last executing test programs: 18m46.794266163s ago: executing program 1 (id=1078): mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x5, 0x0, 0x1fffff, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) bind$auto(0x3, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x1, 0x3}}, 0x6a) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, 0x0, 0xffffffff, 0x5, 0x0) 18m46.502725686s ago: executing program 1 (id=1080): socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x10000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0xa402, 0x0) ioctl$auto_SG_SET_FORCE_PACK_ID(r0, 0x227b, 0x0) read$auto(r0, 0x0, 0x1001) write$auto(r0, 0x0, 0x8) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ffffffc) 18m45.503142474s ago: executing program 1 (id=1088): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0xb00) 18m44.985518777s ago: executing program 1 (id=1090): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 18m44.529325658s ago: executing program 1 (id=1093): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x28, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x1, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) 18m43.417857379s ago: executing program 1 (id=1097): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) r0 = socket(0x18, 0x5, 0x1) connect$auto(r0, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) r1 = socket(0x18, 0x800, 0x1) connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100, @rand_addr=0x4}, 0x3a) 18m43.178698535s ago: executing program 32 (id=1097): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) r0 = socket(0x18, 0x5, 0x1) connect$auto(r0, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) r1 = socket(0x18, 0x800, 0x1) connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100, @rand_addr=0x4}, 0x3a) 5m55.341557895s ago: executing program 2 (id=4950): openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, 0x0, 0x422000, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/013/001\x00', 0xa901, 0x0) kexec_load$auto(0x8134a6c, 0x1, 0x0, 0xff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) sysfs$auto(0x2, 0xe, 0x0) sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(0xffffffffffffffff, 0x0, 0x20000004) lsm_list_modules$auto(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r0, 0x40f, 0x4) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x1040146f2c, 0x0) 5m54.213028748s ago: executing program 2 (id=4959): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x24045840) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) setsockopt$auto_SO_PEEK_OFF(r0, 0xff, 0x2a, &(0x7f0000000080)='/dev/nullb0\x00', 0x4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x200007, 0x8) kcmp$auto_KCMP_FILE(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 5m53.837095206s ago: executing program 2 (id=4962): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x24045840) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) setsockopt$auto_SO_PEEK_OFF(r0, 0xff, 0x2a, &(0x7f0000000080)='/dev/nullb0\x00', 0x4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x8) kcmp$auto_KCMP_FILE(r1, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 5m52.658619531s ago: executing program 2 (id=4970): recvfrom$auto(0xffffffffffffffff, &(0x7f0000000180)="2512683702c78aa366adde5483233ba62b5f1b0aa86d8137bc9e30cb56cbc69805ea2abbfb20dbed8e619f86d21290031ad3ff89dccea2abedcc8754725987450ef20d0111117f0b641631eecdaa6e7b0de194b5487fa6496ac851c8ba202961d0048e96c98298407192a22aab433167b74e190835b5c5f049a17f4e1b0e2c0bdb7c72dd3279a7eb42e48f26ecf8f7daee9d38c811405c0fe91bfeca6449723bebfc04628d49189a73f80d8a642a2306139006bea83b064b4d02", 0x100, 0xc0a, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) capset$auto(0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x805aa, 0x0, 0x2e, 0x0, 0x7, 0x80001083}, 0x5}, 0xaf2, 0x100) sendmsg$auto_MACSEC_CMD_DEL_TXSA(0xffffffffffffffff, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="2bb22bbd7000fcdbfa2506"], 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x2, 0x0) r1 = socket(0x2, 0x3, 0x9) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa22c0, 0x155) r2 = socket(0x11, 0x80003, 0x3ff) setsockopt$auto(r2, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x48080}, 0x4004) sendmmsg$auto(r1, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x3) 5m52.123427942s ago: executing program 2 (id=4973): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x24045840) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) setsockopt$auto_SO_PEEK_OFF(r0, 0xff, 0x2a, &(0x7f0000000080)='/dev/nullb0\x00', 0x4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x8) kcmp$auto_KCMP_FILE(r1, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 5m51.071169641s ago: executing program 2 (id=4979): mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000050c0)={0x0, 0x5c1e, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xfffffffffffffffe, 0x4004, 0x40000004, 0x40eb2, 0x401, 0x300000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0xa, 0x0) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyxd\x00', 0x20102, 0x0) io_uring_setup$auto(0x1000, 0x0) ioctl$auto(0x3, 0x5420, 0x38) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) read$auto(r3, 0x0, 0x7) ioctl$auto_SNDCTL_TMR_CONTINUE(r2, 0x5407, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000000)='.\x00', 0x1) 5m35.950591504s ago: executing program 33 (id=4979): mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000050c0)={0x0, 0x5c1e, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xfffffffffffffffe, 0x4004, 0x40000004, 0x40eb2, 0x401, 0x300000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0xa, 0x0) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyxd\x00', 0x20102, 0x0) io_uring_setup$auto(0x1000, 0x0) ioctl$auto(0x3, 0x5420, 0x38) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) read$auto(r3, 0x0, 0x7) ioctl$auto_SNDCTL_TMR_CONTINUE(r2, 0x5407, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000000)='.\x00', 0x1) 2m38.953792665s ago: executing program 0 (id=5813): mmap$auto(0x4, 0x8004, 0x4000000000df, 0x100040eb5, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) write$auto(0x3, 0x0, 0x7fffffff) fcntl$auto(0x3, 0x4, 0xa553) io_uring_setup$auto(0x1, 0x0) 2m36.863100025s ago: executing program 0 (id=5823): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r1, @ANYBLOB="0c002d800400"], 0x28}}, 0x4000000) 2m36.532319403s ago: executing program 0 (id=5816): r0 = epoll_create1$auto(0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r0, 0x8, 0xffffffbf) r3 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r0, 0x8004b709, &(0x7f0000000000)=0x10000) fstat$auto(r0, &(0x7f0000000040)={0x3, 0x400000, 0x0, 0x8, 0xee00, 0xee01, 0x0, 0x5, 0x3, 0x3, 0x7, 0x3, 0x3, 0x1ff, 0x4, 0x8, 0x51b}) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(r0, 0x5b, &(0x7f0000000180)={@siginfo_0_0={0x7ff, 0x6, 0xfff, @_sigchld={r3, r4, 0x6, 0x8000, 0x401}}}, 0x4) close_range$auto(r0, r0, 0xd3) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/per_cpu/cpu0/trace\x00', 0x1a6b75d638828712, 0x0) 2m36.223344604s ago: executing program 0 (id=5818): r0 = waitid$auto_P_ALL(0x0, 0x1, &(0x7f0000000000)={@siginfo_0_0={0x1, 0x81, 0x9, @_kill={0xffffffffffffffff, 0xffffffffffffffff}}}, 0xfffe, &(0x7f0000000080)={{0xff, 0x80000000}, {0xfffffffffffffff9, 0x8}, 0x2, 0x5, 0x5, 0x24e, 0xccb, 0x3, 0x3, 0x95e, 0x8, 0x0, 0xfffffffffffffff8, 0xa, 0x3, 0xe0}) getpgrp(r0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0x441, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x102020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) getdents64$auto(0xffffffffffffffff, &(0x7f0000000ac0)={0x5, 0x2, 0x5, 0x10, "5fd42d2266a8a18d1c1de1e81b17ef92fcc21928e7d6a0536f96e09d86aa0325b8315e496588603dfa2eb3c790aa0bb7ded07c016c319a10bf1bce5ae65da02347cfad43ea6334ea7fe1eaf8fa7df21ecfedc214f70172787d7291c1042456d02c20a4fe2e0a2ddc46349489ef00d348e9beaf500ad464c86dcc8769507f8d677bdc7fcce0bd9407ad41e290391c685095eb9e8ae3c49d2b32f3184e8e2ddb381fc50901b4480c8c2735dcfa6c2f2ef92391c9d60a03399da809d257ed50f8d5623ed9bd8949d63f9f5fc26a48955da87393227f92b0ec705599a4d5c2dc05dd6ca0e02c41ecfbce2a27e1fd6b46d05e01c26094c2403512113ceb4ebce2e8a23b4520628270632fc81909efe27cce404503bac907b3a198b9fb74826df86e22650150b4f532f64fc8254415111d5e46d553d0addbb478c2c968a08a88e924275947e9fc3728303269c4439412a5fbed2dd80bf64ae14715f26549e1aa62888201330ecee58c30fabb928d6ce6ec89effc0610c62688d16afe59f0366ab90e4f3d9879be1f79c2a3f648e69e89fce1f2ea3f40a439e33ee847265150acf0c33d83b1ca194b23b0dacdbcf92e6213f9c5a6582e7518efe5e8cca2025b4f487e6f3641d350318c7f1b94fc75d7c2c90de480d391230a8dba0a892c4d9f1828b40e06ff528e2a6b0021595f7594cabfc6b955b4b62eee54e2e96fa18f6c6273c2293888a76c1f7e5424e927b1b6eb31fe427573fc96de81575db6d8003d110f5654b293d4ee17bbff61b283bd7982e5e4d291537f3f0a76fce8371ce794c0f016ee762b0b6cb72ab8b385e1617a117ac72cc6f807020e951ce80fc58c89fb48ff5bc15bfa729eec6f6333d44d65f899f585441a5cf6a485e0a0919c301316e91241215b4f764e87c5cc98b22081e17671ed1fb999e5efb98a81bec5a2ccfc291f29c297832a086dcdbec9321f4bce9f0f932b46c6c11abe9c2d4d5f7dfd52b9e326e64b575c8046cb2c1d612cf15c2391682ee692dd249554ece71c65c6574f3089c1009f71e19f94684b6bbd87bb80784afaa58a3652c896331472ae04c2a5f8e67f5eb56a76fbe10a1e4c9bfb9b916ce5ba015fb26f581bfd2dbc7e9f06e40661814e3086e0b4c1f7bc794248d26eb7c9e8d412679e042c54fb5659805688c25172727fc02c06452710181a53db904f18b0d6bfcdaced3dc9f0712f1e5cfa1d0271e65b8a7371c5e50219b46e06ca89455e7c2501254084285ea757ba5d66bc5a8694cf51289bd5a8c5d6b141307530e895f1082b2bc7498e34393da96b059dca3409b5d00d20ecf4460259b571f7174d01cd8ece0c4f83c0231313c9ae572110c63a14ac4e4ab958c0dacb63eadca9e02cf7117ee451b0ca860e9896ab6a72ce00a7a4b157e7384b35cebbeec238411bc901a5d8541f87dc8e9cbc69777ebefcfcc4bed55902a264ef0ea01017bc6a9e3eadd4ce5a5ce3aead20a7eb441a00a2278e52903eee74b0f9a393406914c8873412713b139abe4a240a185a71877dbec93a633dd29e2685b471eb233f1c41180528a06e150fefb4c89f857dc69dba87a05743df4c011226f0a1271b4f5b3d92756e7d390bcace7bbd0256c67e5d1f3bd8336a3dbd24a236ac1c20da9f42384dad06d4dac824840dc5ad6a71314763a714a05ec056e47bcf7096b34f24323163c33b0bc4662a08fbb9d28c55fe7152d9a9fb402dba7cb3b79571780b62a3dc662b2230b9312eea4af4f0ede14dfc1eca3b7c6d6005a91e497da68f790c1c589188998c946be168f710d89ab718e26103b34d2cad4622de510eade88b088611e942c286d894f630f0c36c0bf3cafbe251ea950954152689010fd912040ed6822f89b96c762693db5bcc5f6aea8f9a9d8a87d48352daa80209b6e191d3dbead277635371b50569d23af86276adc93703c077bb93176af6190e01649b200e32837489000ab23868ff40e26f412eff56bcbee1a6f45dedcdc28bf4004b293436260710eb9a0841e9799e8c059c76626293abc02dc700e00d4c9426e0014502805f137ed46e0aad93ad6b409fb410494134a34a1ec57e362b0f0b156e41931f87b7b155cefd656d3ea4115eec2bd6721efe63fbfa74585407d7b020a5311e567de5b3bc44a899284f385282ba50fa7eaae78c9a3e6a9ab457d5affa6a8e0cae302f62d1411b39fdcae30164217696e22a96d823566ed5234d4ef0ca8ed0f6cf73dc0f48fc13eea6c5f00f0fa770be6e80a583d72e6bc35d5fdf1129874e2d23d1b6668b2cacd872628490a5724b095199e6ce3b2229cab8a8cdc14999738e6a34d6416d4b8aed744da4c62fa94fe03b0fd5aa02db9049a1ac18f9e376afab43c8ddf1d153e107f7ab17e6960c5bbcb0b1f4f04273296ca7676e2d0f7729dc93a47a99d4619cdc0fd0c21434ab5dc7e2bc08006bc1b3bb0cbfba9e0d68bb046b86d4aa11c757d14905a6cd0e6b34bff03ec390e4bf0bba8a1075512d7fc7cb18ab6cac69cfd53c7dd9149d5e8b176366ba25f9541a04fe7da31ea8e93609752cb00eaac8a602d0c5bd538e8187c08c7e0109d85e116ed6b5b0817873dc2cd939bf90c1fa530fa0040e9842e1b8701df3ee3e188cb65c1998c40f6db69e207cdac6122d1c63c2d6a4c657f0e9c43e670f84d569b3b8daf3fb51b3923e8dfd538f63822891c2fabdc0e898902e548c3d8a4d85c1"}, 0x1) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) unshare$auto(0x40000080) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000005440)='/dev/snd/controlC1\x00', 0x2000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, 0xfffffffffffffffd) ioctl$auto(0xffffffffffffffff, 0x5429, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x583142, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0xc1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r2, 0x0) r3 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x364f9cefc8a0a83, 0x0) ioctl$auto_tracing_buffers_fops_trace(r3, 0x5220, 0x0) 2m35.8129249s ago: executing program 0 (id=5819): prctl$auto_SIGCONT(0xc, 0x12, 0xffffffffffffffff, 0xcdd, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/1/cpuid\x00', 0xa0143, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) socket(0x23, 0x6, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = clone$auto(0x6d8, 0xffe, 0x0, 0x0, 0x4000000a) migrate_pages$auto(r1, 0x4, 0x0, &(0x7f0000000180)=0x2) 2m34.801154389s ago: executing program 0 (id=5829): setitimer$auto(0x0, 0x0, 0x0) getitimer$auto_ITIMER_REAL(0x0, &(0x7f0000001bc0)={{0x2, 0x7fffffffffffffff}, {0x7, 0x1000}}) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0x8}, 0x7fc}, 0x7, 0x4008) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(0x3, 0x81) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0x18, 0x80000, 0x3a) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) umount2$auto(&(0x7f0000000000)='.\x00', 0x3) umount2$auto(&(0x7f00000000c0)='.\x00', 0x8) 2m19.616021908s ago: executing program 34 (id=5829): setitimer$auto(0x0, 0x0, 0x0) getitimer$auto_ITIMER_REAL(0x0, &(0x7f0000001bc0)={{0x2, 0x7fffffffffffffff}, {0x7, 0x1000}}) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0x8}, 0x7fc}, 0x7, 0x4008) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(0x3, 0x81) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0x18, 0x80000, 0x3a) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) umount2$auto(&(0x7f0000000000)='.\x00', 0x3) umount2$auto(&(0x7f00000000c0)='.\x00', 0x8) 2m1.83523848s ago: executing program 5 (id=5924): io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x88, 0x1, 0x80000000, 0x10000100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x10000052, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) mmap$auto(0x6, 0x4, 0x4000000000dd, 0x40eb1, 0xffffffffffffffff, 0x300000000000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) mmap$auto(0xfffffffffffffffb, 0x400008, 0x400df, 0x19, r1, 0x2a7d) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mlock$auto(0xfbea, 0x7fffffffffffffff) 1m59.972527107s ago: executing program 5 (id=5927): ioctl$auto_SOUND_MIXER_READ_DEVMASK2(0xffffffffffffffff, 0x40044620, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) r0 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media1\x00', 0x22001, 0x0) write$auto_media_devnode_fops_mc_devnode(r0, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000007ec0)=""/254, 0xfe) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x68102, 0x0) pread64$auto(r1, &(0x7f0000000040)='/dev/tty0\x00', 0x3, 0xe9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(0xffffffffffffffff, 0x0, 0x4b, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x1, 0xfffffffb, &(0x7f0000001480)={0xb, 0x3}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) 1m58.934170324s ago: executing program 5 (id=5930): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x140, 0x0) r0 = open(0x0, 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fchmod$auto(r0, 0xa) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) symlink$auto(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000440)='./file0\x00') mount$auto(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xf, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1800", @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r2, &(0x7f0000000000)='\xde\x00', 0xfded) 1m58.711623782s ago: executing program 5 (id=5931): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 1m58.29986066s ago: executing program 5 (id=5933): socket(0x23, 0x80805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2, 0x0) socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x10, 0x2, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x4e27}, 0x55) write$auto(0x3, 0x0, 0x5b4) 1m57.63631467s ago: executing program 5 (id=5936): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x2) mount$auto(0x0, &(0x7f0000000280)='}[,&*}\x00', &(0x7f0000000040)='nfsd\x00', 0x3, 0x0) socket(0x10, 0x2, 0x0) setsockopt$auto(0xffffffffffffffff, 0x110, 0x1, 0x0, 0x275d) getdents64$auto(0xffffffffffffffff, 0x0, 0x400) socketcall$auto(0xffe, 0x0) unshare$auto(0x40000080) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000000000), 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x26) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x23, 0x2, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) bind$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @empty}, 0x80006a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r0 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) mmap$auto(0x9000000000000, 0x400008, 0xdf, 0x9b7f, 0xffffffffffffffff, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x2000000006, 0x2) landlock_restrict_self$auto(r0, 0xb) 1m42.552119701s ago: executing program 35 (id=5936): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x2) mount$auto(0x0, &(0x7f0000000280)='}[,&*}\x00', &(0x7f0000000040)='nfsd\x00', 0x3, 0x0) socket(0x10, 0x2, 0x0) setsockopt$auto(0xffffffffffffffff, 0x110, 0x1, 0x0, 0x275d) getdents64$auto(0xffffffffffffffff, 0x0, 0x400) socketcall$auto(0xffe, 0x0) unshare$auto(0x40000080) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000000000), 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x26) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x23, 0x2, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) bind$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @empty}, 0x80006a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r0 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) mmap$auto(0x9000000000000, 0x400008, 0xdf, 0x9b7f, 0xffffffffffffffff, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x2000000006, 0x2) landlock_restrict_self$auto(r0, 0xb) 8.983830832s ago: executing program 7 (id=6222): r0 = socket(0xf, 0x3, 0x2) recvfrom$auto(r0, 0x0, 0xde, 0x8, 0x0, 0x0) 8.737902555s ago: executing program 7 (id=6224): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r1 = pidfd_open$auto(0x1, 0x0) ioctl$auto_BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, 0x0) bpf$auto(0x6, 0xffffffffffffffff, 0x0) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) r3 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cmdline\x00', 0x60502, 0x0) openat$auto_ima_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) mbind$auto(0x0, 0xfa9c, 0x8001, &(0x7f0000000100)=0x80000000, 0x400, 0x1) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000140), r3) read$auto_proc_pid_cmdline_ops_base(r3, &(0x7f0000000040)=""/159, 0x9f) 7.609108774s ago: executing program 4 (id=6228): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0xc) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000008000300040200000600070000800000", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001", @ANYRES32=0x0], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="10002cbd7000df250a0a08000a"], 0x10e}}, 0x10004010) 7.030046197s ago: executing program 4 (id=6229): mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7f, 0x9, 0x0) 6.708903412s ago: executing program 4 (id=6230): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) msync$auto(0x200000, 0x2000000005, 0x6) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x3, 0xa) getsockopt$auto(r0, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_helper\x00', 0x80302, 0x0) remap_file_pages$auto(0x7fffffff, 0x513e42ea, 0x0, 0xfffffffffffffffe, 0x741a7957) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x7ffc) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) 5.931880437s ago: executing program 7 (id=6231): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setpgid$auto(0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/snd_aloop.0/driver_override\x00', 0x101901, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_debug_messages\x00', 0xa001, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, 0x0, 0x81) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r3, r4, 0x0, 0x1000200) 5.718218452s ago: executing program 3 (id=6232): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x6) r0 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a) write$auto(0x3, 0x0, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 5.575934072s ago: executing program 6 (id=6233): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) msync$auto(0x200000, 0x2000000005, 0x6) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x3, 0xa) getsockopt$auto(r0, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_helper\x00', 0x80302, 0x0) remap_file_pages$auto(0x7fffffff, 0x513e42ea, 0x0, 0xfffffffffffffffe, 0x741a7957) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x7ffc) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 5.398407378s ago: executing program 4 (id=6234): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x4, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, &(0x7f00000001c0)=0x9, &(0x7f0000000200)=0x8, 0x10, 0x7, 0x3, 0x46, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0xffff7fff, @raw=0x64}) setresuid$auto(0x0, 0x0, r1) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40014}, 0x0) getpgid$auto(0x0) r4 = socket(0x2, 0x801, 0x106) setsockopt$auto(r4, 0x6, 0x12, 0x0, 0xa1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r5, &(0x7f0000000100), 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 4.185930456s ago: executing program 7 (id=6235): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x80802, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x9) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f00000003c0)="4a67d23edb317545d9bc8745d18a5956210d2d", 0x49}, 0x5, 0x0, 0x5, 0x1000}}, 0x1, 0x100) open(0x0, 0x40a00, 0x1c7) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) pidfd_open$auto(0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0x9, 0x1, 0x948d, 0x1ff, 0x15f4da07, 0x3, 0x8003, 0x65, 0x8000001f, 0x1000, 0x100000000006d3e, 0x9, 0x1, 0x8]}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001880), r2) sendmsg$auto_NET_SHAPER_CMD_GET2(r2, &(0x7f0000001a80)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f00000019c0)={0x14, r3, 0x301, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8000) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x203, 0x6, 0x7, 0x4, 0x0, 0x4000000000003, 0x4306, 0x1, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, 0x0) 3.834377076s ago: executing program 6 (id=6236): memfd_secret$auto(0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x1, 0x84) r0 = io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x2, 0x88) r2 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4}, 0xa3) bpf$auto(0x4, &(0x7f0000000040)=@link_update={r2, @new_prog_fd=r3, 0x1, @old_prog_fd=r0}, 0x9) 3.65439217s ago: executing program 3 (id=6237): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001a80), r0) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000", @ANYRES16=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mremap$auto(0x80, 0x8, 0x4, 0x8, 0xed2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/swaps\x00', 0x80000, 0x0) epoll_create$auto(0x4e) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29b, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r2 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) read$auto(0x3, 0x0, 0x7fffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x8af}, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x4) recvmmsg$auto(r2, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) madvise$auto(0x0, 0x200007, 0x8) 3.563191642s ago: executing program 6 (id=6238): mq_open$auto(0x0, 0x7f, 0x9, 0x0) 3.369856177s ago: executing program 6 (id=6240): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r1 = pidfd_open$auto(0x1, 0x0) ioctl$auto_BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, 0x0) bpf$auto(0x6, 0xffffffffffffffff, 0x0) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) r3 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cmdline\x00', 0x60502, 0x0) openat$auto_ima_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) mbind$auto(0x0, 0xfa9c, 0x8001, &(0x7f0000000100)=0x80000000, 0x400, 0x1) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000140), r3) read$auto_proc_pid_cmdline_ops_base(r3, &(0x7f0000000040)=""/159, 0x9f) 3.152496932s ago: executing program 4 (id=6241): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) readv$auto(0x3, 0x0, 0xe9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000000)='//\xf2\x00', 0x80000000) io_uring_setup$auto(0x8000000, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bdi/1:13/max_ratio\x00', 0x22001, 0x0) bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_7={@btf_id=0xc7, 0x6, 0x9, r1}, 0xebd8) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1) 2.411424075s ago: executing program 7 (id=6242): unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) msync$auto(0x0, 0xe0, 0x6) getsockopt$auto(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x4923c1, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x10, r1, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80500, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) read$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000038, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) 2.411316345s ago: executing program 3 (id=6243): write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r1, 0x0, 0x800000006) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000240)="ae") write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_dma_buf_debug_fops_(0xffffffffffffff9c, 0x0, 0x181000, 0x0) mmap$auto(0x0, 0x5, 0x3, 0xeb1, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x9, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x88) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0xb) bind$auto(r0, 0x0, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x9, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 1.583216796s ago: executing program 4 (id=6244): socket(0xa, 0x3, 0x3b) r0 = socket(0x10, 0x2, 0x9) sendmsg$auto_NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000ed03"], 0x5f}, 0x1, 0x0, 0x0, 0x20008804}, 0x40) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r1, 0x0, 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) msync$auto(0x0, 0xe0, 0x6) 1.06838637s ago: executing program 6 (id=6245): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) sysfs$auto(0x2, 0x100001000000032, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r0, 0x1269, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x185040, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000140)={{0x0, 0x2, 0x200800, 0x1, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e1ca6300ea"}) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/clear_refs\x00', 0x101001, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) 773.74672ms ago: executing program 7 (id=6246): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) msync$auto(0x200000, 0x2000000005, 0x6) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x3, 0xa) getsockopt$auto(r0, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/uevent_helper\x00', 0x80302, 0x0) remap_file_pages$auto(0x7fffffff, 0x513e42ea, 0x0, 0xfffffffffffffffe, 0x741a7957) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x7ffc) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 503.388365ms ago: executing program 3 (id=6247): keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) 423.317823ms ago: executing program 6 (id=6248): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x6) r0 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a) write$auto(0x3, 0x0, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 309.920532ms ago: executing program 3 (id=6249): memfd_secret$auto(0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x1, 0x84) r0 = io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x2, 0x88) r2 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4}, 0xa3) bpf$auto(0x4, &(0x7f0000000040)=@link_update={r2, @new_prog_fd=r3, 0x1, @old_prog_fd=r0}, 0x9) 0s ago: executing program 3 (id=6250): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(r0, 0x1, 0x820, 0x7fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_7={@btf_id=0x2, 0x6, 0x40000023}, 0x96) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) kernel console output (not intermixed with test programs): .2.4691'. [ 974.434213][T20678] Process accounting resumed [ 974.439274][T20696] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4699'. [ 977.658651][T20740] netlink: 306 bytes leftover after parsing attributes in process `syz.4.4709'. [ 978.377941][T20754] netlink: 350 bytes leftover after parsing attributes in process `syz.3.4714'. [ 979.343011][T20774] FAULT_INJECTION: forcing a failure. [ 979.343011][T20774] name failslab, interval 1, probability 0, space 0, times 0 [ 979.409439][T20774] CPU: 0 UID: 0 PID: 20774 Comm: syz.3.4718 Tainted: G L syzkaller #0 PREEMPT(full) [ 979.409474][T20774] Tainted: [L]=SOFTLOCKUP [ 979.409481][T20774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 979.409492][T20774] Call Trace: [ 979.409499][T20774] [ 979.409507][T20774] dump_stack_lvl+0x100/0x190 [ 979.409541][T20774] should_fail_ex.cold+0x5/0xa [ 979.409565][T20774] ? tomoyo_encode2+0xfb/0x3c0 [ 979.409591][T20774] should_failslab+0xc2/0x120 [ 979.409613][T20774] __kmalloc_noprof+0xe0/0x850 [ 979.409647][T20774] tomoyo_encode2+0xfb/0x3c0 [ 979.409676][T20774] tomoyo_encode+0x29/0x50 [ 979.409702][T20774] tomoyo_mount_acl+0x388/0x8b0 [ 979.409727][T20774] ? is_bpf_text_address+0x8a/0x1a0 [ 979.409756][T20774] ? bpf_ksym_find+0x124/0x1c0 [ 979.409784][T20774] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 979.409808][T20774] ? kernel_text_address+0x8d/0x100 [ 979.409837][T20774] ? unwind_get_return_address+0x59/0xa0 [ 979.409879][T20774] ? tomoyo_domain+0xb2/0x150 [ 979.409895][T20774] ? tomoyo_profile+0x47/0x60 [ 979.409927][T20774] tomoyo_mount_permission+0x214/0x460 [ 979.409952][T20774] ? tomoyo_mount_permission+0x1f6/0x460 [ 979.409979][T20774] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 979.410017][T20774] security_sb_mount+0xdd/0x270 [ 979.410039][T20774] path_mount+0x158/0x23d0 [ 979.410066][T20774] ? __pfx_path_mount+0x10/0x10 [ 979.410087][T20774] ? lockdep_hardirqs_on+0x78/0x100 [ 979.410109][T20774] ? putname+0xb1/0x110 [ 979.410129][T20774] ? kmem_cache_free+0x124/0x6a0 [ 979.410162][T20774] ? __x64_sys_mount+0x293/0x310 [ 979.410184][T20774] __x64_sys_mount+0x293/0x310 [ 979.410208][T20774] ? __pfx___x64_sys_mount+0x10/0x10 [ 979.410237][T20774] do_syscall_64+0x106/0xf80 [ 979.410256][T20774] ? clear_bhb_loop+0x40/0x90 [ 979.410279][T20774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.410298][T20774] RIP: 0033:0x7f80e959c819 [ 979.410315][T20774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 979.410340][T20774] RSP: 002b:00007f80ea40f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 979.410358][T20774] RAX: ffffffffffffffda RBX: 00007f80e9815fa0 RCX: 00007f80e959c819 [ 979.410370][T20774] RDX: 00002000000001c0 RSI: 0000200000000040 RDI: 0000000000000000 [ 979.410381][T20774] RBP: 00007f80e9632c91 R08: 0000000000000000 R09: 0000000000000000 [ 979.410392][T20774] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 979.410402][T20774] R13: 00007f80e9816038 R14: 00007f80e9815fa0 R15: 00007fff9123c1f8 [ 979.410426][T20774] [ 980.220380][T20779] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 981.825388][T20797] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4724'. [ 981.880720][T20801] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4724'. [ 981.931135][T20800] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4723'. [ 983.094987][T20816] netlink: 318 bytes leftover after parsing attributes in process `syz.2.4729'. [ 986.871310][T16997] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 986.871340][T16997] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 986.893668][T16997] Bluetooth: hci0: Dropping invalid advertising data [ 986.902540][T16997] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 986.902568][T16997] Bluetooth: hci0: Dropping invalid advertising data [ 986.917106][T16997] Bluetooth: hci0: Malformed LE Event: 0x02 [ 987.956428][T20910] Falling back ldisc for ttyS2. [ 988.981774][T20927] netlink: 'syz.0.4764': attribute type 1 has an invalid length. [ 989.034450][T20927] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4764'. [ 989.690106][T20923] Process accounting resumed [ 990.479441][T20952] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 990.535819][T20952] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 990.588512][T20952] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 990.624342][T20952] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 991.393128][T20981] netlink: 93 bytes leftover after parsing attributes in process `syz.4.4777'. [ 991.408498][T20971] FAULT_INJECTION: forcing a failure. [ 991.408498][T20971] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 991.452955][T20973] netlink: 93 bytes leftover after parsing attributes in process `syz.4.4777'. [ 991.495095][T20971] CPU: 0 UID: 0 PID: 20971 Comm: syz.0.4776 Tainted: G L syzkaller #0 PREEMPT(full) [ 991.495128][T20971] Tainted: [L]=SOFTLOCKUP [ 991.495135][T20971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 991.495146][T20971] Call Trace: [ 991.495154][T20971] [ 991.495173][T20971] dump_stack_lvl+0x100/0x190 [ 991.495207][T20971] should_fail_ex.cold+0x5/0xa [ 991.495235][T20971] ? page_copy_sane+0x17c/0x2d0 [ 991.495260][T20971] copy_folio_from_iter_atomic+0x427/0x1e70 [ 991.495297][T20971] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 991.495324][T20971] ? shmem_write_begin+0x1ba/0x420 [ 991.495356][T20971] ? __pfx_shmem_write_begin+0x10/0x10 [ 991.495388][T20971] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 991.495423][T20971] generic_perform_write+0x4cb/0xa40 [ 991.495459][T20971] ? __pfx_generic_perform_write+0x10/0x10 [ 991.495486][T20971] ? __mark_inode_dirty+0x55c/0x1790 [ 991.495515][T20971] ? mnt_put_write_access_file+0x4e/0x100 [ 991.495536][T20971] ? file_update_time_flags+0x373/0x500 [ 991.495563][T20971] shmem_file_write_iter+0x10e/0x140 [ 991.495587][T20971] vfs_write+0x6ac/0x1070 [ 991.495607][T20971] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 991.495631][T20971] ? __pfx_vfs_write+0x10/0x10 [ 991.495663][T20971] ksys_write+0x12a/0x250 [ 991.495682][T20971] ? __pfx_ksys_write+0x10/0x10 [ 991.495706][T20971] do_syscall_64+0x106/0xf80 [ 991.495725][T20971] ? clear_bhb_loop+0x40/0x90 [ 991.495748][T20971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 991.495768][T20971] RIP: 0033:0x7f166559c819 [ 991.495784][T20971] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 991.495802][T20971] RSP: 002b:00007f166652d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 991.495822][T20971] RAX: ffffffffffffffda RBX: 00007f1665815fa0 RCX: 00007f166559c819 [ 991.495834][T20971] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 991.495846][T20971] RBP: 00007f1665632c91 R08: 0000000000000000 R09: 0000000000000000 [ 991.495857][T20971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 991.495868][T20971] R13: 00007f1665816038 R14: 00007f1665815fa0 R15: 00007ffd5bbc2578 [ 991.495893][T20971] [ 991.817579][T20986] binder: 20985:20986 ioctl c018620c 200000000040 returned -22 [ 992.041198][T20978] netlink: 93 bytes leftover after parsing attributes in process `syz.4.4777'. [ 992.406897][T20996] Unable to find swap-space signature [ 992.529365][T16997] Bluetooth: hci0: command 0x0406 tx timeout [ 992.597531][T16997] Bluetooth: hci2: command 0x0406 tx timeout [ 992.660278][T16997] Bluetooth: hci1: command 0x0c1a tx timeout [ 992.667397][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout [ 992.976992][T21001] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4784'. [ 993.091192][T21001] bridge_slave_1 (unregistering): left allmulticast mode [ 993.122700][T21001] bridge_slave_1 (unregistering): left promiscuous mode [ 993.166964][T21001] bridge0: port 2(bridge_slave_1) entered disabled state [ 993.543005][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.549503][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.705240][T21059] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4800'. [ 995.946117][T21062] Process accounting resumed [ 997.615190][T21100] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4812'. [ 997.703609][T21103] HfR: entered promiscuous mode [ 997.802726][T21100] i: entered promiscuous mode [ 999.732366][T21141] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input23 [ 999.928312][ T29] audit: type=1800 audit(4294967327.530:19): pid=21141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4823" name="features" dev="configfs" ino=98696 res=0 errno=0 [ 1000.484510][T21155] FAULT_INJECTION: forcing a failure. [ 1000.484510][T21155] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1000.570163][T21155] CPU: 0 UID: 0 PID: 21155 Comm: syz.2.4827 Tainted: G L syzkaller #0 PREEMPT(full) [ 1000.570196][T21155] Tainted: [L]=SOFTLOCKUP [ 1000.570204][T21155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1000.570215][T21155] Call Trace: [ 1000.570222][T21155] [ 1000.570230][T21155] dump_stack_lvl+0x100/0x190 [ 1000.570263][T21155] should_fail_ex.cold+0x5/0xa [ 1000.570283][T21155] ? prepare_alloc_pages+0x16d/0x5f0 [ 1000.570308][T21155] should_fail_alloc_page+0xeb/0x140 [ 1000.570331][T21155] prepare_alloc_pages+0x1f0/0x5f0 [ 1000.570358][T21155] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1000.570392][T21155] ? stack_trace_save+0x8e/0xc0 [ 1000.570412][T21155] ? __pfx_stack_trace_save+0x10/0x10 [ 1000.570432][T21155] ? stack_depot_save_flags+0x27/0x9d0 [ 1000.570458][T21155] ? find_held_lock+0x2b/0x80 [ 1000.570482][T21155] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1000.570511][T21155] ? kasan_save_stack+0x3f/0x50 [ 1000.570527][T21155] ? kasan_save_stack+0x30/0x50 [ 1000.570543][T21155] ? kasan_save_track+0x14/0x30 [ 1000.570560][T21155] ? system_heap_allocate+0xeb/0x1170 [ 1000.570581][T21155] ? __x64_sys_ioctl+0x18e/0x210 [ 1000.570607][T21155] ? do_syscall_64+0x106/0xf80 [ 1000.570626][T21155] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.570657][T21155] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1000.570678][T21155] ? policy_nodemask+0xed/0x4f0 [ 1000.570701][T21155] alloc_pages_mpol+0x1fb/0x550 [ 1000.570723][T21155] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1000.570746][T21155] ? lockdep_init_map_type+0x5c/0x250 [ 1000.570774][T21155] alloc_pages_noprof+0x136/0x390 [ 1000.570796][T21155] system_heap_allocate+0x2d2/0x1170 [ 1000.570823][T21155] ? __pfx_system_heap_allocate+0x10/0x10 [ 1000.570851][T21155] ? rep_movs_alternative+0x4a/0x90 [ 1000.570880][T21155] dma_heap_ioctl+0x37f/0x5e0 [ 1000.570902][T21155] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 1000.570920][T21155] ? find_held_lock+0x2b/0x80 [ 1000.570948][T21155] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 1000.570969][T21155] __x64_sys_ioctl+0x18e/0x210 [ 1000.570998][T21155] do_syscall_64+0x106/0xf80 [ 1000.571016][T21155] ? clear_bhb_loop+0x40/0x90 [ 1000.571039][T21155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.571058][T21155] RIP: 0033:0x7f37ff19c819 [ 1000.571075][T21155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1000.571093][T21155] RSP: 002b:00007f38000d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1000.571112][T21155] RAX: ffffffffffffffda RBX: 00007f37ff415fa0 RCX: 00007f37ff19c819 [ 1000.571124][T21155] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000005 [ 1000.571135][T21155] RBP: 00007f37ff232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1000.571153][T21155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1000.571165][T21155] R13: 00007f37ff416038 R14: 00007f37ff415fa0 R15: 00007ffeb9477098 [ 1000.571193][T21155] [ 1004.859561][T21221] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1004.888041][T21221] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1004.907680][T21221] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1004.931669][T21221] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1005.072565][T21248] FAULT_INJECTION: forcing a failure. [ 1005.072565][T21248] name failslab, interval 1, probability 0, space 0, times 0 [ 1005.099804][T21221] Process accounting paused [ 1005.138286][T21248] CPU: 0 UID: 0 PID: 21248 Comm: syz.3.4850 Tainted: G L syzkaller #0 PREEMPT(full) [ 1005.138320][T21248] Tainted: [L]=SOFTLOCKUP [ 1005.138327][T21248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1005.138338][T21248] Call Trace: [ 1005.138345][T21248] [ 1005.138353][T21248] dump_stack_lvl+0x100/0x190 [ 1005.138386][T21248] should_fail_ex.cold+0x5/0xa [ 1005.138409][T21248] should_failslab+0xc2/0x120 [ 1005.138431][T21248] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1005.138461][T21248] ? security_file_alloc+0x34/0x2c0 [ 1005.138486][T21248] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1005.138517][T21248] security_file_alloc+0x34/0x2c0 [ 1005.138543][T21248] init_file+0x95/0x480 [ 1005.138566][T21248] alloc_empty_file+0x73/0x1c0 [ 1005.138593][T21248] alloc_file_pseudo+0x13a/0x230 [ 1005.138619][T21248] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1005.138643][T21248] ? inode_init_always_gfp+0xd0e/0x1040 [ 1005.138669][T21248] sock_alloc_file+0x50/0x210 [ 1005.138691][T21248] do_accept+0x242/0x530 [ 1005.138717][T21248] ? 0xffffffff81000000 [ 1005.138730][T21248] ? do_raw_spin_lock+0x128/0x260 [ 1005.138760][T21248] ? __pfx_do_accept+0x10/0x10 [ 1005.138800][T21248] ? 0xffffffff81000000 [ 1005.138812][T21248] __sys_accept4+0x108/0x200 [ 1005.138840][T21248] ? __pfx___sys_accept4+0x10/0x10 [ 1005.138873][T21248] __x64_sys_accept+0x74/0xb0 [ 1005.138899][T21248] ? lockdep_hardirqs_on+0x78/0x100 [ 1005.138920][T21248] do_syscall_64+0x106/0xf80 [ 1005.138939][T21248] ? clear_bhb_loop+0x40/0x90 [ 1005.138961][T21248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1005.138981][T21248] RIP: 0033:0x7f80e959c819 [ 1005.138995][T21248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1005.139013][T21248] RSP: 002b:00007f80ea40f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 1005.139033][T21248] RAX: ffffffffffffffda RBX: 00007f80e9815fa0 RCX: 00007f80e959c819 [ 1005.139045][T21248] RDX: ffffffff81000000 RSI: ffffffffffffffff RDI: 0000000000000003 [ 1005.139057][T21248] RBP: 00007f80e9632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1005.139068][T21248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1005.139092][T21248] R13: 00007f80e9816038 R14: 00007f80e9815fa0 R15: 00007fff9123c1f8 [ 1005.139111][T21248] ? 0xffffffff81000000 [ 1005.139129][T21248] [ 1005.990192][ T5148] Bluetooth: hci0: command 0x0406 tx timeout [ 1006.821790][T21280] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4861'. [ 1006.898633][ T5148] Bluetooth: hci2: command 0x0406 tx timeout [ 1006.979488][ T5148] Bluetooth: hci1: command 0x0c1a tx timeout [ 1006.985575][T16997] Bluetooth: hci3: command 0x0c1a tx timeout [ 1009.714299][T21343] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1010.651166][T21359] FAULT_INJECTION: forcing a failure. [ 1010.651166][T21359] name failslab, interval 1, probability 0, space 0, times 0 [ 1010.719476][T21359] CPU: 0 UID: 0 PID: 21359 Comm: syz.4.4883 Tainted: G L syzkaller #0 PREEMPT(full) [ 1010.719510][T21359] Tainted: [L]=SOFTLOCKUP [ 1010.719517][T21359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1010.719527][T21359] Call Trace: [ 1010.719534][T21359] [ 1010.719542][T21359] dump_stack_lvl+0x100/0x190 [ 1010.719589][T21359] should_fail_ex.cold+0x5/0xa [ 1010.719618][T21359] should_failslab+0xc2/0x120 [ 1010.719639][T21359] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1010.719669][T21359] ? __d_alloc+0x34/0xa80 [ 1010.719696][T21359] __d_alloc+0x34/0xa80 [ 1010.719721][T21359] d_alloc+0x4a/0x1e0 [ 1010.719745][T21359] lookup_one_qstr_excl+0x175/0x250 [ 1010.719773][T21359] start_dirop+0x59/0xb0 [ 1010.719793][T21359] simple_start_creating+0xf9/0x110 [ 1010.719812][T21359] ? __pfx_simple_start_creating+0x10/0x10 [ 1010.719829][T21359] ? dput+0x24/0x30 [ 1010.719858][T21359] rpc_new_dir+0x27/0x420 [ 1010.719887][T21359] rpc_fill_super+0x30c/0x4f0 [ 1010.719915][T21359] ? __pfx_rpc_fill_super+0x10/0x10 [ 1010.719941][T21359] get_tree_keyed+0x10e/0x1d0 [ 1010.719973][T21359] vfs_get_tree+0x92/0x320 [ 1010.720008][T21359] vfs_cmd_create+0xd7/0x2a0 [ 1010.720044][T21359] __do_sys_fsconfig+0x55a/0xcb0 [ 1010.720073][T21359] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 1010.720111][T21359] do_syscall_64+0x106/0xf80 [ 1010.720130][T21359] ? clear_bhb_loop+0x40/0x90 [ 1010.720154][T21359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.720174][T21359] RIP: 0033:0x7f492ed9c819 [ 1010.720190][T21359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1010.720209][T21359] RSP: 002b:00007f492fbbc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 1010.720228][T21359] RAX: ffffffffffffffda RBX: 00007f492f015fa0 RCX: 00007f492ed9c819 [ 1010.720240][T21359] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000005 [ 1010.720251][T21359] RBP: 00007f492ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1010.720262][T21359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1010.720272][T21359] R13: 00007f492f016038 R14: 00007f492f015fa0 R15: 00007fff3781e778 [ 1010.720297][T21359] [ 1011.927746][T21382] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4890'. [ 1011.938234][ T5148] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1012.411038][T21387] can0: slcan on ttyS2. [ 1012.591072][T21383] can0 (unregistered): slcan off ttyS2. [ 1013.249482][T21410] binder: 21409:21410 ioctl c018620c 200000000040 returned -22 [ 1018.197975][T21500] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4924'. [ 1018.801339][T21516] binder: 21515:21516 ioctl c018620c 200000000040 returned -22 [ 1019.344715][T21531] netlink: 17 bytes leftover after parsing attributes in process `syz.3.4935'. [ 1019.391682][T21533] netlink: 'syz.0.4936': attribute type 1 has an invalid length. [ 1019.420356][T21533] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4936'. [ 1019.921647][T21549] binder: 21547:21549 ioctl c018620c 200000000040 returned -22 [ 1020.131926][T21527] Process accounting paused [ 1020.726640][T21565] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4946'. [ 1020.773672][T21567] binder: 21566:21567 ioctl c018620c 0 returned -14 [ 1021.343545][T21581] binder: 21579:21581 ioctl c018620c 200000000040 returned -22 [ 1023.043080][T21621] binder: 21620:21621 ioctl c018620c 0 returned -14 [ 1023.079375][T21623] binder: 21622:21623 ioctl c018620c 200000000040 returned -22 [ 1023.437902][T21628] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4967'. [ 1024.310891][T21654] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 1024.640293][T21658] binder: 21657:21658 ioctl c018620c 0 returned -14 [ 1024.807066][T21654] PCI: Can't parse resource_alignment parameter: 1 [ 1024.867530][T21662] binder: 21661:21662 ioctl c018620c 200000000040 returned -22 [ 1026.135234][T21685] Process accounting paused [ 1026.308676][T21692] binder: 21691:21692 ioctl c018620c 200000000040 returned -1 [ 1026.465388][T21696] sd 0:0:1:0: PR command failed: 1026 [ 1026.479004][T21696] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1026.496288][T21698] binder: 21697:21698 ioctl c018620c 200000000040 returned -22 [ 1026.509845][T21696] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1028.091600][T21731] binder: 21730:21731 ioctl c018620c 200000000040 returned -1 [ 1029.998243][T21772] binder: 21771:21772 ioctl c018620c 200000000040 returned -1 [ 1032.052218][T21812] binder: 21811:21812 ioctl c018620c 200000000040 returned -22 [ 1032.930864][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802bd93c00: rx timeout, send abort [ 1033.439315][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802bd93c00: abort rx timeout. Force session deactivation [ 1033.523338][T21839] binder: 21838:21839 ioctl c018620c 200000000040 returned -22 [ 1034.544739][T21856] binder: 21855:21856 ioctl c018620c 200000000040 returned -22 [ 1035.358010][T21873] Process accounting resumed [ 1035.507368][T21877] binder: 21875:21877 ioctl c018620c 200000000040 returned -22 [ 1035.739747][T21865] can: request_module (can-proto-3) failed. [ 1037.031816][T21908] binder: 21906:21908 ioctl c018620c 200000000040 returned -22 [ 1037.426651][T21917] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5053'. [ 1038.848224][T21941] binder: 21940:21941 ioctl c018620c 200000000040 returned -22 [ 1039.221432][T21951] binder: 21950:21951 ioctl c018620c 200000000040 returned -22 [ 1040.283355][T21973] binder: 21970:21973 ioctl c018620c 200000000040 returned -22 [ 1040.819524][T16997] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1040.832385][T16997] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1040.844341][T16997] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1040.852336][T16997] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1040.860198][T16997] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1041.602576][T21982] chnl_net:caif_netlink_parms(): no params data found [ 1042.074300][T21982] bridge0: port 1(bridge_slave_0) entered blocking state [ 1042.110741][T21982] bridge0: port 1(bridge_slave_0) entered disabled state [ 1042.145406][T21982] bridge_slave_0: entered allmulticast mode [ 1042.170165][T21982] bridge_slave_0: entered promiscuous mode [ 1042.204666][T21982] bridge0: port 2(bridge_slave_1) entered blocking state [ 1042.228282][T21982] bridge0: port 2(bridge_slave_1) entered disabled state [ 1042.248266][T21982] bridge_slave_1: entered allmulticast mode [ 1042.274930][T21982] bridge_slave_1: entered promiscuous mode [ 1042.376029][T21982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1042.439763][T21982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1042.806794][T21982] team0: Port device team_slave_0 added [ 1042.859665][T21982] team0: Port device team_slave_1 added [ 1042.898177][T16997] Bluetooth: hci4: command tx timeout [ 1043.016475][T21982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1043.045172][T21982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1043.164598][T21982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1043.253194][T21982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1043.273333][T21982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1043.414657][T21982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1043.677627][T21982] hsr_slave_0: entered promiscuous mode [ 1043.711278][T21982] hsr_slave_1: entered promiscuous mode [ 1043.739345][T21982] debugfs: 'hsr0' already exists in 'hsr' [ 1043.782391][T21982] Cannot create hsr debugfs directory [ 1044.608681][T21982] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1044.673758][T21982] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1044.727325][T21982] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1044.875141][T21982] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1044.978253][T16997] Bluetooth: hci4: command tx timeout [ 1045.692693][T21982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1045.844112][T21982] 8021q: adding VLAN 0 to HW filter on device team0 [ 1045.936682][T22058] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5087'. [ 1046.043813][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.051034][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1046.167123][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.174307][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1046.437281][T21982] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1046.518166][T21982] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1047.059500][T16997] Bluetooth: hci4: command tx timeout [ 1047.587730][T21982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1048.435265][T21982] veth0_vlan: entered promiscuous mode [ 1048.484582][T21982] veth1_vlan: entered promiscuous mode [ 1048.610153][T21982] veth0_macvtap: entered promiscuous mode [ 1048.657657][T21982] veth1_macvtap: entered promiscuous mode [ 1048.747159][T21982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1048.814518][T21982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1048.896259][ T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1048.959585][ T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1049.003668][ T49] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1049.069222][ T1107] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1049.138351][T16997] Bluetooth: hci4: command tx timeout [ 1049.681459][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1049.728504][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1049.836555][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1049.880065][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1051.217196][T22120] [U] [ 1051.219975][T22120] [U] [ 1051.222697][T22120] [U] [ 1051.225403][T22120] [U] [ 1051.255007][T22122] binder: 22121:22122 ioctl c018620c 200000000040 returned -22 [ 1051.400142][T22120] [U] [ 1051.402922][T22120] [U] [ 1051.405624][T22120] [U] [ 1051.408349][T22120] [U] [ 1052.078354][T22113] [U] [ 1052.389296][ T29] audit: type=1800 audit(4294967380.020:20): pid=22133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5099" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 1054.816480][T22146] kexec: Could not allocate control_code_buffer [ 1054.982279][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.988785][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.173633][T22185] Process accounting resumed [ 1056.207640][T16997] Bluetooth: hci4: Unexpected cc 0x7c89 with no status [ 1058.434885][T22217] binder: 22216:22217 ioctl c018620c 200000000040 returned -22 [ 1059.429128][T22221] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1059.461557][T22221] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1059.489902][T22221] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1059.518596][T22221] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1059.540453][T22221] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1059.569549][T22221] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1059.640895][T22221] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1059.704350][T22240] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5130'. [ 1060.349423][T22255] FAULT_INJECTION: forcing a failure. [ 1060.349423][T22255] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1060.414611][T22255] CPU: 0 UID: 0 PID: 22255 Comm: syz.4.5135 Tainted: G L syzkaller #0 PREEMPT(full) [ 1060.414643][T22255] Tainted: [L]=SOFTLOCKUP [ 1060.414650][T22255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1060.414662][T22255] Call Trace: [ 1060.414669][T22255] [ 1060.414676][T22255] dump_stack_lvl+0x100/0x190 [ 1060.414713][T22255] should_fail_ex.cold+0x5/0xa [ 1060.414736][T22255] get_futex_key+0x1d2/0x1620 [ 1060.414762][T22255] ? __pfx_get_futex_key+0x10/0x10 [ 1060.414786][T22255] ? putname+0xb1/0x110 [ 1060.414807][T22255] ? kasan_save_stack+0x3f/0x50 [ 1060.414824][T22255] ? kasan_save_stack+0x30/0x50 [ 1060.414840][T22255] ? kasan_save_track+0x14/0x30 [ 1060.414856][T22255] ? kasan_save_free_info+0x3b/0x70 [ 1060.414879][T22255] ? __kasan_slab_free+0x5f/0x80 [ 1060.414897][T22255] ? kmem_cache_free+0x124/0x6a0 [ 1060.414933][T22255] futex_wake+0xea/0x530 [ 1060.414964][T22255] ? __pfx_futex_wake+0x10/0x10 [ 1060.415002][T22255] do_futex+0x32b/0x350 [ 1060.415028][T22255] ? __pfx_do_futex+0x10/0x10 [ 1060.415058][T22255] __x64_sys_futex+0x34f/0x4d0 [ 1060.415087][T22255] ? __pfx___x64_sys_futex+0x10/0x10 [ 1060.415122][T22255] do_syscall_64+0x106/0xf80 [ 1060.415142][T22255] ? clear_bhb_loop+0x40/0x90 [ 1060.415165][T22255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1060.415184][T22255] RIP: 0033:0x7f492ed9c819 [ 1060.415199][T22255] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1060.415216][T22255] RSP: 002b:00007f492fb9b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1060.415235][T22255] RAX: ffffffffffffffda RBX: 00007f492f016098 RCX: 00007f492ed9c819 [ 1060.415247][T22255] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f492f01609c [ 1060.415260][T22255] RBP: 00007f492f016090 R08: 0000000000000000 R09: 0000000000000000 [ 1060.415271][T22255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1060.415283][T22255] R13: 00007f492f016128 R14: 00007fff3781e690 R15: 00007fff3781e778 [ 1060.415306][T22255] [ 1060.928350][T16997] Bluetooth: hci0: command 0x0406 tx timeout [ 1060.966615][T22264] binder: 22261:22264 ioctl c018620c 200000000040 returned -22 [ 1061.538668][ T5148] Bluetooth: hci1: command 0x0c1a tx timeout [ 1061.544806][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout [ 1061.551694][T16997] Bluetooth: hci2: command 0x0406 tx timeout [ 1061.618347][ T5148] Bluetooth: hci4: command 0x0c1a tx timeout [ 1062.667387][T22298] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1063.698397][ T5148] Bluetooth: hci4: command 0x0c1a tx timeout [ 1065.414105][T22321] Process accounting paused [ 1065.778371][ T5148] Bluetooth: hci4: command 0x0c1a tx timeout [ 1065.953601][T22347] netlink: 504 bytes leftover after parsing attributes in process `syz.5.5156'. [ 1070.349415][T22422] FAULT_INJECTION: forcing a failure. [ 1070.349415][T22422] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1070.549721][T22422] CPU: 0 UID: 0 PID: 22422 Comm: syz.0.5175 Tainted: G L syzkaller #0 PREEMPT(full) [ 1070.549754][T22422] Tainted: [L]=SOFTLOCKUP [ 1070.549762][T22422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1070.549772][T22422] Call Trace: [ 1070.549779][T22422] [ 1070.549787][T22422] dump_stack_lvl+0x100/0x190 [ 1070.549830][T22422] should_fail_ex.cold+0x5/0xa [ 1070.549852][T22422] get_futex_key+0x1d2/0x1620 [ 1070.549879][T22422] ? __pfx_get_futex_key+0x10/0x10 [ 1070.549903][T22422] ? get_futex_key+0x507/0x1620 [ 1070.549931][T22422] futex_wait_setup+0x83/0x510 [ 1070.549968][T22422] futex_wait_requeue_pi+0x240/0x870 [ 1070.550001][T22422] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 1070.550032][T22422] ? __pfx___futex_wait+0x10/0x10 [ 1070.550074][T22422] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1070.550105][T22422] ? lockdep_hardirqs_on+0x78/0x100 [ 1070.550144][T22422] ? __pfx_futex_wake_mark+0x10/0x10 [ 1070.550178][T22422] ? ksys_write+0x190/0x250 [ 1070.550198][T22422] ? ksys_write+0x190/0x250 [ 1070.550220][T22422] do_futex+0x24f/0x350 [ 1070.550246][T22422] ? __pfx_do_futex+0x10/0x10 [ 1070.550277][T22422] __x64_sys_futex+0x34f/0x4d0 [ 1070.550306][T22422] ? __pfx___x64_sys_futex+0x10/0x10 [ 1070.550340][T22422] do_syscall_64+0x106/0xf80 [ 1070.550358][T22422] ? clear_bhb_loop+0x40/0x90 [ 1070.550381][T22422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1070.550400][T22422] RIP: 0033:0x7f166559c819 [ 1070.550417][T22422] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1070.550435][T22422] RSP: 002b:00007f166650c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1070.550453][T22422] RAX: ffffffffffffffda RBX: 00007f1665816090 RCX: 00007f166559c819 [ 1070.550465][T22422] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 1070.550476][T22422] RBP: 00007f1665632c91 R08: 0000000000000000 R09: 00000000fffffffa [ 1070.550488][T22422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1070.550499][T22422] R13: 00007f1665816128 R14: 00007f1665816090 R15: 00007ffd5bbc2578 [ 1070.550521][T22422] [ 1072.376614][T22443] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1072.403381][T22443] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1072.450906][T22443] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1072.477973][T22443] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1072.498883][T22443] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1072.961530][T22464] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5189'. [ 1073.698290][ T8080] Bluetooth: hci0: command 0x0406 tx timeout [ 1074.214473][T22479] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5193'. [ 1074.419256][ T8080] Bluetooth: hci2: command 0x0406 tx timeout [ 1074.481637][ T29] audit: type=1804 audit(4294967402.110:21): pid=22483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.5194" name="/newroot/1005/file0" dev="tmpfs" ino=5251 res=1 errno=0 [ 1074.518130][ T8080] Bluetooth: hci1: command 0x0c1a tx timeout [ 1074.524219][ T8080] Bluetooth: hci3: command 0x0c1a tx timeout [ 1074.585236][ T8080] Bluetooth: hci4: command 0x0c1a tx timeout [ 1074.595319][ T29] audit: type=1804 audit(4294967402.170:22): pid=22484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.5194" name="/newroot/1005/file0" dev="tmpfs" ino=5251 res=1 errno=0 [ 1074.637765][T22477] bridge0: port 3(veth1_macvtap) entered blocking state [ 1074.677272][T22477] bridge0: port 3(veth1_macvtap) entered disabled state [ 1074.731928][T22477] veth1_macvtap: entered allmulticast mode [ 1074.789921][T22477] veth1_macvtap: left allmulticast mode [ 1075.398821][T22498] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5199'. [ 1078.172387][T22550] binder: 22549:22550 ioctl c018620c 200000000040 returned -22 [ 1078.239169][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.304103][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.392545][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.434099][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.466573][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.516265][T22557] mkiss: ax0: crc mode is auto. [ 1078.577007][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.635820][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.662029][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.707035][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.766318][T22552] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5211'. [ 1078.962565][T22562] FAULT_INJECTION: forcing a failure. [ 1078.962565][T22562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1079.078271][T22562] CPU: 0 UID: 0 PID: 22562 Comm: syz.4.5215 Tainted: G L syzkaller #0 PREEMPT(full) [ 1079.078303][T22562] Tainted: [L]=SOFTLOCKUP [ 1079.078310][T22562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1079.078321][T22562] Call Trace: [ 1079.078328][T22562] [ 1079.078336][T22562] dump_stack_lvl+0x100/0x190 [ 1079.078369][T22562] should_fail_ex.cold+0x5/0xa [ 1079.078387][T22562] ? page_copy_sane+0x17c/0x2d0 [ 1079.078413][T22562] copy_folio_from_iter_atomic+0x427/0x1e70 [ 1079.078450][T22562] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 1079.078476][T22562] ? shmem_write_begin+0x1ba/0x420 [ 1079.078515][T22562] ? __pfx_shmem_write_begin+0x10/0x10 [ 1079.078546][T22562] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 1079.078574][T22562] generic_perform_write+0x4cb/0xa40 [ 1079.078610][T22562] ? __pfx_generic_perform_write+0x10/0x10 [ 1079.078637][T22562] ? __mark_inode_dirty+0x55c/0x1790 [ 1079.078667][T22562] ? mnt_put_write_access_file+0x4e/0x100 [ 1079.078688][T22562] ? file_update_time_flags+0x373/0x500 [ 1079.078717][T22562] shmem_file_write_iter+0x10e/0x140 [ 1079.078741][T22562] vfs_write+0x6ac/0x1070 [ 1079.078760][T22562] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1079.078784][T22562] ? __pfx_vfs_write+0x10/0x10 [ 1079.078816][T22562] ksys_write+0x12a/0x250 [ 1079.078834][T22562] ? __pfx_ksys_write+0x10/0x10 [ 1079.078859][T22562] do_syscall_64+0x106/0xf80 [ 1079.078879][T22562] ? clear_bhb_loop+0x40/0x90 [ 1079.078901][T22562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1079.078921][T22562] RIP: 0033:0x7f492ed9c819 [ 1079.078936][T22562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1079.078954][T22562] RSP: 002b:00007f492fbbc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1079.078972][T22562] RAX: ffffffffffffffda RBX: 00007f492f015fa0 RCX: 00007f492ed9c819 [ 1079.078985][T22562] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1079.078996][T22562] RBP: 00007f492ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1079.079008][T22562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1079.079020][T22562] R13: 00007f492f016038 R14: 00007f492f015fa0 R15: 00007fff3781e778 [ 1079.079044][T22562] [ 1082.686391][T22628] veth0_macvtap: left promiscuous mode [ 1082.745531][T22628] macvtap0: entered promiscuous mode [ 1082.759798][T22628] macvtap0: entered allmulticast mode [ 1083.095366][T22640] binder: 22639:22640 ioctl c018620c 200000000040 returned -22 [ 1084.353802][T22661] __nla_validate_parse: 29 callbacks suppressed [ 1084.353823][T22661] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5243'. [ 1084.439637][T22663] netlink: 'syz.4.5243': attribute type 1 has an invalid length. [ 1084.492169][T22663] netlink: 5 bytes leftover after parsing attributes in process `syz.4.5243'. [ 1085.915514][T22687] Falling back ldisc for ttyS2. [ 1086.598210][T22693] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5254'. [ 1086.653483][T22693] i: entered promiscuous mode [ 1086.719301][T22693] HfR: entered promiscuous mode [ 1086.898835][T22692] Process accounting paused [ 1088.770308][T22725] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5262'. [ 1093.178875][T22783] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5277'. [ 1093.262248][T22786] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5277'. [ 1095.425446][T22822] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5289'. [ 1095.488359][T22817] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5289'. [ 1095.553361][T22820] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5289'. [ 1095.702514][T22827] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5291'. [ 1097.413304][T22799] Process accounting resumed [ 1098.230697][T22867] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5301'. [ 1098.279227][T22860] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5301'. [ 1098.328598][T22864] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5301'. [ 1098.587255][T22869] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5303'. [ 1098.667585][T22869] bridge0: port 2(bridge_slave_1) entered disabled state [ 1098.862163][T22869] bridge_slave_1 (unregistering): left allmulticast mode [ 1098.917448][T22876] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5305'. [ 1098.937099][T22869] bridge_slave_1 (unregistering): left promiscuous mode [ 1098.987561][T22869] bridge0: port 2(bridge_slave_1) entered disabled state [ 1099.177976][T22876] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1099.195739][T22876] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1099.247967][T22876] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1099.290344][T22876] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1100.347047][T22900] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5312'. [ 1102.727493][T22931] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5319'. [ 1105.025762][T22959] zswap: compressor not available [ 1105.489813][T22972] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5329'. [ 1109.902982][T23029] sp0: Synchronizing with TNC [ 1113.222553][T23077] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5355'. [ 1116.426976][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.434568][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.081352][T23145] FAULT_INJECTION: forcing a failure. [ 1117.081352][T23145] name failslab, interval 1, probability 0, space 0, times 0 [ 1117.173758][T23147] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 1117.262534][T23145] CPU: 0 UID: 0 PID: 23145 Comm: syz.3.5373 Tainted: G L syzkaller #0 PREEMPT(full) [ 1117.262566][T23145] Tainted: [L]=SOFTLOCKUP [ 1117.262573][T23145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1117.262585][T23145] Call Trace: [ 1117.262591][T23145] [ 1117.262599][T23145] dump_stack_lvl+0x100/0x190 [ 1117.262631][T23145] should_fail_ex.cold+0x5/0xa [ 1117.262654][T23145] should_failslab+0xc2/0x120 [ 1117.262677][T23145] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1117.262703][T23145] ? refill_pi_state_cache+0x91/0x260 [ 1117.262736][T23145] refill_pi_state_cache+0x91/0x260 [ 1117.262766][T23145] futex_lock_pi+0x177/0x7b0 [ 1117.262797][T23145] ? __pfx_futex_lock_pi+0x10/0x10 [ 1117.262828][T23145] ? __pfx___futex_wait+0x10/0x10 [ 1117.262863][T23145] ? lockdep_hardirqs_on+0x78/0x100 [ 1117.262901][T23145] ? __pfx_futex_wake_mark+0x10/0x10 [ 1117.262935][T23145] ? __get_user_nocheck_8+0x20/0x20 [ 1117.262963][T23145] ? do_vfs_ioctl+0x226/0x13e0 [ 1117.262994][T23145] do_futex+0x18a/0x350 [ 1117.263020][T23145] ? __pfx_do_futex+0x10/0x10 [ 1117.263046][T23145] ? find_held_lock+0x2b/0x80 [ 1117.263069][T23145] __x64_sys_futex+0x34f/0x4d0 [ 1117.263098][T23145] ? __pfx___x64_sys_futex+0x10/0x10 [ 1117.263131][T23145] do_syscall_64+0x106/0xf80 [ 1117.263150][T23145] ? clear_bhb_loop+0x40/0x90 [ 1117.263172][T23145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1117.263191][T23145] RIP: 0033:0x7f80e959c819 [ 1117.263208][T23145] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1117.263226][T23145] RSP: 002b:00007f80ea3ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1117.263244][T23145] RAX: ffffffffffffffda RBX: 00007f80e9816090 RCX: 00007f80e959c819 [ 1117.263270][T23145] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1117.263281][T23145] RBP: 00007f80e9632c91 R08: 0000000000000000 R09: 000000008000fff5 [ 1117.263293][T23145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1117.263304][T23145] R13: 00007f80e9816128 R14: 00007f80e9816090 R15: 00007fff9123c1f8 [ 1117.263328][T23145] [ 1117.862992][T23141] Process accounting resumed [ 1119.118608][T23182] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5380'. [ 1119.173082][T23178] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5380'. [ 1119.242800][T23180] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5380'. [ 1121.160569][T23214] FAULT_INJECTION: forcing a failure. [ 1121.160569][T23214] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1121.346008][T23214] CPU: 0 UID: 0 PID: 23214 Comm: syz.4.5385 Tainted: G L syzkaller #0 PREEMPT(full) [ 1121.346041][T23214] Tainted: [L]=SOFTLOCKUP [ 1121.346048][T23214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1121.346059][T23214] Call Trace: [ 1121.346066][T23214] [ 1121.346074][T23214] dump_stack_lvl+0x100/0x190 [ 1121.346108][T23214] should_fail_ex.cold+0x5/0xa [ 1121.346128][T23214] ? prepare_alloc_pages+0x16d/0x5f0 [ 1121.346158][T23214] should_fail_alloc_page+0xeb/0x140 [ 1121.346190][T23214] prepare_alloc_pages+0x1f0/0x5f0 [ 1121.346217][T23214] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1121.346251][T23214] ? rcu_is_watching+0x12/0xc0 [ 1121.346281][T23214] ? trace_mm_page_alloc+0x17a/0x1d0 [ 1121.346303][T23214] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1121.346333][T23214] ? kernel_text_address+0xd1/0x100 [ 1121.346361][T23214] ? unwind_get_return_address+0x59/0xa0 [ 1121.346382][T23214] ? arch_stack_walk+0xa6/0xf0 [ 1121.346401][T23214] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1121.346443][T23214] ? stack_depot_save_flags+0x27/0x9d0 [ 1121.346469][T23214] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1121.346497][T23214] ? pcpu_get_vm_areas+0x520/0x55d0 [ 1121.346516][T23214] ? pcpu_create_chunk+0x254/0x730 [ 1121.346548][T23214] ? pcpu_create_chunk+0x254/0x730 [ 1121.346574][T23214] ? pcpu_alloc_noprof+0x18c4/0x1c50 [ 1121.346606][T23214] alloc_pages_bulk_noprof+0x782/0x1490 [ 1121.346645][T23214] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1121.346684][T23214] ? alloc_pages_noprof+0x238/0x390 [ 1121.346708][T23214] __kasan_populate_vmalloc+0xf0/0x210 [ 1121.346743][T23214] pcpu_get_vm_areas+0x2df1/0x55d0 [ 1121.346789][T23214] ? __pfx_pcpu_get_vm_areas+0x10/0x10 [ 1121.346817][T23214] pcpu_create_chunk+0x254/0x730 [ 1121.346848][T23214] pcpu_alloc_noprof+0x18c4/0x1c50 [ 1121.346888][T23214] bpf_map_alloc_percpu+0x9a/0xf0 [ 1121.346908][T23214] ? __pfx_bpf_map_alloc_percpu+0x10/0x10 [ 1121.346931][T23214] ? __pfx___might_resched+0x10/0x10 [ 1121.346959][T23214] ? __bpf_map_area_alloc+0x13a/0x200 [ 1121.346988][T23214] htab_map_alloc+0x1054/0x14e0 [ 1121.347013][T23214] ? ns_capable+0xd2/0xf0 [ 1121.347032][T23214] ? __pfx_htab_map_mem_usage+0x10/0x10 [ 1121.347051][T23214] map_create+0x84e/0x2ba0 [ 1121.347068][T23214] ? futex_unqueue+0x13d/0x2c0 [ 1121.347092][T23214] ? __futex_wait+0x256/0x300 [ 1121.347127][T23214] ? __pfx_map_create+0x10/0x10 [ 1121.347145][T23214] ? __might_fault+0xc5/0x140 [ 1121.347178][T23214] ? __might_fault+0xc5/0x140 [ 1121.347214][T23214] __sys_bpf+0x2091/0x4b90 [ 1121.347240][T23214] ? __pfx___sys_bpf+0x10/0x10 [ 1121.347262][T23214] ? __pfx_futex_wait+0x10/0x10 [ 1121.347296][T23214] ? do_writev+0x214/0x340 [ 1121.347319][T23214] ? do_futex+0x192/0x350 [ 1121.347358][T23214] ? xfd_validate_state+0x129/0x190 [ 1121.347392][T23214] __x64_sys_bpf+0x7b/0xc0 [ 1121.347415][T23214] ? lockdep_hardirqs_on+0x78/0x100 [ 1121.347434][T23214] do_syscall_64+0x106/0xf80 [ 1121.347453][T23214] ? clear_bhb_loop+0x40/0x90 [ 1121.347477][T23214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1121.347497][T23214] RIP: 0033:0x7f492ed9c819 [ 1121.347513][T23214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1121.347531][T23214] RSP: 002b:00007f492fb7a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1121.347550][T23214] RAX: ffffffffffffffda RBX: 00007f492f016180 RCX: 00007f492ed9c819 [ 1121.347562][T23214] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 1121.347573][T23214] RBP: 00007f492ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1121.347584][T23214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1121.347595][T23214] R13: 00007f492f016218 R14: 00007f492f016180 R15: 00007fff3781e778 [ 1121.347619][T23214] [ 1123.714058][T23209] kexec: Could not allocate control_code_buffer [ 1125.156600][ T8080] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1127.132422][T23294] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5405'. [ 1127.664048][T23286] Process accounting paused [ 1127.799310][T23305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5407'. [ 1127.832936][T23305] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5407'. [ 1128.333561][T23317] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5413'. [ 1128.372103][T23314] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5413'. [ 1131.200859][T23359] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5426'. [ 1131.220247][T23364] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5425'. [ 1131.289535][T23359] netlink: 'syz.3.5426': attribute type 1 has an invalid length. [ 1131.297399][T23359] netlink: 5 bytes leftover after parsing attributes in process `syz.3.5426'. [ 1131.328254][T23358] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5425'. [ 1131.398621][T23361] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5425'. [ 1131.412420][T23359] netlink: 'syz.3.5426': attribute type 1 has an invalid length. [ 1134.275266][T23394] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1134.303327][T23394] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1134.328422][T23394] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1134.368775][T23394] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1134.395597][T23417] __nla_validate_parse: 1 callbacks suppressed [ 1134.395615][T23417] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5438'. [ 1134.466070][T23394] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1134.488540][T23422] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5438'. [ 1134.497742][T23394] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1134.561502][T23420] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5438'. [ 1134.809836][T23431] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5443'. [ 1135.058862][ T5148] Bluetooth: hci0: command 0x0406 tx timeout [ 1136.338197][ T8080] Bluetooth: hci3: command 0x0c1a tx timeout [ 1136.344640][ T8080] Bluetooth: hci2: command 0x0406 tx timeout [ 1136.499601][T23459] Bluetooth: hci1: command 0x0c1a tx timeout [ 1136.578379][T23459] Bluetooth: hci4: command 0x0c1a tx timeout [ 1136.975442][T23473] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5460'. [ 1137.023866][T23464] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5460'. [ 1137.091309][T23469] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5460'. [ 1138.086402][T23491] block2mtd: illegal erase size [ 1138.178389][ T5148] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1138.420057][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout [ 1139.924840][T23522] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5464'. [ 1139.998880][T23517] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5464'. [ 1140.056686][T23519] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5464'. [ 1141.351063][T23544] netlink: 86 bytes leftover after parsing attributes in process `syz.4.5472'. [ 1142.607912][T23567] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5477'. [ 1142.980237][T23576] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5479'. [ 1143.035227][T23570] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5479'. [ 1143.128993][T23573] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5479'. [ 1143.271913][T23585] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5480'. [ 1143.971313][T23597] Invalid ELF header magic: != ELF [ 1144.879896][T23610] FAULT_INJECTION: forcing a failure. [ 1144.879896][T23610] name failslab, interval 1, probability 0, space 0, times 0 [ 1144.937596][T23610] CPU: 0 UID: 0 PID: 23610 Comm: syz.0.5486 Tainted: G L syzkaller #0 PREEMPT(full) [ 1144.937629][T23610] Tainted: [L]=SOFTLOCKUP [ 1144.937637][T23610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1144.937648][T23610] Call Trace: [ 1144.937656][T23610] [ 1144.937664][T23610] dump_stack_lvl+0x100/0x190 [ 1144.937697][T23610] should_fail_ex.cold+0x5/0xa [ 1144.937720][T23610] should_failslab+0xc2/0x120 [ 1144.937743][T23610] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1144.937774][T23610] ? security_file_alloc+0x34/0x2c0 [ 1144.937800][T23610] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1144.937825][T23610] security_file_alloc+0x34/0x2c0 [ 1144.937851][T23610] init_file+0x95/0x480 [ 1144.937874][T23610] alloc_empty_file+0x73/0x1c0 [ 1144.937900][T23610] alloc_file_pseudo+0x13a/0x230 [ 1144.937926][T23610] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1144.937950][T23610] ? inode_init_always_gfp+0xd0e/0x1040 [ 1144.937976][T23610] sock_alloc_file+0x50/0x210 [ 1144.938003][T23610] do_accept+0x242/0x530 [ 1144.938028][T23610] ? 0xffffffff81000000 [ 1144.938042][T23610] ? do_raw_spin_lock+0x128/0x260 [ 1144.938079][T23610] ? __pfx_do_accept+0x10/0x10 [ 1144.938119][T23610] ? 0xffffffff81000000 [ 1144.938131][T23610] __sys_accept4+0x108/0x200 [ 1144.938159][T23610] ? __pfx___sys_accept4+0x10/0x10 [ 1144.938192][T23610] __x64_sys_accept+0x74/0xb0 [ 1144.938218][T23610] ? lockdep_hardirqs_on+0x78/0x100 [ 1144.938239][T23610] do_syscall_64+0x106/0xf80 [ 1144.938257][T23610] ? clear_bhb_loop+0x40/0x90 [ 1144.938280][T23610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1144.938300][T23610] RIP: 0033:0x7f166559c819 [ 1144.938315][T23610] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1144.938333][T23610] RSP: 002b:00007f166652d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 1144.938352][T23610] RAX: ffffffffffffffda RBX: 00007f1665815fa0 RCX: 00007f166559c819 [ 1144.938365][T23610] RDX: ffffffff81000000 RSI: ffffffffffffffff RDI: 0000000000000003 [ 1144.938376][T23610] RBP: 00007f1665632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1144.938387][T23610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1144.938398][T23610] R13: 00007f1665816038 R14: 00007f1665815fa0 R15: 00007ffd5bbc2578 [ 1144.938415][T23610] ? 0xffffffff81000000 [ 1144.938433][T23610] [ 1145.807505][T23626] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5490'. [ 1146.613663][T23645] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5498'. [ 1147.326379][T23658] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5501'. [ 1148.327136][T23662] Process accounting paused [ 1150.127854][T23688] kexec: Could not allocate control_code_buffer [ 1150.258800][ T5148] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1150.299441][T23693] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5510'. [ 1152.764675][T23733] random: crng reseeded on system resumption [ 1153.677684][T23745] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5521'. [ 1155.368365][T23781] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5533'. [ 1159.003795][T23798] Process accounting resumed [ 1160.617430][T23833] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5545'. [ 1161.478538][T23835] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5555'. [ 1163.240628][T23859] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5549'. [ 1166.783019][T23896] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5559'. [ 1167.301410][T23906] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5571'. [ 1167.744653][T23917] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 1168.690342][T23928] FAULT_INJECTION: forcing a failure. [ 1168.690342][T23928] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.753162][T23928] CPU: 0 UID: 0 PID: 23928 Comm: syz.0.5568 Tainted: G L syzkaller #0 PREEMPT(full) [ 1168.753196][T23928] Tainted: [L]=SOFTLOCKUP [ 1168.753203][T23928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1168.753213][T23928] Call Trace: [ 1168.753221][T23928] [ 1168.753229][T23928] dump_stack_lvl+0x100/0x190 [ 1168.753262][T23928] should_fail_ex.cold+0x5/0xa [ 1168.753285][T23928] should_failslab+0xc2/0x120 [ 1168.753307][T23928] __kmalloc_node_noprof+0xe6/0x850 [ 1168.753336][T23928] ? __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 1168.753366][T23928] __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 1168.753394][T23928] ? lockdep_init_map_type+0x5c/0x250 [ 1168.753424][T23928] blk_mq_init_allocated_queue+0x308/0x1440 [ 1168.753447][T23928] ? blk_alloc_queue+0x627/0x790 [ 1168.753473][T23928] ? blk_alloc_queue+0x1a3/0x790 [ 1168.753501][T23928] blk_mq_alloc_queue+0x1bd/0x290 [ 1168.753520][T23928] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 1168.753551][T23928] ? blk_mq_alloc_tag_set+0xe2c/0x1330 [ 1168.753576][T23928] __blk_mq_alloc_disk+0x29/0x120 [ 1168.753595][T23928] loop_add+0x498/0xb60 [ 1168.753624][T23928] ? __pfx_loop_add+0x10/0x10 [ 1168.753665][T23928] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1168.753689][T23928] loop_control_ioctl+0xae/0x620 [ 1168.753719][T23928] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1168.753748][T23928] ? xfd_validate_state+0x129/0x190 [ 1168.753777][T23928] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1168.753816][T23928] __x64_sys_ioctl+0x18e/0x210 [ 1168.753846][T23928] do_syscall_64+0x106/0xf80 [ 1168.753866][T23928] ? clear_bhb_loop+0x40/0x90 [ 1168.753890][T23928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.753910][T23928] RIP: 0033:0x7f166559c819 [ 1168.753926][T23928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1168.753945][T23928] RSP: 002b:00007f166652d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1168.753964][T23928] RAX: ffffffffffffffda RBX: 00007f1665815fa0 RCX: 00007f166559c819 [ 1168.753977][T23928] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 1168.753989][T23928] RBP: 00007f1665632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1168.754000][T23928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1168.754011][T23928] R13: 00007f1665816038 R14: 00007f1665815fa0 R15: 00007ffd5bbc2578 [ 1168.754035][T23928] [ 1169.645969][T23919] kexec: Could not allocate control_code_buffer [ 1170.812862][T23956] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5576'. [ 1172.286529][T23993] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 1172.932377][T23993] PCI: Can't parse resource_alignment parameter: 1 [ 1173.185015][T24009] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5590'. [ 1173.238411][T24007] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5590'. [ 1173.783309][T24018] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5593'. [ 1174.136247][T24025] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 1175.037315][T24042] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5601'. [ 1177.867090][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.876593][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.031219][T24110] Process accounting resumed [ 1181.063030][T24165] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5635'. [ 1181.149661][T24161] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5635'. [ 1181.566324][T24174] FAULT_INJECTION: forcing a failure. [ 1181.566324][T24174] name failslab, interval 1, probability 0, space 0, times 0 [ 1181.654778][T24174] CPU: 0 UID: 0 PID: 24174 Comm: syz.3.5638 Tainted: G L syzkaller #0 PREEMPT(full) [ 1181.654810][T24174] Tainted: [L]=SOFTLOCKUP [ 1181.654818][T24174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1181.654829][T24174] Call Trace: [ 1181.654837][T24174] [ 1181.654845][T24174] dump_stack_lvl+0x100/0x190 [ 1181.654878][T24174] should_fail_ex.cold+0x5/0xa [ 1181.654902][T24174] should_failslab+0xc2/0x120 [ 1181.654924][T24174] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1181.654951][T24174] ? sctp_endpoint_new+0xfc/0xb20 [ 1181.654976][T24174] sctp_endpoint_new+0xfc/0xb20 [ 1181.654999][T24174] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 1181.655018][T24174] ? lockdep_init_map_type+0x5c/0x250 [ 1181.655044][T24174] ? lockdep_init_map_type+0x5c/0x250 [ 1181.655069][T24174] ? lockdep_init_map_type+0x5c/0x250 [ 1181.655094][T24174] ? lockdep_init_map_type+0x5c/0x250 [ 1181.655123][T24174] sctp_init_sock+0xe2b/0x1300 [ 1181.655142][T24174] ? __pfx_sctp_init_sock+0x10/0x10 [ 1181.655162][T24174] inet_create+0x94c/0x1060 [ 1181.655187][T24174] ? inet_create+0x94/0x1060 [ 1181.655214][T24174] __sock_create+0x339/0x860 [ 1181.655243][T24174] __sys_socket+0x14d/0x260 [ 1181.655268][T24174] ? __pfx___sys_socket+0x10/0x10 [ 1181.655299][T24174] __x64_sys_socket+0x72/0xb0 [ 1181.655324][T24174] ? lockdep_hardirqs_on+0x78/0x100 [ 1181.655344][T24174] do_syscall_64+0x106/0xf80 [ 1181.655363][T24174] ? clear_bhb_loop+0x40/0x90 [ 1181.655385][T24174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1181.655405][T24174] RIP: 0033:0x7f80e959c819 [ 1181.655421][T24174] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1181.655439][T24174] RSP: 002b:00007f80ea40f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1181.655458][T24174] RAX: ffffffffffffffda RBX: 00007f80e9815fa0 RCX: 00007f80e959c819 [ 1181.655470][T24174] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002 [ 1181.655480][T24174] RBP: 00007f80e9632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1181.655491][T24174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1181.655502][T24174] R13: 00007f80e9816038 R14: 00007f80e9815fa0 R15: 00007fff9123c1f8 [ 1181.655524][T24174] [ 1183.097340][T24201] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5647'. [ 1183.203418][T24198] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5647'. [ 1183.545342][T24209] ptrace attach of "./syz-executor exec"[8943] was attempted by "'m\x0a4R\x0b>7WRc\x0c., A\x0dJ7y(R?G%*bqx8]a)exMǴE>pcXh&-z{<{F@eIL5%u Sh-P-pL柊T4i'.면+#SxA[1[ZشQ4:5U]2w4r;El{LЯ2{2w…kԂLd!\x22Յ:ŝW`0`\x0b8%@'\x1boXSCj\x22\x22 <O5/iXzpX%\x0bi95\x0c\x0d)Q\x5ck)68UU>KE rHD\x09BEg^o`peZu{F\x220Ȩ7Y\x5c޵@8)R#5`X7G❅:@\x0a!7BY+s%E\x0dJ)'бy6zsn!deܓh?I49yj}NL3@S#67X'+]1\x0a@?,V:=\x0c{$1сLM#ЯJ.249&mXuFP)fƘQVv\x0cl\x1bt/ٽrd\x1b#|A1!<\x5cJvTLR\x5cxEWbr8\x0b#?\x07n^\x09+6P4zuX,OE6fܣ_E02!νx%І{[دT^<ި}l<\x09TXXݲInitZYvc~ihb+;ЯʱСkp6C;$C.=\x0a\x5ce0ӿPUZD\x5cO [ 1184.533093][T24235] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 1184.911609][T24245] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5660'. [ 1184.965555][T24241] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5660'. [ 1187.476973][T24292] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 1188.524681][T24315] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5678'. [ 1189.143789][T24317] Process accounting paused [ 1189.368241][T24334] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 1189.605584][T24336] ptrace attach of "./syz-executor exec"[21982] was attempted by "#\x0b?p-TDԵϸDHxWa\x07#VU\x0aLIɏA\x22;fK'7St\x5c7\x0d&xVBUV1fHX^i֑nտb6jǪhGQ~S׌`)*6jJj0͗˩qk^!X)x2z\x0aʝlm @Q,Cl}0Ju߅o \x09.ϓێ#4WPՃ_`0n܃)sos/rIVI,چM4݄g=(*?yUy\x22{fD{h[YkˤnSS4>IXaԅb{] B߽hVs'9MXn?[ TzR0dqoDϵ3\x0a,gִgCZ3\x5c3de\x0dUց掗٢WzzK?$Ȑ1#AxQw2Xob͐9a\x0d\x0bۼC*xB~fO\x22_\x0a;6!#tO@k\x22\x22^x(O_M6f+zK`\x0a5L^\x5caR7X6]uܙ41[R1}c\x07\x22M\x0c{dy\x09S},swgDž5jb8:競A;#O]rC0`gb[7\x0a{`UjF0kD67xJJml'i*;9|dtmzzR)ZcnG[\x0bw\x5cB0ڮ{^gk5Lh\x0aޮڨke~GwyMFMTr!f ;}\x5cùOfCXK4J2#u_6fTTxB\x0dd|!f [ 1189.761990][ T29] audit: type=1804 audit(4294967517.380:23): pid=24337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.5684" name="/newroot/1395/file0" dev="tmpfs" ino=7260 res=1 errno=0 [ 1190.033511][T24346] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5689'. [ 1190.275414][T24329] bridge0: port 3(veth1_macvtap) entered blocking state [ 1190.286955][T24329] bridge0: port 3(veth1_macvtap) entered disabled state [ 1190.329334][T24329] veth1_macvtap: entered allmulticast mode [ 1190.362346][T24329] veth1_macvtap: left allmulticast mode [ 1190.433730][ T29] audit: type=1804 audit(4294967517.520:24): pid=24338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.5684" name="/newroot/1395/file0" dev="tmpfs" ino=7260 res=1 errno=0 [ 1191.781755][T24375] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5698'. [ 1192.066070][T24380] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5707'. [ 1192.508790][T24391] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5711'. [ 1193.906935][T24414] zswap: compressor not available [ 1195.676878][T24452] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5723'. [ 1196.715066][T24467] FAULT_INJECTION: forcing a failure. [ 1196.715066][T24467] name failslab, interval 1, probability 0, space 0, times 0 [ 1196.813362][T24467] CPU: 0 UID: 0 PID: 24467 Comm: syz.0.5728 Tainted: G L syzkaller #0 PREEMPT(full) [ 1196.813395][T24467] Tainted: [L]=SOFTLOCKUP [ 1196.813401][T24467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1196.813412][T24467] Call Trace: [ 1196.813420][T24467] [ 1196.813428][T24467] dump_stack_lvl+0x100/0x190 [ 1196.813461][T24467] should_fail_ex.cold+0x5/0xa [ 1196.813484][T24467] should_failslab+0xc2/0x120 [ 1196.813506][T24467] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1196.813536][T24467] ? anon_vma_clone+0x2ba/0xcd0 [ 1196.813564][T24467] anon_vma_clone+0x2ba/0xcd0 [ 1196.813603][T24467] anon_vma_fork+0x1bb/0x6b0 [ 1196.813633][T24467] dup_mmap+0x141f/0x2180 [ 1196.813666][T24467] ? __pfx_dup_mmap+0x10/0x10 [ 1196.813688][T24467] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1196.813725][T24467] ? __lock_acquire+0x4a5/0x2630 [ 1196.813750][T24467] ? find_held_lock+0x2b/0x80 [ 1196.813768][T24467] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 1196.813810][T24467] copy_process+0x7523/0x7a40 [ 1196.813845][T24467] ? __pfx_copy_process+0x10/0x10 [ 1196.813868][T24467] ? find_held_lock+0x2b/0x80 [ 1196.813896][T24467] kernel_clone+0xfc/0x9a0 [ 1196.813916][T24467] ? __pfx_futex_wait+0x10/0x10 [ 1196.813947][T24467] ? __pfx_kernel_clone+0x10/0x10 [ 1196.813981][T24467] __do_sys_clone+0xd9/0x120 [ 1196.814005][T24467] ? __pfx___do_sys_clone+0x10/0x10 [ 1196.814048][T24467] do_syscall_64+0x106/0xf80 [ 1196.814067][T24467] ? clear_bhb_loop+0x40/0x90 [ 1196.814090][T24467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1196.814109][T24467] RIP: 0033:0x7f166559c819 [ 1196.814125][T24467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1196.814143][T24467] RSP: 002b:00007f166652cfd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1196.814161][T24467] RAX: ffffffffffffffda RBX: 00007f1665815fa0 RCX: 00007f166559c819 [ 1196.814173][T24467] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1196.814184][T24467] RBP: 00007f1665632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1196.814195][T24467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1196.814205][T24467] R13: 00007f1665816038 R14: 00007f1665815fa0 R15: 00007ffd5bbc2578 [ 1196.814228][T24467] [ 1198.076756][T24480] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 1198.203807][T24484] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5733'. [ 1198.326965][T24487] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 1198.603814][T24489] Console: switching to colour frame buffer device 13x6 [ 1199.884596][T24521] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5743'. [ 1200.561012][T24536] can0: slcan on ttyS2. [ 1200.639946][T24535] can0 (unregistered): slcan off ttyS2. [ 1200.955190][T24543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5750'. [ 1201.009598][T24543] netlink: 'syz.4.5750': attribute type 1 has an invalid length. [ 1201.057060][T24543] netlink: 'syz.4.5750': attribute type 6 has an invalid length. [ 1202.108176][T24567] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5755'. [ 1202.376258][T24570] FAULT_INJECTION: forcing a failure. [ 1202.376258][T24570] name failslab, interval 1, probability 0, space 0, times 0 [ 1202.585378][T24570] CPU: 0 UID: 0 PID: 24570 Comm: syz.4.5754 Tainted: G L syzkaller #0 PREEMPT(full) [ 1202.585411][T24570] Tainted: [L]=SOFTLOCKUP [ 1202.585419][T24570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1202.585429][T24570] Call Trace: [ 1202.585437][T24570] [ 1202.585444][T24570] dump_stack_lvl+0x100/0x190 [ 1202.585478][T24570] should_fail_ex.cold+0x5/0xa [ 1202.585501][T24570] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1202.585531][T24570] should_failslab+0xc2/0x120 [ 1202.585553][T24570] __kmalloc_noprof+0xe0/0x850 [ 1202.585590][T24570] ? ipcget+0xee/0xf50 [ 1202.585620][T24570] memcg_list_lru_alloc+0x4ec/0x740 [ 1202.585655][T24570] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1202.585683][T24570] ? rcu_read_unlock+0x17/0x60 [ 1202.585711][T24570] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1202.585743][T24570] __memcg_slab_post_alloc_hook+0x130/0x990 [ 1202.585772][T24570] ? kasan_save_track+0x14/0x30 [ 1202.585793][T24570] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1202.585823][T24570] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1202.585849][T24570] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1202.585869][T24570] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 1202.585890][T24570] alloc_inode+0x68/0x250 [ 1202.585917][T24570] new_inode+0x22/0x1c0 [ 1202.585944][T24570] hugetlbfs_get_inode+0x313/0x750 [ 1202.585968][T24570] hugetlb_file_setup+0x3cc/0x5b0 [ 1202.585993][T24570] newseg+0xabb/0xed0 [ 1202.586022][T24570] ? __pfx_newseg+0x10/0x10 [ 1202.586047][T24570] ? down_write+0x146/0x1f0 [ 1202.586069][T24570] ? ksys_write+0x190/0x250 [ 1202.586088][T24570] ? ksys_write+0x190/0x250 [ 1202.586108][T24570] ipcget+0xee/0xf50 [ 1202.586134][T24570] ? do_futex+0x192/0x350 [ 1202.586158][T24570] ? __pfx_do_futex+0x10/0x10 [ 1202.586187][T24570] ? __pfx_ipcget+0x10/0x10 [ 1202.586213][T24570] ? __x64_sys_futex+0x34f/0x4d0 [ 1202.586237][T24570] ? __x64_sys_futex+0x358/0x4d0 [ 1202.586265][T24570] __x64_sys_shmget+0x13b/0x1b0 [ 1202.586293][T24570] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1202.586326][T24570] do_syscall_64+0x106/0xf80 [ 1202.586344][T24570] ? clear_bhb_loop+0x40/0x90 [ 1202.586367][T24570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1202.586387][T24570] RIP: 0033:0x7f492ed9c819 [ 1202.586404][T24570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1202.586422][T24570] RSP: 002b:00007f492cbf4028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1202.586440][T24570] RAX: ffffffffffffffda RBX: 00007f492f016270 RCX: 00007f492ed9c819 [ 1202.586452][T24570] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1202.586464][T24570] RBP: 00007f492ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1202.586475][T24570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1202.586486][T24570] R13: 00007f492f016308 R14: 00007f492f016270 R15: 00007fff3781e778 [ 1202.586509][T24570] [ 1203.936126][T24586] random: crng reseeded on system resumption [ 1204.098751][ T5148] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1204.528985][T24599] netlink: 93 bytes leftover after parsing attributes in process `syz.0.5765'. [ 1204.781897][T24603] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5766'. [ 1205.003880][T24606] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5768'. [ 1206.561944][T24640] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5774'. [ 1209.526967][T24686] Process accounting paused [ 1209.780967][T24691] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5786'. [ 1209.864610][T24693] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5788'. [ 1210.787769][T24717] Process accounting resumed [ 1213.612266][T24758] FAULT_INJECTION: forcing a failure. [ 1213.612266][T24758] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.695320][T24758] CPU: 0 UID: 0 PID: 24758 Comm: syz.0.5798 Tainted: G L syzkaller #0 PREEMPT(full) [ 1213.695351][T24758] Tainted: [L]=SOFTLOCKUP [ 1213.695357][T24758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1213.695368][T24758] Call Trace: [ 1213.695375][T24758] [ 1213.695383][T24758] dump_stack_lvl+0x100/0x190 [ 1213.695415][T24758] should_fail_ex.cold+0x5/0xa [ 1213.695438][T24758] should_failslab+0xc2/0x120 [ 1213.695464][T24758] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1213.695494][T24758] ? proc_alloc_inode+0x25/0x200 [ 1213.695525][T24758] ? __pfx_proc_alloc_inode+0x10/0x10 [ 1213.695556][T24758] proc_alloc_inode+0x25/0x200 [ 1213.695584][T24758] alloc_inode+0x68/0x250 [ 1213.695610][T24758] new_inode+0x22/0x1c0 [ 1213.695638][T24758] proc_pid_make_inode+0x22/0x160 [ 1213.695668][T24758] proc_pident_instantiate+0x85/0x310 [ 1213.695709][T24758] proc_pident_lookup+0x1e3/0x270 [ 1213.695743][T24758] __lookup_slow+0x251/0x460 [ 1213.695769][T24758] ? __pfx___lookup_slow+0x10/0x10 [ 1213.695813][T24758] lookup_slow+0x50/0x70 [ 1213.695839][T24758] link_path_walk+0x1377/0x1cc0 [ 1213.695876][T24758] path_openat+0x1be/0x31a0 [ 1213.695895][T24758] ? kasan_save_stack+0x3f/0x50 [ 1213.695912][T24758] ? kasan_save_stack+0x30/0x50 [ 1213.695929][T24758] ? kasan_save_track+0x14/0x30 [ 1213.695946][T24758] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1213.695980][T24758] ? __pfx_path_openat+0x10/0x10 [ 1213.696009][T24758] do_file_open+0x20e/0x430 [ 1213.696031][T24758] ? __pfx_do_file_open+0x10/0x10 [ 1213.696059][T24758] ? __pfx_kfree_link+0x10/0x10 [ 1213.696093][T24758] ? alloc_fd+0x476/0x790 [ 1213.696114][T24758] ? do_getname+0x191/0x390 [ 1213.696140][T24758] do_sys_openat2+0x10d/0x1e0 [ 1213.696166][T24758] ? __pfx_do_sys_openat2+0x10/0x10 [ 1213.696200][T24758] __x64_sys_openat+0x12d/0x210 [ 1213.696227][T24758] ? __pfx___x64_sys_openat+0x10/0x10 [ 1213.696262][T24758] do_syscall_64+0x106/0xf80 [ 1213.696281][T24758] ? clear_bhb_loop+0x40/0x90 [ 1213.696304][T24758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.696324][T24758] RIP: 0033:0x7f166555d04e [ 1213.696339][T24758] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1213.696358][T24758] RSP: 002b:00007f166650bec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1213.696377][T24758] RAX: ffffffffffffffda RBX: 00007f166650c6c0 RCX: 00007f166555d04e [ 1213.696389][T24758] RDX: 0000000000000002 RSI: 00007f166650bf90 RDI: ffffffffffffff9c [ 1213.696401][T24758] RBP: 00007f1665632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1213.696413][T24758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1213.696424][T24758] R13: 00007f1665816128 R14: 00007f1665816090 R15: 00007ffd5bbc2578 [ 1213.696450][T24758] [ 1219.507854][T24834] Process accounting resumed [ 1220.603073][T24870] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5821'. [ 1220.669329][T24864] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5821'. [ 1220.776906][T24868] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5821'. [ 1220.897601][T24877] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5822'. [ 1221.174852][T24879] can0: slcan on ttyS2. [ 1221.301936][T24878] can0 (unregistered): slcan off ttyS2. [ 1223.279888][T24929] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5834'. [ 1223.715677][T24940] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5836'. [ 1224.867567][T24968] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5840'. [ 1226.365980][T24982] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5844'. [ 1226.376257][T24984] random: crng reseeded on system resumption [ 1226.748125][T24994] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5847'. [ 1228.993435][T25028] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5855'. [ 1229.492210][T25039] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5858'. [ 1232.339771][T25081] input: jJǸ-9%vJ86 as /devices/virtual/input/input24 [ 1232.620225][T25083] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5868'. [ 1232.968670][T25085] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5870'. [ 1235.234995][T25117] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5879'. [ 1235.786031][T25131] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5881'. [ 1236.277870][T25143] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 1237.019766][T23459] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1237.035050][T23459] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1237.044829][T23459] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1237.053624][T23459] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1237.069986][T23459] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1237.909383][T25150] chnl_net:caif_netlink_parms(): no params data found [ 1238.053259][T25150] bridge0: port 1(bridge_slave_0) entered blocking state [ 1238.060784][T25150] bridge0: port 1(bridge_slave_0) entered disabled state [ 1238.069020][T25150] bridge_slave_0: entered allmulticast mode [ 1238.076184][T25150] bridge_slave_0: entered promiscuous mode [ 1238.084980][T25150] bridge0: port 2(bridge_slave_1) entered blocking state [ 1238.095502][T25150] bridge0: port 2(bridge_slave_1) entered disabled state [ 1238.103132][T25150] bridge_slave_1: entered allmulticast mode [ 1238.111146][T25150] bridge_slave_1: entered promiscuous mode [ 1238.140980][T25150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1238.153928][T25150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1238.186203][T25150] team0: Port device team_slave_0 added [ 1238.194655][T25150] team0: Port device team_slave_1 added [ 1238.222058][T25150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1238.229387][T25150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1238.256955][T25150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1238.276238][T25150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1238.283561][T25150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1238.313359][T25150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1238.355544][T25150] hsr_slave_0: entered promiscuous mode [ 1238.362741][T25150] hsr_slave_1: entered promiscuous mode [ 1238.369717][T25150] debugfs: 'hsr0' already exists in 'hsr' [ 1238.376457][T25150] Cannot create hsr debugfs directory [ 1238.546831][T25150] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1238.557218][T25150] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1238.567445][T25150] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1238.580033][T25150] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1238.611520][T25150] bridge0: port 2(bridge_slave_1) entered blocking state [ 1238.618786][T25150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1238.626154][T25150] bridge0: port 1(bridge_slave_0) entered blocking state [ 1238.633343][T25150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1238.702522][T25150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1238.719854][ T150] bridge0: port 1(bridge_slave_0) entered disabled state [ 1238.727586][ T150] bridge0: port 2(bridge_slave_1) entered disabled state [ 1238.741813][T25150] 8021q: adding VLAN 0 to HW filter on device team0 [ 1238.759529][ T150] bridge0: port 1(bridge_slave_0) entered blocking state [ 1238.766677][ T150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1238.799985][ T150] bridge0: port 2(bridge_slave_1) entered blocking state [ 1238.807140][ T150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1238.834074][T25150] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1238.845023][T25150] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1239.016286][T25150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1239.139467][T23459] Bluetooth: hci5: command tx timeout [ 1239.251057][T25150] veth0_vlan: entered promiscuous mode [ 1239.265188][T25150] veth1_vlan: entered promiscuous mode [ 1239.297868][T25150] veth0_macvtap: entered promiscuous mode [ 1239.319180][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.325706][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.339121][T25150] veth1_macvtap: entered promiscuous mode [ 1239.357462][T25150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1239.374609][T25150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1239.393409][ T1107] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1239.417739][ T1107] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1239.476112][ T1107] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1239.494357][ T1107] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1239.533903][T10800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1239.555706][T10800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1239.590329][T10800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1239.601077][T10800] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1239.783967][T25192] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5899'. [ 1239.822628][T25192] netlink: 'syz.3.5899': attribute type 1 has an invalid length. [ 1239.868385][T25192] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.5899'. [ 1239.982872][T25192] Process accounting resumed [ 1241.218827][T23459] Bluetooth: hci5: command tx timeout [ 1242.339454][ T29] audit: type=1800 audit(4294967569.950:25): pid=25222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5893" name="sr0" dev="devtmpfs" ino=2874 res=0 errno=0 [ 1242.853855][T25230] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5896'. [ 1243.298678][T23459] Bluetooth: hci5: command tx timeout [ 1245.378995][T23459] Bluetooth: hci5: command tx timeout [ 1249.147029][T23459] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 1250.176796][T25307] Process accounting paused [ 1253.618185][T23459] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1253.763585][T25348] vivid-007: ================= START STATUS ================= [ 1253.802459][T25348] vivid-007: Generate PTS: true [ 1253.819294][T25348] vivid-007: Generate SCR: true [ 1253.826165][T25348] tpg source WxH: 320x240 (Y'CbCr) [ 1253.840393][T25348] tpg field: 1 [ 1253.848444][T25348] tpg crop: (0,0)/320x240 [ 1253.877011][T25348] tpg compose: (0,0)/320x240 [ 1253.894039][T25348] tpg colorspace: 8 [ 1253.897911][T25348] tpg transfer function: 0/0 [ 1254.020009][T25348] tpg Y'CbCr encoding: 0/0 [ 1254.024569][T25348] tpg quantization: 0/0 [ 1254.135079][T25348] tpg RGB range: 0/2 [ 1254.152929][T25348] vivid-007: ================== END STATUS ================== [ 1257.618960][ T5148] Bluetooth: hci0: command 0x1003 tx timeout [ 1257.628207][T23459] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 1257.705345][T25404] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5931'. [ 1257.754415][T25404] netlink: 354 bytes leftover after parsing attributes in process `syz.5.5931'. [ 1260.246958][T25448] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5942'. [ 1261.077634][T25462] FAULT_INJECTION: forcing a failure. [ 1261.077634][T25462] name failslab, interval 1, probability 0, space 0, times 0 [ 1261.176525][T25465] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 1261.188039][T25462] CPU: 0 UID: 8 PID: 25462 Comm: syz.4.5945 Tainted: G L syzkaller #0 PREEMPT(full) [ 1261.188076][T25462] Tainted: [L]=SOFTLOCKUP [ 1261.188084][T25462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1261.188095][T25462] Call Trace: [ 1261.188102][T25462] [ 1261.188109][T25462] dump_stack_lvl+0x100/0x190 [ 1261.188141][T25462] should_fail_ex.cold+0x5/0xa [ 1261.188164][T25462] should_failslab+0xc2/0x120 [ 1261.188187][T25462] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1261.188217][T25462] ? key_alloc+0x3c5/0x1310 [ 1261.188240][T25462] ? mark_held_locks+0x40/0x70 [ 1261.188273][T25462] key_alloc+0x3c5/0x1310 [ 1261.188306][T25462] ? __pfx_key_alloc+0x10/0x10 [ 1261.188337][T25462] ? __pfx_key_default_cmp+0x10/0x10 [ 1261.188366][T25462] ? __pfx_keyring_search_iterator+0x10/0x10 [ 1261.188397][T25462] keyring_alloc+0x44/0xc0 [ 1261.188427][T25462] look_up_user_keyrings+0x508/0x790 [ 1261.188454][T25462] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 1261.188478][T25462] ? futex_wait+0x125/0x380 [ 1261.188509][T25462] ? __pfx_futex_wait+0x10/0x10 [ 1261.188543][T25462] lookup_user_key+0xbb1/0x1300 [ 1261.188568][T25462] ? __pfx_lookup_user_key+0x10/0x10 [ 1261.188597][T25462] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1261.188624][T25462] ? __x64_sys_futex+0x34f/0x4d0 [ 1261.188648][T25462] ? __x64_sys_futex+0x358/0x4d0 [ 1261.188678][T25462] keyctl_session_to_parent+0x28/0xae0 [ 1261.188704][T25462] __do_sys_keyctl+0x2b1/0x5a0 [ 1261.188726][T25462] do_syscall_64+0x106/0xf80 [ 1261.188746][T25462] ? clear_bhb_loop+0x40/0x90 [ 1261.188769][T25462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1261.188788][T25462] RIP: 0033:0x7f492ed9c819 [ 1261.188804][T25462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1261.188822][T25462] RSP: 002b:00007f492fb7a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1261.188840][T25462] RAX: ffffffffffffffda RBX: 00007f492f016180 RCX: 00007f492ed9c819 [ 1261.188853][T25462] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 1261.188865][T25462] RBP: 00007f492ee32c91 R08: 0000000000000001 R09: 0000000000000000 [ 1261.188876][T25462] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 1261.188887][T25462] R13: 00007f492f016218 R14: 00007f492f016180 R15: 00007fff3781e778 [ 1261.188911][T25462] [ 1263.847557][T25485] zram: Added device: zram0 [ 1267.344713][T25521] i2c i2c-0: delete_device: Can't find device in list [ 1269.880973][T25551] netlink: 326 bytes leftover after parsing attributes in process `syz.6.5965'. [ 1269.948207][T25554] FAULT_INJECTION: forcing a failure. [ 1269.948207][T25554] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1270.089319][T25551] FAULT_INJECTION: forcing a failure. [ 1270.089319][T25551] name failslab, interval 1, probability 0, space 0, times 0 [ 1270.217978][T25554] CPU: 0 UID: 0 PID: 25554 Comm: syz.6.5965 Tainted: G L syzkaller #0 PREEMPT(full) [ 1270.218011][T25554] Tainted: [L]=SOFTLOCKUP [ 1270.218018][T25554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1270.218029][T25554] Call Trace: [ 1270.218037][T25554] [ 1270.218045][T25554] dump_stack_lvl+0x100/0x190 [ 1270.218077][T25554] should_fail_ex.cold+0x5/0xa [ 1270.218107][T25554] _copy_to_user+0x32/0xd0 [ 1270.218135][T25554] poll_select_finish+0x32f/0x670 [ 1270.218156][T25554] ? __pfx_poll_select_finish+0x10/0x10 [ 1270.218177][T25554] ? ktime_get_ts64+0x2d2/0x3f0 [ 1270.218200][T25554] ? read_tsc+0x9/0x20 [ 1270.218221][T25554] ? ktime_get_ts64+0x256/0x3f0 [ 1270.218251][T25554] kern_select+0x21b/0x270 [ 1270.218272][T25554] ? __pfx_kern_select+0x10/0x10 [ 1270.218298][T25554] __x64_sys_select+0xbd/0x160 [ 1270.218315][T25554] ? do_syscall_64+0x95/0xf80 [ 1270.218335][T25554] ? lockdep_hardirqs_on+0x78/0x100 [ 1270.218354][T25554] do_syscall_64+0x106/0xf80 [ 1270.218372][T25554] ? clear_bhb_loop+0x40/0x90 [ 1270.218395][T25554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1270.218414][T25554] RIP: 0033:0x7f7ece39c819 [ 1270.218430][T25554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1270.218448][T25554] RSP: 002b:00007f7ecf1f0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1270.218468][T25554] RAX: ffffffffffffffda RBX: 00007f7ece616090 RCX: 00007f7ece39c819 [ 1270.218480][T25554] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 1270.218492][T25554] RBP: 00007f7ece432c91 R08: 00002000000001c0 R09: 0000000000000000 [ 1270.218504][T25554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1270.218516][T25554] R13: 00007f7ece616128 R14: 00007f7ece616090 R15: 00007ffdfd1a2d08 [ 1270.218540][T25554] [ 1270.499973][T25558] program syz.4.5966 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1270.571861][T25547] Process accounting paused [ 1270.883854][T25551] CPU: 0 UID: 0 PID: 25551 Comm: syz.6.5965 Tainted: G L syzkaller #0 PREEMPT(full) [ 1270.883887][T25551] Tainted: [L]=SOFTLOCKUP [ 1270.883894][T25551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1270.883906][T25551] Call Trace: [ 1270.883913][T25551] [ 1270.883921][T25551] dump_stack_lvl+0x100/0x190 [ 1270.883955][T25551] should_fail_ex.cold+0x5/0xa [ 1270.883979][T25551] should_failslab+0xc2/0x120 [ 1270.884011][T25551] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1270.884038][T25551] ? call_usermodehelper_setup+0xaf/0x360 [ 1270.884072][T25551] ? __pfx_free_modprobe_argv+0x10/0x10 [ 1270.884100][T25551] call_usermodehelper_setup+0xaf/0x360 [ 1270.884135][T25551] __request_module+0x3c7/0x6c0 [ 1270.884164][T25551] ? __pfx___request_module+0x10/0x10 [ 1270.884198][T25551] ? __get_fs_type+0x12c/0x170 [ 1270.884220][T25551] ? __get_fs_type+0x12c/0x170 [ 1270.884251][T25551] get_fs_type+0xd7/0x190 [ 1270.884275][T25551] __x64_sys_fsopen+0xca/0x220 [ 1270.884302][T25551] do_syscall_64+0x106/0xf80 [ 1270.884321][T25551] ? clear_bhb_loop+0x40/0x90 [ 1270.884344][T25551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1270.884364][T25551] RIP: 0033:0x7f7ece39c819 [ 1270.884380][T25551] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1270.884398][T25551] RSP: 002b:00007f7ecf211028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 1270.884417][T25551] RAX: ffffffffffffffda RBX: 00007f7ece615fa0 RCX: 00007f7ece39c819 [ 1270.884429][T25551] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1270.884440][T25551] RBP: 00007f7ece432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1270.884451][T25551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1270.884462][T25551] R13: 00007f7ece616038 R14: 00007f7ece615fa0 R15: 00007ffdfd1a2d08 [ 1270.884484][T25551] [ 1271.990692][T25573] i2c i2c-0: delete_device: Can't find device in list [ 1273.759184][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1273.771181][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1273.785195][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1273.793112][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1273.801355][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1273.967884][T25575] chnl_net:caif_netlink_parms(): no params data found [ 1274.038827][T25575] bridge0: port 1(bridge_slave_0) entered blocking state [ 1274.046220][T25575] bridge0: port 1(bridge_slave_0) entered disabled state [ 1274.053778][T25575] bridge_slave_0: entered allmulticast mode [ 1274.065544][T25575] bridge_slave_0: entered promiscuous mode [ 1274.073878][T25575] bridge0: port 2(bridge_slave_1) entered blocking state [ 1274.081466][T25575] bridge0: port 2(bridge_slave_1) entered disabled state [ 1274.089219][T25575] bridge_slave_1: entered allmulticast mode [ 1274.096482][T25575] bridge_slave_1: entered promiscuous mode [ 1274.154951][T25575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1274.189832][T25575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1274.322222][T25575] team0: Port device team_slave_0 added [ 1274.463765][T25575] team0: Port device team_slave_1 added [ 1274.592473][T25575] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1274.624993][T25575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1274.745757][T25575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1274.798885][T25575] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1274.837996][T25575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1274.953147][T25575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1275.213804][T25575] hsr_slave_0: entered promiscuous mode [ 1275.240286][T25575] hsr_slave_1: entered promiscuous mode [ 1275.277776][T25575] debugfs: 'hsr0' already exists in 'hsr' [ 1275.307098][T25575] Cannot create hsr debugfs directory [ 1275.588370][ T29] audit: type=1800 audit(4294967603.210:26): pid=25598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.5970" name="sr0" dev="devtmpfs" ino=2874 res=0 errno=0 [ 1275.862536][ T5148] Bluetooth: hci0: command tx timeout [ 1276.210601][T25575] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1276.276392][T25575] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1276.309219][T25607] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5975'. [ 1276.344194][T25575] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1276.374051][T25575] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1276.529825][T25615] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5977'. [ 1277.072898][T25575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1277.156026][T25575] 8021q: adding VLAN 0 to HW filter on device team0 [ 1277.430842][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1277.438339][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1277.527755][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 1277.535015][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1277.938482][ T5148] Bluetooth: hci0: command tx timeout [ 1278.199983][T25575] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1279.294599][T25575] veth0_vlan: entered promiscuous mode [ 1279.325669][T25575] veth1_vlan: entered promiscuous mode [ 1279.632663][T25575] veth0_macvtap: entered promiscuous mode [ 1279.829286][T25575] veth1_macvtap: entered promiscuous mode [ 1280.039288][ T5148] Bluetooth: hci0: command tx timeout [ 1280.089883][T25575] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1280.157870][T25575] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1280.266896][T10800] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.291642][T10800] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.332098][T10800] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.388032][T10800] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.617090][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1280.679109][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1280.758527][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1280.798025][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1281.053001][T25649] Process accounting resumed [ 1281.329284][T25675] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 1281.454103][T25676] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5984'. [ 1282.101303][ T5148] Bluetooth: hci0: command tx timeout [ 1286.353448][T25732] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 1286.775868][T25735] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5997'. [ 1288.174064][ T5148] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 1288.794252][T25759] netlink: 28 bytes leftover after parsing attributes in process `syz.7.6002'. [ 1289.041132][T25759] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1289.163511][T25759] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1289.421731][T25759] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1289.499477][T25759] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1290.631473][T25788] netlink: 93 bytes leftover after parsing attributes in process `syz.7.6008'. [ 1291.543692][T25801] hub 1-0:1.0: USB hub found [ 1291.613201][T25801] hub 1-0:1.0: 1 port detected [ 1292.584242][T25808] netlink: 93 bytes leftover after parsing attributes in process `syz.4.6013'. [ 1294.905622][T25837] netlink: 93 bytes leftover after parsing attributes in process `syz.7.6018'. [ 1295.005063][T25831] netlink: 93 bytes leftover after parsing attributes in process `syz.7.6018'. [ 1295.068839][T25835] netlink: 93 bytes leftover after parsing attributes in process `syz.7.6018'. [ 1297.794976][T25870] FAULT_INJECTION: forcing a failure. [ 1297.794976][T25870] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1297.882705][T25877] netlink: 93 bytes leftover after parsing attributes in process `syz.4.6028'. [ 1297.893116][T25870] CPU: 0 UID: 0 PID: 25870 Comm: syz.6.6026 Tainted: G L syzkaller #0 PREEMPT(full) [ 1297.893148][T25870] Tainted: [L]=SOFTLOCKUP [ 1297.893155][T25870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1297.893166][T25870] Call Trace: [ 1297.893173][T25870] [ 1297.893181][T25870] dump_stack_lvl+0x100/0x190 [ 1297.893215][T25870] should_fail_ex.cold+0x5/0xa [ 1297.893235][T25870] ? prepare_alloc_pages+0x16d/0x5f0 [ 1297.893261][T25870] should_fail_alloc_page+0xeb/0x140 [ 1297.893284][T25870] prepare_alloc_pages+0x1f0/0x5f0 [ 1297.893311][T25870] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1297.893344][T25870] ? lock_acquire+0x1cf/0x380 [ 1297.893370][T25870] ? find_held_lock+0x2b/0x80 [ 1297.893388][T25870] ? trace_ignore_this_task+0xbc/0x100 [ 1297.893417][T25870] ? trace_ignore_this_task+0xbc/0x100 [ 1297.893451][T25870] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1297.893493][T25870] ? lock_acquire+0x1cf/0x380 [ 1297.893519][T25870] ? find_held_lock+0x2b/0x80 [ 1297.893537][T25870] ? page_table_check_set+0x49a/0xa10 [ 1297.893556][T25870] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1297.893577][T25870] ? policy_nodemask+0xed/0x4f0 [ 1297.893601][T25870] alloc_pages_mpol+0x1fb/0x550 [ 1297.893623][T25870] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1297.893651][T25870] folio_alloc_mpol_noprof+0x36/0x340 [ 1297.893678][T25870] vma_alloc_folio_noprof+0xed/0x1d0 [ 1297.893703][T25870] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1297.893735][T25870] do_anonymous_page+0xb3a/0x1fb0 [ 1297.893770][T25870] __handle_mm_fault+0x1d48/0x2b60 [ 1297.893805][T25870] ? __pfx___handle_mm_fault+0x10/0x10 [ 1297.893841][T25870] ? pte_offset_map_lock+0x174/0x320 [ 1297.893862][T25870] ? find_held_lock+0x2b/0x80 [ 1297.893887][T25870] ? follow_page_pte+0x5b3/0x1400 [ 1297.893915][T25870] handle_mm_fault+0x36d/0xa20 [ 1297.893946][T25870] __get_user_pages+0xf9c/0x34d0 [ 1297.893977][T25870] ? __pfx___get_user_pages+0x10/0x10 [ 1297.894006][T25870] populate_vma_page_range+0x267/0x3f0 [ 1297.894033][T25870] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1297.894057][T25870] ? __pfx_find_vma_intersection+0x10/0x10 [ 1297.894084][T25870] __mm_populate+0x107/0x3a0 [ 1297.894110][T25870] ? __pfx___mm_populate+0x10/0x10 [ 1297.894136][T25870] ? up_write+0x406/0x4f0 [ 1297.894166][T25870] vm_mmap_pgoff+0x37f/0x470 [ 1297.894191][T25870] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1297.894216][T25870] ? do_futex+0x192/0x350 [ 1297.894242][T25870] ? __pfx_do_futex+0x10/0x10 [ 1297.894265][T25870] ? __pfx_do_sys_openat2+0x10/0x10 [ 1297.894296][T25870] ksys_mmap_pgoff+0xe1/0x650 [ 1297.894317][T25870] ? __x64_sys_futex+0x34f/0x4d0 [ 1297.894342][T25870] ? __x64_sys_futex+0x358/0x4d0 [ 1297.894368][T25870] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1297.894390][T25870] ? xfd_validate_state+0x129/0x190 [ 1297.894422][T25870] __x64_sys_mmap+0x125/0x190 [ 1297.894454][T25870] do_syscall_64+0x106/0xf80 [ 1297.894473][T25870] ? clear_bhb_loop+0x40/0x90 [ 1297.894497][T25870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1297.894516][T25870] RIP: 0033:0x7f7ece39c819 [ 1297.894533][T25870] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1297.894552][T25870] RSP: 002b:00007f7ecf1f0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1297.894570][T25870] RAX: ffffffffffffffda RBX: 00007f7ece616090 RCX: 00007f7ece39c819 [ 1297.894583][T25870] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 1297.894594][T25870] RBP: 00007f7ece432c91 R08: ffffffffffffffff R09: 0000000000000000 [ 1297.894606][T25870] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1297.894617][T25870] R13: 00007f7ece616128 R14: 00007f7ece616090 R15: 00007ffdfd1a2d08 [ 1297.894640][T25870] [ 1300.444546][ T5148] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 1300.746850][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.762562][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.084617][T25922] netlink: 93 bytes leftover after parsing attributes in process `syz.4.6039'. [ 1301.844351][T25903] Process accounting resumed [ 1302.197218][T25933] hub 1-0:1.0: USB hub found [ 1302.247797][T25933] hub 1-0:1.0: 1 port detected [ 1302.366093][ T29] audit: type=1800 audit(4294967629.990:27): pid=25929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6040" name="sr0" dev="devtmpfs" ino=2874 res=0 errno=0 [ 1303.852491][T25961] netlink: 93 bytes leftover after parsing attributes in process `syz.3.6046'. [ 1303.904271][T25952] netlink: 93 bytes leftover after parsing attributes in process `syz.3.6046'. [ 1303.963002][T25957] netlink: 93 bytes leftover after parsing attributes in process `syz.3.6046'. [ 1308.579036][T26027] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6061'. [ 1308.744150][T26027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1308.833829][T26027] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1309.075294][T26033] hub 1-0:1.0: USB hub found [ 1309.097273][T26033] hub 1-0:1.0: 1 port detected [ 1311.889508][T26058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6067'. [ 1311.962852][T26059] netlink: 'syz.3.6067': attribute type 2 has an invalid length. [ 1312.048140][T26059] netlink: 'syz.3.6067': attribute type 3 has an invalid length. [ 1312.118299][T26059] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.6067'. [ 1312.225800][T26059] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6067'. [ 1312.291973][T26045] Process accounting paused [ 1313.861572][T26082] netlink: 93 bytes leftover after parsing attributes in process `syz.6.6080'. [ 1314.279177][T26090] hub 1-0:1.0: USB hub found [ 1314.348081][T26090] hub 1-0:1.0: 1 port detected [ 1314.354240][T26084] FAULT_INJECTION: forcing a failure. [ 1314.354240][T26084] name failslab, interval 1, probability 0, space 0, times 0 [ 1314.473998][T26084] CPU: 0 UID: 0 PID: 26084 Comm: syz.4.6073 Tainted: G L syzkaller #0 PREEMPT(full) [ 1314.474032][T26084] Tainted: [L]=SOFTLOCKUP [ 1314.474039][T26084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1314.474051][T26084] Call Trace: [ 1314.474057][T26084] [ 1314.474066][T26084] dump_stack_lvl+0x100/0x190 [ 1314.474100][T26084] should_fail_ex.cold+0x5/0xa [ 1314.474123][T26084] should_failslab+0xc2/0x120 [ 1314.474145][T26084] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1314.474175][T26084] ? __proc_create+0x2cb/0x8c0 [ 1314.474204][T26084] __proc_create+0x2cb/0x8c0 [ 1314.474223][T26084] ? __pfx___proc_create+0x10/0x10 [ 1314.474251][T26084] proc_create_reg+0x75/0x170 [ 1314.474273][T26084] proc_create_net_data+0x8e/0x1c0 [ 1314.474293][T26084] ? __pfx_proc_create_net_data+0x10/0x10 [ 1314.474312][T26084] ? net_generic+0xea/0x2a0 [ 1314.474337][T26084] ? __pfx_phonet_init_net+0x10/0x10 [ 1314.474358][T26084] phonet_init_net+0x66/0x120 [ 1314.474379][T26084] ops_init+0x1e2/0x5f0 [ 1314.474401][T26084] setup_net+0x118/0x3a0 [ 1314.474420][T26084] ? __pfx_setup_net+0x10/0x10 [ 1314.474446][T26084] ? lockdep_init_map_type+0x5c/0x250 [ 1314.474474][T26084] ? mutex_init_lockep+0x110/0x150 [ 1314.474504][T26084] copy_net_ns+0x46f/0x7c0 [ 1314.474528][T26084] create_new_namespaces+0x3ea/0xac0 [ 1314.474555][T26084] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1314.474579][T26084] ksys_unshare+0x473/0xad0 [ 1314.474605][T26084] ? __pfx_ksys_unshare+0x10/0x10 [ 1314.474639][T26084] __x64_sys_unshare+0x31/0x40 [ 1314.474766][T26084] do_syscall_64+0x106/0xf80 [ 1314.474786][T26084] ? clear_bhb_loop+0x40/0x90 [ 1314.474810][T26084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1314.474830][T26084] RIP: 0033:0x7f492ed9c819 [ 1314.474847][T26084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1314.474865][T26084] RSP: 002b:00007f492fbbc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1314.474884][T26084] RAX: ffffffffffffffda RBX: 00007f492f015fa0 RCX: 00007f492ed9c819 [ 1314.474896][T26084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1314.474907][T26084] RBP: 00007f492ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1314.474921][T26084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1314.474932][T26084] R13: 00007f492f016038 R14: 00007f492f015fa0 R15: 00007fff3781e778 [ 1314.474958][T26084] [ 1318.805869][T26138] netlink: 93 bytes leftover after parsing attributes in process `syz.3.6085'. [ 1321.133137][ T5148] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 1321.936950][T26184] netlink: 93 bytes leftover after parsing attributes in process `syz.7.6095'. [ 1325.136924][T26215] zswap: compressor not available [ 1328.614386][T26280] FAULT_INJECTION: forcing a failure. [ 1328.614386][T26280] name failslab, interval 1, probability 0, space 0, times 0 [ 1328.730054][T26280] CPU: 0 UID: 0 PID: 26280 Comm: syz.7.6114 Tainted: G L syzkaller #0 PREEMPT(full) [ 1328.730088][T26280] Tainted: [L]=SOFTLOCKUP [ 1328.730095][T26280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1328.730106][T26280] Call Trace: [ 1328.730113][T26280] [ 1328.730122][T26280] dump_stack_lvl+0x100/0x190 [ 1328.730156][T26280] should_fail_ex.cold+0x5/0xa [ 1328.730179][T26280] should_failslab+0xc2/0x120 [ 1328.730202][T26280] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1328.730228][T26280] ? vkms_plane_duplicate_state+0x45/0x130 [ 1328.730258][T26280] vkms_plane_duplicate_state+0x45/0x130 [ 1328.730282][T26280] drm_atomic_get_plane_state+0x279/0x760 [ 1328.730310][T26280] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 1328.730342][T26280] ? trace_contention_end+0x140/0x180 [ 1328.730373][T26280] ? __mutex_lock+0x26a/0x1b90 [ 1328.730394][T26280] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1328.730426][T26280] ? drm_master_internal_acquire+0x21/0x80 [ 1328.730475][T26280] drm_client_modeset_commit_locked+0x14d/0x580 [ 1328.730509][T26280] drm_client_modeset_commit+0x4f/0x80 [ 1328.730539][T26280] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1328.730573][T26280] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 1328.730613][T26280] drm_fbdev_client_restore+0x1b/0x30 [ 1328.730637][T26280] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1328.730660][T26280] drm_client_dev_restore+0x205/0x2a0 [ 1328.730693][T26280] drm_release+0x2c6/0x360 [ 1328.730721][T26280] ? __pfx_drm_release+0x10/0x10 [ 1328.730747][T26280] __fput+0x3ff/0xb40 [ 1328.730777][T26280] task_work_run+0x150/0x240 [ 1328.730805][T26280] ? __pfx_task_work_run+0x10/0x10 [ 1328.730840][T26280] exit_to_user_mode_loop+0x100/0x4a0 [ 1328.730868][T26280] do_syscall_64+0x668/0xf80 [ 1328.730887][T26280] ? clear_bhb_loop+0x40/0x90 [ 1328.730910][T26280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1328.730930][T26280] RIP: 0033:0x7f8e9319c819 [ 1328.730946][T26280] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1328.730963][T26280] RSP: 002b:00007f8e940bf028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1328.730981][T26280] RAX: 0000000000000000 RBX: 00007f8e93416090 RCX: 00007f8e9319c819 [ 1328.730997][T26280] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1328.731008][T26280] RBP: 00007f8e93232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1328.731018][T26280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1328.731029][T26280] R13: 00007f8e93416128 R14: 00007f8e93416090 R15: 00007ffc0e12b038 [ 1328.731054][T26280] [ 1329.012806][T26271] random: crng reseeded on system resumption [ 1330.169296][T26291] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6116'. [ 1330.262074][T26291] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1330.328234][T26291] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1330.462828][T26291] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1330.546655][T26291] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1331.527245][T26309] FAULT_INJECTION: forcing a failure. [ 1331.527245][T26309] name failslab, interval 1, probability 0, space 0, times 0 [ 1331.619881][T26309] CPU: 0 UID: 8 PID: 26309 Comm: syz.7.6118 Tainted: G L syzkaller #0 PREEMPT(full) [ 1331.619914][T26309] Tainted: [L]=SOFTLOCKUP [ 1331.619921][T26309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1331.619932][T26309] Call Trace: [ 1331.619940][T26309] [ 1331.619948][T26309] dump_stack_lvl+0x100/0x190 [ 1331.619981][T26309] should_fail_ex.cold+0x5/0xa [ 1331.620005][T26309] should_failslab+0xc2/0x120 [ 1331.620027][T26309] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1331.620046][T26309] ? key_alloc+0x423/0x1310 [ 1331.620072][T26309] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 1331.620105][T26309] kmemdup_noprof+0x29/0x60 [ 1331.620124][T26309] key_alloc+0x423/0x1310 [ 1331.620156][T26309] ? __pfx_key_alloc+0x10/0x10 [ 1331.620180][T26309] ? __pfx_key_default_cmp+0x10/0x10 [ 1331.620209][T26309] ? __pfx_keyring_search_iterator+0x10/0x10 [ 1331.620240][T26309] keyring_alloc+0x44/0xc0 [ 1331.620270][T26309] look_up_user_keyrings+0x508/0x790 [ 1331.620296][T26309] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 1331.620318][T26309] ? futex_wait+0x125/0x380 [ 1331.620347][T26309] ? __pfx_futex_wait+0x10/0x10 [ 1331.620382][T26309] lookup_user_key+0xbb1/0x1300 [ 1331.620407][T26309] ? __pfx_lookup_user_key+0x10/0x10 [ 1331.620436][T26309] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1331.620462][T26309] ? __x64_sys_futex+0x34f/0x4d0 [ 1331.620486][T26309] ? __x64_sys_futex+0x358/0x4d0 [ 1331.620515][T26309] keyctl_session_to_parent+0x28/0xae0 [ 1331.620550][T26309] __do_sys_keyctl+0x2b1/0x5a0 [ 1331.620572][T26309] do_syscall_64+0x106/0xf80 [ 1331.620592][T26309] ? clear_bhb_loop+0x40/0x90 [ 1331.620615][T26309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.620636][T26309] RIP: 0033:0x7f8e9319c819 [ 1331.620652][T26309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1331.620669][T26309] RSP: 002b:00007f8e9409e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1331.620688][T26309] RAX: ffffffffffffffda RBX: 00007f8e93416180 RCX: 00007f8e9319c819 [ 1331.620700][T26309] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 1331.620712][T26309] RBP: 00007f8e93232c91 R08: 0000000000000001 R09: 0000000000000000 [ 1331.620724][T26309] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 1331.620735][T26309] R13: 00007f8e93416218 R14: 00007f8e93416180 R15: 00007ffc0e12b038 [ 1331.620759][T26309] [ 1332.249900][T26315] netlink: 93 bytes leftover after parsing attributes in process `syz.3.6121'. [ 1332.565050][T26318] Process accounting paused [ 1333.033673][T26325] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6122'. [ 1333.099124][T26328] netlink: 'syz.6.6122': attribute type 2 has an invalid length. [ 1333.134156][T26328] netlink: 'syz.6.6122': attribute type 3 has an invalid length. [ 1333.185781][T26328] netlink: 51505 bytes leftover after parsing attributes in process `syz.6.6122'. [ 1333.235053][T26328] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6122'. [ 1334.300957][T26343] netlink: 93 bytes leftover after parsing attributes in process `syz.4.6127'. [ 1334.505410][T26345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6128'. [ 1334.555049][T26345] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6128'. [ 1335.816857][T26361] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 1337.115580][T26387] can: request_module (can-proto-5) failed. [ 1337.260290][T26387] netlink: 186 bytes leftover after parsing attributes in process `syz.7.6137'. [ 1337.940042][T26403] futex_wake_op: syz.4.6139 tries to shift op by -2048; fix this program [ 1339.052534][T26420] netlink: 93 bytes leftover after parsing attributes in process `syz.3.6143'. [ 1340.219813][T26440] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6147'. [ 1341.525562][ T29] audit: type=1800 audit(4294967669.150:28): pid=26460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.6149" name="lu_gp_id" dev="configfs" ino=128836 res=0 errno=0 [ 1341.579987][T26450] kstrtoul() returned -22 for lu_gp_id [ 1343.152917][T26467] Process accounting resumed [ 1344.517517][T26499] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6165'. [ 1344.537038][T26502] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6159'. [ 1344.551888][T26499] netlink: 354 bytes leftover after parsing attributes in process `syz.6.6165'. [ 1344.569826][T26502] netlink: 'syz.4.6159': attribute type 1 has an invalid length. [ 1344.621284][T26502] netlink: 'syz.4.6159': attribute type 6 has an invalid length. [ 1345.406595][T26505] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1349.180735][T26560] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6178'. [ 1349.252083][T26560] netlink: 'syz.6.6178': attribute type 2 has an invalid length. [ 1349.286403][T26565] FAULT_INJECTION: forcing a failure. [ 1349.286403][T26565] name failslab, interval 1, probability 0, space 0, times 0 [ 1349.311080][T26560] netlink: 'syz.6.6178': attribute type 3 has an invalid length. [ 1349.330946][T26560] netlink: 51505 bytes leftover after parsing attributes in process `syz.6.6178'. [ 1349.367509][T26565] CPU: 0 UID: 0 PID: 26565 Comm: syz.7.6170 Tainted: G L syzkaller #0 PREEMPT(full) [ 1349.367541][T26565] Tainted: [L]=SOFTLOCKUP [ 1349.367548][T26565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1349.367564][T26565] Call Trace: [ 1349.367571][T26565] [ 1349.367578][T26565] dump_stack_lvl+0x100/0x190 [ 1349.367612][T26565] should_fail_ex.cold+0x5/0xa [ 1349.367635][T26565] should_failslab+0xc2/0x120 [ 1349.367657][T26565] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1349.367686][T26565] ? __proc_create+0x2cb/0x8c0 [ 1349.367710][T26565] __proc_create+0x2cb/0x8c0 [ 1349.367729][T26565] ? __pfx___proc_create+0x10/0x10 [ 1349.367752][T26565] ? _raw_write_unlock+0x28/0x50 [ 1349.367770][T26565] ? proc_register+0x559/0x8a0 [ 1349.367791][T26565] proc_create_reg+0x75/0x170 [ 1349.367811][T26565] ? __pfx_can_rcvlist_proc_show+0x10/0x10 [ 1349.367831][T26565] proc_create_net_single+0x86/0x180 [ 1349.367852][T26565] ? __pfx_proc_create_net_single+0x10/0x10 [ 1349.367875][T26565] ? round_jiffies+0x10a/0x160 [ 1349.367901][T26565] can_init_proc+0x24a/0x4b0 [ 1349.367920][T26565] can_pernet_init+0x1e4/0x370 [ 1349.367949][T26565] ? __pfx_can_pernet_init+0x10/0x10 [ 1349.367977][T26565] ops_init+0x1e2/0x5f0 [ 1349.367999][T26565] setup_net+0x118/0x3a0 [ 1349.368019][T26565] ? __pfx_setup_net+0x10/0x10 [ 1349.368037][T26565] ? lockdep_init_map_type+0x5c/0x250 [ 1349.368063][T26565] ? mutex_init_lockep+0x110/0x150 [ 1349.368093][T26565] copy_net_ns+0x46f/0x7c0 [ 1349.368117][T26565] create_new_namespaces+0x3ea/0xac0 [ 1349.368143][T26565] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1349.368166][T26565] ksys_unshare+0x473/0xad0 [ 1349.368193][T26565] ? __pfx_ksys_unshare+0x10/0x10 [ 1349.368226][T26565] __x64_sys_unshare+0x31/0x40 [ 1349.368250][T26565] do_syscall_64+0x106/0xf80 [ 1349.368270][T26565] ? clear_bhb_loop+0x40/0x90 [ 1349.368292][T26565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.368311][T26565] RIP: 0033:0x7f8e9319c819 [ 1349.368328][T26565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1349.368345][T26565] RSP: 002b:00007f8e940bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1349.368364][T26565] RAX: ffffffffffffffda RBX: 00007f8e93416090 RCX: 00007f8e9319c819 [ 1349.368376][T26565] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1349.368387][T26565] RBP: 00007f8e93232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1349.368398][T26565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1349.368408][T26565] R13: 00007f8e93416128 R14: 00007f8e93416090 R15: 00007ffc0e12b038 [ 1349.368432][T26565] [ 1350.040439][ T5148] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 1355.255380][T26657] FAULT_INJECTION: forcing a failure. [ 1355.255380][T26657] name failslab, interval 1, probability 0, space 0, times 0 [ 1355.297718][T26664] netlink: 93 bytes leftover after parsing attributes in process `syz.4.6189'. [ 1355.415578][T26657] CPU: 0 UID: 0 PID: 26657 Comm: syz.6.6187 Tainted: G L syzkaller #0 PREEMPT(full) [ 1355.415612][T26657] Tainted: [L]=SOFTLOCKUP [ 1355.415618][T26657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1355.415629][T26657] Call Trace: [ 1355.415637][T26657] [ 1355.415645][T26657] dump_stack_lvl+0x100/0x190 [ 1355.415680][T26657] should_fail_ex.cold+0x5/0xa [ 1355.415703][T26657] ? vkms_crtc_atomic_check+0x38a/0x7c0 [ 1355.415730][T26657] should_failslab+0xc2/0x120 [ 1355.415751][T26657] __kmalloc_noprof+0xe0/0x850 [ 1355.415779][T26657] ? drm_atomic_add_affected_planes+0x32b/0x3f0 [ 1355.415812][T26657] vkms_crtc_atomic_check+0x38a/0x7c0 [ 1355.415844][T26657] ? __pfx_vkms_crtc_atomic_check+0x10/0x10 [ 1355.415869][T26657] drm_atomic_helper_check_planes+0x4dc/0x900 [ 1355.415902][T26657] drm_atomic_helper_check+0xae/0x190 [ 1355.415931][T26657] vkms_atomic_check+0x1d9/0x250 [ 1355.415952][T26657] ? __pfx_vkms_atomic_check+0x10/0x10 [ 1355.415975][T26657] drm_atomic_check_only+0x19ea/0x31b0 [ 1355.416012][T26657] drm_atomic_commit+0x132/0x300 [ 1355.416038][T26657] ? __pfx_drm_atomic_commit+0x10/0x10 [ 1355.416063][T26657] ? __pfx___drm_printfn_info+0x10/0x10 [ 1355.416087][T26657] ? drm_client_rotation+0x451/0x6a0 [ 1355.416119][T26657] drm_client_modeset_commit_atomic+0x6a6/0x7e0 [ 1355.416155][T26657] ? __mutex_lock+0x26a/0x1b90 [ 1355.416175][T26657] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1355.416206][T26657] ? drm_master_internal_acquire+0x21/0x80 [ 1355.416256][T26657] drm_client_modeset_commit_locked+0x14d/0x580 [ 1355.416290][T26657] drm_client_modeset_commit+0x4f/0x80 [ 1355.416320][T26657] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1355.416354][T26657] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 1355.416395][T26657] drm_fbdev_client_restore+0x1b/0x30 [ 1355.416419][T26657] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1355.416443][T26657] drm_client_dev_restore+0x205/0x2a0 [ 1355.416477][T26657] drm_release+0x2c6/0x360 [ 1355.416505][T26657] ? __pfx_drm_release+0x10/0x10 [ 1355.416533][T26657] __fput+0x3ff/0xb40 [ 1355.416563][T26657] task_work_run+0x150/0x240 [ 1355.416592][T26657] ? __pfx_task_work_run+0x10/0x10 [ 1355.416626][T26657] exit_to_user_mode_loop+0x100/0x4a0 [ 1355.416655][T26657] do_syscall_64+0x668/0xf80 [ 1355.416675][T26657] ? clear_bhb_loop+0x40/0x90 [ 1355.416698][T26657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1355.416717][T26657] RIP: 0033:0x7f7ece39c819 [ 1355.416733][T26657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1355.416751][T26657] RSP: 002b:00007f7ecf1f0028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1355.416770][T26657] RAX: 0000000000000000 RBX: 00007f7ece616090 RCX: 00007f7ece39c819 [ 1355.416781][T26657] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1355.416792][T26657] RBP: 00007f7ece432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1355.416802][T26657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1355.416813][T26657] R13: 00007f7ece616128 R14: 00007f7ece616090 R15: 00007ffdfd1a2d08 [ 1355.416837][T26657] [ 1362.212276][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.220499][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.572929][T26760] futex_wake_op: syz.4.6205 tries to shift op by -2048; fix this program [ 1362.883325][T26767] netlink: zone id is out of range [ 1362.918705][T26767] netlink: zone id is out of range [ 1362.955408][T26767] netlink: zone id is out of range [ 1363.007476][T26767] netlink: zone id is out of range [ 1363.072453][T26766] netlink: zone id is out of range [ 1363.098335][T26767] netlink: zone id is out of range [ 1363.121387][T26766] netlink: zone id is out of range [ 1363.151192][T26767] netlink: zone id is out of range [ 1363.156544][T26767] netlink: zone id is out of range [ 1363.208155][T26766] netlink: zone id is out of range [ 1363.270329][T26721] Process accounting resumed [ 1364.263392][T23459] Bluetooth: hci5: command 0x0406 tx timeout [ 1364.521818][ T29] audit: type=1800 audit(4294967692.140:29): pid=26791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.6213" name="lu_gp_id" dev="configfs" ino=130861 res=0 errno=0 [ 1364.564472][T26783] kstrtoul() returned -22 for lu_gp_id [ 1367.758558][T26833] random: crng reseeded on system resumption [ 1367.946717][ T5148] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 1368.838879][T26863] netlink: 93 bytes leftover after parsing attributes in process `syz.4.6228'. [ 1374.560060][T26915] Process accounting paused [ 1375.270392][T26941] futex_wake_op: syz.6.6245 tries to shift op by -2048; fix this program [ 1376.258158][ T30] INFO: task syz.0.5829:24891 blocked for more than 143 seconds. [ 1376.266276][ T30] Tainted: G L syzkaller #0 [ 1376.295017][ T30] Blocked by coredump. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1376.323669][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1376.395933][ T30] task:syz.0.5829 state:D stack:24632 pid:24891 tgid:24891 ppid:5825 task_flags:0x40004c flags:0x00080001 [ 1376.491229][ T30] Call Trace: [ 1376.494575][ T30] [ 1376.497530][ T30] __schedule+0xfee/0x6120 [ 1376.543712][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1376.577203][ T30] ? __pfx___schedule+0x10/0x10 [ 1376.598544][ T30] ? find_held_lock+0x2b/0x80 [ 1376.603270][ T30] ? schedule+0x2bf/0x390 [ 1376.654715][ T30] schedule+0xdd/0x390 [ 1376.677044][ T30] schedule_preempt_disabled+0x13/0x30 [ 1376.715786][ T30] __mutex_lock+0xc9a/0x1b90 [ 1376.731763][ T30] ? nfsd_shutdown_threads+0x5b/0xf0 [ 1376.768040][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1376.800754][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1376.805961][ T30] ? net_generic+0xea/0x2a0 [ 1376.855628][ T30] ? net_generic+0xea/0x2a0 [ 1376.880517][ T30] ? nfsd_shutdown_threads+0x5b/0xf0 [ 1376.885953][ T30] nfsd_shutdown_threads+0x5b/0xf0 [ 1376.940223][ T30] nfsd_umount+0x3b/0x60 [ 1376.967948][ T30] deactivate_locked_super+0xc1/0x1b0 [ 1377.017987][ T30] deactivate_super+0xe7/0x110 [ 1377.028159][ T30] cleanup_mnt+0x21f/0x450 [ 1377.032625][ T30] task_work_run+0x150/0x240 [ 1377.037266][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1377.114282][ T30] ? do_raw_spin_unlock+0x145/0x1e0 [ 1377.132370][ T30] do_exit+0x8b8/0x2b60 [ 1377.136599][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 1377.188757][ T30] ? __pfx_do_exit+0x10/0x10 [ 1377.193499][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 1377.224873][ T30] do_group_exit+0xd5/0x2a0 [ 1377.238747][ T30] __x64_sys_exit_group+0x3e/0x50 [ 1377.243819][ T30] x64_sys_call+0x102c/0x1530 [ 1377.288332][ T30] do_syscall_64+0x106/0xf80 [ 1377.293052][ T30] ? clear_bhb_loop+0x40/0x90 [ 1377.297844][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1377.359005][ T30] RIP: 0033:0x7f166559c819 [ 1377.363503][ T30] RSP: 002b:00007ffd5bbc28b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1377.408581][ T30] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f166559c819 [ 1377.416595][ T30] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 1377.488574][ T30] RBP: 00007ffd5bbc291c R08: 0000000000000000 R09: 00000000000927c0 [ 1377.496768][ T30] R10: 00007f1665816038 R11: 0000000000000246 R12: 0000000000000597 [ 1377.656184][ T30] R13: 00000000000927c0 R14: 000000000012a18e R15: 00007ffd5bbc2970 [ 1377.748783][ T30] [ 1377.761990][ T30] [ 1377.761990][ T30] Showing all locks held in the system: [ 1377.893688][ T30] 3 locks held by kworker/0:0/9: [ 1377.941722][ T30] #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 1378.012914][ T30] #1: ffffc900000e7d08 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 1378.087957][ T30] #2: ffffffff8e7f3180 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1378.150666][ T30] 1 lock held by khungtaskd/30: [ 1378.155766][ T30] #0: ffffffff8e7e7760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1378.238051][ T30] 3 locks held by kworker/u8:8/1107: [ 1378.243393][ T30] #0: ffff88801c6b6948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 1378.336847][ T30] #1: ffffc90004e6fd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 1378.397953][ T30] #2: ffffffff8e7f3180 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1378.447967][ T30] 3 locks held by kworker/0:3/5826: [ 1378.453237][ T30] #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 1378.527951][ T30] #1: ffffc90003e57d08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 1378.537812][ T30] #2: ffffffff8e7f32b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 1378.618008][ T30] 2 locks held by getty/16232: [ 1378.622834][ T30] #0: ffff888037a8b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1378.675051][ T30] #1: ffffc9000529b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1378.707958][ T30] 2 locks held by syz.2.4979/21674: [ 1378.713276][ T30] #0: ffffffff906c33f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1378.728364][ T30] #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1a80 [ 1378.757929][ T30] 2 locks held by syz.0.5829/24891: [ 1378.764388][ T30] #0: ffff888033fce0e0 (&type->s_umount_key#56){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1378.786018][ T30] #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1378.807585][ T30] 5 locks held by syz-executor/25150: [ 1378.813430][ T30] #0: ffff888064144ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 1378.828169][ T30] #1: ffff8880641440c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240 [ 1378.838363][ T30] #2: ffffffff908b0388 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280 [ 1378.849122][ T30] #3: ffff88802b056300 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x95/0x710 [ 1378.858878][ T30] #4: ffffffff8e7f32b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1378.871026][ T30] 2 locks held by syz.5.5936/25421: [ 1378.876348][ T30] #0: ffff888032fbe0e0 (&type->s_umount_key#56){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1378.890021][ T30] #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1378.902122][ T30] 3 locks held by syz-executor/25575: [ 1378.907760][ T30] #0: ffff88806bda0ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 1378.919459][ T30] #1: ffff88806bda00c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240 [ 1378.929622][ T30] #2: ffffffff908b0388 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280 [ 1379.059737][ T30] [ 1379.062137][ T30] ============================================= [ 1379.062137][ T30] [ 1379.128352][ T30] NMI backtrace for cpu 0 [ 1379.128375][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1379.128401][ T30] Tainted: [L]=SOFTLOCKUP [ 1379.128408][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1379.128418][ T30] Call Trace: [ 1379.128426][ T30] [ 1379.128434][ T30] dump_stack_lvl+0x100/0x190 [ 1379.128466][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1379.128499][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1379.128528][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1379.128559][ T30] sys_info+0x141/0x190 [ 1379.128581][ T30] watchdog+0xd25/0x1050 [ 1379.128606][ T30] ? __pfx_watchdog+0x10/0x10 [ 1379.128626][ T30] ? __kthread_parkme+0x18c/0x230 [ 1379.128650][ T30] ? kthread+0x13a/0x450 [ 1379.128674][ T30] ? __pfx_watchdog+0x10/0x10 [ 1379.128691][ T30] kthread+0x370/0x450 [ 1379.128716][ T30] ? __pfx_kthread+0x10/0x10 [ 1379.128743][ T30] ret_from_fork+0x754/0xd80 [ 1379.128773][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1379.128803][ T30] ? __switch_to+0x7b4/0x1120 [ 1379.128825][ T30] ? __pfx_kthread+0x10/0x10 [ 1379.128851][ T30] ret_from_fork_asm+0x1a/0x30 [ 1379.128882][ T30] [ 1379.515976][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1379.522961][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1379.533825][ T30] Tainted: [L]=SOFTLOCKUP [ 1379.538145][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1379.548208][ T30] Call Trace: [ 1379.551490][ T30] [ 1379.554418][ T30] dump_stack_lvl+0x100/0x190 [ 1379.559211][ T30] vpanic+0x552/0x970 [ 1379.563301][ T30] ? __pfx_vpanic+0x10/0x10 [ 1379.567839][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1379.574019][ T30] panic+0xd1/0xe0 [ 1379.577836][ T30] ? __pfx_panic+0x10/0x10 [ 1379.582294][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1379.588557][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1379.594808][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1379.600969][ T30] ? watchdog.cold+0x198/0x1ca [ 1379.605745][ T30] ? watchdog+0xd35/0x1050 [ 1379.610164][ T30] watchdog.cold+0x1a9/0x1ca [ 1379.614777][ T30] ? __pfx_watchdog+0x10/0x10 [ 1379.619468][ T30] ? __kthread_parkme+0x18c/0x230 [ 1379.624506][ T30] ? kthread+0x13a/0x450 [ 1379.628782][ T30] ? __pfx_watchdog+0x10/0x10 [ 1379.633459][ T30] kthread+0x370/0x450 [ 1379.637557][ T30] ? __pfx_kthread+0x10/0x10 [ 1379.642173][ T30] ret_from_fork+0x754/0xd80 [ 1379.646792][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1379.651933][ T30] ? __switch_to+0x7b4/0x1120 [ 1379.656631][ T30] ? __pfx_kthread+0x10/0x10 [ 1379.661237][ T30] ret_from_fork_asm+0x1a/0x30 [ 1379.666065][ T30] [ 1379.669143][ T30] Kernel Offset: disabled [ 1379.673492][ T30] Rebooting in 86400 seconds..