last executing test programs: 2m46.001049775s ago: executing program 3 (id=488): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), r0) sendmsg$auto_OVS_DP_CMD_SET(r0, 0x0, 0x0) 2m45.808013395s ago: executing program 3 (id=489): r0 = bpf$auto(0x9, 0x0, 0x9) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fb\x00', 0x101000, 0x0) preadv$auto(r1, &(0x7f00000002c0)={0x0, 0x8010000}, 0x5, 0xfb, 0x8100000001) mount_setattr$auto(r0, &(0x7f0000000000)='./file0\x00', 0x3, &(0x7f00000000c0)={0x8, 0x2b, 0xad4d, @inferred=r1}, 0x7fffffff) shutdown$auto(0x200000003, 0x2) unshare$auto(0x40000080) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0x2, 0x5, 0x0) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) clone$auto(0x0, 0x5, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x9) r2 = socket(0x1d, 0x2, 0x7) getsockopt$auto(r2, 0x6b, 0x3, 0xfffffffffffffffe, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) semctl$auto_SETVAL(0xb134, 0x9, 0x10, 0x3) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x311200, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv$auto(0x40000000000003, 0x0, 0x6, 0x7fffffff, 0x3ef) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) fstat$auto(0xffffffffffffffff, &(0x7f0000000300)={0xff, 0x7, 0x45, 0x4, 0x0, 0x0, 0x0, 0x0, 0xe, 0x803, 0x4, 0x2006, 0x0, 0x7ff, 0x1, 0x100, 0x8}) 2m43.811161324s ago: executing program 3 (id=491): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = bpf$auto(0x24, 0x0, 0x8) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x22641, 0x0) lseek$auto(0x3, 0x2, 0x4) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) write$auto(0x3, 0x0, 0xfffffdef) setsockopt$auto_SO_DEBUG(r1, 0x6, 0x1, &(0x7f0000000000)='$/&}-#)f-&D)[,\x00', 0xda3) madvise$auto(0x0, 0x2003ec, 0x14) getsockopt$auto_SO_DONTROUTE(r0, 0x1, 0x5, &(0x7f0000000140)='$/&}-#)f-&D)[,\x00', &(0x7f0000000180)=0x3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x40d81, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = socket(0x10, 0x2, 0x4) bpf$auto(0x6, &(0x7f00000001c0)=@test={r2, 0x10004, 0x0, 0x3e, 0x106, 0x0, 0x0, 0xfff, 0x800, 0x9, 0x0, 0x4, 0x7, 0x2, 0xfffeffff}, 0x1) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff050006000100", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) mount$auto(0x0, &(0x7f00000001c0)='}[,&*}\x00', 0x0, 0x7fff, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0xa6) 2m40.938196394s ago: executing program 3 (id=496): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) open(0x0, 0x143242, 0x164) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x169000, 0x0) mmap$auto(0x0, 0x400008, 0x1000dd, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r2 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000000), 0x80101, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vbi5\x00', 0xc0501, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) select$auto(0x14, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x95, 0x10001, 0x1, 0x948e, 0x0, 0x6, 0x0, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x6]}, 0x0) write$auto_split_huge_pages_fops_huge_memory(r2, &(0x7f0000000480), 0x0) ioctl$auto(r1, 0x40085618, r1) 2m40.068088846s ago: executing program 3 (id=498): r0 = socket(0x28, 0x5, 0x0) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x40, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000002c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1d\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"P\x8a\xbbY8@Z5`\xa2\x9aSVd\x1d\xac\xe8\x90e\x9d\x03tm\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7.\xbe\x01\x98\xd7l\x00\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\xf0\xd9\xc0K\x8b\xa3c\x00'/160, 0xa9) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, r2) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4c2080, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20004000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r4, 0x8000) ioctl$auto_NS_GET_TGID_IN_PIDNS(r1, 0x8004b709, 0x0) shmctl$auto_SHM_STAT(0x1, 0xd, 0x0) ioctl$auto_BLKRRPART(r4, 0x125f, 0x0) lseek$auto(r3, 0x7fff, 0x40001000) madvise$auto(0x0, 0x400053, 0x9) connect$auto(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x56) read$auto(r0, &(0x7f0000000100)='(\x00', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) 2m37.842733581s ago: executing program 3 (id=504): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) getuid() shmctl$auto_SHM_INFO(0xb, 0xe, &(0x7f0000000240)={{0x4c91, 0xee01, 0xee01, 0xa3, 0x6, 0x1, 0xd1}, 0x0, 0xe0, 0x2, 0x200, @inferred, @inferred, 0x8, 0x0, &(0x7f0000000100)="58e98f47610d58c4b3678c13d04bbbc13f790ee6f079c7afe5362cd7f090b1e574dab19e9f78c91a21f0153e02d025b47e249849f469d80d7053977bc2005b30f4bee408aab86d5a2987", &(0x7f0000000180)="b0775f012c8e4a890243b8dd01aea1c79c34c4e562cb6e391b0aa9f40f5d1ebce81b0a25"}) getpid() ioctl$auto_TUNSETOFFLOAD2(0xffffffffffffffff, 0x400454d0, &(0x7f0000000040)=0x47) ppoll$auto(&(0x7f0000000340)={0xffffffffffffffff, 0x8}, 0x3, &(0x7f0000000380)={0x1000, 0x1ff}, &(0x7f00000003c0)={0x9}, 0x8) unshare$auto(0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x7fffffff) prctl$auto_PR_SCHED_CORE_GET(0x476, 0x0, 0x0, 0x7, 0x6e) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x80040, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) madvise$auto(0x0, 0x20499c, 0x7ff) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) unshare$auto(0x40000080) msgctl$auto_IPC_RMID(0x800, 0x0, &(0x7f0000001700)={{0x100, 0x0, 0x0, 0xfffffffd, 0x52c0, 0xffffffff, 0x6}, &(0x7f0000001680)=0x3, 0x0, 0xb, 0x0, 0x4, 0x200, 0x7, 0x2, 0xa, 0x3, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff}) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 2m22.74251276s ago: executing program 32 (id=504): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) getuid() shmctl$auto_SHM_INFO(0xb, 0xe, &(0x7f0000000240)={{0x4c91, 0xee01, 0xee01, 0xa3, 0x6, 0x1, 0xd1}, 0x0, 0xe0, 0x2, 0x200, @inferred, @inferred, 0x8, 0x0, &(0x7f0000000100)="58e98f47610d58c4b3678c13d04bbbc13f790ee6f079c7afe5362cd7f090b1e574dab19e9f78c91a21f0153e02d025b47e249849f469d80d7053977bc2005b30f4bee408aab86d5a2987", &(0x7f0000000180)="b0775f012c8e4a890243b8dd01aea1c79c34c4e562cb6e391b0aa9f40f5d1ebce81b0a25"}) getpid() ioctl$auto_TUNSETOFFLOAD2(0xffffffffffffffff, 0x400454d0, &(0x7f0000000040)=0x47) ppoll$auto(&(0x7f0000000340)={0xffffffffffffffff, 0x8}, 0x3, &(0x7f0000000380)={0x1000, 0x1ff}, &(0x7f00000003c0)={0x9}, 0x8) unshare$auto(0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x7fffffff) prctl$auto_PR_SCHED_CORE_GET(0x476, 0x0, 0x0, 0x7, 0x6e) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x80040, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) madvise$auto(0x0, 0x20499c, 0x7ff) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) unshare$auto(0x40000080) msgctl$auto_IPC_RMID(0x800, 0x0, &(0x7f0000001700)={{0x100, 0x0, 0x0, 0xfffffffd, 0x52c0, 0xffffffff, 0x6}, &(0x7f0000001680)=0x3, 0x0, 0xb, 0x0, 0x4, 0x200, 0x7, 0x2, 0xa, 0x3, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff}) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 1m59.192055166s ago: executing program 2 (id=610): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00'}) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x8000001f}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000540)={0xfff, &(0x7f0000000180)="f2e37aa851f172bd24308737938225756749a2cd058f981d81224e731c1514b4f90290f2fb02e666a68c1d72ad5615b16c73b5c0cedf17801dfece4a243f6e3a47ecc1c5db92b3500cefe0e7c269c25cd32701679442d287388dedeedd83d20b9d079d0a971a993bfa4a4499f8631caa1722a7a93bf79c2535ea752a9b05e21efeebdeaa71269153bdd6ba4fac9b230a6653e8cbaf66e11ea7c105"}) sendmsg$auto_NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x50, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x2}, @NL80211_ATTR_BSS_BASIC_RATES={0x1a, 0x24, "1d283da00ec8bd26bb202e590c48803903d4e63546f7"}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x68}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x24040050) rseq$auto(&(0x7f0000000b80)={0x5, 0x8, 0x9416, 0x4, 0xe, 0x6, "551e7285968d8e86bd4794a0e875ee9f7b35db28d0a7e72b7a19039c3357a05ba0582cc612c6c0be4beb4cc54d8337d40c93638ba3454a0435c32a206e808194584d8c359d418662d18943a5e3c6234e712a096205457b56f0a1e5d4d19835696295a54f38117d9d751e23b5fb61daa5a6b2c75148106dc167a20061e3fe55cc53ffadf62b0945da4b27515a0102a8d2d002a842362b4744b8972a5e11e8a6aab89c7b85947f3901d696d459641aa7e6b89b73387ec5fa2d2af6c992213d82c5774c4bcd4187585bcf652af094e988e75002e01f607abf5e25ae0f5548fd13175b681fc059c1f9160aef893bae78cf6cf62c30fa3f0c5c60cbe383a9c0cc1289519b0c7cff81cc3b4fec739fad19c662b0f98d607b61d825d10e2dd3b27b0f7a6b1adc5a452f344c39da5f086ea7c5d99674ca69c4f5635776e67c151bad72f906cd65231da3a55d6056e23b00686723714fabd752f3e2c86dafdee9d379230c0abeabfde9cf88c7e099f3ccc76ea7e64a3734ced5ffe749a8012db53ad4d6a5e347bdd83bb409c1bdb762f4aba145df74833d73ccd583797d4fb4ed3e0c7c29d502aacaef02e114d9e60ca6b0bcb28f825f5d49e94ccd2f830933c39a3ba3782505453e3de872ad8da84a6a22aaa62970428bb9a95d1817dbeeded1c53c5d508dea6cc53d80153b05f954c263278bb9c8bc02f3b1805dd9299dc8b97ebff0165d615ba7bf5ce8c490f4dd273642a18267b0a61a594cb1d608f3dffb292991ea32bb647a6f9b951f283e118dc73b4584485aa883410e402e3bec9ba889ec237462042cedaed761cca0c3b7058d3ffc276c9a75e18b79804f4e21650d911edbedb9fedd31959a8783b1e39d7d6408554bddb2a5d67703d225fe4422bf2367ca483e77fe479495be3235f4c77b3872a9e33946d2602486b83e84e7d8d1742d369e2d00b9dbb552385502c0f597b3615bed54de65af106b58d2b6bebbdd3fe625152527af965b67e9424da7be2e2574e1492aed568d4faaa9da"}, 0x80000002, 0x8, 0xfd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x112) rt_sigsuspend$auto(0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) ioctl$auto(0x3, 0x800005411, 0x38) mbind$auto(0x0, 0x800606, 0x1, &(0x7f0000000500)=0xffff, 0xa, 0x1) futex_wake$auto(0x0, 0x5, 0x4, 0xa) socket(0x11, 0x80003, 0x1d12) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82940, 0x0) getdents$auto(0xffffffffffffffff, &(0x7f0000001c40)={0x81, 0xffffffffffffffff, 0x4}, 0x4) 1m54.846436497s ago: executing program 2 (id=620): unshare$auto(0x8) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0xb) madvise$auto(0xfffffffffffffffa, 0x7f, 0x10) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), r3) sendmsg$auto_OVS_DP_CMD_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x70bd28, 0x25dfdb7d, {}, [@OVS_DP_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) r5 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r5, 0x65, 0x6, 0xffffffffffffffff, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 1m53.124917773s ago: executing program 2 (id=625): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)="7f07d3") mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x6ab82, 0x0) r3 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0x4a64c0, 0x0) setsockopt$auto(r3, 0x1000, 0x6, &(0x7f0000000080)='/dev/kvm\x00', 0x7fff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/fs/ext4/sda1/reserved_clusters\x00', 0x2101, 0x0) write$auto_ocfs2_control_fops_stack_user(r4, &(0x7f0000000000)="6ab449351f80", 0x6) setregid$auto(0xffffffffffffffff, 0x0) ioctl$auto(r0, 0xae41, r2) r5 = epoll_create$auto(0x5) fremovexattr$auto(r5, &(0x7f0000000000)='&\x00') acct$auto(&(0x7f00000000c0)='/dev/media11\x00') read$auto_v4l2_fops_v4l2_dev(r5, &(0x7f00000001c0)=""/74, 0x4a) ioctl$auto_KVM_GET_MSRS(r5, 0xc008ae88, 0x0) 1m52.782882394s ago: executing program 2 (id=626): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) fchdir$auto(0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/irq/5/affinity_hint\x00', 0x509001, 0x0) pread64$auto(r1, 0x0, 0x800002, 0x26f) msgctl$auto_IPC_RMID(0x4000005, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0) write$auto_seq_oss_f_ops_seq_oss(r2, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev7\x00', 0x141083, 0x0) poll$auto(&(0x7f0000000080)={0x3, 0x1, 0x83e7}, 0x5, 0xb) shmget$auto(0x100000000, 0x3, 0x79e56dc9) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, 0x0, 0x1000) 1m51.20026749s ago: executing program 2 (id=631): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r0, 0x5522, 0xf15) ioctl$auto(r0, 0x5523, r0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mtd/mtd0/size\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x23) getrlimit$auto(0x3, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) 1m50.296855175s ago: executing program 2 (id=636): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r1, 0x540a, 0x0) socket(0xa, 0x5, 0x0) timer_create$auto(0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) r2 = timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x7) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000000), r2) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) 1m38.565919626s ago: executing program 1 (id=667): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x49, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x1) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x602, 0x8, 0x7, 0x0, 0x7, 0xb, 0x1, {0x3ff, 0x7}, 0xfffffffffffffffa, 0x200000a5, 0xa, 0x13c, 0x0, 0xc3, 0x7, 0x2, 0x5, 0x90, 0xfffffff5}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}, 0x1, 0x0, 0x0, 0x10}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, 0x0, 0x230c41, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, 0x0, 0x100, 0x0) preadv$auto(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0xfffffffd}, 0x5, 0xc, 0x1) sendfile$auto(r0, r0, 0x0, 0x2) 1m37.820154595s ago: executing program 1 (id=670): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r0, 0x0, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000000)={0x3, 0x3ff, 0x2, 0x1, 0x2, 0xa, 0xffffffffffffffff, [], {0x8, 0x1, 0x1, 0x22b, 0x8000100, 0x581, 0x104, 0x1000006, 0xffffffffffffffff}, {0xbfc7, 0x1, 0x52, 0x8, 0x3, 0x3d, 0x8, 0x7, 0x100000000}}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x64040, 0xc0) fcntl$auto(r1, 0x0, 0xa8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) execve$auto(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=&(0x7f0000000100)='[#-:\x00', &(0x7f00000001c0)=&(0x7f0000000180)=')\x00') mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) ioctl$auto(r2, 0x40104d04, r2) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, 0x0, 0x42000, 0x0) write$auto(0x3, 0x0, 0x8) read$auto(0x3, 0x0, 0x7fffffff) 1m36.253667746s ago: executing program 1 (id=674): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r1, 0x540a, 0x0) socket(0xa, 0x5, 0x0) timer_create$auto(0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) r2 = timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x7) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000000), r2) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) 1m35.165473997s ago: executing program 33 (id=636): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r1, 0x540a, 0x0) socket(0xa, 0x5, 0x0) timer_create$auto(0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) r2 = timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x7) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000000), r2) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) 1m34.800161526s ago: executing program 1 (id=679): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x49, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x1) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x602, 0x8, 0x7, 0x0, 0x7, 0xb, 0x1, {0x3ff, 0x7}, 0xfffffffffffffffa, 0x200000a5, 0xa, 0x13c, 0x0, 0xc3, 0x7, 0x2, 0x5, 0x90, 0xfffffff5}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}, 0x1, 0x0, 0x0, 0x10}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, 0x0, 0x230c41, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, 0x0, 0x100, 0x0) preadv$auto(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0xfffffffd}, 0x5, 0xc, 0x1) sendfile$auto(r0, r0, 0x0, 0x2) 1m34.231431636s ago: executing program 1 (id=681): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/hugepages-8kB/shmem_enabled\x00', 0x1a1842, 0x0) sendfile$auto(r0, r0, 0x0, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r1, 0x0, 0x8000) pwrite64$auto(r1, &(0x7f0000000040)='/dev/net/tun\x00', 0x2, 0x1000000002) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x4a083, 0x0) ioctl$auto_BLKRRPART(r2, 0x125f, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) prctl$auto(0x34, 0x17, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x42, 0x0) socket(0xa, 0x5, 0x84) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x4) prctl$auto_PR_SYS_DISPATCH_ON(0x2, 0x1, 0x0, 0x400, 0x2) write$auto(0x3, 0x0, 0xfdf3) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0xffffffff, 0x3, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d", @raw=0x9}, 0x400005, 0x25, 0x4, @raw=0x6, @integer={0xe7, 0x0, 0x81}, "7a9fc199a16a2311eacf2fc7ae1d8778dc610400000001000f00000000b6debe0eda71bdb5adb17884a16f7ce8c57c0eb327ac702b8d7c2d00"}) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003180), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20004050}, 0x4000084) lstat$auto(0x0, &(0x7f0000000180)={0x5, 0x1f, 0x9, 0x62, 0x0, 0x0, 0x0, 0xffc, 0x2, 0x80000000400000a, 0xfffffffffffffffd, 0x9, 0x9, 0xffffffff80000000, 0x11, 0x20000000001, 0x7}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 1m33.652653781s ago: executing program 1 (id=685): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r0, 0x0, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000000)={0x3, 0x3ff, 0x2, 0x1, 0x2, 0xa, 0xffffffffffffffff, [], {0x8, 0x1, 0x1, 0x22b, 0x8000100, 0x581, 0x104, 0x1000006, 0xffffffffffffffff}, {0xbfc7, 0x1, 0x52, 0x8, 0x3, 0x3d, 0x8, 0x7, 0x100000000}}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x64040, 0xc0) fcntl$auto(r1, 0x0, 0xa8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) execve$auto(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=&(0x7f0000000100)='[#-:\x00', &(0x7f00000001c0)=&(0x7f0000000180)=')\x00') mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) ioctl$auto(r2, 0x40104d04, r2) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, 0x0, 0x42000, 0x0) write$auto(0x3, 0x0, 0x8) read$auto(0x3, 0x0, 0x7fffffff) 1m18.505085479s ago: executing program 34 (id=685): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r0, 0x0, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000000)={0x3, 0x3ff, 0x2, 0x1, 0x2, 0xa, 0xffffffffffffffff, [], {0x8, 0x1, 0x1, 0x22b, 0x8000100, 0x581, 0x104, 0x1000006, 0xffffffffffffffff}, {0xbfc7, 0x1, 0x52, 0x8, 0x3, 0x3d, 0x8, 0x7, 0x100000000}}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x64040, 0xc0) fcntl$auto(r1, 0x0, 0xa8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) execve$auto(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=&(0x7f0000000100)='[#-:\x00', &(0x7f00000001c0)=&(0x7f0000000180)=')\x00') mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) ioctl$auto(r2, 0x40104d04, r2) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, 0x0, 0x42000, 0x0) write$auto(0x3, 0x0, 0x8) read$auto(0x3, 0x0, 0x7fffffff) 1m9.93739318s ago: executing program 5 (id=728): mmap$auto(0x0, 0x400008, 0xdf, 0xfffffffffffffc10, 0xffffffffffffffff, 0x800008000) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r1 = fcntl$auto(r0, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cpu.pressure\x00', 0x183142, 0x0) sendfile$auto(r1, r2, 0x0, 0xc01) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0) ioctl$auto_BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x80489439, &(0x7f0000000f80)=[{0x3ff, 0x2, 0x8000000000000000}, {0x5, 0x5, 0x2}, {0xa6, 0x1, 0x2}]) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0x5) unshare$auto(0x40000080) mmap$auto(0x3, 0x9, 0x7, 0xeb1, 0x404, 0x10008000) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000840)="5142651f911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb12dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee7fa7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d55745eff6aa689e859dcaeff39bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54de46e25986315b30956face49e26e8dcbcc9e1363627a9f38a2ee8304307dab4013d77f4c337551e2a6ac230788513cdd15e734263e4973c75757d9809c510977adc3be6c5b110597b09c7dad1f54e4506744710b53221e4a7982ac4c59bfae6370258b5af7864a4ca680addd736e35da579cc0e975e6cdefa3d082c8b4b10b205278c5e60507f5bf17a3c822a6e70e087df68022c1315cf499750e86ea1e060e63ebf63973eebe34ba6e687eda5ef020b61896a187842d219b2b9787be7910fc5180b277f2b00d760629816aa6a7240d7b1984158107eab929d79d6264611d404f2331eda49fe426edc34793dd3252aa54eb44544774d060269913cfcb105f55836eb6702c6034a3fe98bc9678850e54903d3", 0xdd4) write$auto(0x3, 0x0, 0xfffffdef) 1m6.645638639s ago: executing program 5 (id=730): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) fchdir$auto(0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) pread64$auto(r1, 0x0, 0x800003, 0x270) mlockall$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x5, 0x109) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x89\xe8^\x98#\x86\x92\x86w\xa1\x05\x9b\xad}yX\xc5\xc0\x1c\xd1\xd9\x9e\x91\b\xfc=\x18\xf9E\b\xa3Rgu\xf5L\x1d\xf8\ny', 0x401) shmget$auto(0x100000000, 0x3, 0x79e56dc9) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) shmget$auto(0x5, 0x7, 0x35fa256d) 1m3.129675086s ago: executing program 5 (id=734): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)="7f07d3") mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0x4a64c0, 0x0) setsockopt$auto(r3, 0x1000, 0x6, &(0x7f0000000080)='/dev/kvm\x00', 0x7fff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/fs/ext4/sda1/reserved_clusters\x00', 0x2101, 0x0) write$auto_ocfs2_control_fops_stack_user(r4, 0x0, 0x0) setregid$auto(0xffffffffffffffff, 0x0) ioctl$auto(r0, 0xae41, r2) r5 = epoll_create$auto(0x5) fremovexattr$auto(r5, &(0x7f0000000000)='&\x00') acct$auto(&(0x7f00000000c0)='/dev/media11\x00') read$auto_v4l2_fops_v4l2_dev(r5, &(0x7f00000001c0)=""/74, 0x4a) 1m2.857586583s ago: executing program 5 (id=735): unshare$auto(0x40000080) r0 = socket(0xa, 0x5, 0x0) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r0, 0x7ffe) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) close_range$auto(0x2, r2, 0x401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) futex$auto(&(0x7f0000000000)=0xf0fe, 0x5, 0x4, 0x0, &(0x7f0000000080)=0x9, 0x5000000) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) poll$auto(&(0x7f0000000180)={r3, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x0) r5 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) ioctl$auto_UBI_IOCDET(r5, 0x40046f41, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2) ioctl$auto_VHOST_SET_LOG_FD2(r3, 0x4004af07, &(0x7f00000003c0)) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0x8, 0xfffffffffffffffa, 0x9, 0xfffffffffffffbff) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/idVendor\x00', 0x80000, 0x0) splice$auto(r6, &(0x7f0000000040)=0x7, r5, &(0x7f0000000080)=0x4, 0x26c4, 0x895) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0xfdd5, 0xd, 0x378, 0x9) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) 1m1.001429156s ago: executing program 5 (id=744): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) r2 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto_F_NOTIFY(r2, 0x402, 0x9000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) mmap$auto(0x2, 0xffffffbffffffffd, 0x4000000000df, 0x1c, r1, 0x300000000000) socket(0x1d, 0x3, 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) 59.008100418s ago: executing program 5 (id=748): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r1, 0x540a, 0x0) timer_create$auto(0x0, 0x0, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) r3 = timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x7) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000000), r3) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) 43.832198914s ago: executing program 35 (id=748): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r1, 0x540a, 0x0) timer_create$auto(0x0, 0x0, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) r3 = timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x7) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000000), r3) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) 14.212476179s ago: executing program 0 (id=853): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) newfstatat$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x5) openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x40, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.0/remove\x00', 0xb01, 0x0) write$auto(r0, &(0x7f0000000100)='9\x00d1L\xff\x15\xba\xa17=w\xc1\xf8\xff\xff\v\xb5^\xa1/\xfb\xaf\xc8\xfc\\\xa9@\xc0\xee\xa2[', 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x17) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'pimreg1\x00'}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4004000) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000240)={0xffffffffffffffff, 0x7ff}) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 12.75074006s ago: executing program 7 (id=857): select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x20b02, 0x0) io_uring_register$auto_IORING_UNREGISTER_FILES(r0, 0x3, &(0x7f0000000080)="193f32b995f0ecb4ddf8cd83baeda5c352a745214ad880cc4c561670de2d13131c656d339507302cd18f379f551569932d17bb17195ecfc677eb23ac801128003ef54e78817f1a", 0x3) sendfile$auto(r0, r0, &(0x7f0000000000)=0x3, 0xad6) settimeofday$auto(&(0x7f00000001c0)={0x7, 0x3}, &(0x7f0000000240)={0x7, 0x3}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) 12.729514638s ago: executing program 0 (id=864): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) newfstatat$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x5) openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x40, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.0/remove\x00', 0xb01, 0x0) write$auto(r0, &(0x7f0000000100)='9\x00d1L\xff\x15\xba\xa17=w\xc1\xf8\xff\xff\v\xb5^\xa1/\xfb\xaf\xc8\xfc\\\xa9@\xc0\xee\xa2[', 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x17) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'pimreg1\x00'}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4004000) mmap$auto(0x0, 0x400008, 0xdf, 0x14, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 12.192932897s ago: executing program 7 (id=860): unshare$auto(0x8) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0xb) madvise$auto(0xfffffffffffffffa, 0x7f, 0x10) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdb7d, {}, [@OVS_DP_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) r4 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r4, 0x65, 0x6, 0xffffffffffffffff, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 11.468586033s ago: executing program 0 (id=862): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r1 = socket(0xa, 0x2, 0x0) cachestat$auto(r1, &(0x7f0000000000)={0x0, 0x7fc}, &(0x7f0000000040)={0x2, 0x0, 0xd6, 0x1, 0x3}, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r2 = socket(0xa, 0x3, 0x3a) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r2, 0x8, 0x0, 0x0) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/027/001\x00', 0x4a901, 0x0) ioctl$auto_USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000001c0)={0x0, 0x5516, 0x0}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r4 = open(0x0, 0x0, 0x408) socket(0x28, 0x1, 0x0) mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x45, 0x0, 0x0) getdents$auto(r4, 0x0, 0x400018) mmap$auto(0x0, 0x4020009, 0xdf, 0x40000eb1, 0x401, 0x8000) clone$auto(0x100000008, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4000006) clone$auto(0x1, 0x1, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x400) r5 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon0\x00', 0x82640, 0x0) readv$auto(r5, &(0x7f0000000380)={0x0, 0x8}, 0x8) 9.913795085s ago: executing program 7 (id=865): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r0, 0x0, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000000)={0x3, 0x3ff, 0x2, 0x1, 0x2, 0xa, 0xffffffffffffffff, [], {0x8, 0x1, 0x1, 0x22b, 0x8000100, 0x581, 0x104, 0x1000006, 0xffffffffffffffff}, {0xbfc7, 0x1, 0x52, 0x8, 0x3, 0x3d, 0x8, 0x7, 0x100000000}}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x64040, 0xc0) fcntl$auto(r1, 0x0, 0xa8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) execve$auto(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=&(0x7f0000000100)='[#-:\x00', &(0x7f00000001c0)=&(0x7f0000000180)=')\x00') mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) ioctl$auto(r2, 0x40104d04, r2) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, 0x0, 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r1, &(0x7f00000002c0)=""/190, 0xbe) write$auto(0x3, 0x0, 0x8) read$auto(0x3, 0x0, 0x7fffffff) 9.351881027s ago: executing program 0 (id=867): r0 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) 8.728577835s ago: executing program 0 (id=869): select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x20b02, 0x0) io_uring_register$auto_IORING_UNREGISTER_FILES(r0, 0x3, &(0x7f0000000080)="193f32b995f0ecb4ddf8cd83baeda5c352a745214ad880cc4c561670de2d13131c656d339507302cd18f379f551569932d17bb17195ecfc677eb23ac801128003ef54e78817f1a", 0x3) sendfile$auto(r0, r0, &(0x7f0000000000)=0x3, 0xad6) settimeofday$auto(&(0x7f00000001c0)={0x7, 0x3}, &(0x7f0000000240)={0x7, 0x3}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) 8.309237854s ago: executing program 7 (id=871): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) newfstatat$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x5) openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x40, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.0/remove\x00', 0xb01, 0x0) write$auto(r0, &(0x7f0000000100)='9\x00d1L\xff\x15\xba\xa17=w\xc1\xf8\xff\xff\v\xb5^\xa1/\xfb\xaf\xc8\xfc\\\xa9@\xc0\xee\xa2[', 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x17) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'pimreg1\x00'}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4004000) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000240)={0xffffffffffffffff, 0x7ff}) mmap$auto(0x0, 0x400008, 0xdf, 0x14, 0x2, 0x8000) socket(0x2, 0x1, 0x106) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 7.730903968s ago: executing program 0 (id=873): select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x20b02, 0x0) io_uring_register$auto_IORING_UNREGISTER_FILES(r0, 0x3, &(0x7f0000000080)="193f32b995f0ecb4ddf8cd83baeda5c352a745214ad880cc4c561670de2d13131c656d339507302cd18f379f551569932d17bb17195ecfc677eb23ac801128003ef54e78817f1a", 0x3) sendfile$auto(r0, r0, &(0x7f0000000000)=0x3, 0xad6) settimeofday$auto(&(0x7f00000001c0)={0x7, 0x3}, &(0x7f0000000240)={0x7, 0x3}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r3 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x0, 0x80000001, r3}, 0x6f4) read$auto(r2, 0x0, 0x20) write$auto(0xffffffffffffffff, 0x0, 0x6) unshare$auto(0x40000080) 7.402109969s ago: executing program 6 (id=874): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a9402, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0), 0x0) process_mrelease$auto(0xffffffffffffffff, 0xa) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) ioctl$auto_BCH_IOCTL_DISK_GET_IDX(r2, 0x4008bc0d, &(0x7f0000000080)={0x8}) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r2, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 7.00215232s ago: executing program 7 (id=875): mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x6, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r1 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x26241, 0x20) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000000)="b68161a86e8da4110338a92ca863a91beaa8558206154cc5fbaf33") ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) listen$auto(0x3, 0x81) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x1, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x7fff, 0x3) 6.636806229s ago: executing program 7 (id=876): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) newfstatat$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x5) openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x40, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.0/remove\x00', 0xb01, 0x0) write$auto(r0, &(0x7f0000000100)='9\x00d1L\xff\x15\xba\xa17=w\xc1\xf8\xff\xff\v\xb5^\xa1/\xfb\xaf\xc8\xfc\\\xa9@\xc0\xee\xa2[', 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x17) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'pimreg1\x00'}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4004000) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000240)={0xffffffffffffffff, 0x7ff}) mmap$auto(0x0, 0x400008, 0xdf, 0x14, 0x2, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 4.578284761s ago: executing program 4 (id=879): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)="7f07d3") mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0x4a64c0, 0x0) setsockopt$auto(r3, 0x1000, 0x6, &(0x7f0000000080)='/dev/kvm\x00', 0x7fff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/fs/ext4/sda1/reserved_clusters\x00', 0x2101, 0x0) write$auto_ocfs2_control_fops_stack_user(r4, &(0x7f0000000000)="6ab449351f80", 0x6) setregid$auto(0xffffffffffffffff, 0x0) ioctl$auto(r0, 0xae41, r2) r5 = epoll_create$auto(0x5) fremovexattr$auto(r5, &(0x7f0000000000)='&\x00') acct$auto(0x0) read$auto_v4l2_fops_v4l2_dev(r5, &(0x7f00000001c0)=""/74, 0x4a) ioctl$auto_KVM_GET_MSRS(r5, 0xc008ae88, 0x0) 4.449073345s ago: executing program 4 (id=880): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x15, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) recvmmsg$auto(r0, 0x0, 0x400, 0x200, &(0x7f0000000380)={0x3, 0x3}) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, 0x0, 0x40, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) setresuid$auto(0x0, 0x0, 0x0) ioctl$auto_BLKALIGNOFF(r1, 0x127a, 0x0) r2 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x2, 0x0) mmap$auto(0xffffffff, 0x8000000400000000, 0x4000000000de, 0xeb1, 0x401, 0x40000008000) ioctl$auto_SNDCTL_SEQ_GETOUTCOUNT(r2, 0x80045104, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) syz_clone(0x80010000, &(0x7f00000008c0)="65b2b2b17639fd35b174c4bd101de0bde7ec8f938a472dc95cbd1742b6f9ac69fb811acd", 0x24, 0x0, &(0x7f00000002c0), &(0x7f0000000b00)="2918758169251555183442853a27ba37074b62633f338d1a7b74c6ff4c91676d9a5e0078ab1db0f30dc404f23fd5820a80ed88704e71ac2c5f3169cb36f22141f45b35a2e04fe71b8618ec46671bf5d28d8d26ce4970c811a8b669c7011c3e9ff8b2109640c07450f5b7b624fde03bb975adc229120a3b8750efcf8a4846f0a7ac6a36f60f348190044854f04b55f429540f9fc390d24df293299b9c4395aed65212fdd9a1597ffcfaf9b3008f77bcc5a393486eb62527560aa974af592514e14d7d34584ee8665cdecbd991fe575d59a4f9c6583a485022f9791b0532d16ecdffdabc91e082640c04c5382fe1aae6484683b91366aafa6e876fbbc7042060bfa86af873f56443d67db514c1cdb4d8b14f96b22dd4683ce4877dc06173474376e79a7b81c20901e86f322be0d272e66e16c14c948266dbaa0e9cba48631863c7aa8e8f797217b42a3d9c019f3a919db8f140bab26c00b5d05032aa38b396305fbfeaa1f6368e7d8c542f4f46ed117c5398e7d5c4b1ac78bfe39181ba7e8114cdf7d9fd3c2f253fa6fd7dc96061eb3d92b8d560c2f203f2e913ef3cdc817974d742e6f19b3f6e0af687d28d8c59c85d12ebe29ed46e1dcc8c02e9fa76d7ab2e9627412426522d9d8272a063ee286dfcb0cae11fca488b386c") brk$auto(0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_GET(0x3400000, 0x2, 0x0, 0x4, 0x100000000) 4.191511971s ago: executing program 6 (id=881): move_pages$auto(0x0, 0x4, &(0x7f0000000200)=0x0, &(0x7f0000000480)=0x6456, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x80002, 0x1) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, 0x0, 0x58) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0xbc6, 0x4, 0xd3) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r1 = socket(0x2, 0x801, 0x106) r2 = socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0xc, 0x0, 0x4) listen$auto(0x3, 0x81) setgroups$auto(0xe32, 0x0) r3 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r3, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x9, 0xfffffffd}, 0x1}, 0x5, 0x20000000) r4 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000280), r3) sendmsg$auto_IPVS_CMD_GET_SERVICE(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r4, 0x200, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000800) waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000080)={@siginfo_0_0={0x4, 0x8, 0x35764a2e, @_sigpoll={0x5}}}, 0x8, 0x0) sendmsg$auto_IPVS_CMD_ZERO(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x20000805) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r2, 0x0, 0x1) getsockopt$auto(r1, 0x11c, 0x1, 0x0, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) sendfile$auto(r5, r5, 0x0, 0x7fffe000) 4.018364717s ago: executing program 6 (id=882): unshare$auto(0x8) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0xb) madvise$auto(0xfffffffffffffffa, 0x7f, 0x10) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdb7d, {}, [@OVS_DP_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) r4 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r4, 0x65, 0x6, 0xffffffffffffffff, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 3.483183041s ago: executing program 4 (id=883): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0xfffffffffffffffa, 0x9, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) mmap$auto(0x2, 0x1, 0x4000000000df, 0x78, r1, 0x300000000000) socket(0x1d, 0x3, 0x1) r3 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r3, 0x0, 0x1) ioctl$auto_IOC_PR_RESERVE(r3, 0x401070c9, &(0x7f0000000040)={0x4, 0xffffff2b, 0x1}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xb, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x3624239c, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) 2.814505823s ago: executing program 6 (id=884): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x600, 0x8, 0x7, 0x0, 0x7, 0x8, 0x5, {0x3ff, 0x7}, 0xfffffffffffffffa, 0xa5, 0xa, 0x13c, 0x0, 0xc3, 0x1000, 0x800000000000007, 0x1, 0x90, 0xfffffff5}) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3}, 0x6a) write$auto(r1, 0x0, 0x100000a3d9) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r4 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)=ANY=[@ANYBLOB="00020000", @ANYRES16=r4, @ANYBLOB="010031bd7000fddbdf250c000000"], 0x14}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) setsockopt$auto_SO_WIFI_STATUS(0xffffffffffffffff, 0x4, 0x29, 0x0, 0x40) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) 1.506639331s ago: executing program 4 (id=885): mmap$auto(0x100000000000, 0x2000b, 0xdd, 0xeb1, 0xffffffffffffffff, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0xffff}, 0x5, 0x20000043) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x7, 0xd, 0x0) fcntl$auto(0x3, 0x4, 0xa553) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) read$auto(0x3, 0x0, 0x8080) shutdown$auto(0x200000003, 0x2) r1 = bpf$auto(0x0, 0x0, 0x6f3) socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) syz_genetlink_get_family_id$auto_ioam6(0x0, r1) unshare$auto(0x40000080) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r2, 0x0, 0x40) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty58\x00', 0x800, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'macsec0\x00', 0x0}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="20002abd7000fedbdf250500000008000500050000000500060008000000740001800800030007000000080003000600", @ANYBLOB="140002006e7230000000000000000000000000001b00020073797a5f74756e000000000000000000080001", @ANYRES32=r4, @ANYBLOB="1400020069705f7674693000000000000000000014000200766574683000000000000000000000000500070004000000050002000c000000000007000d000000"], 0xb0}, 0x1, 0x0, 0x0, 0x4000005}, 0x4000) 1.501507369s ago: executing program 6 (id=893): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/virtual/tty/ptmx/uevent\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/4096, 0x1000) r1 = socket(0x29, 0x4, 0x84) mmap$auto(0x7f, 0x4020009, 0x6, 0xeb1, r1, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x268243, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x169780, 0x0) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r3, 0x40186f40, &(0x7f0000000000)={0x1f, 0x0, 0x202, 0x9, 0x1}) ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c06, 0x0) getsockopt$auto(r1, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/loop15/queue/minimum_io_size\x00', 0x40480, 0x0) read$auto(r5, 0x0, 0x10001) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/run_estimation\x00', 0x88042, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r6, 0x0, 0x500) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyy9\x00', 0x149a00, 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r8 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r7, 0x541c, r8) fanotify_init$auto(0x5, 0x12) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30988099a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, 0x0) 645.167768ms ago: executing program 6 (id=886): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x49, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x1) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x602, 0x8, 0x7, 0x0, 0x7, 0xb, 0x1, {0x3ff, 0x7}, 0xfffffffffffffffa, 0x200000a5, 0xa, 0x13c, 0x0, 0xc3, 0x7, 0x2, 0x5, 0x90, 0xfffffff5}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) fsopen$auto(0x0, 0x1) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r0, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, 0x0, 0x230c41, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, 0x0, 0x100, 0x0) preadv$auto(r0, &(0x7f00000001c0)={0x0, 0xfffffffd}, 0x5, 0xc, 0x1) sendfile$auto(r1, r1, 0x0, 0x2) 608.959949ms ago: executing program 4 (id=887): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/kernel/soft_watchdog\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) readv$auto(0x3, &(0x7f0000003080)={0x0, 0x4}, 0x9) r1 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) read$auto(0x3, 0x0, 0x7fffffff) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x810c00, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f00000000c0)={0xfffffff7, "d01862fe819e604d4e68badb85f86d195c2182760db15e9e566832bae4a502d1", @inferred=r1}) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r3, 0x4, 0x8000040006) ptrace$auto_PTRACE_GETSIGMASK(0x420a, r3, 0x1, 0x9) semtimedop$auto(0x2, 0x0, 0xa2, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x902, 0x0) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/003/001\x00', 0x8001, 0x0) ioctl$auto_USBDEVFS_RELEASE_PORT(r4, 0x80045519, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000004840), 0xffffffffffffffff) 0s ago: executing program 4 (id=888): mmap$auto(0x100000000, 0x2000d, 0x1, 0xeb1, 0xffffffffffffffff, 0x100000000) sysfs$auto(0x2, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) semget$auto(0x0, 0x13c, 0x1ff) recvmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5, 0x0, 0x9, 0x0, 0x800000000005, 0x7ffffffd}, 0x8}, 0x3, 0x1, 0x0) semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r0, 0x80045105, 0x0) socket(0xec76ec07a7dca0b6, 0xa, 0x9) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) r2 = ioctl$auto_TUNSETDEBUG(0xffffffffffffffff, 0x400454c9, &(0x7f0000000180)=0x10) write$auto_dev_fops_plock(r2, &(0x7f0000000200)="ea579eafbef6a78ace20c66c3ed28a307811ba5a77e0d6f20eee070874ce267321ef2da8ccef77a2a57912658cfac38b23199ba898ef2c29ea039494e108e23fc3d3de801c6cdb8c585be1ec026d327ad05a0c7812805bb6d050f902f2e77e549ec276c282a2bb8c2847f2e7105018d493a4a1dc", 0x74) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x16, 0x21, 0x6, 0xfffffffffffffffe, 0x5) sendfile$auto(r3, r1, 0x0, 0x1fff5) close_range$auto(0x2, 0x8, 0x0) semctl$auto_GETNCNT(0x0, 0x4, 0xe, 0x4) io_uring_setup$auto(0x4bf15e08, 0x0) bpf$auto(0x12, &(0x7f0000000040)=@enable_stats={0x1}, 0x26) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) unshare$auto(0x40000080) kernel console output (not intermixed with test programs): binder: 6229:6231 ioctl 4018620d 9 returned -22 [ 125.970074][ T6259] netlink: 28 bytes leftover after parsing attributes in process `syz.1.65'. [ 126.032209][ T6259] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.089433][ T6259] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.226960][ T6259] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.252583][ T6259] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 129.570771][ T6305] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 129.665526][ T6305] vivid-007: ================= START STATUS ================= [ 129.705949][ T6305] vivid-007: Generate PTS: true [ 129.738437][ T6305] vivid-007: Generate SCR: true [ 129.765913][ T6305] tpg source WxH: 320x240 (Y'CbCr) [ 129.781685][ T6305] tpg field: 1 [ 129.808458][ T6305] tpg crop: (0,0)/320x240 [ 129.813593][ T6305] tpg compose: (0,0)/320x240 [ 129.818401][ T6305] tpg colorspace: 8 [ 129.822971][ T6305] tpg transfer function: 0/0 [ 129.829694][ T6305] tpg Y'CbCr encoding: 0/0 [ 129.834350][ T6305] tpg quantization: 0/0 [ 129.879790][ T6305] tpg RGB range: 0/2 [ 129.884679][ T6305] vivid-007: ================== END STATUS ================== [ 129.939859][ T6305] FAULT_INJECTION: forcing a failure. [ 129.939859][ T6305] name failslab, interval 1, probability 0, space 0, times 1 [ 129.956751][ T6305] CPU: 1 UID: 0 PID: 6305 Comm: syz.1.70 Not tainted syzkaller #0 PREEMPT(full) [ 129.956797][ T6305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 129.956823][ T6305] Call Trace: [ 129.956833][ T6305] [ 129.956845][ T6305] dump_stack_lvl+0x100/0x190 [ 129.956903][ T6305] should_fail_ex.cold+0x5/0xa [ 129.956941][ T6305] should_failslab+0xc2/0x120 [ 129.956977][ T6305] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 129.957027][ T6305] ? proc_alloc_inode+0x25/0x200 [ 129.957078][ T6305] ? __pfx_proc_alloc_inode+0x10/0x10 [ 129.957124][ T6305] proc_alloc_inode+0x25/0x200 [ 129.957169][ T6305] alloc_inode+0x68/0x250 [ 129.957213][ T6305] new_inode+0x22/0x1c0 [ 129.957260][ T6305] proc_get_inode+0x1d/0x780 [ 129.957411][ T6305] proc_lookup_de+0x236/0x360 [ 129.957489][ T6305] proc_lookup+0xcf/0x110 [ 129.957521][ T6305] proc_root_lookup+0x3b/0x70 [ 129.957585][ T6305] lookup_open.isra.0+0x631/0x11b0 [ 129.957643][ T6305] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 129.957728][ T6305] ? lookup_fast+0x2da/0x600 [ 129.957861][ T6305] path_openat+0xa98/0x31a0 [ 129.957915][ T6305] ? __pfx_path_openat+0x10/0x10 [ 129.957958][ T6305] do_file_open+0x20e/0x430 [ 129.958004][ T6305] ? __pfx_do_file_open+0x10/0x10 [ 129.958085][ T6305] ? alloc_fd+0x476/0x790 [ 129.958123][ T6305] ? do_getname+0x191/0x390 [ 129.958166][ T6305] do_sys_openat2+0x10d/0x1e0 [ 129.958220][ T6305] ? __pfx_do_sys_openat2+0x10/0x10 [ 129.958266][ T6305] ? __sys_sendmsg+0x18f/0x220 [ 129.958319][ T6305] __x64_sys_openat+0x12d/0x210 [ 129.958361][ T6305] ? __pfx___x64_sys_openat+0x10/0x10 [ 129.958419][ T6305] do_syscall_64+0x106/0xf80 [ 129.958462][ T6305] ? clear_bhb_loop+0x40/0x90 [ 129.958501][ T6305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.958534][ T6305] RIP: 0033:0x7f89fdb9c799 [ 129.958579][ T6305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.958613][ T6305] RSP: 002b:00007f89fe9ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 129.958644][ T6305] RAX: ffffffffffffffda RBX: 00007f89fde15fa0 RCX: 00007f89fdb9c799 [ 129.958666][ T6305] RDX: 0000000000020100 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 129.958686][ T6305] RBP: 00007f89fdc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 129.958705][ T6305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.958723][ T6305] R13: 00007f89fde16038 R14: 00007f89fde15fa0 R15: 00007ffd7ee451d8 [ 129.958768][ T6305] [ 130.940816][ T6320] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input5 [ 131.450211][ T6328] Invalid ELF header magic: != ELF [ 133.217157][ T6329] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 133.237293][ T6329] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 133.277154][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 133.404486][ T6329] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 133.421183][ T6329] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 133.428002][ T6329] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 133.441612][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.448930][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.416820][ T6357] Console: switching to colour VGA+ 80x25 [ 135.357219][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 135.441527][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 135.448337][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 135.454819][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 136.072567][ T6383] NFSD: Failed to start, no listeners configured. [ 136.266491][ T6388] Invalid ELF header magic: != ELF [ 139.097311][ T6419] can: request_module (can-proto-0) failed. [ 139.853367][ T6430] netlink: 25 bytes leftover after parsing attributes in process `syz.0.92'. [ 140.438025][ T6427] bridge0: port 3(team0) entered blocking state [ 140.497992][ T6427] bridge0: port 3(team0) entered disabled state [ 140.575650][ T6427] team0: entered allmulticast mode [ 140.648516][ T6427] team_slave_0: entered allmulticast mode [ 140.654449][ T6427] team_slave_1: entered allmulticast mode [ 140.784053][ T6427] team0: entered promiscuous mode [ 140.871691][ T6427] team_slave_0: entered promiscuous mode [ 140.992492][ T6427] team_slave_1: entered promiscuous mode [ 141.101359][ T6427] bridge0: port 3(team0) entered blocking state [ 141.108611][ T6427] bridge0: port 3(team0) entered forwarding state [ 142.644592][ T6459] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 145.564705][ T6483] hub 1-0:1.0: USB hub found [ 145.584358][ T6483] hub 1-0:1.0: 1 port detected [ 145.966071][ T6480] syz.3.101 (6480) used greatest stack depth: 17560 bytes left [ 147.087679][ T6509] zswap: compressor not available [ 147.370398][ T6515] FAULT_INJECTION: forcing a failure. [ 147.370398][ T6515] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 147.467419][ T6515] CPU: 1 UID: 0 PID: 6515 Comm: syz.1.107 Not tainted syzkaller #0 PREEMPT(full) [ 147.467444][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 147.467454][ T6515] Call Trace: [ 147.467461][ T6515] [ 147.467468][ T6515] dump_stack_lvl+0x100/0x190 [ 147.467498][ T6515] should_fail_ex.cold+0x5/0xa [ 147.467514][ T6515] ? prepare_alloc_pages+0x16d/0x5f0 [ 147.467533][ T6515] should_fail_alloc_page+0xeb/0x140 [ 147.467550][ T6515] prepare_alloc_pages+0x1f0/0x5f0 [ 147.467578][ T6515] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 147.467604][ T6515] ? rcu_is_watching+0x12/0xc0 [ 147.467657][ T6515] ? rcu_is_watching+0x12/0xc0 [ 147.467694][ T6515] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 147.467732][ T6515] ? __mod_zone_page_state+0xe2/0x190 [ 147.467769][ T6515] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 147.467810][ T6515] ? lru_gen_add_folio+0x20f/0x13e0 [ 147.467860][ T6515] ? folios_put_refs+0x66d/0x840 [ 147.467910][ T6515] ? __pfx_folios_put_refs+0x10/0x10 [ 147.467960][ T6515] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 147.468011][ T6515] ? policy_nodemask+0xed/0x4f0 [ 147.468046][ T6515] alloc_pages_mpol+0x1fb/0x550 [ 147.468078][ T6515] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 147.468122][ T6515] folio_alloc_mpol_noprof+0x36/0x340 [ 147.468161][ T6515] shmem_alloc_folio+0x135/0x160 [ 147.468200][ T6515] shmem_alloc_and_add_folio+0x371/0xd40 [ 147.468254][ T6515] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 147.468304][ T6515] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 147.468360][ T6515] shmem_get_folio_gfp+0x6ab/0x1900 [ 147.468410][ T6515] ? find_held_lock+0x2b/0x80 [ 147.468441][ T6515] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 147.468488][ T6515] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 147.468528][ T6515] ? lockdep_hardirqs_on+0x78/0x100 [ 147.468583][ T6515] shmem_fault+0x1f9/0xa20 [ 147.468631][ T6515] ? __lock_acquire+0x4a5/0x2630 [ 147.468671][ T6515] ? __pfx_shmem_fault+0x10/0x10 [ 147.468719][ T6515] ? __up_read+0x2c5/0x700 [ 147.468776][ T6515] ? __pfx_filemap_map_pages+0x10/0x10 [ 147.468820][ T6515] __do_fault+0x10d/0x550 [ 147.468854][ T6515] ? __pfx_filemap_map_pages+0x10/0x10 [ 147.468897][ T6515] do_fault+0x2db/0x1990 [ 147.468939][ T6515] __handle_mm_fault+0x180f/0x2b60 [ 147.468990][ T6515] ? __pfx___handle_mm_fault+0x10/0x10 [ 147.469033][ T6515] ? pte_offset_map_lock+0x174/0x320 [ 147.469063][ T6515] ? find_held_lock+0x2b/0x80 [ 147.469104][ T6515] ? follow_page_pte+0x5b3/0x1400 [ 147.469145][ T6515] handle_mm_fault+0x36d/0xa20 [ 147.469193][ T6515] __get_user_pages+0xf9c/0x34d0 [ 147.469238][ T6515] ? down_read_killable+0x30e/0x4c0 [ 147.469287][ T6515] ? __pfx___get_user_pages+0x10/0x10 [ 147.469333][ T6515] faultin_page_range+0x1f1/0x9e0 [ 147.469377][ T6515] madvise_do_behavior+0x354/0x510 [ 147.469417][ T6515] ? __pfx_madvise_do_behavior+0x10/0x10 [ 147.469476][ T6515] do_madvise+0x195/0x240 [ 147.469519][ T6515] ? __pfx_do_madvise+0x10/0x10 [ 147.469557][ T6515] ? do_futex+0x192/0x350 [ 147.469643][ T6515] __x64_sys_madvise+0xa9/0x110 [ 147.469680][ T6515] ? lockdep_hardirqs_on+0x78/0x100 [ 147.469720][ T6515] do_syscall_64+0x106/0xf80 [ 147.469759][ T6515] ? clear_bhb_loop+0x40/0x90 [ 147.469796][ T6515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.469827][ T6515] RIP: 0033:0x7f89fdb9c799 [ 147.469855][ T6515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.469884][ T6515] RSP: 002b:00007f89fe9a9028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 147.469914][ T6515] RAX: ffffffffffffffda RBX: 00007f89fde16090 RCX: 00007f89fdb9c799 [ 147.469933][ T6515] RDX: 0000000000000017 RSI: 000000000000ca3d RDI: 0000000000000000 [ 147.469951][ T6515] RBP: 00007f89fdc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 147.469969][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.469986][ T6515] R13: 00007f89fde16128 R14: 00007f89fde16090 R15: 00007ffd7ee451d8 [ 147.470026][ T6515] [ 148.845630][ T6521] ovs_: entered promiscuous mode [ 149.322966][ T5832] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 150.478421][ T6548] bridge0: port 3(team0) entered blocking state [ 150.500246][ T6548] bridge0: port 3(team0) entered disabled state [ 150.507111][ T6548] team0: entered allmulticast mode [ 150.600156][ T6548] team_slave_0: entered allmulticast mode [ 150.606239][ T6548] team_slave_1: entered allmulticast mode [ 150.702263][ T6548] team0: entered promiscuous mode [ 150.707555][ T6548] team_slave_0: entered promiscuous mode [ 150.740685][ T6548] team_slave_1: entered promiscuous mode [ 150.751542][ T6548] bridge0: port 3(team0) entered blocking state [ 150.758303][ T6548] bridge0: port 3(team0) entered forwarding state [ 152.255818][ T6562] smpboot: CPU 1 is now offline [ 152.773233][ T6568] FAULT_INJECTION: forcing a failure. [ 152.773233][ T6568] name failslab, interval 1, probability 0, space 0, times 0 [ 152.843360][ T6568] CPU: 0 UID: 0 PID: 6568 Comm: syz.3.118 Not tainted syzkaller #0 PREEMPT(full) [ 152.843390][ T6568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 152.843402][ T6568] Call Trace: [ 152.843407][ T6568] [ 152.843414][ T6568] dump_stack_lvl+0x100/0x190 [ 152.843449][ T6568] should_fail_ex.cold+0x5/0xa [ 152.843471][ T6568] should_failslab+0xc2/0x120 [ 152.843490][ T6568] __kmalloc_cache_noprof+0x7a/0x6f0 [ 152.843511][ T6568] ? tipc_sub_subscribe+0x15c/0x730 [ 152.843536][ T6568] ? find_held_lock+0x2b/0x80 [ 152.843554][ T6568] tipc_sub_subscribe+0x15c/0x730 [ 152.843579][ T6568] tipc_conn_rcv_sub+0x21e/0x3d0 [ 152.843600][ T6568] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 152.843620][ T6568] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 152.843640][ T6568] ? net_generic+0xea/0x2a0 [ 152.843662][ T6568] tipc_group_create+0x4ab/0x660 [ 152.843684][ T6568] tipc_setsockopt+0x611/0xe30 [ 152.843708][ T6568] ? __pfx_tipc_setsockopt+0x10/0x10 [ 152.843748][ T6568] ? __pfx_tipc_setsockopt+0x10/0x10 [ 152.843775][ T6568] do_sock_setsockopt+0xf3/0x1d0 [ 152.843815][ T6568] __sys_setsockopt+0x119/0x190 [ 152.843845][ T6568] __x64_sys_setsockopt+0xbd/0x160 [ 152.843865][ T6568] ? do_syscall_64+0x95/0xf80 [ 152.843890][ T6568] ? lockdep_hardirqs_on+0x78/0x100 [ 152.843912][ T6568] do_syscall_64+0x106/0xf80 [ 152.843935][ T6568] ? clear_bhb_loop+0x40/0x90 [ 152.843953][ T6568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.843969][ T6568] RIP: 0033:0x7f6c6df9c799 [ 152.843983][ T6568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.843998][ T6568] RSP: 002b:00007f6c6ee09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 152.844014][ T6568] RAX: ffffffffffffffda RBX: 00007f6c6e215fa0 RCX: 00007f6c6df9c799 [ 152.844023][ T6568] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 152.844032][ T6568] RBP: 00007f6c6e032c99 R08: 0000000000000014 R09: 0000000000000000 [ 152.844040][ T6568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.844048][ T6568] R13: 00007f6c6e216038 R14: 00007f6c6e215fa0 R15: 00007fff31a1e378 [ 152.844071][ T6568] [ 152.847669][ T6568] tipc: Subscription rejected, no memory [ 153.791439][ T12] netdevsim netdevsim100 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.138264][ T6584] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(8.16.0), cmd(12) [ 155.100245][ T6593] Invalid ELF header magic: != ELF [ 156.940359][ T6618] futex_wake_op: syz.2.127 tries to shift op by -2048; fix this program [ 157.000700][ T6618] futex_wake_op: syz.2.127 tries to shift op by -2048; fix this program [ 157.064174][ T6622] 0x000000000001-0x000000020000 : "" [ 157.308724][ T6622] ftl_cs: FTL header corrupt! [ 159.773794][ T6655] bond0: invalid ARP target specified [ 159.867493][ T6655] netlink: 28 bytes leftover after parsing attributes in process `syz.0.134'. [ 159.929686][ T6655] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.032980][ T6655] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.078449][ T6655] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.110330][ T6655] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.815406][ T6677] capability: warning: `syz.3.138' uses 32-bit capabilities (legacy support in use) [ 161.397518][ T6683] FAULT_INJECTION: forcing a failure. [ 161.397518][ T6683] name failslab, interval 1, probability 0, space 0, times 0 [ 161.452941][ T6683] CPU: 0 UID: 0 PID: 6683 Comm: syz.2.140 Not tainted syzkaller #0 PREEMPT(full) [ 161.452971][ T6683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 161.452983][ T6683] Call Trace: [ 161.452990][ T6683] [ 161.452998][ T6683] dump_stack_lvl+0x100/0x190 [ 161.453033][ T6683] should_fail_ex.cold+0x5/0xa [ 161.453056][ T6683] ? memcg_list_lru_alloc+0x4ec/0x740 [ 161.453081][ T6683] should_failslab+0xc2/0x120 [ 161.453099][ T6683] __kmalloc_noprof+0xe0/0x850 [ 161.453126][ T6683] ? path_openat+0xf95/0x31a0 [ 161.453147][ T6683] memcg_list_lru_alloc+0x4ec/0x740 [ 161.453178][ T6683] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 161.453203][ T6683] ? rcu_read_unlock+0x17/0x60 [ 161.453226][ T6683] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 161.453253][ T6683] __memcg_slab_post_alloc_hook+0x130/0x990 [ 161.453277][ T6683] ? kasan_save_track+0x14/0x30 [ 161.453305][ T6683] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 161.453331][ T6683] ? alloc_inode+0x183/0x250 [ 161.453370][ T6683] alloc_inode+0x183/0x250 [ 161.453393][ T6683] path_from_stashed+0x25b/0x750 [ 161.453411][ T6683] ? do_raw_spin_unlock+0x145/0x1e0 [ 161.453441][ T6683] ns_get_path+0x60/0x80 [ 161.453459][ T6683] proc_ns_get_link+0x121/0x230 [ 161.453486][ T6683] ? __pfx_proc_ns_get_link+0x10/0x10 [ 161.453522][ T6683] ? atime_needs_update+0x8b/0x6b0 [ 161.453549][ T6683] pick_link+0xd17/0x13c0 [ 161.453574][ T6683] ? __pfx_proc_ns_get_link+0x10/0x10 [ 161.453600][ T6683] step_into_slowpath+0x9ba/0xf90 [ 161.453650][ T6683] ? __pfx_step_into_slowpath+0x10/0x10 [ 161.453673][ T6683] ? find_held_lock+0x2b/0x80 [ 161.453696][ T6683] path_openat+0xf95/0x31a0 [ 161.453720][ T6683] ? __pfx_path_openat+0x10/0x10 [ 161.453744][ T6683] do_file_open+0x20e/0x430 [ 161.453763][ T6683] ? __pfx_do_file_open+0x10/0x10 [ 161.453795][ T6683] ? alloc_fd+0x476/0x790 [ 161.453813][ T6683] ? do_getname+0x191/0x390 [ 161.453834][ T6683] do_sys_openat2+0x10d/0x1e0 [ 161.453856][ T6683] ? __pfx_do_sys_openat2+0x10/0x10 [ 161.453879][ T6683] ? __fget_files+0x21f/0x3d0 [ 161.453898][ T6683] __x64_sys_openat+0x12d/0x210 [ 161.453921][ T6683] ? __pfx___x64_sys_openat+0x10/0x10 [ 161.453950][ T6683] do_syscall_64+0x106/0xf80 [ 161.453980][ T6683] ? clear_bhb_loop+0x40/0x90 [ 161.454006][ T6683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.454036][ T6683] RIP: 0033:0x7fbbf7b5cfce [ 161.454056][ T6683] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 161.454073][ T6683] RSP: 002b:00007fbbf8a62ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 161.454090][ T6683] RAX: ffffffffffffffda RBX: 00007fbbf8a636c0 RCX: 00007fbbf7b5cfce [ 161.454101][ T6683] RDX: 0000000000000002 RSI: 00007fbbf8a62f90 RDI: ffffffffffffff9c [ 161.454111][ T6683] RBP: 00007fbbf7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 161.454122][ T6683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.454132][ T6683] R13: 00007fbbf7e16038 R14: 00007fbbf7e15fa0 R15: 00007ffc8f93fdf8 [ 161.454155][ T6683] [ 161.840666][ T6669] hub 1-0:1.0: USB hub found [ 161.874389][ T6669] hub 1-0:1.0: 1 port detected [ 166.113498][ T6740] FAULT_INJECTION: forcing a failure. [ 166.113498][ T6740] name failslab, interval 1, probability 0, space 0, times 0 [ 166.143974][ T6729] FAULT_INJECTION: forcing a failure. [ 166.143974][ T6729] name failslab, interval 1, probability 0, space 0, times 0 [ 166.177758][ T6740] CPU: 0 UID: 0 PID: 6740 Comm: syz.1.152 Not tainted syzkaller #0 PREEMPT(full) [ 166.177790][ T6740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 166.177800][ T6740] Call Trace: [ 166.177808][ T6740] [ 166.177815][ T6740] dump_stack_lvl+0x100/0x190 [ 166.177847][ T6740] should_fail_ex.cold+0x5/0xa [ 166.177869][ T6740] should_failslab+0xc2/0x120 [ 166.177886][ T6740] __kmalloc_cache_noprof+0x7a/0x6f0 [ 166.177909][ T6740] ? assoc_array_delete+0x101/0xd10 [ 166.177932][ T6740] ? __lock_acquire+0x4a5/0x2630 [ 166.177956][ T6740] assoc_array_delete+0x101/0xd10 [ 166.177985][ T6740] ? __pfx_assoc_array_delete+0x10/0x10 [ 166.178016][ T6740] ? __pfx_down_write+0x10/0x10 [ 166.178039][ T6740] ? __sys_bind+0x1c7/0x260 [ 166.178071][ T6740] key_unlink+0xbc/0x310 [ 166.178096][ T6740] ? __pfx_key_unlink+0x10/0x10 [ 166.178120][ T6740] ? xfd_validate_state+0x129/0x190 [ 166.178148][ T6740] keyctl_keyring_unlink+0xdc/0x1b0 [ 166.178175][ T6740] __do_sys_keyctl+0x3dd/0x5a0 [ 166.178192][ T6740] do_syscall_64+0x106/0xf80 [ 166.178214][ T6740] ? clear_bhb_loop+0x40/0x90 [ 166.178234][ T6740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.178251][ T6740] RIP: 0033:0x7f89fdb9c799 [ 166.178265][ T6740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.178281][ T6740] RSP: 002b:00007f89fe9ca028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 166.178297][ T6740] RAX: ffffffffffffffda RBX: 00007f89fde15fa0 RCX: 00007f89fdb9c799 [ 166.178307][ T6740] RDX: 7ffffffffffffffb RSI: fffffffffffffffd RDI: 0000000000000009 [ 166.178317][ T6740] RBP: 00007f89fdc32c99 R08: 8000000000000000 R09: 0000000000000000 [ 166.178327][ T6740] R10: 080000000000000b R11: 0000000000000246 R12: 0000000000000000 [ 166.178336][ T6740] R13: 00007f89fde16038 R14: 00007f89fde15fa0 R15: 00007ffd7ee451d8 [ 166.178356][ T6740] [ 166.588212][ T6729] CPU: 0 UID: 0 PID: 6729 Comm: syz.3.149 Not tainted syzkaller #0 PREEMPT(full) [ 166.588239][ T6729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 166.588250][ T6729] Call Trace: [ 166.588257][ T6729] [ 166.588264][ T6729] dump_stack_lvl+0x100/0x190 [ 166.588296][ T6729] should_fail_ex.cold+0x5/0xa [ 166.588317][ T6729] ? memcg_list_lru_alloc+0x4ec/0x740 [ 166.588341][ T6729] should_failslab+0xc2/0x120 [ 166.588359][ T6729] __kmalloc_noprof+0xe0/0x850 [ 166.588385][ T6729] ? ipcget+0xee/0xf50 [ 166.588407][ T6729] memcg_list_lru_alloc+0x4ec/0x740 [ 166.588435][ T6729] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 166.588459][ T6729] ? rcu_read_unlock+0x17/0x60 [ 166.588482][ T6729] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 166.588507][ T6729] __memcg_slab_post_alloc_hook+0x130/0x990 [ 166.588529][ T6729] ? kasan_save_track+0x14/0x30 [ 166.588555][ T6729] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 166.588578][ T6729] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 166.588600][ T6729] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 166.588615][ T6729] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 166.588632][ T6729] alloc_inode+0x68/0x250 [ 166.588656][ T6729] new_inode+0x22/0x1c0 [ 166.588679][ T6729] hugetlbfs_get_inode+0x313/0x750 [ 166.588699][ T6729] hugetlb_file_setup+0x3cc/0x5b0 [ 166.588719][ T6729] newseg+0xabb/0xed0 [ 166.588742][ T6729] ? __pfx_newseg+0x10/0x10 [ 166.588760][ T6729] ? down_write+0x146/0x1f0 [ 166.588784][ T6729] ? ksys_write+0x190/0x250 [ 166.588798][ T6729] ? ksys_write+0x190/0x250 [ 166.588815][ T6729] ipcget+0xee/0xf50 [ 166.588834][ T6729] ? do_futex+0x192/0x350 [ 166.588854][ T6729] ? __pfx_do_futex+0x10/0x10 [ 166.588877][ T6729] ? __pfx_ipcget+0x10/0x10 [ 166.588897][ T6729] ? __x64_sys_futex+0x34f/0x4d0 [ 166.588930][ T6729] ? __x64_sys_futex+0x358/0x4d0 [ 166.588956][ T6729] __x64_sys_shmget+0x13b/0x1b0 [ 166.588977][ T6729] ? __pfx___x64_sys_shmget+0x10/0x10 [ 166.589004][ T6729] do_syscall_64+0x106/0xf80 [ 166.589026][ T6729] ? clear_bhb_loop+0x40/0x90 [ 166.589046][ T6729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.589062][ T6729] RIP: 0033:0x7f6c6df9c799 [ 166.589077][ T6729] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.589092][ T6729] RSP: 002b:00007f6c6ee09028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 166.589108][ T6729] RAX: ffffffffffffffda RBX: 00007f6c6e215fa0 RCX: 00007f6c6df9c799 [ 166.589119][ T6729] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 166.589130][ T6729] RBP: 00007f6c6e032c99 R08: 0000000000000000 R09: 0000000000000000 [ 166.589139][ T6729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.589149][ T6729] R13: 00007f6c6e216038 R14: 00007f6c6e215fa0 R15: 00007fff31a1e378 [ 166.589172][ T6729] [ 170.707420][ T6789] FAULT_INJECTION: forcing a failure. [ 170.707420][ T6789] name failslab, interval 1, probability 0, space 0, times 0 [ 170.831576][ T6789] CPU: 0 UID: 0 PID: 6789 Comm: syz.0.161 Not tainted syzkaller #0 PREEMPT(full) [ 170.831604][ T6789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 170.831616][ T6789] Call Trace: [ 170.831624][ T6789] [ 170.831633][ T6789] dump_stack_lvl+0x100/0x190 [ 170.831667][ T6789] should_fail_ex.cold+0x5/0xa [ 170.831688][ T6789] ? __seq_open_private+0x22/0xd0 [ 170.831712][ T6789] should_failslab+0xc2/0x120 [ 170.831730][ T6789] __kmalloc_noprof+0xe0/0x850 [ 170.831760][ T6789] ? __pfx_stats_fop_open+0x10/0x10 [ 170.831779][ T6789] __seq_open_private+0x22/0xd0 [ 170.831803][ T6789] sc_common_open+0x6b/0x200 [ 170.831825][ T6789] full_proxy_open_regular+0x1b6/0x370 [ 170.831853][ T6789] do_dentry_open+0x6d8/0x1660 [ 170.831870][ T6789] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 170.831899][ T6789] vfs_open+0x82/0x3f0 [ 170.831922][ T6789] path_openat+0x208c/0x31a0 [ 170.831947][ T6789] ? __pfx_path_openat+0x10/0x10 [ 170.831971][ T6789] do_file_open+0x20e/0x430 [ 170.831990][ T6789] ? __pfx_do_file_open+0x10/0x10 [ 170.832054][ T6789] ? alloc_fd+0x476/0x790 [ 170.832074][ T6789] ? do_getname+0x191/0x390 [ 170.832097][ T6789] do_sys_openat2+0x10d/0x1e0 [ 170.832122][ T6789] ? __pfx_do_sys_openat2+0x10/0x10 [ 170.832147][ T6789] ? __fget_files+0x21f/0x3d0 [ 170.832167][ T6789] __x64_sys_openat+0x12d/0x210 [ 170.832199][ T6789] ? __pfx___x64_sys_openat+0x10/0x10 [ 170.832229][ T6789] do_syscall_64+0x106/0xf80 [ 170.832252][ T6789] ? clear_bhb_loop+0x40/0x90 [ 170.832279][ T6789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.832311][ T6789] RIP: 0033:0x7f26ccd9c799 [ 170.832333][ T6789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 170.832350][ T6789] RSP: 002b:00007f26cdb85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 170.832368][ T6789] RAX: ffffffffffffffda RBX: 00007f26cd016090 RCX: 00007f26ccd9c799 [ 170.832379][ T6789] RDX: 0000000000008382 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 170.832398][ T6789] RBP: 00007f26cce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 170.832408][ T6789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.832422][ T6789] R13: 00007f26cd016128 R14: 00007f26cd016090 R15: 00007ffd883b3ed8 [ 170.832446][ T6789] [ 173.979333][ T6832] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 176.084527][ T5832] block nbd0: Receive control failed (result -32) [ 177.361111][ T6876] bridge0: port 4(gretap0) entered blocking state [ 177.439765][ T6876] bridge0: port 4(gretap0) entered disabled state [ 177.499600][ T6876] gretap0: entered allmulticast mode [ 177.547151][ T6876] FAULT_INJECTION: forcing a failure. [ 177.547151][ T6876] name failslab, interval 1, probability 0, space 0, times 0 [ 177.598138][ T6878] Invalid ELF header magic: != ELF [ 177.705885][ T6876] CPU: 0 UID: 0 PID: 6876 Comm: syz.0.179 Not tainted syzkaller #0 PREEMPT(full) [ 177.705909][ T6876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 177.705921][ T6876] Call Trace: [ 177.705927][ T6876] [ 177.705933][ T6876] dump_stack_lvl+0x100/0x190 [ 177.705964][ T6876] should_fail_ex.cold+0x5/0xa [ 177.705985][ T6876] should_failslab+0xc2/0x120 [ 177.706001][ T6876] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 177.706023][ T6876] ? __kernfs_new_node+0xd2/0x960 [ 177.706048][ T6876] __kernfs_new_node+0xd2/0x960 [ 177.706071][ T6876] ? __pfx___kernfs_new_node+0x10/0x10 [ 177.706096][ T6876] ? find_held_lock+0x2b/0x80 [ 177.706112][ T6876] ? kernfs_root+0xee/0x2a0 [ 177.706132][ T6876] ? kernfs_root+0xee/0x2a0 [ 177.706156][ T6876] kernfs_new_node+0x11b/0x1a0 [ 177.706181][ T6876] kernfs_create_link+0xcc/0x240 [ 177.706200][ T6876] sysfs_do_create_link_sd+0x90/0x140 [ 177.706222][ T6876] sysfs_create_link+0x61/0xc0 [ 177.706241][ T6876] __netdev_adjacent_dev_insert+0x43e/0xbf0 [ 177.706265][ T6876] ? __pfx___netdev_adjacent_dev_insert+0x10/0x10 [ 177.706296][ T6876] __netdev_upper_dev_link+0x3d8/0x7e0 [ 177.706316][ T6876] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 177.706331][ T6876] ? kernfs_root+0xf8/0x2a0 [ 177.706353][ T6876] ? kernfs_add_one+0x214/0x850 [ 177.706380][ T6876] netdev_master_upper_dev_link+0x9f/0xd0 [ 177.706396][ T6876] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 177.706413][ T6876] ? lockdep_rtnl_is_held+0x26/0x40 [ 177.706428][ T6876] ? netdev_is_rx_handler_busy+0x83/0x140 [ 177.706452][ T6876] br_add_if+0x9fd/0x1b40 [ 177.706473][ T6876] ? security_capable+0x80/0x260 [ 177.706498][ T6876] add_del_if+0x114/0x160 [ 177.706517][ T6876] br_dev_siocdevprivate+0x8ac/0x1650 [ 177.706537][ T6876] ? __lock_acquire+0x4a5/0x2630 [ 177.706559][ T6876] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 177.706586][ T6876] ? do_raw_spin_lock+0x128/0x260 [ 177.706622][ T6876] ? mark_held_locks+0x40/0x70 [ 177.706646][ T6876] ? netdev_name_node_lookup+0x107/0x150 [ 177.706666][ T6876] ? __mutex_lock+0x26a/0x1b90 [ 177.706692][ T6876] dev_ifsioc+0xc1e/0x1e90 [ 177.706713][ T6876] ? __pfx_dev_ifsioc+0x10/0x10 [ 177.706730][ T6876] ? __pfx___mutex_lock+0x10/0x10 [ 177.706757][ T6876] ? dev_load+0x8e/0x240 [ 177.706772][ T6876] ? dev_load+0x8e/0x240 [ 177.706793][ T6876] dev_ioctl+0x70e/0x1070 [ 177.706813][ T6876] sock_ioctl+0x494/0x6b0 [ 177.706831][ T6876] ? __pfx_sock_ioctl+0x10/0x10 [ 177.706845][ T6876] ? hook_file_ioctl_common+0x146/0x410 [ 177.706866][ T6876] ? __fget_files+0x21f/0x3d0 [ 177.706883][ T6876] ? __pfx_sock_ioctl+0x10/0x10 [ 177.706899][ T6876] __x64_sys_ioctl+0x18e/0x210 [ 177.706922][ T6876] do_syscall_64+0x106/0xf80 [ 177.706941][ T6876] ? clear_bhb_loop+0x40/0x90 [ 177.706959][ T6876] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.706975][ T6876] RIP: 0033:0x7f26ccd9c799 [ 177.706990][ T6876] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.707004][ T6876] RSP: 002b:00007f26cdb85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 177.707022][ T6876] RAX: ffffffffffffffda RBX: 00007f26cd016090 RCX: 00007f26ccd9c799 [ 177.707033][ T6876] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 000000000000000a [ 177.707043][ T6876] RBP: 00007f26cce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 177.707053][ T6876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.707063][ T6876] R13: 00007f26cd016128 R14: 00007f26cd016090 R15: 00007ffd883b3ed8 [ 177.707084][ T6876] [ 178.835452][ T6876] gretap0: left allmulticast mode [ 186.555542][ T6966] FAULT_INJECTION: forcing a failure. [ 186.555542][ T6966] name failslab, interval 1, probability 0, space 0, times 0 [ 186.609755][ T6958] hub 1-0:1.0: USB hub found [ 186.675882][ T6966] CPU: 0 UID: 0 PID: 6966 Comm: syz.1.195 Not tainted syzkaller #0 PREEMPT(full) [ 186.675913][ T6966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 186.675924][ T6966] Call Trace: [ 186.675930][ T6966] [ 186.675937][ T6966] dump_stack_lvl+0x100/0x190 [ 186.675969][ T6966] should_fail_ex.cold+0x5/0xa [ 186.675992][ T6966] should_failslab+0xc2/0x120 [ 186.676010][ T6966] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 186.676046][ T6966] ? __kernfs_new_node+0xd2/0x960 [ 186.676079][ T6966] __kernfs_new_node+0xd2/0x960 [ 186.676101][ T6966] ? kernfs_add_one+0x583/0x850 [ 186.676129][ T6966] ? __pfx___kernfs_new_node+0x10/0x10 [ 186.676157][ T6966] ? find_held_lock+0x2b/0x80 [ 186.676172][ T6966] ? kernfs_root+0xee/0x2a0 [ 186.676192][ T6966] ? kernfs_root+0xee/0x2a0 [ 186.676218][ T6966] kernfs_new_node+0x11b/0x1a0 [ 186.676245][ T6966] kernfs_create_dir_ns+0x4c/0x1a0 [ 186.676271][ T6966] internal_create_group+0x36f/0xf40 [ 186.676298][ T6966] ? __pfx_internal_create_group+0x10/0x10 [ 186.676321][ T6966] ? __pfx_internal_create_group+0x10/0x10 [ 186.676346][ T6966] ? __pfx_dev_add_physical_location+0x10/0x10 [ 186.676364][ T6966] ? bus_to_subsys+0x114/0x150 [ 186.676391][ T6966] dpm_sysfs_add+0x80/0x280 [ 186.676410][ T6966] device_add+0x9ef/0x1950 [ 186.676431][ T6966] ? __pfx_device_add+0x10/0x10 [ 186.676448][ T6966] ? lockdep_init_map_type+0x5c/0x250 [ 186.676469][ T6966] ? __init_waitqueue_head+0xca/0x150 [ 186.676497][ T6966] netdev_register_kobject+0x1a9/0x3d0 [ 186.676525][ T6966] register_netdevice+0x12e0/0x2210 [ 186.676550][ T6966] ? idr_alloc+0xdd/0x130 [ 186.676571][ T6966] ? __pfx_register_netdevice+0x10/0x10 [ 186.676592][ T6966] ? net_generic+0xea/0x2a0 [ 186.676620][ T6966] ppp_dev_configure+0x986/0xcb0 [ 186.676647][ T6966] ppp_ioctl+0x985/0x2800 [ 186.676670][ T6966] ? find_held_lock+0x2b/0x80 [ 186.676684][ T6966] ? __pfx_ppp_ioctl+0x10/0x10 [ 186.676709][ T6966] ? __fget_files+0x21f/0x3d0 [ 186.676727][ T6966] ? __pfx_ppp_ioctl+0x10/0x10 [ 186.676748][ T6966] __x64_sys_ioctl+0x18e/0x210 [ 186.676773][ T6966] do_syscall_64+0x106/0xf80 [ 186.676794][ T6966] ? clear_bhb_loop+0x40/0x90 [ 186.676814][ T6966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.676831][ T6966] RIP: 0033:0x7f89fdb9c799 [ 186.676850][ T6966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 186.676865][ T6966] RSP: 002b:00007f89fe9ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 186.676894][ T6966] RAX: ffffffffffffffda RBX: 00007f89fde15fa0 RCX: 00007f89fdb9c799 [ 186.676905][ T6966] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000008 [ 186.676916][ T6966] RBP: 00007f89fdc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 186.676926][ T6966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 186.676936][ T6966] R13: 00007f89fde16038 R14: 00007f89fde15fa0 R15: 00007ffd7ee451d8 [ 186.676958][ T6966] [ 187.651315][ T6958] hub 1-0:1.0: 1 port detected [ 187.657832][ T6971] netlink: 12 bytes leftover after parsing attributes in process `syz.2.197'. [ 187.783823][ T6970] HfR: entered promiscuous mode [ 187.942236][ T6971] HfR: left promiscuous mode [ 192.790818][ T7032] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 194.912992][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.920278][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.073604][ T7042] hub 1-0:1.0: USB hub found [ 196.126405][ T7042] hub 1-0:1.0: 1 port detected [ 201.260146][ T7106] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 202.247858][ T7108] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 204.678989][ T7119] netlink: 330 bytes leftover after parsing attributes in process `syz.1.226'. [ 207.446912][ T7151] FAULT_INJECTION: forcing a failure. [ 207.446912][ T7151] name failslab, interval 1, probability 0, space 0, times 0 [ 207.608453][ T7151] CPU: 0 UID: 0 PID: 7151 Comm: syz.3.233 Not tainted syzkaller #0 PREEMPT(full) [ 207.608490][ T7151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 207.608503][ T7151] Call Trace: [ 207.608510][ T7151] [ 207.608521][ T7151] dump_stack_lvl+0x100/0x190 [ 207.608563][ T7151] should_fail_ex.cold+0x5/0xa [ 207.608585][ T7151] should_failslab+0xc2/0x120 [ 207.608602][ T7151] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 207.608627][ T7151] ? security_inode_alloc+0x3b/0x2c0 [ 207.608643][ T7151] ? lockdep_init_map_type+0x5c/0x250 [ 207.608667][ T7151] security_inode_alloc+0x3b/0x2c0 [ 207.608683][ T7151] inode_init_always_gfp+0xced/0x1040 [ 207.608704][ T7151] alloc_inode+0x8e/0x250 [ 207.608723][ T7151] new_inode+0x22/0x1c0 [ 207.608741][ T7151] ? dput.part.0+0xdd/0x570 [ 207.608762][ T7151] simple_fill_super+0x2d9/0x680 [ 207.608780][ T7151] ? __pfx_nfsd_fill_super+0x10/0x10 [ 207.608798][ T7151] nfsd_fill_super+0x98/0x560 [ 207.608813][ T7151] ? __pfx_set_anon_super_fc+0x10/0x10 [ 207.608836][ T7151] ? __pfx_nfsd_fill_super+0x10/0x10 [ 207.608853][ T7151] get_tree_keyed+0x10e/0x1d0 [ 207.608880][ T7151] vfs_get_tree+0x92/0x320 [ 207.608900][ T7151] path_mount+0x7d0/0x23d0 [ 207.608921][ T7151] ? __pfx_path_mount+0x10/0x10 [ 207.608936][ T7151] ? lockdep_hardirqs_on+0x78/0x100 [ 207.608962][ T7151] ? putname+0xb1/0x110 [ 207.608977][ T7151] ? kmem_cache_free+0x124/0x6a0 [ 207.609003][ T7151] ? __x64_sys_mount+0x293/0x310 [ 207.609019][ T7151] __x64_sys_mount+0x293/0x310 [ 207.609037][ T7151] ? __pfx___x64_sys_mount+0x10/0x10 [ 207.609060][ T7151] do_syscall_64+0x106/0xf80 [ 207.609080][ T7151] ? clear_bhb_loop+0x40/0x90 [ 207.609099][ T7151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.609115][ T7151] RIP: 0033:0x7f6c6df9c799 [ 207.609134][ T7151] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.609149][ T7151] RSP: 002b:00007f6c6ede8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 207.609166][ T7151] RAX: ffffffffffffffda RBX: 00007f6c6e216090 RCX: 00007f6c6df9c799 [ 207.609176][ T7151] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 207.609185][ T7151] RBP: 00007f6c6e032c99 R08: 0000000000000000 R09: 0000000000000000 [ 207.609194][ T7151] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 207.609204][ T7151] R13: 00007f6c6e216128 R14: 00007f6c6e216090 R15: 00007fff31a1e378 [ 207.609226][ T7151] [ 209.905454][ T7171] Invalid ELF header magic: != ELF [ 214.131653][ T7213] Invalid ELF header magic: != ELF [ 214.782659][ T7225] netlink: 4 bytes leftover after parsing attributes in process `syz.1.246'. [ 214.895885][ T7222] netlink: 354 bytes leftover after parsing attributes in process `syz.1.246'. [ 216.283779][ T7245] futex_wake_op: syz.3.249 tries to shift op by -2048; fix this program [ 216.406466][ T7245] futex_wake_op: syz.3.249 tries to shift op by -2048; fix this program [ 216.519915][ T7247] 0x000000000001-0x000000020000 : "" [ 216.837970][ T7247] ftl_cs: FTL header corrupt! [ 218.825221][ T7269] netlink: 'syz.1.254': attribute type 1 has an invalid length. [ 219.069699][ T7271] netlink: 28 bytes leftover after parsing attributes in process `syz.3.255'. [ 219.395201][ T7253] hub 1-0:1.0: USB hub found [ 219.445087][ T7253] hub 1-0:1.0: 1 port detected [ 222.702638][ T7296] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 224.761461][ T5832] Bluetooth: hci3: unexpected event 0x23 length: 127 > 13 [ 227.166318][ T7334] FAULT_INJECTION: forcing a failure. [ 227.166318][ T7334] name failslab, interval 1, probability 0, space 0, times 0 [ 227.410695][ T7334] CPU: 0 UID: 0 PID: 7334 Comm: syz.1.265 Not tainted syzkaller #0 PREEMPT(full) [ 227.410722][ T7334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 227.410734][ T7334] Call Trace: [ 227.410740][ T7334] [ 227.410747][ T7334] dump_stack_lvl+0x100/0x190 [ 227.410781][ T7334] should_fail_ex.cold+0x5/0xa [ 227.410804][ T7334] should_failslab+0xc2/0x120 [ 227.410822][ T7334] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 227.410848][ T7334] ? security_inode_alloc+0x3b/0x2c0 [ 227.410866][ T7334] ? lockdep_init_map_type+0x5c/0x250 [ 227.410891][ T7334] security_inode_alloc+0x3b/0x2c0 [ 227.410908][ T7334] inode_init_always_gfp+0xced/0x1040 [ 227.410931][ T7334] alloc_inode+0x8e/0x250 [ 227.410954][ T7334] new_inode+0x22/0x1c0 [ 227.410973][ T7334] ? dput.part.0+0xdd/0x570 [ 227.411110][ T7334] simple_fill_super+0x2d9/0x680 [ 227.411325][ T7334] ? __pfx_nfsd_fill_super+0x10/0x10 [ 227.411347][ T7334] nfsd_fill_super+0x98/0x560 [ 227.411367][ T7334] ? __pfx_set_anon_super_fc+0x10/0x10 [ 227.411394][ T7334] ? __pfx_nfsd_fill_super+0x10/0x10 [ 227.411413][ T7334] get_tree_keyed+0x10e/0x1d0 [ 227.411437][ T7334] vfs_get_tree+0x92/0x320 [ 227.411457][ T7334] path_mount+0x7d0/0x23d0 [ 227.411478][ T7334] ? __pfx_path_mount+0x10/0x10 [ 227.411494][ T7334] ? lockdep_hardirqs_on+0x78/0x100 [ 227.411525][ T7334] ? putname+0xb1/0x110 [ 227.411540][ T7334] ? kmem_cache_free+0x124/0x6a0 [ 227.411567][ T7334] ? __x64_sys_mount+0x293/0x310 [ 227.411583][ T7334] __x64_sys_mount+0x293/0x310 [ 227.411601][ T7334] ? __pfx___x64_sys_mount+0x10/0x10 [ 227.411625][ T7334] do_syscall_64+0x106/0xf80 [ 227.411645][ T7334] ? clear_bhb_loop+0x40/0x90 [ 227.411665][ T7334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.411689][ T7334] RIP: 0033:0x7f89fdb9c799 [ 227.411733][ T7334] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 227.411750][ T7334] RSP: 002b:00007f89fe9a9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 227.411770][ T7334] RAX: ffffffffffffffda RBX: 00007f89fde16090 RCX: 00007f89fdb9c799 [ 227.411781][ T7334] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 227.411791][ T7334] RBP: 00007f89fdc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 227.411802][ T7334] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 227.411812][ T7334] R13: 00007f89fde16128 R14: 00007f89fde16090 R15: 00007ffd7ee451d8 [ 227.411834][ T7334] [ 230.305658][ T7343] FAULT_INJECTION: forcing a failure. [ 230.305658][ T7343] name failslab, interval 1, probability 0, space 0, times 0 [ 230.383253][ T5832] Bluetooth: hci3: unexpected event 0x17 length: 440 > 6 [ 230.618200][ T7343] CPU: 0 UID: 0 PID: 7343 Comm: syz.3.267 Not tainted syzkaller #0 PREEMPT(full) [ 230.618234][ T7343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 230.618255][ T7343] Call Trace: [ 230.618268][ T7343] [ 230.618281][ T7343] dump_stack_lvl+0x100/0x190 [ 230.618313][ T7343] should_fail_ex.cold+0x5/0xa [ 230.618338][ T7343] should_failslab+0xc2/0x120 [ 230.618360][ T7343] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 230.618389][ T7343] ? __proc_create+0x2cb/0x8c0 [ 230.618426][ T7343] __proc_create+0x2cb/0x8c0 [ 230.618454][ T7343] ? __pfx___proc_create+0x10/0x10 [ 230.618477][ T7343] ? proc_register+0x554/0x8a0 [ 230.618496][ T7343] ? _raw_write_unlock+0x28/0x50 [ 230.618521][ T7343] proc_create_reg+0x75/0x170 [ 230.618539][ T7343] proc_create_net_data+0x8e/0x1c0 [ 230.618557][ T7343] ? __pfx_proc_create_net_data+0x10/0x10 [ 230.618574][ T7343] ? __pfx_proc_create_net_data+0x10/0x10 [ 230.618590][ T7343] ? __pfx_uevent_net_rcv+0x10/0x10 [ 230.618610][ T7343] ? __pfx_dev_proc_net_init+0x10/0x10 [ 230.618630][ T7343] dev_proc_net_init+0x5e/0x230 [ 230.618651][ T7343] ops_init+0x1e2/0x5f0 [ 230.618676][ T7343] setup_net+0x118/0x3a0 [ 230.618700][ T7343] ? __pfx_setup_net+0x10/0x10 [ 230.618721][ T7343] ? lockdep_init_map_type+0x5c/0x250 [ 230.618771][ T7343] ? mutex_init_lockep+0x110/0x150 [ 230.618799][ T7343] copy_net_ns+0x46f/0x7c0 [ 230.618828][ T7343] create_new_namespaces+0x3ea/0xac0 [ 230.618853][ T7343] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 230.618874][ T7343] ksys_unshare+0x473/0xad0 [ 230.618897][ T7343] ? __pfx_ksys_unshare+0x10/0x10 [ 230.618926][ T7343] __x64_sys_unshare+0x31/0x40 [ 230.618946][ T7343] do_syscall_64+0x106/0xf80 [ 230.618969][ T7343] ? clear_bhb_loop+0x40/0x90 [ 230.618990][ T7343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.619007][ T7343] RIP: 0033:0x7f6c6df9c799 [ 230.619023][ T7343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 230.619058][ T7343] RSP: 002b:00007f6c6ee09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 230.619076][ T7343] RAX: ffffffffffffffda RBX: 00007f6c6e215fa0 RCX: 00007f6c6df9c799 [ 230.619087][ T7343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 230.619097][ T7343] RBP: 00007f6c6e032c99 R08: 0000000000000000 R09: 0000000000000000 [ 230.619107][ T7343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.619118][ T7343] R13: 00007f6c6e216038 R14: 00007f6c6e215fa0 R15: 00007fff31a1e378 [ 230.619142][ T7343] [ 231.315347][ T7346] netlink: 12 bytes leftover after parsing attributes in process `syz.1.268'. [ 237.214678][ T7409] hub 1-0:1.0: USB hub found [ 237.288483][ T7409] hub 1-0:1.0: 1 port detected [ 238.431459][ T7430] Invalid ELF header magic: != ELF [ 238.734899][ T7429] netlink: 12 bytes leftover after parsing attributes in process `syz.2.285'. [ 244.958974][ T7473] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 245.020778][ T7473] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 245.076106][ T7473] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 245.138394][ T7473] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 246.610723][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 247.098519][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 247.105072][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 247.168725][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 247.922564][ T7499] netlink: 12 bytes leftover after parsing attributes in process `syz.3.299'. [ 249.580107][ T7517] syz.0.301 uses obsolete (PF_INET,SOCK_PACKET) [ 253.455197][ T5832] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 253.881594][ T5827] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 253.891748][ T5827] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 253.915005][ T5827] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 253.915056][ T5827] Bluetooth: hci0: adv larger than maximum supported [ 253.923778][ T5827] Bluetooth: hci0: Unknown advertising packet type: 0x3c [ 253.930589][ T5827] Bluetooth: hci0: Unknown advertising packet type: 0x11 [ 253.942525][ T5827] Bluetooth: hci0: adv larger than maximum supported [ 253.950061][ T5827] Bluetooth: hci0: Malformed LE Event: 0x0d [ 255.304315][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.311'. [ 255.737493][ T5832] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 255.937664][ T7560] FAULT_INJECTION: forcing a failure. [ 255.937664][ T7560] name failslab, interval 1, probability 0, space 0, times 0 [ 256.072713][ T7560] CPU: 0 UID: 0 PID: 7560 Comm: syz.3.312 Not tainted syzkaller #0 PREEMPT(full) [ 256.072743][ T7560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 256.072753][ T7560] Call Trace: [ 256.072762][ T7560] [ 256.072770][ T7560] dump_stack_lvl+0x100/0x190 [ 256.072802][ T7560] should_fail_ex.cold+0x5/0xa [ 256.072827][ T7560] should_failslab+0xc2/0x120 [ 256.072845][ T7560] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 256.072868][ T7560] ? __kernfs_new_node+0xd2/0x960 [ 256.072890][ T7560] ? kstrdup+0xb3/0xe0 [ 256.072915][ T7560] __kernfs_new_node+0xd2/0x960 [ 256.072941][ T7560] ? __pfx___kernfs_new_node+0x10/0x10 [ 256.072968][ T7560] ? find_held_lock+0x2b/0x80 [ 256.072983][ T7560] ? kernfs_root+0xee/0x2a0 [ 256.073003][ T7560] ? kernfs_root+0xee/0x2a0 [ 256.073028][ T7560] kernfs_new_node+0x11b/0x1a0 [ 256.073056][ T7560] __kernfs_create_file+0x53/0x350 [ 256.073077][ T7560] cgroup_addrm_files+0x4d8/0xb90 [ 256.073111][ T7560] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 256.073142][ T7560] ? idr_replace+0xfa/0x170 [ 256.073163][ T7560] ? __pfx_idr_replace+0x10/0x10 [ 256.073186][ T7560] css_populate_dir+0x161/0x590 [ 256.073208][ T7560] cgroup_apply_control_enable+0x40a/0xbd0 [ 256.073242][ T7560] cgroup_mkdir+0x57f/0x1330 [ 256.073270][ T7560] ? __pfx_cgroup_mkdir+0x10/0x10 [ 256.073295][ T7560] kernfs_iop_mkdir+0x111/0x190 [ 256.073317][ T7560] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 256.073341][ T7560] vfs_mkdir+0x361/0x850 [ 256.073367][ T7560] filename_mkdirat+0x48b/0x5e0 [ 256.073393][ T7560] ? __pfx_filename_mkdirat+0x10/0x10 [ 256.073410][ T7560] ? strncpy_from_user+0x19d/0x2d0 [ 256.073430][ T7560] ? do_getname+0x191/0x390 [ 256.073451][ T7560] __x64_sys_mkdir+0x6b/0x90 [ 256.073468][ T7560] do_syscall_64+0x106/0xf80 [ 256.073489][ T7560] ? clear_bhb_loop+0x40/0x90 [ 256.073508][ T7560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.073527][ T7560] RIP: 0033:0x7f6c6df9c799 [ 256.073543][ T7560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 256.073558][ T7560] RSP: 002b:00007f6c6ee09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 256.073575][ T7560] RAX: ffffffffffffffda RBX: 00007f6c6e215fa0 RCX: 00007f6c6df9c799 [ 256.073587][ T7560] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 256.073597][ T7560] RBP: 00007f6c6e032c99 R08: 0000000000000000 R09: 0000000000000000 [ 256.073607][ T7560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.073626][ T7560] R13: 00007f6c6e216038 R14: 00007f6c6e215fa0 R15: 00007fff31a1e378 [ 256.073648][ T7560] [ 257.005025][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.011911][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.997767][ T30] audit: type=1800 audit(1773357629.248:3): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.314" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 258.901650][ T7560] cgroup: cgroup_addrm_files: failed to add usage_all, err=-12 [ 258.964926][ T5832] Bluetooth: hci2: unexpected event 0x18 length: 440 > 23 [ 259.766369][ T7596] kvm: kvm [7591]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2 [ 260.617861][ T7608] netlink: 4 bytes leftover after parsing attributes in process `syz.0.321'. [ 260.722271][ T7611] netlink: 25 bytes leftover after parsing attributes in process `syz.0.321'. [ 261.565682][ T7621] FAULT_INJECTION: forcing a failure. [ 261.565682][ T7621] name failslab, interval 1, probability 0, space 0, times 0 [ 261.684580][ T7621] CPU: 0 UID: 0 PID: 7621 Comm: syz.0.323 Not tainted syzkaller #0 PREEMPT(full) [ 261.684606][ T7621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 261.684615][ T7621] Call Trace: [ 261.684621][ T7621] [ 261.684628][ T7621] dump_stack_lvl+0x100/0x190 [ 261.684656][ T7621] should_fail_ex.cold+0x5/0xa [ 261.684676][ T7621] should_failslab+0xc2/0x120 [ 261.684692][ T7621] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 261.684716][ T7621] ? __d_alloc+0x34/0xa80 [ 261.684732][ T7621] ? lockdep_hardirqs_on+0x78/0x100 [ 261.684753][ T7621] ? ktime_get_coarse_real_ts64_mg+0x249/0x300 [ 261.684779][ T7621] __d_alloc+0x34/0xa80 [ 261.684797][ T7621] d_alloc_pseudo+0x1c/0xc0 [ 261.684818][ T7621] alloc_file_pseudo+0xcf/0x230 [ 261.684838][ T7621] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 261.684856][ T7621] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 261.684884][ T7621] create_pipe_files+0x360/0x970 [ 261.684902][ T7621] do_pipe2+0xbd/0x1e0 [ 261.684917][ T7621] ? __pfx_do_pipe2+0x10/0x10 [ 261.684939][ T7621] __x64_sys_pipe+0x33/0x50 [ 261.684954][ T7621] do_syscall_64+0x106/0xf80 [ 261.684974][ T7621] ? clear_bhb_loop+0x40/0x90 [ 261.684992][ T7621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.685008][ T7621] RIP: 0033:0x7f26ccd9c799 [ 261.685022][ T7621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 261.685036][ T7621] RSP: 002b:00007f26caff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 261.685051][ T7621] RAX: ffffffffffffffda RBX: 00007f26cd016180 RCX: 00007f26ccd9c799 [ 261.685061][ T7621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 261.685069][ T7621] RBP: 00007f26cce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 261.685078][ T7621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 261.685087][ T7621] R13: 00007f26cd016218 R14: 00007f26cd016180 R15: 00007ffd883b3ed8 [ 261.685108][ T7621] [ 271.515427][ T5832] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 273.143944][ T7721] netlink: 330 bytes leftover after parsing attributes in process `syz.3.344'. [ 273.591998][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 273.777361][ T30] audit: type=1804 audit(1773358668.146:4): pid=7733 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.347" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 274.324441][ T7736] can: request_module (can-proto-0) failed. [ 275.666065][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 280.296835][ T7789] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 283.721406][ T7814] netlink: 186 bytes leftover after parsing attributes in process `syz.0.362'. [ 284.672391][ T7832] FAULT_INJECTION: forcing a failure. [ 284.672391][ T7832] name fail_futex, interval 1, probability 0, space 0, times 0 [ 284.798145][ T7832] CPU: 0 UID: 0 PID: 7832 Comm: syz.3.365 Not tainted syzkaller #0 PREEMPT(full) [ 284.798172][ T7832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 284.798182][ T7832] Call Trace: [ 284.798188][ T7832] [ 284.798196][ T7832] dump_stack_lvl+0x100/0x190 [ 284.798225][ T7832] should_fail_ex.cold+0x5/0xa [ 284.798245][ T7832] get_futex_key+0x1d2/0x1620 [ 284.798265][ T7832] ? __pfx_get_futex_key+0x10/0x10 [ 284.798299][ T7832] futex_wait_setup+0x83/0x510 [ 284.798327][ T7832] __futex_wait+0x19f/0x300 [ 284.798351][ T7832] ? __pfx___futex_wait+0x10/0x10 [ 284.798378][ T7832] ? __pfx_futex_wake_mark+0x10/0x10 [ 284.798403][ T7832] ? find_held_lock+0x2b/0x80 [ 284.798417][ T7832] ? futex_wake+0x456/0x530 [ 284.798441][ T7832] futex_wait+0xed/0x380 [ 284.798463][ T7832] ? __pfx_futex_wait+0x10/0x10 [ 284.798489][ T7832] ? putname+0xb1/0x110 [ 284.798504][ T7832] ? kmem_cache_free+0x124/0x6a0 [ 284.798528][ T7832] do_futex+0x1ef/0x350 [ 284.798548][ T7832] ? __pfx_do_futex+0x10/0x10 [ 284.798565][ T7832] ? __pfx_do_sys_openat2+0x10/0x10 [ 284.798585][ T7832] ? __pfx_idempotent_init_module+0x10/0x10 [ 284.798617][ T7832] __x64_sys_futex+0x34f/0x4d0 [ 284.798639][ T7832] ? __x64_sys_openat+0x12d/0x210 [ 284.798662][ T7832] ? __pfx___x64_sys_futex+0x10/0x10 [ 284.798690][ T7832] do_syscall_64+0x106/0xf80 [ 284.798710][ T7832] ? clear_bhb_loop+0x40/0x90 [ 284.798730][ T7832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.798749][ T7832] RIP: 0033:0x7f6c6df9c799 [ 284.798763][ T7832] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 284.798777][ T7832] RSP: 002b:00007f6c6ede80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 284.798792][ T7832] RAX: ffffffffffffffda RBX: 00007f6c6e216098 RCX: 00007f6c6df9c799 [ 284.798802][ T7832] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6c6e216098 [ 284.798811][ T7832] RBP: 00007f6c6e216090 R08: 0000000000000000 R09: 0000000000000000 [ 284.798819][ T7832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.798827][ T7832] R13: 00007f6c6e216128 R14: 00007fff31a1e290 R15: 00007fff31a1e378 [ 284.798846][ T7832] [ 285.563002][ T7834] netlink: 28 bytes leftover after parsing attributes in process `syz.2.366'. [ 285.924260][ T7829] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 285.934563][ T7829] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 285.941436][ T7829] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 285.993870][ T7829] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 286.073319][ T7834] veth1_macvtap: left promiscuous mode [ 287.989216][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 287.995973][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 288.003182][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 288.068918][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 289.939889][ T7851] futex_wake_op: syz.3.368 tries to shift op by -2048; fix this program [ 291.896339][ T7899] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 292.014410][ T7899] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 294.771976][ T7931] Invalid ELF header magic: != ELF [ 294.944138][ T7936] FAULT_INJECTION: forcing a failure. [ 294.944138][ T7936] name failslab, interval 1, probability 0, space 0, times 0 [ 295.252907][ T7928] netlink: 4 bytes leftover after parsing attributes in process `syz.1.381'. [ 295.282728][ T7936] CPU: 0 UID: 0 PID: 7936 Comm: syz.3.380 Not tainted syzkaller #0 PREEMPT(full) [ 295.282752][ T7936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 295.282762][ T7936] Call Trace: [ 295.282767][ T7936] [ 295.282774][ T7936] dump_stack_lvl+0x100/0x190 [ 295.282802][ T7936] should_fail_ex.cold+0x5/0xa [ 295.282821][ T7936] should_failslab+0xc2/0x120 [ 295.282837][ T7936] __kvmalloc_node_noprof+0xfa/0xa00 [ 295.282859][ T7936] ? file_tty_write.isra.0+0x64e/0x890 [ 295.282886][ T7936] file_tty_write.isra.0+0x64e/0x890 [ 295.282906][ T7936] ? security_file_permission+0x76/0x210 [ 295.282926][ T7936] ? rw_verify_area+0xce/0x6d0 [ 295.282958][ T7936] vfs_write+0x6ac/0x1070 [ 295.282982][ T7936] ? __pfx_tty_write+0x10/0x10 [ 295.283004][ T7936] ? __pfx_vfs_write+0x10/0x10 [ 295.283025][ T7936] ? find_held_lock+0x2b/0x80 [ 295.283052][ T7936] ksys_write+0x12a/0x250 [ 295.283065][ T7936] ? __pfx_ksys_write+0x10/0x10 [ 295.283084][ T7936] do_syscall_64+0x106/0xf80 [ 295.283104][ T7936] ? clear_bhb_loop+0x40/0x90 [ 295.283122][ T7936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.283138][ T7936] RIP: 0033:0x7f6c6df9c799 [ 295.283151][ T7936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 295.283164][ T7936] RSP: 002b:00007f6c6edc7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 295.283178][ T7936] RAX: ffffffffffffffda RBX: 00007f6c6e216180 RCX: 00007f6c6df9c799 [ 295.283188][ T7936] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 295.283196][ T7936] RBP: 00007f6c6e032c99 R08: 0000000000000000 R09: 0000000000000000 [ 295.283204][ T7936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.283212][ T7936] R13: 00007f6c6e216218 R14: 00007f6c6e216180 R15: 00007fff31a1e378 [ 295.283232][ T7936] [ 299.906920][ T7979] netlink: 'syz.1.390': attribute type 64 has an invalid length. [ 300.006919][ T7979] netlink: 74 bytes leftover after parsing attributes in process `syz.1.390'. [ 301.338776][ T7991] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 301.432551][ T7991] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 301.509041][ T7991] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 301.542622][ T7991] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 301.897107][ T5827] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 303.308954][ T8009] hub 1-0:1.0: USB hub found [ 303.356733][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 303.436597][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 303.458936][ T8009] hub 1-0:1.0: 1 port detected [ 303.516603][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 303.598367][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 305.046230][ T8033] netlink: 4 bytes leftover after parsing attributes in process `syz.2.401'. [ 305.192195][ T8033] netlink: 354 bytes leftover after parsing attributes in process `syz.2.401'. [ 308.344174][ T8064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.409'. [ 309.528635][ T8074] hub 1-0:1.0: USB hub found [ 309.643098][ T8074] hub 1-0:1.0: 1 port detected [ 309.794556][ T8081] FAULT_INJECTION: forcing a failure. [ 309.794556][ T8081] name failslab, interval 1, probability 0, space 0, times 0 [ 309.915305][ T8081] CPU: 0 UID: 0 PID: 8081 Comm: syz.0.411 Not tainted syzkaller #0 PREEMPT(full) [ 309.915334][ T8081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 309.915344][ T8081] Call Trace: [ 309.915351][ T8081] [ 309.915358][ T8081] dump_stack_lvl+0x100/0x190 [ 309.915392][ T8081] should_fail_ex.cold+0x5/0xa [ 309.915415][ T8081] should_failslab+0xc2/0x120 [ 309.915435][ T8081] __kmalloc_cache_noprof+0x7a/0x6f0 [ 309.915459][ T8081] ? snd_card_file_add+0x52/0x340 [ 309.915480][ T8081] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 309.915500][ T8081] snd_card_file_add+0x52/0x340 [ 309.915519][ T8081] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 309.915541][ T8081] snd_pcm_open+0xf1/0x710 [ 309.915559][ T8081] ? __mutex_unlock_slowpath+0x15c/0x790 [ 309.915584][ T8081] ? __pfx_snd_pcm_open+0x10/0x10 [ 309.915612][ T8081] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 309.915631][ T8081] snd_pcm_capture_open+0x89/0xe0 [ 309.915662][ T8081] snd_open+0x22d/0x4c0 [ 309.915686][ T8081] ? __pfx_snd_open+0x10/0x10 [ 309.915703][ T8081] chrdev_open+0x234/0x6a0 [ 309.915722][ T8081] ? __pfx_apparmor_file_open+0x10/0x10 [ 309.915749][ T8081] ? __pfx_chrdev_open+0x10/0x10 [ 309.915765][ T8081] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 309.915786][ T8081] do_dentry_open+0x6d8/0x1660 [ 309.915811][ T8081] ? __pfx_chrdev_open+0x10/0x10 [ 309.915841][ T8081] vfs_open+0x82/0x3f0 [ 309.915867][ T8081] path_openat+0x208c/0x31a0 [ 309.915892][ T8081] ? __pfx_path_openat+0x10/0x10 [ 309.915917][ T8081] do_file_open+0x20e/0x430 [ 309.915936][ T8081] ? __pfx_do_file_open+0x10/0x10 [ 309.915966][ T8081] ? alloc_fd+0x476/0x790 [ 309.915983][ T8081] ? do_getname+0x191/0x390 [ 309.916003][ T8081] do_sys_openat2+0x10d/0x1e0 [ 309.916022][ T8081] ? __pfx_do_sys_openat2+0x10/0x10 [ 309.916042][ T8081] ? __fget_files+0x21f/0x3d0 [ 309.916059][ T8081] __x64_sys_openat+0x12d/0x210 [ 309.916079][ T8081] ? __pfx___x64_sys_openat+0x10/0x10 [ 309.916116][ T8081] do_syscall_64+0x106/0xf80 [ 309.916143][ T8081] ? clear_bhb_loop+0x40/0x90 [ 309.916164][ T8081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.916190][ T8081] RIP: 0033:0x7f26ccd9c799 [ 309.916206][ T8081] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 309.916222][ T8081] RSP: 002b:00007f26cdb85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 309.916238][ T8081] RAX: ffffffffffffffda RBX: 00007f26cd016090 RCX: 00007f26ccd9c799 [ 309.916248][ T8081] RDX: 0000000000080042 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 309.916258][ T8081] RBP: 00007f26cce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 309.916266][ T8081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.916276][ T8081] R13: 00007f26cd016128 R14: 00007f26cd016090 R15: 00007ffd883b3ed8 [ 309.916296][ T8081] [ 311.884627][ T8101] hub 1-0:1.0: USB hub found [ 311.951561][ T8101] hub 1-0:1.0: 1 port detected [ 312.305775][ T8095] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 312.312719][ T8095] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 312.318819][ T8095] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 312.397323][ T8095] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 312.452448][ T8095] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 313.326554][ T8110] FAULT_INJECTION: forcing a failure. [ 313.326554][ T8110] name failslab, interval 1, probability 0, space 0, times 0 [ 313.450257][ T8110] CPU: 0 UID: 0 PID: 8110 Comm: syz.3.416 Not tainted syzkaller #0 PREEMPT(full) [ 313.450283][ T8110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 313.450294][ T8110] Call Trace: [ 313.450301][ T8110] [ 313.450308][ T8110] dump_stack_lvl+0x100/0x190 [ 313.450342][ T8110] should_fail_ex.cold+0x5/0xa [ 313.450364][ T8110] ? acpi_ns_get_normalized_pathname+0x95/0x250 [ 313.450386][ T8110] should_failslab+0xc2/0x120 [ 313.450405][ T8110] __kmalloc_noprof+0xe0/0x850 [ 313.450436][ T8110] acpi_ns_get_normalized_pathname+0x95/0x250 [ 313.450460][ T8110] acpi_ds_call_control_method+0x5d4/0xab0 [ 313.450489][ T8110] acpi_ps_parse_aml+0xacd/0x1120 [ 313.450511][ T8110] acpi_ps_execute_method+0x5c4/0xe90 [ 313.450535][ T8110] acpi_ns_evaluate+0x640/0x1670 [ 313.450561][ T8110] acpi_evaluate_object+0x420/0xe00 [ 313.450576][ T8110] ? kasan_save_stack+0x30/0x50 [ 313.450599][ T8110] ? kasan_save_track+0x14/0x30 [ 313.450626][ T8110] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 313.450649][ T8110] acpi_evaluate_integer+0xdf/0x220 [ 313.450672][ T8110] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 313.450703][ T8110] ? __pfx_status_show+0x10/0x10 [ 313.450717][ T8110] status_show+0xa0/0x120 [ 313.450732][ T8110] ? __pfx_status_show+0x10/0x10 [ 313.450754][ T8110] dev_attr_show+0x52/0xa0 [ 313.450773][ T8110] ? __pfx_dev_attr_show+0x10/0x10 [ 313.450790][ T8110] sysfs_kf_seq_show+0x217/0x3a0 [ 313.450814][ T8110] seq_read_iter+0x32f/0x1270 [ 313.450848][ T8110] kernfs_fop_read_iter+0x46c/0x610 [ 313.450880][ T8110] ? rw_verify_area+0xce/0x6d0 [ 313.450905][ T8110] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 313.450925][ T8110] vfs_read+0x825/0xb30 [ 313.450953][ T8110] ? __pfx_vfs_read+0x10/0x10 [ 313.450990][ T8110] ksys_read+0x12a/0x250 [ 313.451014][ T8110] ? __pfx_ksys_read+0x10/0x10 [ 313.451043][ T8110] do_syscall_64+0x106/0xf80 [ 313.451066][ T8110] ? clear_bhb_loop+0x40/0x90 [ 313.451086][ T8110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.451103][ T8110] RIP: 0033:0x7f6c6df9c799 [ 313.451118][ T8110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 313.451134][ T8110] RSP: 002b:00007f6c6ee09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 313.451150][ T8110] RAX: ffffffffffffffda RBX: 00007f6c6e215fa0 RCX: 00007f6c6df9c799 [ 313.451161][ T8110] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000008 [ 313.451172][ T8110] RBP: 00007f6c6e032c99 R08: 0000000000000000 R09: 0000000000000000 [ 313.451181][ T8110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.451192][ T8110] R13: 00007f6c6e216038 R14: 00007f6c6e215fa0 R15: 00007fff31a1e378 [ 313.451215][ T8110] [ 313.451245][ T8110] ACPI Error: [ 314.422551][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 314.434574][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 314.440905][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 314.602093][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 315.194269][ T8133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.421'. [ 315.684243][ T8110] Could not allocate 10 bytes (20251212/nsnames-308) [ 316.248635][ T8142] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 316.363093][ T8142] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 316.484803][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 317.083600][ T8152] bridge0: port 3(team0) entered blocking state [ 317.090399][ T8152] bridge0: port 3(team0) entered disabled state [ 317.366093][ T8152] team0: entered allmulticast mode [ 317.624148][ T8152] team_slave_0: entered allmulticast mode [ 317.733751][ T8152] team_slave_1: entered allmulticast mode [ 317.847310][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.854470][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.969777][ T8152] team0: entered promiscuous mode [ 318.085649][ T5832] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 318.207386][ T8152] team_slave_0: entered promiscuous mode [ 318.213497][ T8152] team_slave_1: entered promiscuous mode [ 318.517264][ T8152] bridge0: port 3(team0) entered blocking state [ 318.523762][ T8152] bridge0: port 3(team0) entered forwarding state [ 320.169581][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 320.817904][ T8180] netlink: 12 bytes leftover after parsing attributes in process `syz.1.432'. [ 322.247238][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 322.392557][ T8200] hub 1-0:1.0: USB hub found [ 322.758974][ T8200] hub 1-0:1.0: 1 port detected [ 325.513746][ T8231] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 325.579470][ T8231] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 325.647325][ T8231] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 325.699360][ T8231] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 326.278604][ T5827] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 327.208474][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 327.623434][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 327.689251][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 327.789737][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 328.576911][ T8274] hub 1-0:1.0: USB hub found [ 328.653132][ T8274] hub 1-0:1.0: 1 port detected [ 331.024979][ T8304] netlink: 4 bytes leftover after parsing attributes in process `syz.1.458'. [ 332.500640][ T8321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.461'. [ 333.630801][ T8326] bond0: option slaves: interface -Âô does not exist! [ 334.374161][ T8344] binder: 8340:8344 ioctl c018620c 0 returned -1 [ 336.755930][ T8358] hub 1-0:1.0: USB hub found [ 336.926809][ T8358] hub 1-0:1.0: 1 port detected [ 338.526822][ T8378] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 340.925427][ T8391] snd_virmidi snd_virmidi.0: control 61675:131081:3:yª:0 is already present [ 342.672102][ T5827] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 344.169914][ T8422] netlink: 'syz.3.480': attribute type 23 has an invalid length. [ 345.607028][ T8427] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 349.584358][ T8439] FAULT_INJECTION: forcing a failure. [ 349.584358][ T8439] name failslab, interval 1, probability 0, space 0, times 0 [ 350.043665][ T8439] CPU: 0 UID: 0 PID: 8439 Comm: syz.1.483 Not tainted syzkaller #0 PREEMPT(full) [ 350.043693][ T8439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 350.043706][ T8439] Call Trace: [ 350.043810][ T8439] [ 350.043818][ T8439] dump_stack_lvl+0x100/0x190 [ 350.043880][ T8439] should_fail_ex.cold+0x5/0xa [ 350.043899][ T8439] ? memcg_list_lru_alloc+0x4ec/0x740 [ 350.043933][ T8439] should_failslab+0xc2/0x120 [ 350.043952][ T8439] __kmalloc_noprof+0xe0/0x850 [ 350.043978][ T8439] ? ipcget+0xee/0xf50 [ 350.044039][ T8439] memcg_list_lru_alloc+0x4ec/0x740 [ 350.044069][ T8439] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 350.044093][ T8439] ? rcu_read_unlock+0x17/0x60 [ 350.044117][ T8439] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 350.044143][ T8439] __memcg_slab_post_alloc_hook+0x130/0x990 [ 350.044166][ T8439] ? kasan_save_track+0x14/0x30 [ 350.044192][ T8439] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 350.044215][ T8439] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 350.044237][ T8439] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 350.044253][ T8439] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 350.044270][ T8439] alloc_inode+0x68/0x250 [ 350.044293][ T8439] new_inode+0x22/0x1c0 [ 350.044317][ T8439] hugetlbfs_get_inode+0x313/0x750 [ 350.044337][ T8439] hugetlb_file_setup+0x3cc/0x5b0 [ 350.044357][ T8439] newseg+0xabb/0xed0 [ 350.044409][ T8439] ? __pfx_newseg+0x10/0x10 [ 350.044429][ T8439] ? down_write+0x146/0x1f0 [ 350.044502][ T8439] ? ksys_write+0x190/0x250 [ 350.044524][ T8439] ? ksys_write+0x190/0x250 [ 350.044543][ T8439] ipcget+0xee/0xf50 [ 350.044564][ T8439] ? do_futex+0x192/0x350 [ 350.044587][ T8439] ? __pfx_do_futex+0x10/0x10 [ 350.044611][ T8439] ? __pfx_ipcget+0x10/0x10 [ 350.044630][ T8439] ? __x64_sys_futex+0x34f/0x4d0 [ 350.044649][ T8439] ? __x64_sys_futex+0x358/0x4d0 [ 350.044672][ T8439] __x64_sys_shmget+0x13b/0x1b0 [ 350.044692][ T8439] ? __pfx___x64_sys_shmget+0x10/0x10 [ 350.044717][ T8439] do_syscall_64+0x106/0xf80 [ 350.044789][ T8439] ? clear_bhb_loop+0x40/0x90 [ 350.044811][ T8439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.044829][ T8439] RIP: 0033:0x7f89fdb9c799 [ 350.044846][ T8439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 350.044864][ T8439] RSP: 002b:00007f89fb9f4028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 350.044913][ T8439] RAX: ffffffffffffffda RBX: 00007f89fde16270 RCX: 00007f89fdb9c799 [ 350.044934][ T8439] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 350.044945][ T8439] RBP: 00007f89fdc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 350.044955][ T8439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.044965][ T8439] R13: 00007f89fde16308 R14: 00007f89fde16270 R15: 00007ffd7ee451d8 [ 350.044991][ T8439] [ 355.959364][ T8494] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 357.087323][ T8521] hub 1-0:1.0: USB hub found [ 357.439889][ T8521] hub 1-0:1.0: 1 port detected [ 366.411835][ T8661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.521'. [ 366.526595][ T8663] netlink: 'syz.0.521': attribute type 1 has an invalid length. [ 366.595556][ T8663] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.521'. [ 368.363137][ T8682] hub 1-0:1.0: USB hub found [ 368.434868][ T8682] hub 1-0:1.0: 1 port detected [ 370.513232][ T8699] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 370.577136][ T8699] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 370.641325][ T8699] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 370.697665][ T8699] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 370.956000][ T8707] netlink: 330 bytes leftover after parsing attributes in process `syz.2.535'. [ 371.120102][ T8704] netlink: 4 bytes leftover after parsing attributes in process `syz.0.533'. [ 372.514197][ T8513] Bluetooth: hci0: command 0x0c1a tx timeout [ 372.593402][ T8513] Bluetooth: hci1: command 0x0c1a tx timeout [ 372.673922][ T8513] Bluetooth: hci2: command 0x0c1a tx timeout [ 372.753937][ T8513] Bluetooth: hci3: command 0x0c1a tx timeout [ 373.524194][ T8730] futex_wake_op: syz.2.539 tries to shift op by -2048; fix this program [ 374.225411][ T8755] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 374.311248][ T8755] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 374.382932][ T8755] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 374.908033][ T8767] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 374.925151][ T8767] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 374.933932][ T8767] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 374.942146][ T8767] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 374.950540][ T8767] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 375.798981][ T8766] chnl_net:caif_netlink_parms(): no params data found [ 376.239857][ T8766] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.293014][ T8766] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.321994][ T8766] bridge_slave_0: entered allmulticast mode [ 376.356303][ T8766] bridge_slave_0: entered promiscuous mode [ 376.406359][ T8766] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.443137][ T8766] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.479689][ T8766] bridge_slave_1: entered allmulticast mode [ 376.510712][ T8766] bridge_slave_1: entered promiscuous mode [ 376.566691][ T8792] hub 1-0:1.0: USB hub found [ 376.619423][ T8792] hub 1-0:1.0: 1 port detected [ 376.826527][ T8766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 376.993384][ T8767] Bluetooth: hci4: command tx timeout [ 377.155392][ T8766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 377.294000][ T8766] team0: Port device team_slave_0 added [ 377.320945][ T8766] team0: Port device team_slave_1 added [ 377.377672][ T8809] futex_wake_op: syz.0.553 tries to shift op by -2048; fix this program [ 377.536418][ T8766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 377.569303][ T8766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 377.671141][ T8766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 377.777458][ T8766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 377.801516][ T8766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 377.925726][ T8766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 378.299827][ T8766] hsr_slave_0: entered promiscuous mode [ 378.319995][ T8766] hsr_slave_1: entered promiscuous mode [ 378.345373][ T8766] debugfs: 'hsr0' already exists in 'hsr' [ 378.369169][ T8766] Cannot create hsr debugfs directory [ 378.385066][ T30] audit: type=1800 audit(1773374117.699:5): pid=8814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.556" name="dbroot" dev="configfs" ino=128635 res=0 errno=0 [ 378.467339][ T8814] tipc: Started in network mode [ 378.475248][ T8814] tipc: Node identity ffffffff, cluster identity 4711 [ 378.495008][ T8814] tipc: Node number set to 4294967295 [ 379.074526][ T8767] Bluetooth: hci4: command tx timeout [ 379.286172][ T8766] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 379.358989][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.370838][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.404386][ T8766] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 379.529373][ T8766] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 379.608358][ T8766] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 380.003824][ T8835] mkiss: ax0: crc mode is auto. [ 380.279149][ T8766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 380.461519][ T8766] 8021q: adding VLAN 0 to HW filter on device team0 [ 380.658107][ T8542] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.666816][ T8542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 380.753956][ T8542] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.761732][ T8542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 381.155719][ T8767] Bluetooth: hci4: command tx timeout [ 381.275521][ T8850] futex_wake_op: syz.2.562 tries to shift op by -2048; fix this program [ 381.784606][ T8766] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 382.409905][ T8766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 383.236807][ T8767] Bluetooth: hci4: command tx timeout [ 383.685106][ T8766] veth0_vlan: entered promiscuous mode [ 383.789595][ T8766] veth1_vlan: entered promiscuous mode [ 384.001957][ T8766] veth0_macvtap: entered promiscuous mode [ 384.049360][ T8766] veth1_macvtap: entered promiscuous mode [ 384.161722][ T8766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 384.257731][ T8766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 384.322245][ T8505] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.364722][ T8505] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.407225][ T8505] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.762786][ T8505] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.003447][ T8884] futex_wake_op: syz.1.568 tries to shift op by -2048; fix this program [ 385.279668][ T8853] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.334977][ T8853] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.578690][ T8900] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 385.605027][ T8900] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 385.654677][ T8541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.696156][ T8541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 386.840963][ T8911] netlink: 330 bytes leftover after parsing attributes in process `syz.4.546'. [ 387.063536][ T8912] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 387.358018][ T8920] netlink: 4 bytes leftover after parsing attributes in process `syz.4.575'. [ 387.699538][ T8916] hub 1-0:1.0: USB hub found [ 387.773615][ T8930] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 387.814887][ T8916] hub 1-0:1.0: 1 port detected [ 388.019129][ T8927] hub 1-0:1.0: USB hub found [ 388.073411][ T8927] hub 1-0:1.0: 1 port detected [ 389.713581][ T8960] netlink: 330 bytes leftover after parsing attributes in process `syz.2.584'. [ 392.222539][ T8997] hub 1-0:1.0: USB hub found [ 392.227744][ T8969] FAULT_INJECTION: forcing a failure. [ 392.227744][ T8969] name failslab, interval 1, probability 0, space 0, times 0 [ 392.302846][ T8997] hub 1-0:1.0: 1 port detected [ 392.423947][ T8969] CPU: 0 UID: 0 PID: 8969 Comm: syz.2.585 Not tainted syzkaller #0 PREEMPT(full) [ 392.423972][ T8969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 392.423983][ T8969] Call Trace: [ 392.423989][ T8969] [ 392.423995][ T8969] dump_stack_lvl+0x100/0x190 [ 392.424025][ T8969] should_fail_ex.cold+0x5/0xa [ 392.424045][ T8969] ? memcg_list_lru_alloc+0x4ec/0x740 [ 392.424067][ T8969] should_failslab+0xc2/0x120 [ 392.424083][ T8969] __kmalloc_noprof+0xe0/0x850 [ 392.424105][ T8969] ? ipcget+0xee/0xf50 [ 392.424126][ T8969] memcg_list_lru_alloc+0x4ec/0x740 [ 392.424153][ T8969] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 392.424174][ T8969] ? rcu_read_unlock+0x17/0x60 [ 392.424196][ T8969] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 392.424220][ T8969] __memcg_slab_post_alloc_hook+0x130/0x990 [ 392.424254][ T8969] ? kasan_save_track+0x14/0x30 [ 392.424293][ T8969] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 392.424317][ T8969] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 392.424339][ T8969] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 392.424353][ T8969] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 392.424369][ T8969] alloc_inode+0x68/0x250 [ 392.424389][ T8969] new_inode+0x22/0x1c0 [ 392.424409][ T8969] hugetlbfs_get_inode+0x313/0x750 [ 392.424427][ T8969] hugetlb_file_setup+0x3cc/0x5b0 [ 392.424446][ T8969] newseg+0xabb/0xed0 [ 392.424469][ T8969] ? __pfx_newseg+0x10/0x10 [ 392.424486][ T8969] ? down_write+0x146/0x1f0 [ 392.424515][ T8969] ? ksys_write+0x190/0x250 [ 392.424529][ T8969] ? ksys_write+0x190/0x250 [ 392.424554][ T8969] ipcget+0xee/0xf50 [ 392.424578][ T8969] ? do_futex+0x192/0x350 [ 392.424603][ T8969] ? __pfx_do_futex+0x10/0x10 [ 392.424624][ T8969] ? __pfx_ipcget+0x10/0x10 [ 392.424643][ T8969] ? __x64_sys_futex+0x34f/0x4d0 [ 392.424662][ T8969] ? __x64_sys_futex+0x358/0x4d0 [ 392.424684][ T8969] __x64_sys_shmget+0x13b/0x1b0 [ 392.424705][ T8969] ? __pfx___x64_sys_shmget+0x10/0x10 [ 392.424730][ T8969] do_syscall_64+0x106/0xf80 [ 392.424754][ T8969] ? clear_bhb_loop+0x40/0x90 [ 392.424772][ T8969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.424788][ T8969] RIP: 0033:0x7fbbf7b9c799 [ 392.424803][ T8969] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 392.424817][ T8969] RSP: 002b:00007fbbf8a00028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 392.424833][ T8969] RAX: ffffffffffffffda RBX: 00007fbbf7e16270 RCX: 00007fbbf7b9c799 [ 392.424843][ T8969] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 392.424853][ T8969] RBP: 00007fbbf7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 392.424864][ T8969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.424873][ T8969] R13: 00007fbbf7e16308 R14: 00007fbbf7e16270 R15: 00007ffc8f93fdf8 [ 392.424894][ T8969] [ 393.732216][ T9008] netlink: 330 bytes leftover after parsing attributes in process `syz.2.594'. [ 395.396837][ T9035] futex_wake_op: syz.4.600 tries to shift op by -2048; fix this program [ 395.517361][ T9035] futex_wake_op: syz.4.600 tries to shift op by -2048; fix this program [ 395.911435][ T9031] futex_wake_op: syz.0.599 tries to shift op by -2048; fix this program [ 396.952967][ T9069] netlink: 330 bytes leftover after parsing attributes in process `syz.0.606'. [ 397.006688][ T9068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 397.080567][ T9068] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 397.130717][ T9060] hub 1-0:1.0: USB hub found [ 397.196573][ T9068] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 397.335466][ T9068] page_type: f5(slab) [ 397.340170][ T9068] raw: 00fff00000000040 ffff88813fe54640 dead000000000122 0000000000000000 [ 397.380828][ T9060] hub 1-0:1.0: 1 port detected [ 397.473897][ T9068] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 397.520727][ T9068] head: 00fff00000000040 ffff88813fe54640 dead000000000122 0000000000000000 [ 397.623844][ T9068] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 397.715714][ T9068] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 397.774041][ T9068] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 397.834894][ T9068] page dumped because: unmovable page [ 397.886560][ T9068] page_owner tracks the page as allocated [ 397.951164][ T9068] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5828, tgid 5828 (syz-executor), ts 91441239518, free_ts 89053954178 [ 398.124332][ T9068] post_alloc_hook+0x153/0x170 [ 398.130117][ T9068] get_page_from_freelist+0x111d/0x3140 [ 398.178548][ T9068] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 398.198542][ T9068] new_slab+0xa6/0x6c0 [ 398.215657][ T9068] refill_objects+0x26b/0x400 [ 398.236253][ T9068] __pcs_replace_empty_main+0x1ab/0x600 [ 398.243133][ T9068] __kvmalloc_node_noprof+0x7da/0xa00 [ 398.290567][ T9068] alloc_netdev_mqs+0xd7/0x14f0 [ 398.313736][ T9068] rtnl_create_link+0xc13/0xf80 [ 398.336451][ T9068] rtnl_newlink+0x13b8/0x2380 [ 398.358576][ T9068] rtnetlink_rcv_msg+0x95e/0xe90 [ 398.389518][ T9068] netlink_rcv_skb+0x159/0x420 [ 398.416898][ T9068] netlink_unicast+0x5aa/0x870 [ 398.446837][ T9068] netlink_sendmsg+0x8b0/0xda0 [ 398.467558][ T9068] __sys_sendto+0x468/0x4b0 [ 398.496457][ T9068] __x64_sys_sendto+0xe0/0x1c0 [ 398.515992][ T9068] page last free pid 5811 tgid 5811 stack trace: [ 398.551092][ T9068] __free_frozen_pages+0x7e1/0x10d0 [ 398.572293][ T9068] __folio_put+0x3b4/0x540 [ 398.598990][ T9068] skb_release_data+0x667/0x9d0 [ 398.624643][ T9068] __kfree_skb+0x4f/0x70 [ 398.655536][ T9068] tcp_ack+0x2072/0x74f0 [ 398.684431][ T9068] tcp_rcv_established+0x1175/0x3980 [ 398.744326][ T9068] tcp_v4_do_rcv+0xc87/0x10d0 [ 398.764617][ T9068] __release_sock+0x35a/0x440 [ 398.788590][ T9068] __sk_flush_backlog+0x27/0xc0 [ 398.803352][ T9068] tcp_sendmsg_locked+0x3c15/0x45e0 [ 398.831921][ T9068] tcp_sendmsg+0x2e/0x50 [ 398.858976][ T9068] inet_sendmsg+0xb9/0x140 [ 398.910019][ T9068] sock_write_iter+0x4ea/0x5a0 [ 398.951181][ T9068] vfs_write+0x6ac/0x1070 [ 398.970070][ T9068] ksys_write+0x1f8/0x250 [ 398.993896][ T9068] do_syscall_64+0x106/0xf80 [ 401.135557][ T9102] futex_wake_op: syz.1.615 tries to shift op by -2048; fix this program [ 401.387644][ T9118] netlink: 330 bytes leftover after parsing attributes in process `syz.4.617'. [ 401.821333][ T9120] bridge_slave_1: left allmulticast mode [ 401.874884][ T9120] bridge_slave_1: left promiscuous mode [ 401.929316][ T9120] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.709934][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.620'. [ 405.446685][ T9167] futex_wake_op: syz.4.628 tries to shift op by -2048; fix this program [ 405.605268][ T9178] hub 1-0:1.0: USB hub found [ 405.692042][ T9178] hub 1-0:1.0: 1 port detected [ 405.784747][ T9183] random: crng reseeded on system resumption [ 408.514184][ C0] vcan0: j1939_tp_rxtimer: 0xffff888029ac5400: rx timeout, send abort [ 408.524524][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888029ac5400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 409.755661][ C0] vcan0: j1939_tp_rxtimer: 0xffff888029ac6800: rx timeout, send abort [ 409.764717][ C0] vcan0: j1939_tp_rxtimer: 0xffff888029ac7400: rx timeout, send abort [ 409.773654][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888029ac6800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 409.788586][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888029ac7400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 410.869693][ T9226] Line length is too long: Should be less than 4094 [ 410.927028][ T9226] ======================================================= [ 410.927028][ T9226] WARNING: The mand mount option has been deprecated and [ 410.927028][ T9226] and is ignored by this kernel. Remove the mand [ 410.927028][ T9226] option from the mount to silence this warning. [ 410.927028][ T9226] ======================================================= [ 411.347909][ T9235] hub 1-0:1.0: USB hub found [ 411.380822][ T9235] hub 1-0:1.0: 1 port detected [ 411.575871][ T8767] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 411.584367][ T8767] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 414.370209][ T9279] hub 1-0:1.0: USB hub found [ 414.454309][ T9279] hub 1-0:1.0: 1 port detected [ 414.491011][ T9281] hub 1-0:1.0: USB hub found [ 414.514521][ T9281] hub 1-0:1.0: 1 port detected [ 415.405981][ T9303] hub 1-0:1.0: USB hub found [ 415.499952][ T9303] hub 1-0:1.0: 1 port detected [ 415.567861][ T9296] futex_wake_op: syz.0.658 tries to shift op by -2048; fix this program [ 415.670776][ T9289] futex_wake_op: syz.1.657 tries to shift op by -2048; fix this program [ 418.825301][ T9342] hub 1-0:1.0: USB hub found [ 418.861272][ T9342] hub 1-0:1.0: 1 port detected [ 419.508532][ T9362] netlink: 330 bytes leftover after parsing attributes in process `syz.0.672'. [ 419.624911][ T9358] hub 1-0:1.0: USB hub found [ 419.686561][ T9358] hub 1-0:1.0: 1 port detected [ 420.193227][ T9359] futex_wake_op: syz.1.670 tries to shift op by -2048; fix this program [ 421.075740][ T8513] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 421.932087][ T9399] hub 1-0:1.0: USB hub found [ 421.971930][ T9399] hub 1-0:1.0: 1 port detected [ 422.279485][ T8513] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 422.291965][ T8513] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 422.303304][ T8513] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 422.313170][ T8513] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 422.321129][ T8513] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 422.467104][ T9401] hub 1-0:1.0: USB hub found [ 422.496485][ T9401] hub 1-0:1.0: 1 port detected [ 422.863847][ T9414] bridge_slave_1: left allmulticast mode [ 422.917488][ T9414] bridge_slave_1: left promiscuous mode [ 422.937843][ T9414] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.535523][ T9405] chnl_net:caif_netlink_parms(): no params data found [ 424.055897][ T9430] futex_wake_op: syz.1.685 tries to shift op by -2048; fix this program [ 424.379299][ T9405] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.386469][ T9405] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.394182][ T8513] Bluetooth: hci5: command tx timeout [ 424.439949][ T9405] bridge_slave_0: entered allmulticast mode [ 424.462228][ T9405] bridge_slave_0: entered promiscuous mode [ 424.628566][ T9405] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.662853][ T9405] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.693229][ T9405] bridge_slave_1: entered allmulticast mode [ 424.759403][ T9405] bridge_slave_1: entered promiscuous mode [ 424.969216][ T9405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 425.021974][ T9405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 425.180941][ T9405] team0: Port device team_slave_0 added [ 425.225483][ T9405] team0: Port device team_slave_1 added [ 425.324182][ T9405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 425.332547][ T9405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 425.361947][ T9405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 425.385026][ T9405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 425.396610][ T9405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 425.430847][ T9405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 425.584000][ T9405] hsr_slave_0: entered promiscuous mode [ 425.613669][ T9405] hsr_slave_1: entered promiscuous mode [ 425.637912][ T9405] debugfs: 'hsr0' already exists in 'hsr' [ 425.663472][ T9405] Cannot create hsr debugfs directory [ 426.458248][ T8513] Bluetooth: hci5: command tx timeout [ 426.465626][ T9465] futex_wake_op: syz.0.691 tries to shift op by -2048; fix this program [ 426.987951][ T9405] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 427.042528][ T9405] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 427.077695][ T9405] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 427.125371][ T9405] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 427.436039][ T9405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.523589][ T9405] 8021q: adding VLAN 0 to HW filter on device team0 [ 427.591949][ T8542] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.599463][ T8542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.623735][ T9483] netlink: 330 bytes leftover after parsing attributes in process `syz.4.694'. [ 427.650412][ T8541] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.658013][ T8541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.820366][ T9405] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 428.403204][ T9405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 428.540765][ T8513] Bluetooth: hci5: command tx timeout [ 429.171139][ T9405] veth0_vlan: entered promiscuous mode [ 429.214145][ T9405] veth1_vlan: entered promiscuous mode [ 429.358496][ T9405] veth0_macvtap: entered promiscuous mode [ 429.397544][ T9405] veth1_macvtap: entered promiscuous mode [ 429.486008][ T9405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 429.513728][ T9405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 429.547615][ T8508] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.582005][ T8508] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.633746][ T8508] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.659224][ T8508] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.813913][ T8853] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.841681][ T8853] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.905497][ T8508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.934654][ T8508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 430.568334][ T9520] futex_wake_op: syz.0.697 tries to shift op by -2048; fix this program [ 430.608926][ T9520] futex_wake_op: syz.0.697 tries to shift op by -2048; fix this program [ 430.622625][ T8513] Bluetooth: hci5: command tx timeout [ 430.673546][ T9521] 0x000000000001-0x000000020000 : "" [ 430.753305][ T9521] ftl_cs: FTL header corrupt! [ 433.346941][ T9551] futex_wake_op: syz.4.701 tries to shift op by -2048; fix this program [ 436.789096][ T9597] netlink: 4 bytes leftover after parsing attributes in process `syz.5.710'. [ 437.344066][ T9601] Line length is too long: Should be less than 4094 [ 438.577031][ T9622] netlink: 330 bytes leftover after parsing attributes in process `syz.0.715'. [ 438.955961][ T8767] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 438.983209][ T8767] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 438.992346][ T8767] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 439.000715][ T8767] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 439.009927][ T8767] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 439.894539][ T9626] chnl_net:caif_netlink_parms(): no params data found [ 439.981690][ T9613] futex_wake_op: syz.4.714 tries to shift op by -2048; fix this program [ 440.295677][ T9626] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.304021][ T9626] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.425406][ T9626] bridge_slave_0: entered allmulticast mode [ 440.486657][ T9626] bridge_slave_0: entered promiscuous mode [ 440.542780][ T9626] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.605373][ T9626] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.648819][ T9626] bridge_slave_1: entered allmulticast mode [ 440.710464][ T9626] bridge_slave_1: entered promiscuous mode [ 440.789309][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.796583][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.910553][ T9626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.028544][ T9626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 441.106128][ T8513] Bluetooth: hci0: command tx timeout [ 441.242782][ T9626] team0: Port device team_slave_0 added [ 441.301170][ T9626] team0: Port device team_slave_1 added [ 441.406583][ T9626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.435941][ T9650] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 441.447066][ T9626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 441.563731][ T9626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 441.631666][ T9626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 441.664874][ T9626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 441.829882][ T9626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.389382][ T9626] hsr_slave_0: entered promiscuous mode [ 442.428045][ T9626] hsr_slave_1: entered promiscuous mode [ 442.475029][ T9626] debugfs: 'hsr0' already exists in 'hsr' [ 442.506214][ T9626] Cannot create hsr debugfs directory [ 443.190228][ T8513] Bluetooth: hci0: command tx timeout [ 443.768583][ T9626] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 443.895291][ T9626] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 443.978263][ T9626] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 444.018426][ T9626] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 444.237797][ T9657] Line length is too long: Should be less than 4094 [ 444.533290][ T9626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 444.645936][ T9626] 8021q: adding VLAN 0 to HW filter on device team0 [ 444.734034][ T8505] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.744126][ T8505] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.850106][ T8505] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.857652][ T8505] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.922044][ T9662] netlink: 4 bytes leftover after parsing attributes in process `syz.4.722'. [ 445.268878][ T8513] Bluetooth: hci0: command tx timeout [ 446.076392][ T9626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 446.657084][ T9696] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 446.720932][ T9696] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 447.349579][ T8767] Bluetooth: hci0: command tx timeout [ 447.367108][ T9626] veth0_vlan: entered promiscuous mode [ 447.419273][ T9626] veth1_vlan: entered promiscuous mode [ 447.550354][ T9626] veth0_macvtap: entered promiscuous mode [ 447.593875][ T9626] veth1_macvtap: entered promiscuous mode [ 447.678021][ T9626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 447.720245][ T9626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 447.783344][ T8541] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.844051][ T8541] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.893778][ T8541] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.005570][ T8541] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.394879][ T8853] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.453215][ T8853] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.718974][ T8542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.738819][ T8542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.632712][ T9746] FAULT_INJECTION: forcing a failure. [ 452.632712][ T9746] name failslab, interval 1, probability 0, space 0, times 0 [ 452.888929][ T9746] CPU: 0 UID: 0 PID: 9746 Comm: syz.5.730 Tainted: G L syzkaller #0 PREEMPT(full) [ 452.888963][ T9746] Tainted: [L]=SOFTLOCKUP [ 452.888969][ T9746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 452.888980][ T9746] Call Trace: [ 452.888987][ T9746] [ 452.888996][ T9746] dump_stack_lvl+0x100/0x190 [ 452.889029][ T9746] should_fail_ex.cold+0x5/0xa [ 452.889051][ T9746] ? memcg_list_lru_alloc+0x4ec/0x740 [ 452.889073][ T9746] should_failslab+0xc2/0x120 [ 452.889093][ T9746] __kmalloc_noprof+0xe0/0x850 [ 452.889116][ T9746] ? ipcget+0xee/0xf50 [ 452.889139][ T9746] memcg_list_lru_alloc+0x4ec/0x740 [ 452.889167][ T9746] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 452.889190][ T9746] ? rcu_read_unlock+0x17/0x60 [ 452.889214][ T9746] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 452.889242][ T9746] __memcg_slab_post_alloc_hook+0x130/0x990 [ 452.889264][ T9746] ? kasan_save_track+0x14/0x30 [ 452.889290][ T9746] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 452.889313][ T9746] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 452.889333][ T9746] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 452.889348][ T9746] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 452.889364][ T9746] alloc_inode+0x68/0x250 [ 452.889570][ T9746] new_inode+0x22/0x1c0 [ 452.889599][ T9746] hugetlbfs_get_inode+0x313/0x750 [ 452.889619][ T9746] hugetlb_file_setup+0x3cc/0x5b0 [ 452.889640][ T9746] newseg+0xabb/0xed0 [ 452.889665][ T9746] ? __pfx_newseg+0x10/0x10 [ 452.889683][ T9746] ? down_write+0x146/0x1f0 [ 452.889707][ T9746] ? ksys_write+0x190/0x250 [ 452.889721][ T9746] ? ksys_write+0x190/0x250 [ 452.889738][ T9746] ipcget+0xee/0xf50 [ 452.889758][ T9746] ? do_futex+0x192/0x350 [ 452.889779][ T9746] ? __pfx_do_futex+0x10/0x10 [ 452.889802][ T9746] ? __pfx_ipcget+0x10/0x10 [ 452.889823][ T9746] ? __x64_sys_futex+0x34f/0x4d0 [ 452.889841][ T9746] ? __x64_sys_futex+0x358/0x4d0 [ 452.889865][ T9746] __x64_sys_shmget+0x13b/0x1b0 [ 452.889886][ T9746] ? __pfx___x64_sys_shmget+0x10/0x10 [ 452.889916][ T9746] do_syscall_64+0x106/0xf80 [ 452.890127][ T9746] ? clear_bhb_loop+0x40/0x90 [ 452.890159][ T9746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.890178][ T9746] RIP: 0033:0x7f70af39c799 [ 452.890289][ T9746] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 452.890307][ T9746] RSP: 002b:00007f70b0195028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 452.890349][ T9746] RAX: ffffffffffffffda RBX: 00007f70af616270 RCX: 00007f70af39c799 [ 452.890361][ T9746] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 452.890371][ T9746] RBP: 00007f70af432c99 R08: 0000000000000000 R09: 0000000000000000 [ 452.890381][ T9746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 452.890391][ T9746] R13: 00007f70af616308 R14: 00007f70af616270 R15: 00007ffef938a018 [ 452.890414][ T9746] [ 454.959785][ T9781] netlink: 28 bytes leftover after parsing attributes in process `syz.6.738'. [ 456.426442][ T9799] netlink: 4 bytes leftover after parsing attributes in process `syz.6.743'. [ 458.057814][ T9830] scsi_dev_info_list_add_str: bad dev info string 'ñ' '' '' [ 458.985178][ T9845] hub 1-0:1.0: USB hub found [ 459.081767][ T9845] hub 1-0:1.0: 1 port detected [ 459.283342][ T9846] hub 1-0:1.0: USB hub found [ 459.321262][ T9846] hub 1-0:1.0: 1 port detected [ 459.381320][ T9858] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 461.988989][ T9879] ERROR: Out of memory at tomoyo_memory_ok. [ 461.999119][ T8767] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 462.857235][ T9891] netlink: 330 bytes leftover after parsing attributes in process `syz.4.758'. [ 463.566010][ T9904] FAULT_INJECTION: forcing a failure. [ 463.566010][ T9904] name failslab, interval 1, probability 0, space 0, times 0 [ 463.611516][ T9904] CPU: 0 UID: 0 PID: 9904 Comm: syz.6.763 Tainted: G L syzkaller #0 PREEMPT(full) [ 463.611548][ T9904] Tainted: [L]=SOFTLOCKUP [ 463.611553][ T9904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 463.611564][ T9904] Call Trace: [ 463.611571][ T9904] [ 463.611577][ T9904] dump_stack_lvl+0x100/0x190 [ 463.611608][ T9904] should_fail_ex.cold+0x5/0xa [ 463.611628][ T9904] should_failslab+0xc2/0x120 [ 463.611644][ T9904] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 463.611671][ T9904] ? __alloc_skb+0x140/0x710 [ 463.611693][ T9904] __alloc_skb+0x140/0x710 [ 463.611713][ T9904] ? __pfx___alloc_skb+0x10/0x10 [ 463.611736][ T9904] ? skb_page_frag_refill+0x2fc/0x5b0 [ 463.611755][ T9904] tcp_stream_alloc_skb+0x34/0x660 [ 463.611775][ T9904] tcp_sendmsg_locked+0x1396/0x45e0 [ 463.611802][ T9904] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 463.611819][ T9904] ? do_raw_spin_lock+0x128/0x260 [ 463.611841][ T9904] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 463.611867][ T9904] ? __local_bh_enable_ip+0x9e/0x120 [ 463.611889][ T9904] tcp_sendmsg+0x2e/0x50 [ 463.611902][ T9904] ? __pfx_tcp_sendmsg+0x10/0x10 [ 463.611917][ T9904] inet_sendmsg+0xb9/0x140 [ 463.611934][ T9904] sock_write_iter+0x4ea/0x5a0 [ 463.611948][ T9904] ? __pfx_inet_sendmsg+0x10/0x10 [ 463.611963][ T9904] ? __pfx_sock_write_iter+0x10/0x10 [ 463.611985][ T9904] ? bpf_lsm_file_permission+0x9/0x10 [ 463.612008][ T9904] ? security_file_permission+0x76/0x210 [ 463.612111][ T9904] ? rw_verify_area+0xce/0x6d0 [ 463.612136][ T9904] vfs_write+0x6ac/0x1070 [ 463.612163][ T9904] ? __pfx_sock_write_iter+0x10/0x10 [ 463.612182][ T9904] ? __pfx_vfs_write+0x10/0x10 [ 463.612203][ T9904] ? find_held_lock+0x2b/0x80 [ 463.612230][ T9904] ksys_write+0x1f8/0x250 [ 463.612244][ T9904] ? __pfx_ksys_write+0x10/0x10 [ 463.612267][ T9904] do_syscall_64+0x106/0xf80 [ 463.612293][ T9904] ? clear_bhb_loop+0x40/0x90 [ 463.612321][ T9904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.612340][ T9904] RIP: 0033:0x7f6b6c59c799 [ 463.612356][ T9904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 463.612372][ T9904] RSP: 002b:00007f6b6d417028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 463.612401][ T9904] RAX: ffffffffffffffda RBX: 00007f6b6c815fa0 RCX: 00007f6b6c59c799 [ 463.612412][ T9904] RDX: 000000000000fdf3 RSI: 0000000000000000 RDI: 0000000000000003 [ 463.612423][ T9904] RBP: 00007f6b6c632c99 R08: 0000000000000000 R09: 0000000000000000 [ 463.612435][ T9904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.612445][ T9904] R13: 00007f6b6c816038 R14: 00007f6b6c815fa0 R15: 00007ffde4551918 [ 463.612467][ T9904] [ 464.271240][ T9898] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 464.295752][ T9898] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 464.520744][ T9898] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 464.544846][ T9898] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 464.569693][ T9898] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 464.597777][ T9898] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 464.650747][ T9898] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 464.702676][ T9898] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 464.723082][ T9898] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 464.761688][ T9898] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 464.806172][ T9915] hub 1-0:1.0: USB hub found [ 464.837281][ T9898] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 464.862953][ T9898] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 464.878604][ T9915] hub 1-0:1.0: 1 port detected [ 464.890625][ T9898] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 465.198927][ T8767] Bluetooth: hci1: command 0x0c1a tx timeout [ 465.264156][ T9919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.765'. [ 465.316913][ T9922] netlink: 'syz.4.765': attribute type 1 has an invalid length. [ 465.420648][ T9922] netlink: 5 bytes leftover after parsing attributes in process `syz.4.765'. [ 465.698057][ T9926] syz.0.767(9926): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 466.413144][ T8767] Bluetooth: hci2: command 0x0c1a tx timeout [ 466.559060][ T8767] Bluetooth: hci3: command 0x0c1a tx timeout [ 466.638682][ T8767] Bluetooth: hci4: command 0x0c1a tx timeout [ 466.719654][ T8767] Bluetooth: hci5: command 0x0c1a tx timeout [ 466.878465][ T8767] Bluetooth: hci0: command 0x0c1a tx timeout [ 468.116328][ T9954] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 468.422929][ T9961] binder: 9958:9961 ioctl c018620c 0 returned -1 [ 468.485439][ T8767] Bluetooth: hci2: command 0x0c1a tx timeout [ 468.720321][ T8767] Bluetooth: hci4: command 0x0c1a tx timeout [ 468.799395][ T8767] Bluetooth: hci5: command 0x0c1a tx timeout [ 468.959655][ T8767] Bluetooth: hci0: command 0x0c1a tx timeout [ 469.767622][ T9970] hub 1-0:1.0: USB hub found [ 469.794866][ T9970] hub 1-0:1.0: 1 port detected [ 470.800451][ T8767] Bluetooth: hci4: command 0x0c1a tx timeout [ 470.881690][ T8767] Bluetooth: hci5: command 0x0c1a tx timeout [ 471.041675][ T8767] Bluetooth: hci0: command 0x0c1a tx timeout [ 472.308068][ T9997] netlink: 'syz.0.780': attribute type 23 has an invalid length. [ 473.502365][ T8513] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 473.521717][ T8513] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 473.533273][ T8513] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 473.542217][ T8513] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 473.560424][ T8513] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 473.779362][ T30] audit: type=1800 audit(1773392627.048:6): pid=10025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=136699 res=0 errno=0 [ 474.146388][T10025] could not allocate digest TFM handle [ 474.863203][T10038] snd_virmidi snd_virmidi.0: control 61675:131081:3:yª:0 is already present [ 474.921095][T10020] chnl_net:caif_netlink_parms(): no params data found [ 475.424813][T10020] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.469692][T10020] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.518763][T10020] bridge_slave_0: entered allmulticast mode [ 475.560409][T10020] bridge_slave_0: entered promiscuous mode [ 475.604876][T10020] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.653300][T10020] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.685575][ T8513] Bluetooth: hci6: command tx timeout [ 475.707450][T10020] bridge_slave_1: entered allmulticast mode [ 475.738395][T10020] bridge_slave_1: entered promiscuous mode [ 475.873654][T10020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.924789][T10020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 476.082423][T10020] team0: Port device team_slave_0 added [ 476.138499][T10020] team0: Port device team_slave_1 added [ 476.346247][T10020] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.399864][T10020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 476.554075][T10020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.638554][T10020] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.693620][T10020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 476.863701][T10020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 477.102401][T10020] hsr_slave_0: entered promiscuous mode [ 477.158129][T10020] hsr_slave_1: entered promiscuous mode [ 477.209800][T10020] debugfs: 'hsr0' already exists in 'hsr' [ 477.247794][T10020] Cannot create hsr debugfs directory [ 477.624075][T10067] hub 1-0:1.0: USB hub found [ 477.664286][T10067] hub 1-0:1.0: 1 port detected [ 477.764862][ T8513] Bluetooth: hci6: command tx timeout [ 478.297277][T10020] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 478.415719][T10020] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 478.524964][T10020] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 478.625573][T10020] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 479.691101][T10020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 479.773153][T10020] 8021q: adding VLAN 0 to HW filter on device team0 [ 479.805175][T10101] hub 1-0:1.0: USB hub found [ 479.848522][ T8513] Bluetooth: hci6: command tx timeout [ 479.882836][T10101] hub 1-0:1.0: 1 port detected [ 479.898649][ T8503] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.906558][ T8503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.010281][ T8503] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.017594][ T8503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 480.569493][T10020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 480.856790][T10020] veth0_vlan: entered promiscuous mode [ 480.870103][T10020] veth1_vlan: entered promiscuous mode [ 480.916730][T10020] veth0_macvtap: entered promiscuous mode [ 480.940446][T10020] veth1_macvtap: entered promiscuous mode [ 480.962460][T10020] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 480.987900][T10020] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 481.008141][ T8542] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.032662][ T8542] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.110851][ T8542] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.152774][ T8542] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.182724][ T8542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 481.210061][ T8542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 481.251608][ T8503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 481.262200][ T8503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 481.926362][ T8513] Bluetooth: hci6: command tx timeout [ 482.186252][ T8513] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 482.197398][ T8513] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 485.424021][T10164] netlink: 'syz.7.803': attribute type 23 has an invalid length. [ 485.796463][T10174] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 486.180570][T10183] sg_write: process 944 (syz.0.813) changed security contexts after opening file descriptor, this is not allowed. [ 486.704474][T10185] futex_wake_op: syz.4.811 tries to shift op by -2048; fix this program [ 489.494630][T10220] netlink: 'syz.4.821': attribute type 23 has an invalid length. [ 491.219022][T10244] hub 1-0:1.0: USB hub found [ 491.281793][T10244] hub 1-0:1.0: 1 port detected [ 493.129547][T10272] nvme_fcloop: unknown parameter or missing value '7' [ 493.403905][T10263] hub 1-0:1.0: USB hub found [ 493.461361][ T30] audit: type=1800 audit(1773396738.717:7): pid=10279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=138608 res=0 errno=0 [ 493.495113][T10263] hub 1-0:1.0: 1 port detected [ 493.879141][T10279] could not allocate digest TFM handle [ 494.278284][T10296] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 494.351563][T10296] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 494.560904][ T8513] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 494.571174][ T8513] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 496.068938][T10312] hub 1-0:1.0: USB hub found [ 496.097409][T10312] hub 1-0:1.0: 1 port detected [ 498.876775][T10356] scsi_dev_info_list_add_str: bad dev info string 'ñ' '' '' [ 500.494362][T10369] FAULT_INJECTION: forcing a failure. [ 500.494362][T10369] name failslab, interval 1, probability 0, space 0, times 0 [ 500.517232][ T8513] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 500.875362][T10369] CPU: 0 UID: 0 PID: 10369 Comm: syz.4.846 Tainted: G L syzkaller #0 PREEMPT(full) [ 500.875398][T10369] Tainted: [L]=SOFTLOCKUP [ 500.875404][T10369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 500.875420][T10369] Call Trace: [ 500.875426][T10369] [ 500.875433][T10369] dump_stack_lvl+0x100/0x190 [ 500.875466][T10369] should_fail_ex.cold+0x5/0xa [ 500.875486][T10369] ? memcg_list_lru_alloc+0x4ec/0x740 [ 500.875508][T10369] should_failslab+0xc2/0x120 [ 500.875524][T10369] __kmalloc_noprof+0xe0/0x850 [ 500.875552][T10369] memcg_list_lru_alloc+0x4ec/0x740 [ 500.875579][T10369] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 500.875600][T10369] ? rcu_read_unlock+0x17/0x60 [ 500.875621][T10369] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 500.875645][T10369] __memcg_slab_post_alloc_hook+0x130/0x990 [ 500.875665][T10369] ? kasan_save_track+0x14/0x30 [ 500.875691][T10369] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 500.875712][T10369] ? alloc_inode+0x183/0x250 [ 500.875731][T10369] ? ioctx_alloc+0x427/0x21d0 [ 500.875750][T10369] alloc_inode+0x183/0x250 [ 500.875769][T10369] alloc_anon_inode+0x2a/0x3e0 [ 500.875787][T10369] ioctx_alloc+0x4dc/0x21d0 [ 500.875809][T10369] ? find_held_lock+0x2b/0x80 [ 500.875825][T10369] ? __pfx_ioctx_alloc+0x10/0x10 [ 500.875939][T10369] __x64_sys_io_setup+0xc9/0x220 [ 500.875984][T10369] do_syscall_64+0x106/0xf80 [ 500.876010][T10369] ? clear_bhb_loop+0x40/0x90 [ 500.876031][T10369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.876049][T10369] RIP: 0033:0x7f0fb839c799 [ 500.876067][T10369] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 500.876083][T10369] RSP: 002b:00007f0fb9294028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 500.876120][T10369] RAX: ffffffffffffffda RBX: 00007f0fb8616270 RCX: 00007f0fb839c799 [ 500.876132][T10369] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000e [ 500.876222][T10369] RBP: 00007f0fb8432c99 R08: 0000000000000000 R09: 0000000000000000 [ 500.876234][T10369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.876246][T10369] R13: 00007f0fb8616308 R14: 00007f0fb8616270 R15: 00007ffce1a7ce08 [ 500.876497][T10369] [ 502.267866][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.274515][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.777207][T10417] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 503.813486][T10417] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 503.865616][T10417] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 503.894691][T10417] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 503.912302][T10417] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 503.935978][T10417] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 503.967422][T10417] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 503.986600][T10417] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 504.013942][T10417] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 504.488479][T10427] netlink: 'syz.6.856': attribute type 23 has an invalid length. [ 505.780552][ T8513] Bluetooth: hci1: command 0x0c1a tx timeout [ 505.858276][ T8513] Bluetooth: hci3: command 0x0c1a tx timeout [ 505.864568][ T8513] Bluetooth: hci2: command 0x0c1a tx timeout [ 505.938300][ T8513] Bluetooth: hci0: command 0x0c1a tx timeout [ 505.944832][ T8513] Bluetooth: hci5: command 0x0c1a tx timeout [ 505.951533][ T8767] Bluetooth: hci4: command 0x0c1a tx timeout [ 506.018728][T10464] Bluetooth: hci6: command 0x0c1a tx timeout [ 507.440683][T10475] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 507.470580][T10475] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 507.504950][T10475] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 507.539550][T10475] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 507.567050][T10475] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 507.601503][T10475] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 507.629422][T10475] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 508.602029][T10485] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 508.610242][T10485] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 509.459749][T10464] Bluetooth: hci1: command 0x0c1a tx timeout [ 509.539664][T10464] Bluetooth: hci3: command 0x0c1a tx timeout [ 509.546860][ T8501] Bluetooth: hci2: command 0x0c1a tx timeout [ 509.621521][T10464] Bluetooth: hci0: command 0x0c1a tx timeout [ 509.627914][ T8501] Bluetooth: hci5: command 0x0c1a tx timeout [ 509.636336][ T8513] Bluetooth: hci4: command 0x0c1a tx timeout [ 509.701357][T10464] Bluetooth: hci6: command 0x0c1a tx timeout [ 511.237632][T10531] FAULT_INJECTION: forcing a failure. [ 511.237632][T10531] name failslab, interval 1, probability 0, space 0, times 0 [ 511.306643][T10531] CPU: 0 UID: 0 PID: 10531 Comm: syz.4.878 Tainted: G L syzkaller #0 PREEMPT(full) [ 511.306675][T10531] Tainted: [L]=SOFTLOCKUP [ 511.306681][T10531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 511.306693][T10531] Call Trace: [ 511.306702][T10531] [ 511.306710][T10531] dump_stack_lvl+0x100/0x190 [ 511.306743][T10531] should_fail_ex.cold+0x5/0xa [ 511.306764][T10531] should_failslab+0xc2/0x120 [ 511.306780][T10531] __kmalloc_cache_noprof+0x7a/0x6f0 [ 511.306802][T10531] ? posix_clock_open+0xc8/0x290 [ 511.306824][T10531] ? find_held_lock+0x2b/0x80 [ 511.306844][T10531] ? chrdev_open+0x10b/0x6a0 [ 511.306863][T10531] posix_clock_open+0xc8/0x290 [ 511.306882][T10531] ? __pfx_posix_clock_open+0x10/0x10 [ 511.306899][T10531] chrdev_open+0x234/0x6a0 [ 511.306914][T10531] ? __pfx_apparmor_file_open+0x10/0x10 [ 511.307022][T10531] ? __pfx_chrdev_open+0x10/0x10 [ 511.307039][T10531] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 511.307061][T10531] do_dentry_open+0x6d8/0x1660 [ 511.307076][T10531] ? __pfx_chrdev_open+0x10/0x10 [ 511.307096][T10531] vfs_open+0x82/0x3f0 [ 511.307116][T10531] path_openat+0x208c/0x31a0 [ 511.307139][T10531] ? __pfx_path_openat+0x10/0x10 [ 511.307161][T10531] do_file_open+0x20e/0x430 [ 511.307178][T10531] ? __pfx_do_file_open+0x10/0x10 [ 511.307207][T10531] ? alloc_fd+0x476/0x790 [ 511.307223][T10531] ? do_getname+0x191/0x390 [ 511.307244][T10531] do_sys_openat2+0x10d/0x1e0 [ 511.307262][T10531] ? __pfx_do_sys_openat2+0x10/0x10 [ 511.307283][T10531] ? __fget_files+0x21f/0x3d0 [ 511.307300][T10531] __x64_sys_openat+0x12d/0x210 [ 511.307320][T10531] ? __pfx___x64_sys_openat+0x10/0x10 [ 511.307346][T10531] do_syscall_64+0x106/0xf80 [ 511.307367][T10531] ? clear_bhb_loop+0x40/0x90 [ 511.307385][T10531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.307401][T10531] RIP: 0033:0x7f0fb839c799 [ 511.307415][T10531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 511.307431][T10531] RSP: 002b:00007f0fb92f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 511.307456][T10531] RAX: ffffffffffffffda RBX: 00007f0fb8615fa0 RCX: 00007f0fb839c799 [ 511.307467][T10531] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 511.307476][T10531] RBP: 00007f0fb8432c99 R08: 0000000000000000 R09: 0000000000000000 [ 511.307486][T10531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.307495][T10531] R13: 00007f0fb8616038 R14: 00007f0fb8615fa0 R15: 00007ffce1a7ce08 [ 511.307516][T10531] [ 512.061810][T10464] Bluetooth: hci6: command 0x0c1a tx timeout [ 515.418921][T10578] ubi31: attaching mtd0 [ 515.437991][T10578] ubi31: scanning is finished [ 515.443943][T10578] ubi31: empty MTD device detected [ 515.768092][T10578] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 515.800870][T10578] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3518 bytes [ 515.846564][T10578] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 515.868733][T10578] ubi31: VID header offset: 514 (aligned 514), data offset: 578 [ 515.902886][T10578] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 515.926238][T10578] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 20 [ 515.964011][T10578] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 688569416 [ 516.004145][T10578] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 516.048343][T10584] ubi31: background thread "ubi_bgt31d" started, PID 10584 [ 516.671848][T10587] hub 1-0:1.0: USB hub found [ 516.695637][T10587] hub 1-0:1.0: 1 port detected [ 516.983851][ T31] INFO: task kworker/u10:0:8499 blocked for more than 143 seconds. [ 516.993733][ T31] Tainted: G L syzkaller #0 [ 517.001460][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 517.044699][ T31] task:kworker/u10:0 state:D stack:26888 pid:8499 tgid:8499 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 517.102451][ T31] Workqueue: netns cleanup_net [ 517.113432][ T31] Call Trace: [ 517.116865][ T31] [ 517.120012][ T31] __schedule+0xfee/0x6120 [ 517.204323][ T31] ? __lock_acquire+0x4a5/0x2630 [ 517.209622][ T31] ? __pfx___schedule+0x10/0x10 [ 517.300568][ T31] ? find_held_lock+0x2b/0x80 [ 517.353548][ T31] ? schedule+0x2bf/0x390 [ 517.358264][ T31] schedule+0xdd/0x390 [ 517.362498][ T31] schedule_timeout+0x1b2/0x280 [ 517.374041][T10598] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 517.374041][T10598] The task syz.4.888 (10598) triggered the difference, watch for misbehavior. [ 517.427691][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 517.443759][ T31] ? mark_held_locks+0x40/0x70 [ 517.448860][ T31] __wait_for_common+0x2e7/0x4c0 [ 517.493619][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 517.499173][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 517.528853][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 517.545455][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 517.551719][ T31] __flush_workqueue+0x3f7/0x1200 [ 517.583831][ T31] ? __lock_acquire+0x4a5/0x2630 [ 517.596480][ T31] ? __lock_acquire+0x4a5/0x2630 [ 517.602084][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 517.636162][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 517.642003][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 517.663670][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 517.675221][ T31] rds_tcp_listen_stop+0x104/0x160 [ 517.680928][ T31] rds_tcp_exit_net+0xe0/0x870 [ 517.701051][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 517.711000][ T31] ? __pfx___might_resched+0x10/0x10 [ 517.718861][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 517.729945][ T31] ops_undo_list+0x2ee/0xab0 [ 517.738767][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 517.747111][ T31] ? cleanup_net+0x332/0x920 [ 517.752827][ T31] ? idr_destroy+0x62/0x2e0 [ 517.760111][ T31] cleanup_net+0x499/0x920 [ 517.766710][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 517.772648][ T31] ? rcu_is_watching+0x12/0xc0 [ 517.794577][ T31] process_one_work+0x9d7/0x1920 [ 517.800266][ T31] ? __pfx_process_one_work+0x10/0x10 [ 517.809105][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 517.835379][ T31] worker_thread+0x5da/0xe40 [ 517.840259][ T31] ? kthread+0x13a/0x450 [ 517.854761][ T31] ? __pfx_worker_thread+0x10/0x10 [ 517.860575][ T31] kthread+0x370/0x450 [ 517.868983][ T31] ? __pfx_kthread+0x10/0x10 [ 517.874043][ T31] ret_from_fork+0x754/0xd80 [ 517.878773][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 517.884641][ T31] ? rcu_is_watching+0x12/0xc0 [ 517.889745][ T31] ? __switch_to+0x7b4/0x1120 [ 517.899373][ T31] ? __pfx_kthread+0x10/0x10 [ 517.904736][ T31] ret_from_fork_asm+0x1a/0x30 [ 517.909562][ T31] [ 517.992362][ T31] INFO: task syz.3.504:8571 blocked for more than 144 seconds. [ 518.025128][ T31] Tainted: G L syzkaller #0 [ 518.053924][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 518.063193][ T31] task:syz.3.504 state:D stack:24664 pid:8571 tgid:8562 ppid:5824 task_flags:0x400140 flags:0x00080002 [ 518.124386][ T31] Call Trace: [ 518.128080][ T31] [ 518.131684][ T31] __schedule+0xfee/0x6120 [ 518.184066][ T31] ? __lock_acquire+0x4a5/0x2630 [ 518.189427][ T31] ? __pfx___schedule+0x10/0x10 [ 518.225280][ T31] ? find_held_lock+0x2b/0x80 [ 518.230349][ T31] ? schedule+0x2bf/0x390 [ 518.267549][ T31] schedule+0xdd/0x390 [ 518.271872][ T31] schedule_timeout+0x1b2/0x280 [ 518.302056][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 518.313247][ T31] ? mark_held_locks+0x40/0x70 [ 518.339024][ T31] __wait_for_common+0x2e7/0x4c0 [ 518.384410][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 518.390353][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 518.417833][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 518.423661][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 518.474308][ T31] __flush_workqueue+0x3f7/0x1200 [ 518.479788][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 518.503712][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 518.518230][ T31] ? release_sock+0x21/0x220 [ 518.523213][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 518.536141][ T31] ? __local_bh_enable_ip+0x9e/0x120 [ 518.541724][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 518.548372][ T31] rds_tcp_listen_stop+0x104/0x160 [ 518.553560][ T31] rds_tcp_exit_net+0xe0/0x870 [ 518.560826][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 518.566620][ T31] ? __pfx___might_resched+0x10/0x10 [ 518.572159][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 518.578578][ T31] ops_undo_list+0x2ee/0xab0 [ 518.583253][ T31] ? kfree+0x180/0x6b0 [ 518.589014][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 518.594821][ T31] ? ops_init+0x2fa/0x5f0 [ 518.599338][ T31] setup_net+0x1fa/0x3a0 [ 518.605041][ T31] ? __pfx_setup_net+0x10/0x10 [ 518.611023][ T31] ? lockdep_init_map_type+0x5c/0x250 [ 518.618748][ T31] ? mutex_init_lockep+0x110/0x150 [ 518.624721][ T31] copy_net_ns+0x46f/0x7c0 [ 518.632891][ T31] create_new_namespaces+0x3ea/0xac0 [ 518.642854][ T31] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 518.650117][ T31] ksys_unshare+0x473/0xad0 [ 518.655173][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 518.660253][ T31] ? xfd_validate_state+0x129/0x190 [ 518.669312][ T31] __x64_sys_unshare+0x31/0x40 [ 518.675382][ T31] do_syscall_64+0x106/0xf80 [ 518.680298][ T31] ? clear_bhb_loop+0x40/0x90 [ 518.685619][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.691949][ T31] RIP: 0033:0x7f6c6df9c799 [ 518.697602][ T31] RSP: 002b:00007f6c6ede8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 518.707002][ T31] RAX: ffffffffffffffda RBX: 00007f6c6e216090 RCX: 00007f6c6df9c799 [ 518.718057][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 518.727106][ T31] RBP: 00007f6c6e032c99 R08: 0000000000000000 R09: 0000000000000000 [ 518.737681][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 518.750642][ T31] R13: 00007f6c6e216128 R14: 00007f6c6e216090 R15: 00007fff31a1e378 [ 518.759490][ T31] [ 518.792478][ T31] [ 518.792478][ T31] Showing all locks held in the system: [ 518.836815][ T31] 1 lock held by khungtaskd/31: [ 518.842507][ T31] #0: ffffffff8e7e7460 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 518.861101][ T31] 3 locks held by kworker/0:3/5834: [ 518.866725][ T31] #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 518.879966][ T31] #1: ffff888022f02008 (&____s->seqcount#18){.-.-}-{0:0}, at: trace_ignore_this_task+0xbc/0x100 [ 518.892584][ T31] #2: ffff88803800d240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0 [ 518.903643][ T31] 3 locks held by kworker/0:4/5912: [ 518.912374][ T31] #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 518.926180][ T31] #1: ffffc90004337d08 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 518.941680][ T31] #2: ffff8880207eb240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0 [ 518.954107][ T31] 3 locks held by kworker/u10:0/8499: [ 518.960965][ T31] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 518.976158][ T31] #1: ffffc90004c5fd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 518.987872][ T31] #2: ffffffff905fb590 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 519.000073][ T31] 1 lock held by syz.3.504/8571: [ 519.005896][ T31] #0: ffffffff905fb590 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 519.018056][ T31] 3 locks held by kworker/u10:6/8853: [ 519.027174][ T31] #0: ffff88813fea4148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 519.042911][ T31] #1: ffffc90004827d08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 519.054444][ T31] #2: ffffffff90613de8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 519.065072][ T31] 1 lock held by syz.2.636/9198: [ 519.070060][ T31] #0: ffffffff905fb590 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 519.084107][ T31] 1 lock held by syz.1.685/9426: [ 519.091209][ T31] #0: ffffffff905fb590 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 519.101455][ T31] 1 lock held by syz.5.748/9831: [ 519.108332][ T31] #0: ffffffff905fb590 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 519.118702][ T31] 1 lock held by syz.6.870/10505: [ 519.126276][ T31] #0: ffffffff8e7f2f40 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 519.137310][ T31] 1 lock held by syz.0.873/10516: [ 519.146491][ T31] #0: ffffffff905fb590 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 519.156571][ T31] 1 lock held by syz.7.876/10525: [ 519.163610][ T31] #0: ffffffff905fb590 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 519.173855][ T31] 2 locks held by syz.4.888/10598: [ 519.179681][ T31] #0: ffffffff90613de8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 519.192398][ T31] #1: ffffffff8e7f3078 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 519.240949][ T31] [ 519.243359][ T31] ============================================= [ 519.243359][ T31] [ 519.258318][ T31] NMI backtrace for cpu 0 [ 519.258338][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 519.258366][ T31] Tainted: [L]=SOFTLOCKUP [ 519.258371][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 519.258381][ T31] Call Trace: [ 519.258387][ T31] [ 519.258394][ T31] dump_stack_lvl+0x100/0x190 [ 519.258424][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 519.258449][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 519.258474][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 519.258494][ T31] sys_info+0x141/0x190 [ 519.258517][ T31] watchdog+0xd25/0x1050 [ 519.258538][ T31] ? __pfx_watchdog+0x10/0x10 [ 519.258553][ T31] ? __kthread_parkme+0x18c/0x230 [ 519.258574][ T31] ? kthread+0x13a/0x450 [ 519.258592][ T31] ? __pfx_watchdog+0x10/0x10 [ 519.258605][ T31] kthread+0x370/0x450 [ 519.258623][ T31] ? __pfx_kthread+0x10/0x10 [ 519.258643][ T31] ret_from_fork+0x754/0xd80 [ 519.258668][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 519.258691][ T31] ? __switch_to+0x7b4/0x1120 [ 519.258709][ T31] ? __pfx_kthread+0x10/0x10 [ 519.258729][ T31] ret_from_fork_asm+0x1a/0x30 [ 519.258755][ T31] [ 519.408013][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 519.416245][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 519.427292][ T31] Tainted: [L]=SOFTLOCKUP [ 519.431723][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 519.441822][ T31] Call Trace: [ 519.445221][ T31] [ 519.448220][ T31] dump_stack_lvl+0x100/0x190 [ 519.453040][ T31] vpanic+0x552/0x970 [ 519.457171][ T31] ? __pfx_vpanic+0x10/0x10 [ 519.462056][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 519.468247][ T31] panic+0xd1/0xe0 [ 519.471981][ T31] ? __pfx_panic+0x10/0x10 [ 519.476593][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 519.483051][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 519.490300][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 519.496757][ T31] ? watchdog.cold+0x198/0x1ca [ 519.502017][ T31] ? watchdog+0xd35/0x1050 [ 519.507440][ T31] watchdog.cold+0x1a9/0x1ca [ 519.512179][ T31] ? __pfx_watchdog+0x10/0x10 [ 519.516905][ T31] ? __kthread_parkme+0x18c/0x230 [ 519.522342][ T31] ? kthread+0x13a/0x450 [ 519.526624][ T31] ? __pfx_watchdog+0x10/0x10 [ 519.531532][ T31] kthread+0x370/0x450 [ 519.536457][ T31] ? __pfx_kthread+0x10/0x10 [ 519.541176][ T31] ret_from_fork+0x754/0xd80 [ 519.545988][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 519.551191][ T31] ? __switch_to+0x7b4/0x1120 [ 519.557322][ T31] ? __pfx_kthread+0x10/0x10 [ 519.562421][ T31] ret_from_fork_asm+0x1a/0x30 [ 519.567218][ T31] [ 519.570328][ T31] Kernel Offset: disabled [ 519.574949][ T31] Rebooting in 86400 seconds..