21548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 791.853892][T21548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 792.142440][T21548] team0: Port device team_slave_0 added [ 792.191422][T21548] team0: Port device team_slave_1 added [ 792.198944][T21595] openvswitch: netlink: IP tunnel dst address not specified [ 792.330101][T21548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 792.337089][T21548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 792.370534][T21548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 792.371584][T20394] Bluetooth: hci2: command tx timeout [ 792.749492][T21548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 792.756741][T21548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 792.841546][T21548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 792.917458][T21548] hsr_slave_0: entered promiscuous mode [ 792.982139][T21548] hsr_slave_1: entered promiscuous mode [ 793.089725][T21548] debugfs: 'hsr0' already exists in 'hsr' [ 793.103968][T21548] Cannot create hsr debugfs directory [ 794.248998][T21622] Invalid ELF header magic: != ELF [ 794.421158][T20394] Bluetooth: hci2: command tx timeout [ 794.716612][T21548] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.854305][T21548] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.005585][T21548] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.077343][T21636] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input105 [ 795.268174][T21548] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.284119][T21637] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input106 [ 795.584925][T21548] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 795.612973][T21548] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 795.640100][T21548] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 795.678610][T21548] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 795.843433][T21548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 795.889374][T21548] 8021q: adding VLAN 0 to HW filter on device team0 [ 795.923189][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.930388][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 795.984506][ T3660] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.991852][ T3660] bridge0: port 2(bridge_slave_1) entered forwarding state [ 796.016569][T21654] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 796.376274][T21548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 796.452198][T21548] veth0_vlan: entered promiscuous mode [ 796.489193][T21548] veth1_vlan: entered promiscuous mode [ 796.502642][T20394] Bluetooth: hci2: command tx timeout [ 796.520715][T21672] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2514'. [ 796.687744][T21678] FAULT_INJECTION: forcing a failure. [ 796.687744][T21678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 796.771102][T21678] CPU: 1 UID: 0 PID: 21678 Comm: syz.1.2516 Tainted: G L syzkaller #0 PREEMPT(full) [ 796.771140][T21678] Tainted: [L]=SOFTLOCKUP [ 796.771148][T21678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 796.771160][T21678] Call Trace: [ 796.771167][T21678] [ 796.771176][T21678] dump_stack_lvl+0x16c/0x1f0 [ 796.771204][T21678] should_fail_ex+0x512/0x640 [ 796.771236][T21678] _copy_from_iter+0x43b/0x16c0 [ 796.771270][T21678] ? __pfx__copy_from_iter+0x10/0x10 [ 796.771298][T21678] ? __asan_memset+0x23/0x50 [ 796.771331][T21678] ? __build_skb_around+0x278/0x390 [ 796.771357][T21678] ? is_vmalloc_addr+0x86/0xa0 [ 796.771390][T21678] netlink_sendmsg+0x820/0xdd0 [ 796.771430][T21678] ? __pfx_netlink_sendmsg+0x10/0x10 [ 796.771470][T21678] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 796.771513][T21678] ____sys_sendmsg+0xa5d/0xc30 [ 796.771551][T21678] ? __pfx_____sys_sendmsg+0x10/0x10 [ 796.771592][T21678] ? __pfx__kstrtoull+0x10/0x10 [ 796.771638][T21678] ___sys_sendmsg+0x134/0x1d0 [ 796.771671][T21678] ? __pfx____sys_sendmsg+0x10/0x10 [ 796.771716][T21678] ? find_held_lock+0x2b/0x80 [ 796.771768][T21678] __sys_sendmmsg+0x200/0x420 [ 796.771802][T21678] ? __pfx___sys_sendmmsg+0x10/0x10 [ 796.771845][T21678] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 796.771885][T21678] ? fput+0x70/0xf0 [ 796.771914][T21678] ? ksys_write+0x1ac/0x250 [ 796.771939][T21678] ? __pfx_ksys_write+0x10/0x10 [ 796.771969][T21678] __x64_sys_sendmmsg+0x9c/0x100 [ 796.771997][T21678] ? lockdep_hardirqs_on+0x7c/0x110 [ 796.772022][T21678] do_syscall_64+0xcd/0xf80 [ 796.772049][T21678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.772074][T21678] RIP: 0033:0x7f826f18f7c9 [ 796.772094][T21678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.772119][T21678] RSP: 002b:00007f8270089038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 796.772139][T21678] RAX: ffffffffffffffda RBX: 00007f826f3e5fa0 RCX: 00007f826f18f7c9 [ 796.772153][T21678] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000006 [ 796.772165][T21678] RBP: 00007f8270089090 R08: 0000000000000000 R09: 0000000000000000 [ 796.772179][T21678] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 796.772192][T21678] R13: 00007f826f3e6038 R14: 00007f826f3e5fa0 R15: 00007ffcabcbb7b8 [ 796.772218][T21678] [ 796.812890][T21548] veth0_macvtap: entered promiscuous mode [ 797.269926][T21548] veth1_macvtap: entered promiscuous mode [ 797.417749][T21548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 797.483585][T21548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 797.553020][ T1331] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.614795][ T1331] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.632942][ T1152] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.666190][ T1152] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.682137][T21695] FAULT_INJECTION: forcing a failure. [ 797.682137][T21695] name failslab, interval 1, probability 393216, space 0, times 0 [ 797.732827][T21695] CPU: 0 UID: 0 PID: 21695 Comm: syz.3.2522 Tainted: G L syzkaller #0 PREEMPT(full) [ 797.732864][T21695] Tainted: [L]=SOFTLOCKUP [ 797.732872][T21695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 797.732884][T21695] Call Trace: [ 797.732891][T21695] [ 797.732900][T21695] dump_stack_lvl+0x16c/0x1f0 [ 797.732928][T21695] should_fail_ex+0x512/0x640 [ 797.732952][T21695] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 797.732980][T21695] should_failslab+0xc2/0x120 [ 797.733007][T21695] kmem_cache_alloc_noprof+0x75/0x760 [ 797.733040][T21695] ? skb_clone+0x190/0x3f0 [ 797.733073][T21695] ? skb_clone+0x190/0x3f0 [ 797.733101][T21695] skb_clone+0x190/0x3f0 [ 797.733133][T21695] netlink_deliver_tap+0xabd/0xd30 [ 797.733176][T21695] netlink_unicast+0x64c/0x870 [ 797.733216][T21695] ? __pfx_netlink_unicast+0x10/0x10 [ 797.733250][T21695] ? __pfx___might_resched+0x10/0x10 [ 797.733286][T21695] netlink_sendmsg+0x8c8/0xdd0 [ 797.733328][T21695] ? __pfx_netlink_sendmsg+0x10/0x10 [ 797.733367][T21695] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 797.733412][T21695] ____sys_sendmsg+0xa5d/0xc30 [ 797.733450][T21695] ? copy_msghdr_from_user+0x10a/0x160 [ 797.733479][T21695] ? __pfx_____sys_sendmsg+0x10/0x10 [ 797.733510][T21695] ? __lock_acquire+0x433/0x22f0 [ 797.733556][T21695] ___sys_sendmsg+0x134/0x1d0 [ 797.733588][T21695] ? __pfx____sys_sendmsg+0x10/0x10 [ 797.733617][T21695] ? __lock_acquire+0x433/0x22f0 [ 797.733688][T21695] __sys_sendmsg+0x16d/0x220 [ 797.733720][T21695] ? __pfx___sys_sendmsg+0x10/0x10 [ 797.733781][T21695] do_syscall_64+0xcd/0xf80 [ 797.733811][T21695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.733836][T21695] RIP: 0033:0x7eff7d18f7c9 [ 797.733856][T21695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.733880][T21695] RSP: 002b:00007eff7e0c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 797.733903][T21695] RAX: ffffffffffffffda RBX: 00007eff7d3e5fa0 RCX: 00007eff7d18f7c9 [ 797.733920][T21695] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000003 [ 797.733936][T21695] RBP: 00007eff7e0c7090 R08: 0000000000000000 R09: 0000000000000000 [ 797.733951][T21695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 797.733965][T21695] R13: 00007eff7d3e6038 R14: 00007eff7d3e5fa0 R15: 00007fffd3f17208 [ 797.734002][T21695] [ 798.375973][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 798.405043][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 798.470295][ T1081] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 798.485771][ T1081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 798.583819][T20394] Bluetooth: hci2: command tx timeout [ 798.649507][T20394] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 799.388139][T21723] FAULT_INJECTION: forcing a failure. [ 799.388139][T21723] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 799.406099][T21723] CPU: 0 UID: 0 PID: 21723 Comm: syz.3.2528 Tainted: G L syzkaller #0 PREEMPT(full) [ 799.406144][T21723] Tainted: [L]=SOFTLOCKUP [ 799.406154][T21723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 799.406169][T21723] Call Trace: [ 799.406178][T21723] [ 799.406188][T21723] dump_stack_lvl+0x16c/0x1f0 [ 799.406223][T21723] should_fail_ex+0x512/0x640 [ 799.406259][T21723] should_fail_alloc_page+0xe7/0x130 [ 799.406292][T21723] prepare_alloc_pages+0x3c2/0x610 [ 799.406327][T21723] __alloc_frozen_pages_noprof+0x18b/0x2440 [ 799.406374][T21723] ? irqentry_exit+0x1dd/0x8c0 [ 799.406399][T21723] ? lockdep_hardirqs_on+0x7c/0x110 [ 799.406436][T21723] ? irqentry_exit+0x1dd/0x8c0 [ 799.406461][T21723] ? trace_irq_disable.constprop.0+0xd4/0x110 [ 799.406496][T21723] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 799.406548][T21723] ? rep_movs_alternative+0x4a/0x90 [ 799.406584][T21723] ? _copy_from_iter+0x161/0x16c0 [ 799.406614][T21723] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 799.406643][T21723] ? policy_nodemask+0xea/0x4e0 [ 799.406673][T21723] alloc_pages_mpol+0x1fb/0x550 [ 799.406703][T21723] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 799.406742][T21723] alloc_pages_noprof+0x12d/0x180 [ 799.406773][T21723] anon_pipe_write+0xecb/0x1990 [ 799.406807][T21723] ? futex_hash+0x241/0x380 [ 799.406845][T21723] ? __pfx_anon_pipe_write+0x10/0x10 [ 799.406873][T21723] ? common_file_perm+0x1b1/0x500 [ 799.406906][T21723] ? bpf_lsm_file_permission+0x9/0x10 [ 799.406941][T21723] ? security_file_permission+0x71/0x210 [ 799.406974][T21723] ? rw_verify_area+0xcf/0x6c0 [ 799.407015][T21723] vfs_write+0x7d3/0x11d0 [ 799.407043][T21723] ? __pfx_anon_pipe_write+0x10/0x10 [ 799.407075][T21723] ? __pfx_vfs_write+0x10/0x10 [ 799.407099][T21723] ? find_held_lock+0x2b/0x80 [ 799.407161][T21723] ksys_write+0x1f8/0x250 [ 799.407188][T21723] ? __pfx_ksys_write+0x10/0x10 [ 799.407212][T21723] ? syscall_user_dispatch+0x78/0x140 [ 799.407260][T21723] do_syscall_64+0xcd/0xf80 [ 799.407290][T21723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.407317][T21723] RIP: 0033:0x7eff7d18f7c9 [ 799.407338][T21723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 799.407363][T21723] RSP: 002b:00007eff7e0c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 799.407389][T21723] RAX: ffffffffffffffda RBX: 00007eff7d3e5fa0 RCX: 00007eff7d18f7c9 [ 799.407407][T21723] RDX: 0000000004000000 RSI: 0000200000000380 RDI: 0000000000000001 [ 799.407431][T21723] RBP: 00007eff7d213f91 R08: 0000000000000000 R09: 0000000000000000 [ 799.407447][T21723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.407463][T21723] R13: 00007eff7d3e6038 R14: 00007eff7d3e5fa0 R15: 00007fffd3f17208 [ 799.407501][T21723] [ 803.077193][T21776] netlink: 'syz.1.2538': attribute type 5 has an invalid length. [ 803.589845][T21787] FAULT_INJECTION: forcing a failure. [ 803.589845][T21787] name failslab, interval 1, probability 393216, space 0, times 0 [ 803.606976][T21787] CPU: 0 UID: 0 PID: 21787 Comm: syz.0.2539 Tainted: G L syzkaller #0 PREEMPT(full) [ 803.607017][T21787] Tainted: [L]=SOFTLOCKUP [ 803.607025][T21787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 803.607040][T21787] Call Trace: [ 803.607048][T21787] [ 803.607058][T21787] dump_stack_lvl+0x16c/0x1f0 [ 803.607088][T21787] should_fail_ex+0x512/0x640 [ 803.607116][T21787] ? fs_reclaim_acquire+0xae/0x150 [ 803.607147][T21787] should_failslab+0xc2/0x120 [ 803.607174][T21787] __kmalloc_noprof+0xdd/0x8f0 [ 803.607214][T21787] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 803.607255][T21787] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 803.607284][T21787] tomoyo_realpath_from_path+0xc2/0x6e0 [ 803.607326][T21787] tomoyo_check_open_permission+0x2ab/0x3c0 [ 803.607355][T21787] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 803.607421][T21787] ? do_raw_spin_lock+0x12c/0x2b0 [ 803.607465][T21787] tomoyo_file_open+0x6b/0x90 [ 803.607502][T21787] security_file_open+0x84/0x1e0 [ 803.607532][T21787] do_dentry_open+0x597/0x1590 [ 803.607562][T21787] ? security_inode_permission+0xbf/0x260 [ 803.607596][T21787] vfs_open+0x82/0x3f0 [ 803.607633][T21787] path_openat+0x2078/0x3140 [ 803.607669][T21787] ? __pfx_path_openat+0x10/0x10 [ 803.607710][T21787] do_filp_open+0x20b/0x470 [ 803.607739][T21787] ? __pfx_do_filp_open+0x10/0x10 [ 803.607794][T21787] ? alloc_fd+0x471/0x7d0 [ 803.607831][T21787] do_sys_openat2+0x11f/0x280 [ 803.607864][T21787] ? __pfx_do_sys_openat2+0x10/0x10 [ 803.607901][T21787] ? __fget_files+0x20e/0x3c0 [ 803.607932][T21787] __x64_sys_openat+0x174/0x210 [ 803.607965][T21787] ? __pfx___x64_sys_openat+0x10/0x10 [ 803.607996][T21787] ? ksys_write+0x1ac/0x250 [ 803.608034][T21787] do_syscall_64+0xcd/0xf80 [ 803.608062][T21787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.608086][T21787] RIP: 0033:0x7f8b0698f7c9 [ 803.608106][T21787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 803.608129][T21787] RSP: 002b:00007f8b078ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 803.608153][T21787] RAX: ffffffffffffffda RBX: 00007f8b06be6180 RCX: 00007f8b0698f7c9 [ 803.608170][T21787] RDX: 0000000000040002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 803.608186][T21787] RBP: 00007f8b078ce090 R08: 0000000000000000 R09: 0000000000000000 [ 803.608208][T21787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 803.608223][T21787] R13: 00007f8b06be6218 R14: 00007f8b06be6180 R15: 00007ffeb84a7a78 [ 803.608258][T21787] [ 803.608785][T21787] ERROR: Out of memory at tomoyo_realpath_from_path. [ 804.728913][T21802] ptrace attach of "./syz-executor exec"[20908] was attempted by ""[21802] [ 806.993751][T21844] netlink: 'syz.2.2549': attribute type 5 has an invalid length. [ 809.334606][ T1152] bridge_slave_0: left allmulticast mode [ 809.407832][ T1152] bridge_slave_0: left promiscuous mode [ 809.449197][ T1152] bridge0: port 1(bridge_slave_0) entered disabled state [ 809.783076][T21913] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input107 [ 809.898181][T21914] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input108 [ 811.331484][ T1152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 811.382196][ T1152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 811.414017][ T1152] bond0 (unregistering): Released all slaves [ 811.433002][T21923] netlink: 'syz.3.2560': attribute type 5 has an invalid length. [ 811.674568][T21916] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.779593][T21948] bond0: Unable to set down delay as MII monitoring is disabled [ 814.035527][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.042200][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.062189][ T1152] hsr_slave_0: left promiscuous mode [ 814.092141][ T1152] hsr_slave_1: left promiscuous mode [ 814.115415][ T1152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 814.137361][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 814.169968][ T1152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 814.185762][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 814.265093][ T1152] veth1_macvtap: left promiscuous mode [ 814.301395][ T1152] veth0_macvtap: left promiscuous mode [ 814.307665][ T1152] veth1_vlan: left promiscuous mode [ 814.320191][ T1152] veth0_vlan: left promiscuous mode [ 816.011527][ T1152] team0 (unregistering): Port device team_slave_1 removed [ 816.200320][ T1152] team0 (unregistering): Port device team_slave_0 removed [ 816.543096][T21993] FAULT_INJECTION: forcing a failure. [ 816.543096][T21993] name failslab, interval 1, probability 393216, space 0, times 0 [ 816.576322][T21993] CPU: 0 UID: 0 PID: 21993 Comm: syz.0.2574 Tainted: G L syzkaller #0 PREEMPT(full) [ 816.576365][T21993] Tainted: [L]=SOFTLOCKUP [ 816.576373][T21993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 816.576388][T21993] Call Trace: [ 816.576394][T21993] [ 816.576400][T21993] dump_stack_lvl+0x16c/0x1f0 [ 816.576421][T21993] should_fail_ex+0x512/0x640 [ 816.576438][T21993] ? __kmalloc_cache_noprof+0x5f/0x800 [ 816.576460][T21993] should_failslab+0xc2/0x120 [ 816.576477][T21993] __kmalloc_cache_noprof+0x72/0x800 [ 816.576495][T21993] ? __debugfs_file_get+0x1fe/0x840 [ 816.576514][T21993] ? sc_common_open+0x46/0x200 [ 816.576534][T21993] ? __pfx_stats_fop_open+0x10/0x10 [ 816.576555][T21993] ? sc_common_open+0x46/0x200 [ 816.576574][T21993] sc_common_open+0x46/0x200 [ 816.576593][T21993] full_proxy_open_regular+0x1b9/0x350 [ 816.576616][T21993] do_dentry_open+0x748/0x1590 [ 816.576631][T21993] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 816.576657][T21993] vfs_open+0x82/0x3f0 [ 816.576678][T21993] path_openat+0x2078/0x3140 [ 816.576699][T21993] ? __pfx_path_openat+0x10/0x10 [ 816.576721][T21993] do_filp_open+0x20b/0x470 [ 816.576736][T21993] ? __pfx_do_filp_open+0x10/0x10 [ 816.576765][T21993] ? alloc_fd+0x471/0x7d0 [ 816.576785][T21993] do_sys_openat2+0x11f/0x280 [ 816.576803][T21993] ? __pfx_do_sys_openat2+0x10/0x10 [ 816.576830][T21993] __x64_sys_openat+0x174/0x210 [ 816.576855][T21993] ? __pfx___x64_sys_openat+0x10/0x10 [ 816.576883][T21993] do_syscall_64+0xcd/0xf80 [ 816.576900][T21993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 816.576914][T21993] RIP: 0033:0x7f8b0698f7c9 [ 816.576926][T21993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 816.576941][T21993] RSP: 002b:00007f8b078ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 816.576955][T21993] RAX: ffffffffffffffda RBX: 00007f8b06be6090 RCX: 00007f8b0698f7c9 [ 816.576965][T21993] RDX: 0000000000088180 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 816.576973][T21993] RBP: 00007f8b06a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 816.576982][T21993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 816.576991][T21993] R13: 00007f8b06be6128 R14: 00007f8b06be6090 R15: 00007ffeb84a7a78 [ 816.577010][T21993] [ 817.067769][T22001] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 817.187851][T22005] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input110 [ 817.276658][T22008] FAULT_INJECTION: forcing a failure. [ 817.276658][T22008] name failslab, interval 1, probability 393216, space 0, times 0 [ 817.352802][T22008] CPU: 1 UID: 0 PID: 22008 Comm: syz.0.2578 Tainted: G L syzkaller #0 PREEMPT(full) [ 817.352843][T22008] Tainted: [L]=SOFTLOCKUP [ 817.352852][T22008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 817.352868][T22008] Call Trace: [ 817.352877][T22008] [ 817.352887][T22008] dump_stack_lvl+0x16c/0x1f0 [ 817.352919][T22008] should_fail_ex+0x512/0x640 [ 817.352947][T22008] ? __kmalloc_noprof+0xca/0x8f0 [ 817.352972][T22008] should_failslab+0xc2/0x120 [ 817.352990][T22008] __kmalloc_noprof+0xdd/0x8f0 [ 817.353008][T22008] ? __pfx_inc_ucount+0x10/0x10 [ 817.353024][T22008] ? net_alloc_generic+0x1e/0x70 [ 817.353046][T22008] ? net_alloc_generic+0x1e/0x70 [ 817.353062][T22008] net_alloc_generic+0x1e/0x70 [ 817.353080][T22008] copy_net_ns+0xc6/0x5d0 [ 817.353098][T22008] ? copy_cgroup_ns+0x71/0x980 [ 817.353116][T22008] create_new_namespaces+0x3ea/0xab0 [ 817.353141][T22008] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 817.353164][T22008] ksys_unshare+0x45b/0xa40 [ 817.353179][T22008] ? __pfx_ksys_unshare+0x10/0x10 [ 817.353200][T22008] __x64_sys_unshare+0x31/0x40 [ 817.353214][T22008] do_syscall_64+0xcd/0xf80 [ 817.353230][T22008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.353244][T22008] RIP: 0033:0x7f8b0698f7c9 [ 817.353257][T22008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 817.353271][T22008] RSP: 002b:00007f8b07910038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 817.353285][T22008] RAX: ffffffffffffffda RBX: 00007f8b06be5fa0 RCX: 00007f8b0698f7c9 [ 817.353294][T22008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 817.353302][T22008] RBP: 00007f8b06a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 817.353310][T22008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 817.353318][T22008] R13: 00007f8b06be6038 R14: 00007f8b06be5fa0 R15: 00007ffeb84a7a78 [ 817.353338][T22008] [ 818.077564][T22009] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input111 [ 819.014568][T22037] FAULT_INJECTION: forcing a failure. [ 819.014568][T22037] name failslab, interval 1, probability 393216, space 0, times 0 [ 819.070893][T22037] CPU: 1 UID: 0 PID: 22037 Comm: syz.1.2585 Tainted: G L syzkaller #0 PREEMPT(full) [ 819.070930][T22037] Tainted: [L]=SOFTLOCKUP [ 819.070937][T22037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 819.070949][T22037] Call Trace: [ 819.070957][T22037] [ 819.070966][T22037] dump_stack_lvl+0x16c/0x1f0 [ 819.070994][T22037] should_fail_ex+0x512/0x640 [ 819.071017][T22037] ? kmem_cache_alloc_lru_noprof+0x66/0x760 [ 819.071050][T22037] should_failslab+0xc2/0x120 [ 819.071074][T22037] kmem_cache_alloc_lru_noprof+0x79/0x760 [ 819.071104][T22037] ? proc_alloc_inode+0x25/0x200 [ 819.071139][T22037] ? __pfx_proc_alloc_inode+0x10/0x10 [ 819.071166][T22037] ? proc_alloc_inode+0x25/0x200 [ 819.071193][T22037] proc_alloc_inode+0x25/0x200 [ 819.071222][T22037] alloc_inode+0x64/0x240 [ 819.071251][T22037] new_inode+0x22/0x1c0 [ 819.071276][T22037] ? proc_lookup_de+0x201/0x360 [ 819.071300][T22037] proc_get_inode+0x1d/0x780 [ 819.071331][T22037] proc_lookup_de+0x236/0x360 [ 819.071356][T22037] proc_lookup+0xcf/0x110 [ 819.071377][T22037] __lookup_slow+0x251/0x460 [ 819.071408][T22037] ? __pfx___lookup_slow+0x10/0x10 [ 819.071452][T22037] ? __d_lookup+0x266/0x4a0 [ 819.071489][T22037] lookup_slow+0x50/0x70 [ 819.071527][T22037] link_path_walk+0x12d8/0x1c70 [ 819.071572][T22037] path_openat+0x1bd/0x3140 [ 819.071593][T22037] ? do_syscall_64+0xcd/0xf80 [ 819.071613][T22037] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.071644][T22037] ? __pfx_path_openat+0x10/0x10 [ 819.071679][T22037] do_filp_open+0x20b/0x470 [ 819.071703][T22037] ? __pfx_do_filp_open+0x10/0x10 [ 819.071750][T22037] ? alloc_fd+0x471/0x7d0 [ 819.071781][T22037] do_sys_openat2+0x11f/0x280 [ 819.071810][T22037] ? __pfx_do_sys_openat2+0x10/0x10 [ 819.071841][T22037] ? __fget_files+0x20e/0x3c0 [ 819.071868][T22037] __x64_sys_openat+0x174/0x210 [ 819.071896][T22037] ? __pfx___x64_sys_openat+0x10/0x10 [ 819.071922][T22037] ? ksys_write+0x1ac/0x250 [ 819.071955][T22037] do_syscall_64+0xcd/0xf80 [ 819.071980][T22037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.072000][T22037] RIP: 0033:0x7f826f18f7c9 [ 819.072019][T22037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 819.072038][T22037] RSP: 002b:00007f8270089038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 819.072058][T22037] RAX: ffffffffffffffda RBX: 00007f826f3e5fa0 RCX: 00007f826f18f7c9 [ 819.072071][T22037] RDX: 0000000000040080 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 819.072085][T22037] RBP: 00007f8270089090 R08: 0000000000000000 R09: 0000000000000000 [ 819.072097][T22037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 819.072109][T22037] R13: 00007f826f3e6038 R14: 00007f826f3e5fa0 R15: 00007ffcabcbb7b8 [ 819.072140][T22037] [ 820.855908][T22067] FAULT_INJECTION: forcing a failure. [ 820.855908][T22067] name failslab, interval 1, probability 393216, space 0, times 0 [ 820.929247][T22067] CPU: 0 UID: 0 PID: 22067 Comm: syz.1.2593 Tainted: G L syzkaller #0 PREEMPT(full) [ 820.929287][T22067] Tainted: [L]=SOFTLOCKUP [ 820.929295][T22067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 820.929310][T22067] Call Trace: [ 820.929318][T22067] [ 820.929327][T22067] dump_stack_lvl+0x16c/0x1f0 [ 820.929359][T22067] should_fail_ex+0x512/0x640 [ 820.929385][T22067] ? fs_reclaim_acquire+0xae/0x150 [ 820.929424][T22067] should_failslab+0xc2/0x120 [ 820.929453][T22067] __kmalloc_noprof+0xdd/0x8f0 [ 820.929484][T22067] ? tomoyo_encode2+0x100/0x3e0 [ 820.929518][T22067] ? tomoyo_encode2+0x100/0x3e0 [ 820.929536][T22067] tomoyo_encode2+0x100/0x3e0 [ 820.929556][T22067] tomoyo_encode+0x29/0x50 [ 820.929572][T22067] tomoyo_realpath_from_path+0x18f/0x6e0 [ 820.929596][T22067] tomoyo_check_open_permission+0x2ab/0x3c0 [ 820.929613][T22067] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 820.929647][T22067] ? do_raw_spin_lock+0x12c/0x2b0 [ 820.929673][T22067] tomoyo_file_open+0x6b/0x90 [ 820.929693][T22067] security_file_open+0x84/0x1e0 [ 820.929711][T22067] do_dentry_open+0x597/0x1590 [ 820.929728][T22067] ? security_inode_permission+0xbf/0x260 [ 820.929747][T22067] vfs_open+0x82/0x3f0 [ 820.929767][T22067] path_openat+0x2078/0x3140 [ 820.929789][T22067] ? __pfx_path_openat+0x10/0x10 [ 820.929810][T22067] do_filp_open+0x20b/0x470 [ 820.929826][T22067] ? __pfx_do_filp_open+0x10/0x10 [ 820.929854][T22067] ? alloc_fd+0x471/0x7d0 [ 820.929874][T22067] do_sys_openat2+0x11f/0x280 [ 820.929893][T22067] ? __pfx_do_sys_openat2+0x10/0x10 [ 820.929913][T22067] ? __fget_files+0x20e/0x3c0 [ 820.929930][T22067] __x64_sys_openat+0x174/0x210 [ 820.929949][T22067] ? __pfx___x64_sys_openat+0x10/0x10 [ 820.929967][T22067] ? ksys_write+0x1ac/0x250 [ 820.929987][T22067] do_syscall_64+0xcd/0xf80 [ 820.930003][T22067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.930017][T22067] RIP: 0033:0x7f826f18f7c9 [ 820.930028][T22067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 820.930042][T22067] RSP: 002b:00007f8270089038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 820.930056][T22067] RAX: ffffffffffffffda RBX: 00007f826f3e5fa0 RCX: 00007f826f18f7c9 [ 820.930065][T22067] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 820.930074][T22067] RBP: 00007f8270089090 R08: 0000000000000000 R09: 0000000000000000 [ 820.930082][T22067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 820.930090][T22067] R13: 00007f826f3e6038 R14: 00007f826f3e5fa0 R15: 00007ffcabcbb7b8 [ 820.930109][T22067] [ 820.931306][T22067] ERROR: Out of memory at tomoyo_realpath_from_path. [ 823.027906][T22111] FAULT_INJECTION: forcing a failure. [ 823.027906][T22111] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 823.077620][T22111] CPU: 1 UID: 0 PID: 22111 Comm: syz.3.2602 Tainted: G L syzkaller #0 PREEMPT(full) [ 823.077661][T22111] Tainted: [L]=SOFTLOCKUP [ 823.077669][T22111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 823.077684][T22111] Call Trace: [ 823.077691][T22111] [ 823.077702][T22111] dump_stack_lvl+0x16c/0x1f0 [ 823.077734][T22111] should_fail_ex+0x512/0x640 [ 823.077767][T22111] __fpu_restore_sig+0xfb/0x13c0 [ 823.077810][T22111] ? __pfx___fpu_restore_sig+0x10/0x10 [ 823.077864][T22111] ? __might_fault+0xe3/0x190 [ 823.077894][T22111] ? __might_fault+0x13b/0x190 [ 823.077931][T22111] fpu__restore_sig+0x11e/0x150 [ 823.077969][T22111] restore_sigcontext+0x4c9/0x6a0 [ 823.078002][T22111] ? __pfx_restore_sigcontext+0x10/0x10 [ 823.078058][T22111] ? __pfx_restore_altstack+0x10/0x10 [ 823.078087][T22111] ? _raw_spin_unlock_irq+0x23/0x50 [ 823.078126][T22111] ? lockdep_hardirqs_on+0x7c/0x110 [ 823.078150][T22111] __do_sys_rt_sigreturn+0x229/0x2c0 [ 823.078176][T22111] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 823.078210][T22111] do_syscall_64+0xcd/0xf80 [ 823.078231][T22111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.078251][T22111] RIP: 0033:0x7eff7d18f7c9 [ 823.078266][T22111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 823.078284][T22111] RSP: 002b:00007eff7e0c7038 EFLAGS: 00000246 [ 823.078300][T22111] RAX: 0000000000000000 RBX: 00007eff7d3e5fa0 RCX: 00007eff7d18f7c9 [ 823.078312][T22111] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000002 [ 823.078324][T22111] RBP: 00007eff7e0c7090 R08: 0000000000000000 R09: 0000000000000000 [ 823.078335][T22111] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 823.078347][T22111] R13: 00007eff7d3e6038 R14: 00007eff7d3e5fa0 R15: 00007fffd3f17208 [ 823.078373][T22111] [ 823.382381][T22113] netlink: 'syz.0.2601': attribute type 5 has an invalid length. [ 823.779704][T22135] Unable to find swap-space signature [ 825.142860][T22166] FAULT_INJECTION: forcing a failure. [ 825.142860][T22166] name failslab, interval 1, probability 393216, space 0, times 0 [ 825.181666][T22166] CPU: 1 UID: 0 PID: 22166 Comm: syz.0.2614 Tainted: G L syzkaller #0 PREEMPT(full) [ 825.181709][T22166] Tainted: [L]=SOFTLOCKUP [ 825.181718][T22166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 825.181734][T22166] Call Trace: [ 825.181743][T22166] [ 825.181752][T22166] dump_stack_lvl+0x16c/0x1f0 [ 825.181785][T22166] should_fail_ex+0x512/0x640 [ 825.181814][T22166] ? kmem_cache_alloc_noprof+0x62/0x760 [ 825.181855][T22166] should_failslab+0xc2/0x120 [ 825.181886][T22166] kmem_cache_alloc_noprof+0x75/0x760 [ 825.181922][T22166] ? alloc_empty_file+0x55/0x1e0 [ 825.181971][T22166] ? alloc_empty_file+0x55/0x1e0 [ 825.182002][T22166] alloc_empty_file+0x55/0x1e0 [ 825.182038][T22166] alloc_file_pseudo+0x13a/0x230 [ 825.182074][T22166] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 825.182109][T22166] ? alloc_fd+0x471/0x7d0 [ 825.182140][T22166] sock_alloc_file+0x50/0x210 [ 825.182174][T22166] __sys_socket+0x1c6/0x2d0 [ 825.182191][T22166] ? __pfx___sys_socket+0x10/0x10 [ 825.182205][T22166] ? syscall_user_dispatch+0x78/0x140 [ 825.182230][T22166] __x64_sys_socket+0x72/0xb0 [ 825.182243][T22166] do_syscall_64+0xcd/0xf80 [ 825.182260][T22166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.182274][T22166] RIP: 0033:0x7f8b069916e7 [ 825.182286][T22166] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 825.182300][T22166] RSP: 002b:00007f8b078edfa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 825.182314][T22166] RAX: ffffffffffffffda RBX: 00007f8b06be6090 RCX: 00007f8b069916e7 [ 825.182323][T22166] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 825.182332][T22166] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 825.182340][T22166] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 825.182349][T22166] R13: 00007f8b06be6128 R14: 00007f8b06be6090 R15: 00007ffeb84a7a78 [ 825.182369][T22166] [ 825.184296][T22166] VFS_BUG_ON_INODE(inode_state_read_once(inode) & I_CLEAR) encountered for inode ffff88805a5e73c0 [ 825.184296][T22166] fs sockfs mode 140777 opflags 0xc flags 0x0 state 0x300 count 0 [ 825.449315][T22166] ------------[ cut here ]------------ [ 825.454843][T22166] kernel BUG at fs/inode.c:1971! [ 825.476165][T22166] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 825.482447][T22166] CPU: 0 UID: 0 PID: 22166 Comm: syz.0.2614 Tainted: G L syzkaller #0 PREEMPT(full) [ 825.493380][T22166] Tainted: [L]=SOFTLOCKUP [ 825.497734][T22166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 825.507782][T22166] RIP: 0010:iput.part.0+0xb3b/0x1190 [ 825.513062][T22166] Code: 4b 68 ff ff 90 0f 0b e8 73 fa 7c ff 90 0f 0b 90 e9 d3 f8 ff ff e8 65 fa 7c ff 48 c7 c6 a0 79 a0 8b 48 89 df e8 26 68 ff ff 90 <0f> 0b e8 4e fa 7c ff 48 c7 c6 00 7a a0 8b 48 89 df e8 0f 68 ff ff [ 825.532711][T22166] RSP: 0018:ffffc900049efdc8 EFLAGS: 00010296 [ 825.538764][T22166] RAX: 000000000000009f RBX: ffff88805a5e73c0 RCX: ffffc9000d49d000 [ 825.546814][T22166] RDX: 0000000000000000 RSI: ffffffff819bf739 RDI: 0000000000000005 [ 825.554788][T22166] RBP: 0000000000000200 R08: 0000000000000005 R09: 0000000000000000 [ 825.562760][T22166] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000000 [ 825.570735][T22166] R13: ffffffff90878234 R14: ffff88805a5e7490 R15: dffffc0000000000 [ 825.578694][T22166] FS: 00007f8b078ef6c0(0000) GS:ffff888124967000(0000) knlGS:0000000000000000 [ 825.587621][T22166] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 825.594196][T22166] CR2: 0000001b323fbff8 CR3: 000000002568e000 CR4: 00000000003526f0 [ 825.602332][T22166] Call Trace: [ 825.605616][T22166] [ 825.608554][T22166] iput+0x35/0x40 [ 825.612339][T22166] __sock_release+0x20b/0x270 [ 825.617027][T22166] __sys_socket+0x23a/0x2d0 [ 825.621608][T22166] ? __pfx___sys_socket+0x10/0x10 [ 825.626624][T22166] ? syscall_user_dispatch+0x78/0x140 [ 825.631997][T22166] __x64_sys_socket+0x72/0xb0 [ 825.636664][T22166] do_syscall_64+0xcd/0xf80 [ 825.641176][T22166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.647061][T22166] RIP: 0033:0x7f8b069916e7 [ 825.651483][T22166] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 825.671342][T22166] RSP: 002b:00007f8b078edfa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 825.679756][T22166] RAX: ffffffffffffffda RBX: 00007f8b06be6090 RCX: 00007f8b069916e7 [ 825.687720][T22166] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 825.695693][T22166] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 825.703658][T22166] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 825.711791][T22166] R13: 00007f8b06be6128 R14: 00007f8b06be6090 R15: 00007ffeb84a7a78 [ 825.719756][T22166] [ 825.722759][T22166] Modules linked in: [ 825.727180][T22166] ---[ end trace 0000000000000000 ]--- [ 825.759892][T22166] RIP: 0010:iput.part.0+0xb3b/0x1190 [ 825.811568][T22166] Code: 4b 68 ff ff 90 0f 0b e8 73 fa 7c ff 90 0f 0b 90 e9 d3 f8 ff ff e8 65 fa 7c ff 48 c7 c6 a0 79 a0 8b 48 89 df e8 26 68 ff ff 90 <0f> 0b e8 4e fa 7c ff 48 c7 c6 00 7a a0 8b 48 89 df e8 0f 68 ff ff [ 825.833486][T22166] RSP: 0018:ffffc900049efdc8 EFLAGS: 00010296 [ 825.913909][T22166] RAX: 000000000000009f RBX: ffff88805a5e73c0 RCX: ffffc9000d49d000 [ 825.922141][T22166] RDX: 0000000000000000 RSI: ffffffff819bf739 RDI: 0000000000000005 [ 826.139101][ T2982] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 826.151577][T22166] RBP: 0000000000000200 R08: 0000000000000005 R09: 0000000000000000 [ 826.187442][T22166] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000000 [ 826.195453][T22166] R13: ffffffff90878234 R14: ffff88805a5e7490 R15: dffffc0000000000 [ 826.257321][T22166] FS: 00007f8b078ef6c0(0000) GS:ffff888124a67000(0000) knlGS:0000000000000000 [ 826.266280][T22166] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 826.328486][T22166] CR2: 0000001b2f2b6ff8 CR3: 000000002568e000 CR4: 00000000003526f0 [ 826.336603][T22166] Kernel panic - not syncing: Fatal exception [ 826.343107][T22166] Kernel Offset: disabled [ 826.347426][T22166] Rebooting in 86400 seconds..